Fifteen years ago the world was still reeling from a terrorist attack on a scale previously unthinkable. The destruction of the twin towers in New York and the Pentagon attack on 11 September 2001 resulted in nearly 3,000 deaths and 6,000 injuries. Everybody old enough remembers watching the footage: smoke and ash billowing through Manhattan, people jumping from unimaginable heights, the second tower going down.
In the wake of 9/11 came invasion and never-ending war; many, many more deaths than the event itself caused. The erosion of civil liberties and privacy, not just in the US but across the world, followed suit, as government surveillance expanded even further.
But in the new documentary A Good American, a man who knew the intelligence world inside out at the time makes an extraordinary claim. Bill Binney, a top mathematician from the National Security Agency (NSA), maintains that mass surveillance tactics not only are ineffective today, but are the very reason 9/11 was allowed to happen.
The double paranoia of a surveillance society
It’s the seemingly random nature of terrorist attacks that make them so powerful. There is no ‘front’, no military, no rules. A suicide bomber can get almost anywhere. They can follow you down into narrow, dark tunnels and blow up the speeding tube train you’re both riding. It could be tomorrow, it could be now, it could be my street or yours, that school, someone’s church, that music venue. No one seems to know. It does not actually matter if the attacks are rare events, few and far between, because in our minds, the attacks are – in theory – imminent. Paranoia, vigilance and suspicion flourish.
This is what terrorism has in common with mass surveillance. Simply knowing that someone could be listening is enough; the simple knowledge of phone taps, fibre-optic cable intercepts, bulk acquisition of phone and internet records, is enough. We know, thanks to whistleblowers, that government surveillance in the US and UK operates on a vast scale. And that is enough to modify our behaviour. To be paranoid.
There’s an irony in these two phenomena having such a similar effect, when one is supposed to counteract the other. The use of mass surveillance against civilians is justified by governments on the grounds of the terrorism threat. And not just by governments either; large swathes of the population in countries where mass surveillance exists support such tactics, believing that extraordinary times require extraordinary measures.
But what if we’ve all been misled? What if the problem with mass surveillance hinges not just on principles of privacy, or the dangers of totalitarianism – but that the ‘collect it all’ approach doesn’t actually prevent terror attacks at all?
Shutting down the ‘dark places’?
Fast forward to 2013. On a much smaller scale, but similarly unimaginable in its brutality and shock-factor: a British Army soldier is brutally murdered in broad daylight, in a town near London. Lee Rigby, 25, was hacked to death on the street with knives and a cleaver; his attackers tried to behead him. They said it was an act of revenge, for the Muslims killed by British forces.
Rigby’s family have spoken out on the need for more intrusive surveillance to prevent such attacks, and his uncle Ray McClure gave evidence before Parliament during scrutiny of the Investigatory Powers (IP) Bill earlier this year. McClure accused internet companies of refusing to co-operate with law enforcement, and urged members of parliaments to support the bill, which proposes sweeping new hacking and surveillance powers (see our research from last week).
It’s a powerful argument: the clues were all there, but we were just too restrained, too careful about privacy, to do anything about them. The UK’s threat level has been rated ‘substantial’ or ‘severe’ for years now, rising to ‘critical’ twice in the past decade. More recently the focus has shifted to Syria and Iraq, and the growth of ISIL. In a speech on 8 January 2015 Andrew Parker, head of the UK's domestic security service MI5, argued that intercepting communications was vital to the prevention of future terrorist attacks. “The dark places from where those who wish us harm can plot and plan are increasing”, Parker said. “We need to be able to access communications and obtain relevant data on those people when we have good reason to do so.”
Parker cites Operation OVERT, supposedly the largest surveillance operation ever undertaken by the Metropolitan Police in London, which foiled the ‘liquid bomb’ plotters. He describes the importance of “coded conversations by email” which strengthened the evidence brought against the men – but adds that these were retrieved after the arrests, rather than in a data-sweep at the beginning. In fact the description of the two-year operation reads like a checklist of traditional, targeted surveillance: property searches, computer seizures, informants, foreign travel.
In the aftermath of something as horrific as Lee Rigby’s murder, or on the awful scale of Paris last year, political leaders want to provide answers. Speaking immediately after the Charlie Hebdo attack in January 2015, then prime minister David Cameron talked of “no-go areas” where terrorists cannot be tracked online – essentially, encrypted communication channels. He promised a new piece of legislation if the Conservatives won the election, to “make sure we do not allow terrorists safe space to communicate”. His party won, and their ‘Snooper’s Charter’ is now becoming law.
Or just swamping analysts with a data deluge?
