In a recent sting, federal agents failed to detect 95% of banned weapons and fake explosives undercover agents attempted to smuggle through airport security. This is consistent with what we know about the security limitations of mass security screening programs for low-prevalence problems. Mass security screening proponents often argue that we can’t get rid of imperfect tools — like polygraphs, insider threat programs, mass surveillance, and “stop and frisk” policing — because they’re the best we’ve got. But actually, the science shows these mass security screening programs for low-prevalence problems are “worse than worthless.”
Rule of law — not security theater — promotes rule of law. Goodness is the best way to protect goodness. This is all good news, because it means we don’t have a surveillance state. We have a piñata state. Whack a few dozen backfiring programs, and billions of dollars fall out.
I have run extensive testing on state cybersecurity alarms, and all I got for it was a lousy domestic surveillance and psyops operation and a new hairdo. Also proof that mass surveillance does not work. There is too much creative, image-laden, exegetical content on the Internet even for Chinese censors to handle — and current cryptography tools are too good for the feds to beat without hardware and software backdoor cheats, or human error tipping them off.
So panic about mass surveillance — while based in reality — is also moot. Mass surveillance is easy to legally undermine with art, information, and information security tools. The emperor has no clothes.
Chinese dissidents use combination characters or near-homonyms on the harshly censored Internet in China. Like the ISIS’ use of memes for terrorist recruitment online, near-homonyms get around things like keyword filters, making it much harder to keep track of who’s talking about what in real time. Text embedded in image and other alternate file types can similarly work around many forms of dragnet surveillance. So we know that wordplay, images, and other interpretive games make it hard to effectively surveil the Internet as a mass, chaotic communications system.
The science on profiling shows it doesn’t work and wastes resources that could be used instead on stuff that does work, or testing new stuff that might. So you can help stop dragnet surveillance programs that might work by profiling groups like Muslims or peace activists by starting a blog that uses a generator tool to post content laden with keywords like Islam and honor, or anti-war and protest. In the best case, if enough people do this it wastes enough computing and manpower in profiling programs such that they’re slowed or stopped. In the worst case, you’ll make new friends.
Rule of law has always depended on mutual cooperation for mutual benefit. Embracing our vulnerability as a free society forces us to fall back on these relationships of mutual cooperation, instead of relationships of coercion. Which is a good thing, because investing in the former relationships instead of the latter helps us make security the evidence-based way — through trust.