Continuation at a tangent to [stderr]

Tools like Palantir are the tip of an iceberg: a gigantic iceberg of data. In case you don’t know, when organizations like the NSA are talking “big data” they are talking “yottabytes.” i.e.:

The Pentagon is attempting to expand its worldwide communications network, known as the Global Information Grid, to handle yottabytes (10²⁴ bytes) of data. (A yottabyte is a septillion bytes—so large that no one has yet coined a term for the next higher magnitude.) [wired]

It’s probably not ‘yottabyte’ scale, it’s just ‘exabyte’ scale, but the people who poo-poo the storage capacity of these systems do not understand how megastorage works. Yottabytes are achievable because the basic algorithms scale and the searches parallelize. “It’s just a matter of money” in other words.

An exabyte is a million terabytes. Twitter uses twenty terabytes to back up every tweet that has ever been sent (what, do you think they delete them?) Some estimates of the data-size of the US Library of Congress put it in the range of fifteen to twenty terabytes depending on the scan-resolution and compression of images. So, if NSA’s storage vault is holding a couple exabytes, it’s holding several million times what the Library of Congress has ever held, and probably Twitter and Facebook and a whole lot more. One thing it for damn sure isn’t holding is “just” metadata. Metadata compresses supremely well – I’d predict about 75% or more depending on how it’s indexed and clustered. You could hold all the metadata for all the calls in the US on a hundred terabytes or so. Twitter is 200 billion tweets/year, but SMS texting is 600 billion per day. (All numbers should be considered rough but within an order of magnitude) Of course what the collectors are doing is pruning obviously machine-generated content: banner ads, spam, etc – no need to keep that, and that’s 90% of email. Anyway, you don’t build a megastorage system if all you’re collecting is metadata; you do that when you’re building a rolling window through a vast dataset.

When I say a “rolling window” I mean something similar to how human memory appears to work. Memories you don’t access? Forget them. Things you think about a lot (where in the airport extended parking is my car parked!?) become cached nodes which keep the dependent information in cache as well. Over time, a particular place where I left my car parked ceases to matter, so I might prune that information but remember that I made a trip to Vienna last winter and I flew from Dulles airport. So I might infer I parked at the extended lot (because I do) and if I needed to deep-retrieve that information, I might actually have it somewhere. A hierarchical storage system works like that: you put older stuff on tape, less old stuff on huge arrays of hard drives, more recent stuff on huge arrays of solid state drives, and very recent stuff in massive in-memory caches. As you get closer to “forgetting” something it moves to successively slower storage. Every time you retrieve it, it winds up on the memory cache (and is now treated as relevant) until it decays away, again.

If you were building an AI, you’ve already got a couple of elements of cognition built into the underlying architecture: relevance (based on refresh interval) the ability to do cognition-within-a-tier (like human short term versys long term memory) and the ability to recognize that you know something about something, to do faster retrieval. In computer databases, that’s done with bloom filters or a primary index: you may not know (yet) what you know about Marcus Ranum’s text messages, but you know you know something about Marcus Ranum because a probe for that name returned that you have 3,281,238 items in various stages of your cache. If you’ve got some time, experiment a bit by thinking about how you retrieve information: have a friend who knows you somewhat sit down with you, write a few “flash cards” with some things for you to remember, and then experience the remembering. Be aware of the layers in which memories cascade into your mind and observe which ones come all at once, which are most recent, which are flagged with a jot of adrenaline, etc. By the way, another fun game you can play when you’re doing this is for your tester to make two “comparable” lists and have you drink 2 shots of alcohol between the runs. Experience the difference – it may be remarkable. (By “comparable” lists I mean stuff like: “what was your first pet” and “what color was your first bicycle” that go back to about the same time period and similar emotional loading)

But here’s the crazy thing: a megastorage system scales cleanly with Moore’s law, more or less, and doesn’t require a lot of intervention to upgrade. I did some work, in 2009, at San Diego Supercomputer Center, looking at data on their High Performance Storage System (HPSS) and – at that time – the tape robot managed 5 petabytes of data. A year later, they upgraded the tape drives to drives that could back-read the old tape cartridges but could store 4 times as much data on a cartridge. Instantly, the total capacity of the storage system was 20 petabytes! Presto!

