The Australian Strategic Policy Institute (ASPI) has released a report canvassing the potential downsides of big-data analytics in the national security domain. In Big data in national security: Online resource, the think tank that advises Australia's strategic and defence leaders recommends policy makers not be swept up in the hype surrounding big data to tackle national security threats such as terrorism.
According to the report [PDF], challenges to big data analytics include overhyped expectations, the inherent complexity of big data, the difficulty of cost-benefit analyses, data siloes and fragmentation, and the opacity of algorithms.
"Ultimately, a great deal of these risks, vulnerabilities, and challenges arise from overblown expectations about big data unaccompanied by an equal consideration of the limitations and risks," the report reads.
"This results in poorly informed decisions and policy or, worse still, decisions and policy that operate on false positives or false negatives."
ASPI said addressing the limitations, challenges, and risks will be essential if the national security community is to use big data effectively.
The report looks specifically at the question of how big data, machine learning, and the associated analytics could be used in a national security frame, with ASPI calling on the country's national security community to lead the way.
"While big data has come with a staggering amount of hype, there are several key application areas. It will prove particularly relevant for Australia's national security community in finding data points that act as indicators of adverse events," the reports executive summary reads.
"But this is an emergent capability that will bring with it limitations, challenges, and risks that need to be clearly understood and managed."
The report said existing laws around data collection and surveillance lack clarity, and that the environment has changed since the legislation was written. Australia's last national security strategy was published in 2013.
As a result, it recommends the national security community develop clearer public definitions of data and what types of data agencies have the power to collect it.
Data anonymisation, or the removal of personally identifiable information from datasets, has been suggested as a way of more safely managing the use of big data; however, ASPI said privacy researchers have found that even basic re-identification methods have a technological and mathematical edge over anonymisation methods.
In total, ASPI makes 10 recommendations [PDF], with the first requesting the National Security Committee treat data as a strategic asset and coordinate the use of big data across the Australian national security community to leverage the data's network effects. It also wants the community to support the development of methods for estimating the potential value of data.
Similarly, ASPI wants the National Intelligence Committee to work with the privacy commissioner to develop analytical methods for quantifying privacy harm from big data analytics; and build on the national security big data analytic frameworks to provide measures for accounting for false positives, false negatives, and more general problems of data representativeness, bias, discrimination, and feedback loops. It also wants an avenue developed to override data-based decisions in the event they produce a "harmful" outcome.
In another recommendation, ASPI urges privacy laws covering all data, not just security data, be updated in line with best practice where they arise.
Further work by both government and academia is needed to develop methods to resolve algorithmic opacity, ASPI said, noting also that algorithmic black boxes cannot be permitted to become responsible for key national security decisions. Essentially, the think tank is calling for a human element to be involved in automated decision making where it affects citizens, a mandate existing under Europe's impending General Data Protection Regulation (GDPR).
It also suggests the national security community consider how to establish an audit and review process to mitigate adversarial attacks and data defects, as well as the inspector-general of intelligence and security provides strategic data governance across all agencies, along with the appointment of a specific chief data officer.
Speaking at the launch of ASPI's report in Canberra, Shadow Minister for Justice Clare O'Neil said she can see an application for the smart use of emerging technologies in tackling "significant" criminal behaviour, such as the issue of sex trafficking.
Of key importance to O'Neil is ensuring public confidence in law enforcement's use of big data and analytics, a theme echoed throughout ASPI's papers.