Every time we experience a man-caused disaster, we react with disapproval of our inability to see the now-obvious evidence of planning by the perpetrators.  Our indignation rises in proportion to the number of victims involved.   Unfortunately, our modern world presents even these mass-murder events a daily occurrences.  There is not enough to time discover how we should have seen one thing coming in advance before a new surprising event diverts our attention.

For example, the inspiration for this post is the recent GermanWings disaster and the strong theory that it was an deliberate act by a trusted pilot.  The news reporting of this event strongly suggest negligence in many areas for not being able to anticipate this problem.   The airline is accused of not being diligent enough to detect the suicidal ideation of the pilot.  The governments are faulted for overly protective medical privacy practices that prevented communication of medical (in this case psychological) information to people who could have acted on it.  (Never mind that the whole point of medical privacy is to prevent others from acting on it).  The airline industry is faulted for introducing a new failure mode in the case of the locked-from-inside cockpit door with cockpit-controlled override-lockout.   The regional airline authority is faulted for not mandating a policy to prevent an even brief period of a single person in the cockpit.   All of these complaints are now obvious given the observed data made possible by this event.   However, more recent news of the atrocious mass murder in Kenya, resulting in an equivalent number of deaths, distracts my attention.   A similar assortment of faults apply to this case as well.

Any news of a mass casualty event gets the attention of democracies that in turn demand remedial actions.   I propose splitting this collection of criminal events into two categories.  The copycat category involves scenarios where the perpetrators repeat a plan demonstrated by predecessors .   In an earlier post, I presented an example copycat crime in the form of ATM-card skimmers.  This crime proliferates by new criminals following the example of earlier criminals.   The innovative category contrasts with the copycat category because of the lack of a similar precedent.

In that post where I talked about copycat ATM-card skimmers also described innovations in increasingly elaborate disguises to elude detection of the skimmers.  Reflecting back on writing that article, I felt more upset by the innovation than the copycat.   Although the copycat criminal can repeat an earlier scheme with some confidence of success, the potential victim has the same access to information to look out for the copies. Certainly, there will be new successful victims with even the crudest copies of the earlier crime, but the outrage is lower because we have heard it before.   Also, at some point we begin to blame the victim for not being aware of this now old trick (as in the example of victims of the more trivial example is the three-card monte street hustle).  This is version of the old saying “fool me once, shame on you, fool me twice shame on me”.

Between these two categories, I think there is a higher demand for technological solutions (such as big data) to prevent the innovative crime.   This is just my personal impression.  Maybe I’m thinking that because the copycat crime involves already known parameters, we can use conventional technology to combat it, or we can successfully prosecute the criminal because we know what evidence we need to find.   Our hopes in rewards from more exotic forefront technologies (such as big data) are in its promise for preventing the innovative crimes.

Big data will disappoint us if we expect it will permit us to anticipate innovative crimes and prevent their first occurrence.  Big data is impotent for anticipating human innovation because big data is wholly dependent on the past.   The only data that is available is observed data.  Innovative crimes have not yet occurred to create the data for big data to use.   In addition, the observable data is limited by our understanding of what to look for.  We need some prior occurrence to justify the investment of new observation sensors to collect relevant data.   Even the analytics are tied to past experience.  We evaluate the analytics based on our experience of what actually happened in the past.

Everything about data is about the past.  Recent advancements in big data technologies have provided unexpected benefits because of its ability to act on ever more recent past.   Even with the fastest so-called real-time analytics, the observations and analytics are based on past-tense observations.   Big data is always reacting to what already happened.

As I wrote earlier, there are more data technologies than just big data.  I use the term big data to refer to the specific data processing of historic observations to obtain some result.  The same underlying technologies of storage, networking, and processing powers also benefit the field of simulation and modeling.   I make a distinction between simulation and big data although in practice commercially successful applications merge the two.  I prefer to keep model-generated (dark) data out of big data solutions in order to maximize the possibility of discovering new hypothesis.

Discovering new hypothesis is distinct from testing old ones.   Discovering a new hypothesis involves a human innovation.  The innovative criminal uses hypothesis discovery to uncover new vulnerabilities for a surprise attack.  The appropriate counter to such criminals is to use hypothesis discovery to uncover the vulnerability before the criminal can exploit it.   Hypothesis discovery does not jump out from pre-selected analytics of observed data.

