Skip to main content

NSA's MonsterMind AI project: good idea or worrying volatility?

In a recent Wired interview Edward Snowden revealed among other things that the NSA was (and may still be) working on a project codenamed MonsterMind. The autonomous AI would monitor all data traffic entering the US from anywhere in the world looking for potential cyber-attacks. It would then shut down the attack and could launch automated counter-attacks.

Of course, this would require analyzing all network traffic in order to design an algorithm that distinguishes normal traffic flow from malicious traffic.

“That means we have to be intercepting all traffic flows,” Snowden told WIRED’s James Bamford. “That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”

Read more: Microsoft openly offered cloud data to support NSA PRISM programme

On the surface it almost sounds like a good idea (apart from the wholesale violation of people’s rights and innumerous laws). But having the NSA protecting us from cyber-attacks against US citizens, corporations or government agencies seems to be exactly what the organisation was intended to do in the first place.

Now the part about MonsterMind being able to launch counter-attacks autonomously is a bit scarier. As Snowden pointed out a system like MonsterMind could theoretically be spoofed – or tricked into thinking an attack was coming from somewhere other than its true point of origin.

MonsterMind was still a work in progress when Snowden left and we don’t know if it was ever completed, implemented or if the project was scrapped (and the NSA certainly won’t tell anybody about anything…ever). But let’s assume they went ahead with it and set it up to run in a semi-limited capacity, say to evaluate each detected attack and only stop (quietly) those that the NSA deemed a true threat to national security while letting other attacks against private corporations or individuals pass through unchecked (because stopping all threats would imply that they had the ability to do so and that would mean, yes, they were monitoring all traffic and yes, they were breaking countless laws, etc.).

And what happens if they did actually finish MonsterMind and turned it on? What happens when someday someone does spoof the system and MonsterMind launches a counter attack that scrambles some air traffic control computer at a major airport and before the mistake is detected hundreds of people die in a fiery crash? Can the families of the victims sue the NSA or MonsterMind? Can an AI be sent to prison? Can it be…terminated?

My gut feeling is no. No one can sue the NSA (or any of its agents, including computer-based ones). No one at the NSA is accountable for anything the NSA does. No one, not even our own government can stop the NSA now that it has the bit in its teeth (they have too much dirt on every politician who would even suggest the programme be changed or halted). The NSA will never reveal what they are doing and no one can force them to. And even if our government decided to pass laws that would curtail the NSA, the agency has already proven, pretty much beyond a shadow of a doubt, that they don’t really care about laws.

Read more: Over 11,000 claimants join class action against Facebook's NSA collusion