The Privacy Act of 1974 requires the FBI to make reasonable efforts to ensure the accuracy and completeness of the records in this database. Last month, the Justice Department exempted the system from the law’s accuracy requirements.
This isn’t just bad social practice, it’s bad security. A database with more errors is much less useful than a database with more errors, and an error-filled security database is much more likely to target innocents than it is to let the guilty go free.
Example 3: Assume a 1% error rate (one in a hundred) and the same one in 10,000 ratio of guilty people. The results are very different. For every 100 guilty people the database correctly identifies, it will mistakenly identify 10,000 innocent people as guilty. The number of guilty people erroneously listed as innocent is larger, but still very small: one in 100.
Essays: Guilty Until Proven Innocent? - Schneier on Security