The discovery of a new hypothesis is the discovery of missing data.   In scientific method, we demand that discovered hypotheses be tested with new experiments designed specifically to test the hypothesis to eliminate the possibilities it may be wrong.   That fact of demanding subsequent testing admits that there is data that we are missing.  The discovered hypothesis is the discovery of that missing data.

The innovative criminal benefits by discovering the missing data before anyone else.  He effectively has discovered a hypothesis but one that he can extract personal advantage.   Because the existing systems lack this data, the innovative criminal can proceed with his plans with little risk of detection until the plan is successfully completed.

The innovative criminal is a very competent scientist.   He is clever to discover the missing data (that makes a new hypothesis) and to carry out an experiment to expose new observations that can test his hypothesis.   There is no way to fight the innovative criminal using historical data because he is creating new data previously overlooked.  In analogy to my post about the information supply chain based on successive time-scales, the criminal is working at the nanosecond level while big data is operating at the millisecond level.  The criminal operates before big data can have an influence.  Big data can only react to the innovative criminal.

We invest a lot of hope into the prospects of big data for preventing the innovative crimes.  The budgetary justifications of several expensive government programs to invest in big data is that they will be able to prevent the innovative crime.   An example is the NSA that has several programs invested in studying persons data in an attempt to prevent surprising attacks such as the 9/11 attack.   There are many other agencies making similar investments with similar goals.  Yet these investments do not appear to be paying off in terms of preventing surprising events of large-scale importance.  A recent example is the government’s clear surprise at the collapse of the Yemeni government, leaving us no choice but to make an embarrassingly hasty and sloppy exit from that country.  We didn’t see it coming, and it appears we are still mystified about what is happening there.  It is going to take time for our data-centered thinking to catch up with the newly invented data of facts on the ground.

At this late date and after all of this investment with hopes that data will reveal the innovations, we are still surprised by events that in retrospect seem obvious.   Something is fundamentally wrong with our expectations for big data.  Big data is a false prophet when it comes to being an effective tool for intercepting future crime.

Returning to the GermanWings event of the copilot deliberately taking actions to crash the airplane, no data existed or can imaginably have existed that would have alerted us that this particular pilot had credible plan for doing something like this, or that he would do it on this particular flight.

The after-the-fact discovery of data is part of a forensic process.  In a forensic analysis we have a crucial piece of information that informs all of our subsequent investigations and interpretations.   That piece of information is that the copilot deliberately took actions with the successful intent of crashing the plane.   We interpret the subsequent discoveries of his past with the knowledge of that eventual consequence.   The forensic effort is valuable and benefits by as much information as we can gather.  But without that crucial piece of information of the crash event itself, we could not have anticipated this consequence.  The pilot provided that piece of information through a tragic event.

Outside of a recommendation to insist on never leaving a single individual alone in a cockpit, there is not much this analysis will do to prevent a future instance of a future mass-murder by airline pilot event.   Even though there were earlier examples of pilots deliberately crashing aircraft with fatal consequences, each one was as unique as this one is.   The information we discover about the copilot of the GermanWings craft is unique to just this one individual.  We could set up some profile based on some signature of traits from this one individual, but it would be so precise that we’d never encounter another one.

Some have suggested that the profile involve psychological testing for depression and suicidal ideation.  I don’t have much confidence in psychology in accurately making such assessments especially in a reasonably well-adapted individual such as this pilot.   I suspect that such a rule could disqualify a lot of competent pilots who would have had long careers of excellent safe operation of aircraft.   At the same time, I think it is certain that someone else will crash a future flight in a new and different way and for a new and different set of life circumstances.   In other words, I don’t think such a psychological profiling would be of any value at all.  I’m not an expert in psychological assessments, but I’m confident in the inevitability of some future catastrophic crash by a pilot’s deliberate action.

