NSA, Google Glass, and Confirmation Bias
Two stories that were literally too good to be true made news this week, one of them silly, the other much more serious. But the fact that both got wide circulation before being corrected shows once again the serious flaws affecting much of what passes for journalism these days.
Confirmation bias is the form of wishful thinking that causes us to believe things we want to be true. Everyone, even the most skeptical Journalist, is susceptible to it. During my years as an editor, the most important question I asked writers was “how do you know that?” I wasn’t interested in epistemology; I wanted them to convince me as thoroughly as they had convinced themselves. If they couldn’t, I sent them back for more reporting. But with the decline of those annoying but useful editors, this check on confirmation bias creeping into stories is much reduced.
This week’s silly story began with a tweet from MV Police Blotter reporting that “a man wearing Google Glass breaks window after walking into it while watching YouTube.” Anyone who bothered to check @MVPoliceBlotter’s tweets would have recognized it as a parody account. (The tweet immediately proceeding this one was about an assault with a baguette, with the Mountain View police collecting croutons as evidence.) Furthermore, the story was lacking such important details as the name of the Glass wearer and the address of the incident–but it sounded good.
The obvious red flags didn’t stop lots of sites, including the San Jose Business Journal (since taken down), from grabbing the story from a flood of retweets. John Markoff of The New York Times expressed some skepticism with a tweet of his own, and @MountainViewPD, the real Twitter account of the Mountain View Police Department, put an end to the nonsense.
The much more serious episode involved a report, circulated by Ars Technica and many others, that malware planted in the browsers of users of the Tor network and used to take down hidden sites hosting child pornography was phoning home to the National Security Agency. Now after all the revelations of the past few weeks, we are prepared to believe pretty much anything about the all-seeing, all-knowing NSA, though the obvious question of why an intelligence agency would be involved in what appeared to be a straight-up law enforcement matter, seems not to have been asked.
The reports were the results of some sloppy work by Baneki Privacy Labs, a consortium of security researchers, and Cryptocloud, that traced an IP address in the malware code to intelligence/defense contractor SAIC and ultimately to the NSA. But the work was done with out-of-date tools that were returning incorrect results. Baneki and Cryptocloud backed down after Wired‘s Kevin Poulsen raised some hard questions about the claim. (Ars has a good piece on the unraveling.) In the end, all we know is that the address in question is assigned to Verizon Business Services and very likely ultimately to SAIC through Verizon’s secure government operations data center.
But by the time the story got sorted out, the NSA connection had been widely reported, not as an interesting bit of speculation but as fact, for example, in this (still uncorrected) post by Cory Doctorow at BoingBoing.
Getting stuff right is hard, especially under time pressure. In the absence of editors or anyone else carefully reading copy before it is posted, we are all prone to letting what we think we know get ahead of what we really know. It is a temptation that must be mightily resisted.