Re: group-based judgement

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Wed May 29 2002 - 22:07:07 MDT


On Wednesday, May 29, 2002, at 11:13 pm, CurtAdams@aol.com wrote:

> You can't ID anybody as a criminal based on skin color; but you often
> must take actions considering the *possibility* they are a criminal.
> You face decisions about which side of the street to walk on, who
> to watch at a store, or which exit to go out. If one ethnic group is
> more likely to commit a particular form of crime, those who consider
> that fact while making the decision will, on average, be victimized
> less often. Likewise, they will unfairly accuse the innocent less
> often.

As a security professional, I must say that this is inappropriate. They
should never "accuse" the innocent ever. They should have security
detection devices that work. They should have monitors that see crimes
when they happen. If your system accuses innocent people of crimes, it
is not working. it is not a solution to simply shift these problems
toward a minority race so that the majority race won't have to deal with
it.

> It's of great value if the value of correct action is more than 4 times
> the cost of incorrect inaction. Your chance of getting hit by a car
> when
> you cross a side street without looking is less than 10% but you're
> well advised to look anyway. And, if you're in a hurry, you might
> run across a side street without looking but you won't a freeway.

Again, as a security professional, I must stress that you should look
both ways before crossing the street! Arguing that you don't have too
look both ways on less busy streets is a recipe for disaster. This is a
faulty plan that will eventually lead to failure.

Why don't we argue that there are fewer linux viruses, and skip security
on linux boxes? Why don't we argue that you don't have to lock your car
if you're only going to be in the store for a few minutes? Why don't we
argue that we don't need to screen low-risk groups for HIV when donating
blood? Why don't we argue that most crimes occur at night so that
daytime security is not required?

The sad fact is, these arguments for statistical profiling don't buy us
anything, and we all realize that we want security for everyone all the
time. The only reason racial profiling is attractive, is it pushes the
problem of false positives onto the minority so most of us don't have to
deal with flaws in the system. The other profiling effects could cause
us to lose out, so we disregard those false arguments. But when it
comes to racial profiling, we aren't the victims so we don't care. The
losses occur to others.

> You can measure colors, sexes, etc., as well as anything. Certainly
> better than whether somebody has cooperated with you in the past -
> there are a gazillion ways you could have been had and not yet know
> it.

You keep missing the point. The only data you have is the data you
measured. This data should be accurate. But when you start inferring
data that you didn't measure, like crime from skin color, or terrorist
tendencies from natinality, your data becomes inaccurate. You are
programming judgements into the system that are not based on the
available data. This is invalid and doesn't work.

As a security professional, I understand risk analysis and statistical
calculations. The methods you are using are not valid. The are
disallowed for objective rigorous security design. They allow holes
through the system if the data detection system is not 100% accurate.
While no system is perfect, allowing known statistical probabilities to
introduce an expected percentage of false positives is not acceptable.
If the false positives outweigh the accurate detections, the system is
worse than useless according to security standards. I am not just
trying to voice some politically correct opinion. Professionally
speaking, your arguments are just plain wrong. I don't know how to
explain it any clearer, and frankly I am tired or arguing in circles.

--
Harvey Newstrom, CISSP <www.HarveyNewstrom.com>
Principal Security Consultant <www.Newstaff.com>


This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:29 MST