To have prevented this particular act, we needed access to a particular type of data that is outside of our reach.  We needed observations of what was going on in his private mind.   Although we have access to character witnesses of his past and access to information on his computer, it seems he did not leave much in the way of observable evidence to say this was going to happen.  I suspect the reason for this paucity of information is that even he did not know this was going to happen.

A recent report suggested that he had done some extra research on the operation of the locking mechanism of the cockpit door.  Given the importance of this safety feature, I would guess that security operation of the door would have been a substantial part of his training.   Even if there were active snooping on his online browsing habits, this information would not have caused any concern.  He was a pilot who was entrusted to use this safety feature that would be used in perhaps one of the more scary scenarios of flight.   I can imagine myself imagining how it might be defeated by some bad guy and then researching to see whether my fears are justified.   My point is that prior to the crash, there was no way to know why he was looking at this information and no reason to suspect any other motivation than his concern for assuring future safe flights.

The data we would be missing and indeed are missing to this day is what was going on inside his mind.   This is not something we can probe with any type of sensor.

Allow me to assume some futuristic technology that could indeed obtain information about private mental thoughts.  Even with this technology, we might not have been able to obtain information to alert us of a pending problem.  In the above example, he really may have been researching the safety feature of the cockpit door out of his legitimate concern for safety.  A probe of his mental thinking would have provided us reassuring information that he was conscientious pilot concerned about his future performance in case the feature were needed.   The idea for using this feature for his own evil plans may not have occurred to him until a later time.  The motivation for the research was not how to execute his plan, but instead he devised the plan from an idea triggered from this research.

Also, it is possible he had no advanced plan at all.  I have not heard of evidence of his writing or talking about his scheme.  He may not have thought he was going to crash the plane before the flight took off.  He might even have any thought of crashing any future flight before this one started.

The scheme may have occurred to him only at the moment when the opportunity presented itself when he was alone in the cockpit.  This is may have been his moment of hypothesis discovery.  The pilot was out of the cockpit.  He knew how to operate the cockpit-door-lock override.   He knew how he could start a descent into the mountains.

The idea could have occurred just at that moment.   If that were the case, there would be no possibility of discovering this data in advance.  He discovered the hypothesis, a plan to exploit an vulnerability, at the moment the vulnerability presented an opportunity.

A trivial analogy may be someone smashing a protected species of an insect (I was thinking of praying mantis, but it appears I’m mistaken about its protected status) on the spur of the moment of the surprising recognition that it was a bug.   We may know a person is prone to anxiety about bugs and about surprises but the only opportunity to observe that he was going to kill the creature was the brief moment after he was surprised by discovering its presence. That is the only time data could conceivably have been available to alert us of the possibility, but I doubt even then we would have firm data that the consequence of his reaction would result in the demise of the bug.  It is possible that raising his hand over the bug was for the initial intent of brushing it away and only later deciding to hit harder as his arm went down.

Likewise, the copilot may have conceived of his plan only at the moment when he was alone.  Even then, the intent may have been incompletely formed.  Although his initial act of locking out the pilot would have had bad consequences, his determination to complete the act may have gradually emerged as the situation progressed.   If this were the case, there would be no possibility of data to tell us this would happen before it actually happened.

There is no way to know for sure what was in his mind on that day.  Maybe some new evidence will emerge to show a clear statement of his plan in advance.  Even if that evidence comes up, my scenario of a spur-of-the-moment decision remains a possibility for future crashes.  I am surprised it hasn’t happened more often given the large number of flights that occur daily for decades.

A policy that demands that the cockpit will always have at least 2 crew members present is reassuring.  A spur-of-the-moment type decision seems less likely when there is a companion nearby.   However, that may be the only advantage of the policy.   A pilot with the planned intention of crashing the plane could easily come up with a plan to disable his partner.   That possibility has always existed.

At the beginning of this post, I suggested dividing crimes into copycat and innovative categories.  Big data technologies is most effective for the copycat crimes.   Big data has access to the same observations of prior crimes that the copycat is exploiting.

The crime-fighting power of big data is similar to computer antivirus software.   After an initial discovery of crime, we can create a signature of properties that identifies the crime taking place.   Also, we can invest in sensors to capture evidence for any future crime to facilitate investigation and prosecution.