When you upgrade the tape drive the total capacity goes up, and the robot starts a process of grabbing the 4 oldest tapes, copying them to the hard drive cache array, then ejects the old tapes (which go into a vault somewhere) and compresses all the data from the 4 tapes to a new tape. That’s done without updating the “memory” score of the data, of course, or the storage array would be experiencing false memory flashes like we ageing humans do.

Who do you think IBM builds things like the TS3500 Tape Library[ibm] for? (Our motto: “IBM Global Financing can help!”) The computing industry has served the military/industrial police state since the manhattan project – they evolved together, in fact. This is no mere dalliance, it’s a marriage of true love forever.

Back in the day, when I was a young systems pup working on the Human Genome Mapping project (at Welch Medical Library, via Howard Hughes Medical Institution and the National Library of Medicine) we were worrying about how to store and search through human genomes. Well, at about a terabyte per human, if the NSA’s megastore can hold 7 exabytes – i.e.: it has 4 of those IBM TS3500s – it could back up all of our genomes. All of humanity’s. That’d be some metadata indeed.

But we know it’s being used for the basic stuff: every message, posting, comment, tweet, txt, call record, and financial transaction. And, of course, it’s full of images. Jennifer Lawrence, Scarlet Johansson, Benedict Cumberbatch, and I, as well as pretty much everyone who has ever pointed their phone’s camera at their face: that’s all in there too, in various states of deshabille. How good do you think the protections are on that data, by the way? And what do you think of facial recognition software? Most people know it’s not super reliable and it’s sometimes mostly right, and you can go on facebook and mark a picture as “this contains an image of Marcus Ranum” or whatever. How convenient. And (as I’ve mentioned elsewhere) [stderr] data is collected to be combined: suppose you take a license plate reader’s scan of my car leaving the extended parking at Dulles airport, then you can be pretty sure there’s a good chance one of the operators is the owner: then you can fuse that information with the drivers license photo database (why do you think they switched to digital for all of that?) and a passport database (ditto) and now you have a rock-solid multi-point baseline from which you can probably accurately identify Marcus Ranums in pictures on the internet. You’ve also got border entry/exit point face recognition.

It’s hard to estimate how many facial recognition images are currently in various government databases, but I would predict they are severely underestimated because of things like facebook profile pictures and tagged selfies. Some estimates are in the range of 400 million in the FBI database alone. So, when the FBI serves a warrant for #NODAPL protesters, and gets the names, they can scrub the names against the license picture databases and then scrub those images against any footage they’ve got of a protest (excuse me, “terrorism”) [atlantic]

Police departments in nearly half of U.S. states can use facial-recognition software to compare surveillance images with databases of ID photos or mugshots. Some departments only use facial-recognition to confirm the identity of a suspect who’s been detained; others continuously analyze footage from surveillance cameras to determine exactly who is walking by at any particular moment. Altogether, more than 117 million American adults are subject to face-scanning systems.

That puts a new spin on “watch list” doesn’t it? But, remember: “walked through Dulles Airport security at ${date}” is just metadata.

Courts haven’t determined whether facial recognition constitutes a “search,”

Color me shocked. How convenient.

Let me make a prediction: if you stand outside of the CIA headquarters with a camera attached to a laptop and some software that is doing license-plate scanning and face recognition, and – when the polite gentlemen in the black suburban arrive and throw you face down on the pavement – you tell them you were just exercising your constitutionally protected right to take photographs in a public place, you’ll learn that the CIA thinks facial recognition is a “search” if you do it to them, but not if they do it to you.

Remember: all that stuff is in the retro-scope. If the FBI wanted to know who these assholes are, they probably could, very quickly. Arizona drivers database, facial recognition, tattoed skinhead – it’d be nice to email their bosses, “hey, do you know what your employees get up to on the weekend?”  I’m not going to drop a screenshot of what happens if you google reverse image search for that picture of the arizona nazis because it links to mostly twitter pages (and Affinity!) criticizing them. Since I stopped being friendly to FBI people back around 2004, I haven’t got access to anything that would allow me to look and see who those guys are. The retro-scope doesn’t care if you’re a hero or an asshole: you’re just bits.

