One of the outcomes of the Charlie Hebdo attack is that politicians are using the terrorist attacks to call for more intrusive surveillance legislation. For example the BBC reports that UK Prime Minister David Cameron says new online data laws needed. Gibbs and Hern for the Guardian interpret Cameron as calling for “anti-terror laws to give the security services the ability to read encrypted communications in extreme circumstances.” (David Cameron in ‘cloud cuckoo land’ over encrypted messaging apps ban, Jan. 13, 2015) This would mean that either back doors are built into communications technologies with encryption or the technologies are banned in the UK.
Needless to say all sorts of people are responding to these calls for new legislation by pointing out the dangers of deliberately crippling encryption. If there are back doors they can be found and used by criminals which will mean that all sorts of companies that need/offer strong encryption will move out of the UK. For that matter, what would this mean for the use of global systems that might have encryption. (See James Ball’s article in the Guardian, Cameron wants to ban encryption – he can say goodbye to digital Britain, Jan. 13, 2015).
What few people are commenting on is the effectiveness of SIGINT (signals intelligence) in cases like the attacks in Paris. Articles in The Globe and Mail and the Guardian suggest that a combination of human intelligence and early interventions would be more likely to make a difference. The alleged culprits were known to all sorts of people (neighbours, people at their mosque, police). The problem was how difficult it is to know what to do with that information and when to intervene. This is a human problem not a signals intelligence problem. SIGINT could just add to the noise without guiding authorities as to how to deal with people.
To be honest I don’t know what would work, and perhaps predictive analytics, for all its problems, could be part of identifying at-risk youth early so that they are not thrown together in prison (as the Paris attackers were) and so interventions could be organized. Nonetheless, we clearly need more studies of the circumstances of those that are radicalized and we need to seriously try to intervene in positive ways. The alternative is arresting people for intents which are very hard to prove and has all sorts of problems as an approach.
We also need research and discussion about the balance of approaches, something that is impossible as long as surveillance is inaccessible to any oversight and accountability. Who would know if funding was better spent on human approaches? Who would dare cut the budget to nice clean modern digital intelligence in favour of a messy mix of human approaches? How to compare approaches that are hard to measure given the thankfully small numbers of incidents?
And … we need to be able to talk openly about the issues without fear – Je suis Charlie