A critique of the terrorism/bathtub analogy

I’m feeling a bit like playing the role of Devil’s advocate today, my apologies for ranting on about this PRISM thing by the by. In a recent blog article on The Economist (Foiled plots and bathtub falls) a case is made that the loss of life in the USA due to terrorist attacks (around 3,000 in 2001) is so small compared to other causes—such as 29,573 gun related deaths—that the measures taken by the government to prevent terrorism are currently to extreme and ought to be subjected to a cost-benefit analysis. In the end the main question put forward is this: If the same number of people died in slippery bathtub incidents, would we want to give the NSA this much snooping power to prevent those deaths? I’m going to argue that this point is non-sensical.

An important source for the arguments in The Economist were taken from another article in The Atlantic (The irrationality of giving up this much liberty to fight terror). In this article the author gives an idiosyncratic and consequently rather introspective account of why the threat of terrorism hasn’t affected the lives of Americans in general. But his account stands in stark contrast with the facts of the repercussions of the September 11 attacks. The stockmarkets dropped sharply all over the world and trading was even halted for a time, tourism in New York plummeted, hundreds of thousands of people lost their jobs, the New York economy suffered losses in the order of magnitude of tens of billions of dollars and the attacks started two wars that in total have cost five trillion dollars to date. That’s a five followed by twelve zeroes, or roughly twenty times the number of stars in our Milky Way Galaxy. Psychologists also noted an increase in fear of flying and feelings of distress immediately after the attacks. And then to think that the death-toll from the attacks on the World Trade Center could have been far higher—some 50,000 people used to work in the twin towers on an average weekday, not including the visitors who numbered 200,000 per day.

Let’s also not forget terrorist are unfortunately not all stupid and sometimes have quite ambitious plans. There have been signals that terrorist have tried and are still trying to get their hands on nuclear weapons, such as from Russia for example. Maybe I’m just a bit suspicous by nature, but in this context I think it’s interesting that Obama is suddenly urging Poetin to cut back on the nuclear arsenal, in particular since the PRISM system has now been exposed and come under scrutiny. If a terrorist group ever get their hands on a loose nuke, an attack might cost the lives of 500,000 citizens in a major US city. Slippery bathtub, my foot!

And then there is the fact that the PRISM program is there to thwart plots. So I cannot help but ask what degree of plotting is involved in the thousands of diabetics who die each year. Or what about the thousands of drunk driving accidents? Where are the inebriated drivers gathering to plot the next fatal freeway pile-up? What deadly bathtub conspiracies are currently being scemed? And are they twittering about it? The point is of course that the NSA only works with communications, thus making all these analogies ridiculous. The slippery bathtub analogy—which I am almost certain was selected for half-humorous reasons—back-fires on itself. Another, better example should have been used such as the 12,664 murders commited in the USA during 2011. But suppose we could use a PRISM system to help uncover plots of US citizens to commit murder. Does that analogy still fall short of convincing people that the PRISM project might be an acceptable compromize after all? I wonder…

 

An opinion regarding the NSA’s PRISM affair

I must first say that when I first heard about the leak of NSA’s PRISM project I was entirely unsurprised. I really thought it was little more than a ‘public secret’ that digital communications were being monitored and stored by secret services. It’s a Spy vs. Spy world we live in, fueled by political, economic and military interests. And the technology for it is apparently available, so if you’re in the business of covertly scanning for nutcases who want to blow up stuff then why not use it? I would think it very unlikely that the NSA is the only intelligence organization with a PRISM program and intelligence gathering via the PRISM programs is probably widely shared with allies of the USA anyway.

But of course no-one will ever actually read your emails—no human anyway. I believe that globally nearly 300 billion emails are sent every day, which is a lot to go through. But most of it is spam though, so let’s assume the NSA has a decent spam filter. Then they only have to wade through around two billion emails every day. Now let me illustrate just how mind-bogglingly large this torrent of communication is. If it would take just a a minute on average to read an email, then one secret agent would have to read non-stop for nearly four thousand years to process them all. Perhaps a blessing in disguise, since it would would probably take him centuries to learn all the languages emails are sent in anyway. And when further taking into account that many emails tend be written less like a Shakespearean sonnet and more like what a monkey produces when left alone with a typewriter for five minutes, I think we should first and foremost pity the NSA people who would have to suffer reading them all. That’s probably why they would just write clever software to filter out ‘interesting’ emails anyway, just like Gmail does to target their ads. You would probably first have to try and get their attention with your behavior, such as ordering “Terrorism for dummies” on Amazon.com or whatever to show up on their scanners. So unless you’re a terrorist attending a discussion in the Al-Qaeda whatsapp group about a diabolical plan to attack the next world curling games, I daresay not a single spy is going to be very interested in reading any of your digital communications.

Furthermore, you only have to look at recent hacking affairs such as the Climatic Research Unit email controversy or the recent leaking of 6.5 million LinkedIn user passwords to realize that digital communications should never be considered to be private or secure. A wise user of email services, social networks and chat clients should act accordingly, such as not forgetting to log out when leaving the computer unattended (frape anyone?). Many GNU/Linux operating systems will offer you the option of encrypting your personal files upon installation, by using filesystem-level encryption or even disk encryption. And software such as GNU Privacy Guard and PGP have been around for many years now. I started toying around with these programs ten years ago and nowadays they are just so trivial to set up—a child of five can do it.

Yet in all these years I have not once signed someone else’s PGP key or received any email communication from my friends and family in which encryption was used to keep the contents of the email private. Part of me sometimes thinks some people secretly want to be spied on, and that everyone else simply doesn’t care. But maybe that will all change now. Perhaps we will also see a revival of the mail industry? I doubt the NSA will have the resources to photocopy two billion handwritten letters every day.

A review of “Codecademy”

Learning how to write programs for computers can be difficult if you don’t have a good learning method. And thus codecademy was created—a site that aims to enable it’s users to teach and learn how to code.

I do not recall how I came to visit the codecademy site for the first time, other than that it happened around a week ago. The site offers a number of courses—all of them gratis—and I decided to select the Python course (because I happen to like Monty Python). The site is very nice to use and beginning a lesson is pretty straightforward, once you sign up. I was pleasantly surprised to find that you do not even have to have a so-called IDE or programming editor installed on your computer, nor the interpreter/compiler for that matter. All coding and running of your code takes place within the browser or on their server. I think this is a huge convenience.

Each course is divided up into topics and every topic is again subdivided into exercises. All the exercises can be completed from within the convenience of your own browser and successfully completing a set of exercises earns you credit. Great, if boasting about your score turns you on. While all this sounds nice in theory, in practice things are a little bit different.

You see, in order to successfully complete exercises your code and/or the output of your program may be checked. This is done automatically, by parsing the lines of your code and/or output of your program. If your code does not meet certain requirements—such as using a specified variable name, or method name—then you will not get credit for completing the exercise of the exercise (even if your code works!) The site also suffers from bugs—sometimes you may write valid code that nevertheless only passes after reloading the page in your browser. That is really annoying. Furthermore, I find the selection of programming languages to be rather limited. At the time of this writing there are no courses for C, C++, nor Java, nor Fortran and PHP to name a few examples. Finally, it also seems that the courses are severely lacking when it comes to more advanced topics such as Graphical User Interfaces and Networking, or as one user lamented on the forum page after completing the last exercise “Now what?”. I think this is a pity. But the project appears to be rather new and hopefully new exercises and courses will soon follow.

On the whole, I think it’s a very nice idea and would encourage anyone to try codecademy—if only to get a small idea of what programming is about. Just as long as you realize that you will only be able to learn the basics…for now at least.