But even the official report on Rigby’s murder admitted that stretched resources at MI5 were primarily to blame for the failure to follow up on numerous leads. Both of Rigby’s killers were known to the security services, and had been for years. Cracking encrypted chat wouldn’t have helped stop them – they’d actually been in contact with extremists in Yemen by phone, and one – Michael Adebolajo – had been arrested in Kenya in 2011, allegedly while trying to join an Islamist training camp in Somalia. It just wasn’t followed up properly.
In the case of attacks in Paris, Brussels, Boston and others, the perpetrators were known to security services. Targeted surveillance, granted by a warrant, is what would be normally be used in these situations – but experts, campaigners and insiders have all warned that authorities are too overwhelmed by the deluge of bulk data to do their job.
It’s the haystack analogy: When trying to find a needle in one, you don’t make the haystack larger. And yet that’s exactly what governments have been doing – as the Snowden leaks continue to demonstrate, the bulk interception of both metadata and content of our communications has been going on for years; legislation like the IP Bill is in part a justification of what’s already happening. But apparently it hasn’t been working.
Danny O’Brien, a digital civil rights campaigner, puts it bluntly: “Bulk surveillance clearly doesn't keep us safe from all terrorism, otherwise terrorist acts would have ended the day the governments decided to it was appropriate to scoop up everyone's personal data”. O’Brien is the International Director of the Electronic Frontier Foundation, a non-profit which has fought the US Government in court over its mass surveillance programs. Surveillance warrants should be targeted, he argues, and in accordance with the ‘Necessary and Proportionate’ principles which should guide policy-makers.
This warning about data overload was echoed by Bill Binney, formerly Technical Director at the NSA, speaking in a parliamentary evidence session in Westminster earlier this year. Binney, protagonist of A Good American and opponent of the NSA’s extensive domestic surveillance, told MPs to move away from ‘bulk’ acquisition of data. GCHQ, he said, “wants to collect between 50 billion and 100 billion records per day… but they may produce 1,000 or 2,000 analyses at most… The end result is dysfunctionality among the analysts and no prediction of intention or capabilities, no stopping of attacks, and people die.”
“People are subverted by power and are too weak to not use that power.” – Bill Binney
GCHQ analysts, and those at the NSA, seem to agree. A raft of documents leaked recently in The Intercept shows staff deeply concerned at their inability to process the vast amounts of data being dumped on them. One report showed that 97 per cent of the 5 million communications intercepted in the ‘PRESTON’ program had gone unseen.
We spoke to Binney ahead of his appearances at the Edinburgh and London premieres of A Good American. Aside from the operational problems of bulk interception, Binney is insistent that the political and moral implications are considerable. “Problem is, all this data is power”, he tells us, “that can be used against anyone for whatever reason. We have to trust our leaders to do the right thing. Unfortunately, people are subverted by power and are too weak to not use that power.”
The claim that mass surveillance prevented 54 terrorist attacks, long maintained by the US government, has been thoroughly discredited by experts. In the UK, an independent review of mass surveillance concluded that it is effective, but Ray Corrigan, senior lecturer at the Open University, tells us that of the six case studies provided as evidence “none provide sufficient detail to demonstrate that bulk collection was the key source leading to the identification of the criminals involved.” Privacy International, Liberty and other NGOs maintain that the independent review was biased, filled with ex-security service staff and failing to examine any question of proportionality.
Terrorism: Look at the ends, not the means
Lacking from the whole surveillance discussion, though, is the question of why terrorism seems to be increasing, and how to stop it. Not all – or even most – terror acts are carried out by jihadi extremists, but many of the most devastating ones are, and the growth of ISIL has made this an even more prominent issue. But questioning the motives behind this type of terrorism is a thorny topic – UK opposition leader Jeremy Corbyn is still getting flak for suggesting that, in the wake of the Paris attacks, the UK should not continue the “cycle of violence” it has so enthusiastically engaged in for decades in the Middle East.
Perhaps more people should listen to software designer Nadim Kobeissi who, following the attacks in Paris, wrote a response to the demands he was receiving, as an encryption designer, to ‘stop protecting terrorists’. He explained: “If we take every car off the street, every iPhone out of people’s pockets and every single plane out of the sky, it wouldn’t do anything to stop terrorism. Terrorism isn’t about means, but about ends.”
Kobeissi describes the devastation in the south Beirut neighbourhood where he grew up, when Israeli jets carpet-bombed his home in 2006. Returning some years later, he says, he found that nothing had changed; people had little hope, were grieving of friends and family, and were supported only by Hezbollah. “That’s what’s causing terrorism, not encryption software.”
A Good American – UK screenings from today
Moving Docs is bringing A Good American to cinemas across Europe. Screenings are ongoing in Spain; launching this week in the UK, together with Take One Action and The Guardian Live; and from 12 November in Greece.