The Government Accounting Office (GAO) has some harsh words regarding the FBI’s capabilities:[gao]

The Department of Justice’s (DOJ) Federal Bureau of Investigation (FBI) operates the Next Generation Identification-Interstate Photo System (NGI-IPS) — a face recognition service that allows law enforcement agencies to search a database of over 30 million photos to support criminal investigations. NGI-IPS users include the FBI and selected state and local law enforcement agencies, which can submit search requests to help identify an unknown person using, for example, a photo from a surveillance camera. When a state or local agency submits such a photo, NGI-IPS uses an automated process to return a list of 2 to 50 possible candidate photos from the database, depending on the user’s specification. As of December 2015, the FBI has agreements with 7 states to search NGI-IPS, and is working with more states to grant access. In addition to the NGI-IPS, the FBI has an internal unit called Facial Analysis, Comparison and Evaluation (FACE) Services that provides face recognition capabilities, among other things, to support active FBI investigations. FACE Services not only has access to NGI-IPS, but can search or request to search databases owned by the Departments of State and Defense and 16 states, which use their own face recognition systems. Biometric analysts manually review photos before returning at most the top 1 or 2 photos as investigative leads to FBI agents.

As I have mentioned elsewhere, these databases have the problem that they’re not very secure against internal search. Pretty much all it takes is one cop – one member of the club who knows the secret handshake – out of hundreds of thousands of people – who’s willing to falsely request data. Go ahead and tell me that there are no cops that won’t search for that pretty young thing they saw go through security yesterday. Sure. Right. The problem isn’t just that this stuff is going into poorly secured databases, the problem is that it’s going to sit in Utah and never go away.

Prior to deploying NGI-IPS, the FBI conducted limited testing to evaluate whether face recognition searches returned matches to persons in the database (the detection rate) within a candidate list of 50, but has not assessed how often errors occur. FBI officials stated that they do not know, and have not tested, the detection rate for candidate list sizes smaller than 50, which users sometimes request from the FBI.

Let me wrap this up by telling you a depressing but true story. In 2011, I was an invited speaker at “New Trends in the Energy Sector” conference organized by QCERT in Doha, Qatar. It was a broad conference of many interests under the same roof, so there were physical security/state security/counter-terrorism, network security(me!), and plant management/resilience all in the same show. There was a large show floor, dominated by the state security/counter-terrorism crowd: lots of cool drones made of matte carbon fiber, cameras galore, that kind of thing. There was one thing there that blew me away: it was a Land Rover surveillance van. (OK, other than wondering “why didn’t they build it out of something more reliable, with a better electrical system?” it blew me away) Inside the van was a sort of cupola-thing, and two people could sit in the back. There were mini projectors projecting a multi-camera 360-degree view of the surroundings onto the interior of the cupola: you could sit back there and it looked like you were on the street, but you were at the height of the roof of the van; perfect for watching people walk by. There was a humming rack of computers (pull-out drive racks and a server) between the rear and the drivers’ compartment up front, but there was a flat panel that let you see the drivers as if you were there. As people walked by the van, the computers (which were projecting the video) were looking up faces; if someone was identified it would snap up a green box around them with their name and whatever information the computers had. You could tap on them (there was some kind of feedback touch sensor) and it would begin projecting the boxed person onto the driver’s windshield, like a heads-up display: “follow that suspect” and the driver would have a computer assist tracking them down the street or wherever they went – presumably it was matching colors as well as faces, maybe you could evade it by changing your shirt in a payphone booth. There was a video controller like an editing deck with a forward/backward scrubber; you could scroll back, pick a person, flag them so it would alert you if you saw them again, do a more in-depth search. You could walk by one of these things in the crowd outside the arrival hall of an airport, and it would look just like a convenience van for a luggage delivery service, or – whatever. In the US, of course, I’d wonder “who actually buys a Land Rover?” but in the US it’d be an econoline.

Enter partial face-matching. When facial recognition software is run, what it does is tries to figure out the geometry of a face. That’s things like the distance between eyes, elevation of ears, length of mouth, etc. That amounts to a compression algorithm: you reduce the image dramatically as you extract the pixels down to geometry data. It’s then pretty easy to back-trawl the geometry against a larger database – I assume that the Land Rover demo in Qatar was done by letting it scan the conference-goers the first day, then the database was “pumped” against a deeper database to match the names and identities; the people at the conference who were getting green-boxed were known to someone else, somewhere. Now, imagine what that would do if you had Facebook’s image tagging database, all the state drivers’ license databases, everyone’s snapchat, a passport database, and a bunch of social media websites’ “this is me” pictures.