I can see a value to big data in managing copycat type crimes.   However, there is less public anxiety about copycat crimes.  Because we already know a lot about the copycat crimes, we have some feeling of control over it.  Even without futuristic technologies, we have a confidence that we will be able to manage the copycats.

There is much more anxiety over the innovative crime, the crime that exploited something that never happened before.   This anxiety is what is funding a lot of initiatives in government (such as the NSA) to build large data systems to detect new plans before they can be acted upon.   I question whether this investment will ever pay off for the purpose of stopping innovative crime.   The information we need will never be found in observable data.

Hypothesis discovery is not observable.  Similarly, the newly conceived crime of the innovative criminal is not observable.   Even if the criminals share newly conceived plans using communications that can be intercepted, there is still the missing piece of information of their discovered hypothesis of a new vulnerability.   As in the GermanWings example, even if we knew he was researching the details of the cockpit door locking mechanism we would still be missing the piece of information that says “a trusted pilot could deliberately lock out his companion”, with the key word being “trusted”.   We would not have recognized the significance of this clue before the event occurred.

My point for this post is that there is a limit to big data’s capabilities of making our lives better.  Big data is great for uncovering the copycats, the trends of crowds, or the trends of habits.  There is much benefit to obtain by exploiting this kind of copycat data.

Big data technologies are incapable of uncovering human innovations.   In the case of crimes, human innovations can make life worse for many people.

The reason why we permit government to invest in intrusive technologies (such as NSA’s data collections) is because we want them to intercept the innovators before they can hatch their plans.   If this is our justification for such investments, then we are going to be disappointed.   From what I can tell, most of the focus on big data type solutions involve mining of personal data, or metadata.   The analysis attempts to uncover trends from personal data.  That analysis will uncover habits and crowd-influenced behaviors.   That analysis it highly unlikely to uncover the innovation.

This topic is very relevant to my notion of dedomenocracy.  My optimistic expectations of dedomenocracy assume that an exhaustive data collection can be sufficient to exploit happy outcomes and avoid unhappy hazards through frequent short-lived rules limited to only the most urgent issues.  This type of government must be robust to accept the consequences of deliberately harmful human innovations.   Those consequences are inevitable given the lack of prior information about the innovation.   The public may accept these occasional harms if on balance dedomenocracy’s benefits outweigh the harms, and if dedomenocracy is sufficiently agile to impose new rules immediately following the discovery of the innovation.

As I tried to illustrate with the GermanWings example, the innovation (hypothesis discovery) would not be predictable without knowledge of the innovation.   In the case of the spur-of-the-moment innovation, there would be no time to observe the innovation before the criminal carries out the act.

In our current (semi-dedomenocracy) experience, we continue to accept the safety of airline travel despite this one event, and we observe immediate impositions of new preventive policies such as requiring two crew members in cockpit at all times.   Airlines continue to operate with full loads of passengers.   The inability of the dedomenocracy approach to prevent the innovative harmful crime is matched by its agility in implementing protections against copycat crimes.

My observation is that there is no conceivable quantity of observable data that will through simple algorithms predict the innovative crime.  Like my example of the virus scan software needing first to observe a victim of a new form of malware in order to build a signature to detect its recurrence in the future, dedomenocracy needs its sacrificial first victims in order to observe the innovative crime.

As in the GermanWings example, the solution is agility of responding to innovative crimes as soon as they occur for the first time.   We have no means to predict the initial instance of the innovation.  Instead, we need to react quickly to implement counter-measures after the first instance of the innovation.

This reliance on agility to prevent copycats is not satisfying as the the stakes increase.  Future innovations can result in mass destruction with large numbers of casualties.   Such destruction could destabilize the government by removing key persons or key infrastructure.    Agility to prevent the copycats is not sufficient to protect the government.   We need a way to combat the innovators.   Analytics on observed data will not protect against innovators.  It can only facilitate rapid response to the initial actions by providing immediate forensics, quick protections against copy cats, and perhaps some remediation to lessen the harm.  The crime still needs to happen first in order for us to observe the innovation.