The reason the FBI and the police don’t really care whether their face recognition is accurate is: they don’t have to. They can grab you, throw you facedown on the concrete, and ask for your ID. If they didn’t shoot a few holes in you in the process you’ll be so happy you can walk away under your own power that you probably won’t do anything. As long as there is zero downside cost to law enforcement for making mistakes, they’re going to be completely unencumbered by concerns regarding getting your identity right. Good luck if you resemble someone wanted by the FBI.

Think how difficult this is going to be to elude, when you add in license plate scanner data and portable tracking device data. Did I say “portable tracking device”? Ooops. I meant ‘smart phone’ – but that’s a topic for another day. So is DNA. Do we even need to talk about those?

I had a surreal conversation at Interop back in 2012, when I bumped into Radia Perlman, who’s one of the circle of people I occasionally wind up at conference dinners and on panels with. I love Radia because she reveals me for the dummy that I am. Walking around with her, at one point we walked past a smallish network-attached storage array and someone (loudly, so we both heard it) said something about “it’d make a great porn stash!” and Radia got pensive for a minute and then, typically, smiled hugely and said, “I was just thinking: you know, at a certain point there was probably produced enough porn that nobody could watch it all in their lifetime. At which point it would have made sense – barring changes in fashion – to simply stop making any more. In fact we probably passed a point a few years ago where it’d be easier to just give it away and there’d be no market for it.” As is often the case with Radia’s casual observations, it turned out to be correct.

“How good do you think the protections are on that data, by the way”: when Snowden started dumping his NSA secrets, he appeared to be getting coaching from someone very media- and politically savvy. Initially, in fact, I was happy to hear some of Snowden’s comments sound remarkably like he had been reading classical anarchist arguments like Robert Paul Wolff’s – but then, the energy of the thing petered out, and he was on the run, and the smear machine got to smearing. I remember feeling elated because I thought we were about to see a brilliant strategy unfold, but it didn’t. What I hoped was going to happen was Snowden says: “there are all these programs in place” and the NSA’s liar-in-chief (someone like Clapper) says “no, there aren’t!” at which point Snowden throws down the NSA’s own slides. And then Snowden says “and there are all these other things…” and the NSA lies again. And Snowden throws down more stuff. I was fantasizing, I now realize, but I imagined that he end-game was that Snowden was politically sophisticated enough to throw down outlines of the NSA’s dumps on a couple of prominent Americans. Because, you know they have that stuff (to be fair, I assume there are ‘oligarch triggers’ that flag an alert if an analyst tries to access Jennifer Lawrence’s phone camera-roll)  you can assume that there’s probably no protection on ordinary folks. In retrospect, Snowden’s disclosures only would have brought about change if he had dumped a bunch of the oligarchy’s personal data: Jeffrey Epstein’s texts, Nancy Pelosi’s emails, Kim Kardashian’s iPhone camera roll – stuff that matters.

By the way: if you do a google image search for “Marcus Ranum” be forewarned there’s a bunch of NSFW stuff. That’s deliberate. A bunch of years ago I decided to use my photography as a way of injecting a great deal of noise into some image classification algorithms. Does it matter? Probably not. I did it because I could.

A good piece on facial recognition from the Royal Society[rs]

I am told that gmail’s complete sender/recipient logs since the service began are about 100tb. And, of course they have them. Who’d delete something that delicious?

“How Convenient” – if US government were interested in, you know, right and wrong and rule of law, they wouldn’t go “look! a convenient gray area in the law! let’s exploit it!” they’d ask the supreme court for a decision, maybe air it publicly, and then act accordingly. The reason they don’t do that ought to be obvious: they know what the courts would say.

Emma Watson is a very interesting person, in terms of how much she “gets it” regarding her public interface. For example, she refuses to take selfies with fans, because she’s then geo-locating herself [cnn]:

For me, it’s the difference between being able to have a life and not,” Watson recently told Vanity Fair. “If someone takes a photograph of me and posts it, within two seconds they’ve created a marker of exactly where I am within 10 meters.”