Realistically, a fully automated government by data will need some means to combat the human innovators to prevent the innovative crimes from occurring even for the first time.   This is why we invest in our current government data programs: to stop the bad stuff from happening in the first place.   In order to do this in the dedomenocracy context, we need a way to transform the first-time demonstration of the innovative crime into a repeat copycat crime.  The dedomenocracy needs a way to discover the innovation before the humans discover it.   Dedomenocracy needs to include artificial intelligence to anticipate human innovations first so that any human attempts at this innovation will be a copycat crime.

I am skeptical about artificial intelligence, but for sake of argument here let me assume we have sufficiently intelligent technology to beat humans at the game of innovation.   From recent news, there is no shortage of very respected technology leaders warning of the eminent rise of machines with super-human intelligence.   I will assume this occurs and such machines will participate my dedomenocracy.   I would modify my original definition of dedomenocracy to be government by data, artificial intelligence, and urgency.

There is still a huge problem of missing data.  Innovation is the discovery of missing data, not the discovery of data.   Humans are very good at discovering what is missing.   I will grant that our definition of artificial intelligence is a comparable (or even superior) capacity to discover missing data.

The problem is that there is far more missing data than there is observable data.  We already face challenges in technologies to capture and make available all of the observable data (exemplified by the Internet of Things).  In order for artificial intelligence to effectively anticipate every human innovation, it will need access to the vastly larger dataset of all possible missing observations.

Long after we have sufficient technology to handle observable data for a dedomenocracy, humans will remain competitive even against super-human intelligence in the game of discovering innovations.  In the context of crime, the humans will continue to enjoy the success of an innovative crime.  The superhuman intelligent machines had not yet discovered this particular vulnerability because it has been investing all of its time on the multitude of other possible vulnerabilities.   In other words, despite the superhuman intelligence, the machines are wasting time in discovering innovations no human will discover while the humans discover innovations before the superintelligent machines do.

Despite the super human intelligence, the humans can still compete because the universe of missing data is vast.  I alluded to this vastness when I described the comparably awesome extents of history and missed opportunity.  History has awesome qualities of all powerful, all knowing, and all present because history includes everything that ever happened.  Missed opportunity has the awesome power of the vastly far larger universe of the mysterious consequences of what might have happened.   Big Data’s aspiration of accumulating all observed data is comparable to history.   The innovators exploit the missing data with comparable vastness and mysteriousness of the missed opportunity.

Even including super-intelligent machines into the concept of dedomenocracy, there will remain the present-day complaint that the government needs to get lucky every day but the criminal human needs to get lucky only once.  This problem will remain long after we replace democracy with dedomenocracy.  The most dangerous criminal is the non-criminal who immediately acts on his newly discovered hypothesis.   Even superhuman intelligent dedomenocracy may not be able to discover this hypothesis first.

The missing data is the vulnerabilities of things.   Recently, there are many articles enthusiastically reporting on the emerging concept of Internet of Things (IoT).   This is indeed exciting in terms of the what kinds of benefits this will eventually bring.   However, the proposed data collection is of capabilities of those things.   It is easy to instrument a device to record any (or all) parameters of what the thing is supposed to do.

The missing data is the vulnerabilities of the thing.  Certain vulnerabilities will inherently become missing data.

If the initial designers were aware of the vulnerability, either they would improve the design to mitigate the vulnerability or they will include observations that of the vulnerability.  When that happens, the vulnerability will part of the data.

Inevitably there will be a large number of vulnerabilities that are not apparent during development time.   This problem is more acute today with short design cycles characterized by short term sprints, or scrum cycles.   The things in the IoT will be come with non-monitored and not-yet-known vulnerabilities.

Another characteristic of the concept of Internet of things is the vast diversity of things that will participate.  Virtually every man-made product can participate in the IoT.  Each of these products will come with their own unique set of unknown vulnerabilities eligible for future discovery.

The enthusiasm of big data and the prospects of IoT ignores the reality that all of this data will have no impact on intercepting the innovative criminal.   People will discover the missing information (the vulnerability).  Some of these people (with no prior suspicion of criminal intent) will take criminal advantage of this discovery.   I’m not sure if IoT will make prospects for crime worse than they are today.   But I am sure IoT will not do anything to make innovative crime less frequent or less damaging.