This was originally published on 18 May 2017 by the Lowy Institute for International Policy, Australia’s leading think tank.
As more details emerge about Donald Trump’s meeting with a Russian delegation last week, it appears that the worst fears of Israel’s intelligence agencies have been realised. While discussing the ISIS threat to aviation, Trump reportedly shared information identifying the source of recent reporting – an Israeli human intelligence asset.
Media reporting suggests that this intelligence had previously been tightly held within US Government circles. And that the full extent of the reporting had been withheld, even from the rest of the Five Eyes partnership.
On the face of it then, blurting out critical details in an attempt to impress Russia, a close ally of Iran, is about as bad as it gets. A former head of the Mossad has already suggested that Israel would think twice before sharing sensitive intelligence with the US in future.
As with all things Trump-related, it can be difficult to cut through the hyperbole. So just how big an issue is this? Read the rest of this entry »
The weekend before last, UK Home Secretary Amber Rudd did the rounds on the Sunday morning political chat shows, in the wake of the Westminster terrorist attack. Her comments around encryption, tech companies and their role in the fight against extremism and terrorism have (as she no doubt intended) dominated the news cycle and shaped the public post-mortem into the attack.
In response, I tweeted some initial thoughts, which I’ve included below in a slightly less condensed format:
As many have observed, Rudd’s comments appear opportunistic at best, given what we know about London attacker so far. Most obviously, as he wasn’t under active investigation, access to What’s App or other encrypted services would have been irrelevant in his specific case.
Her comments and the reaction to them are however, yet another example of the simplistic debate that surrounds the encryption issue, and help to conflate different aspects of the problem.
Access to encrypted communications differs pre, during & post investigation. In the context of the Westminster attack, only the latter appears to apply. The battle between the FBI and Apple over the iphone of the San Bernadino attacker also falls under this category. However, Rudd’s reference to ‘terrorist communications’, presumably therefore refers to those under investigation.
Few would argue that the UK authorities should be able to access these communications. But in terms of approach, accessing the communications of known terrorists is very different to making an assessment of potential leads. In the former example, the authorities have options beyond direct warranted access; these aren’t easy, they require significant resource, and most importantly, they are not available to all agencies, most notably law enforcement bodies.
But given the range of powers in the IP Act, and how recently it was passed, it is hard for Rudd to argue that the UK is ill-equipped to counter the threat of known terrorists. Read the rest of this entry »
This was originally published on 24 March 2017 by the Lowy Institute for International Policy, Australia’s leading think tank.
Yesterday’s tragic attack in London was both predictable and widely predicted.
Since August 2014, the UK terror threat level has been ‘severe’, meaning that an attack is highly likely. The UK Government had repeatedly and very publicly warned of the likelihood of a terror attack, while preventing at least a dozen attacks over the last year alone. And a series of similarly low tech attacks across Europe over the past 12 months highlighted the deadliness of this attack methodology. This attack had been imminent for quite some time, postponed by the best efforts of the UK authorities.
And yet, the target and timing of the attack resonated. This was an attack in the heart of London at the home of British politics. With much of the UK media in attendance, news coverage was instantaneous and comprehensive.
What was immediately evident was that while the attack came as a surprise, UK authorities and emergency services were well-drilled and well-prepared. Carefully worded statements were quickly released to the media. Transport plans kicked in, minimising disruption across the capital. And most obviously, the attacker was swiftly incapacitated. By early evening, a visitor would have found little out of the ordinary beyond an increased police presence, frequent sirens and temporary cordons around Westminster.
This was originally published on 25 November 2016 by the International Centre for Counter-Terrorism, a counter-terrorism think tank based in the Hague.
Earlier this month, ICCT Visiting Fellow Phil Gurski examined whether governments should consider offering ‘amnesty’ for foreign fighters fleeing the Middle East. He concluded that the arguments in favour of such a strategy – such as getting ‘formers’ to denounce so-called Islamic State (IS) – were not strong enough to outweigh the need to punish those who joined a barbaric terrorist group. As this assessment was in-part inspired by an article in which I’d made the case for an amnesty or plea bargain, I thought I’d re-visit my proposal and clarify how it could work in light of his comments.
There are three elements of the returning foreign fighter problem that make it so challenging, and the scale of the problem so uncertain.
Firstly – and particularly for signatories of the Schengen Agreement – the risk that fighters return home undetected. Secondly, when returnees are identified, their reason for returning is unclear. And finally, for those detected and arrested, the difficulties of securing meaningful convictions for terrorist offences committed in a war zone thousands of miles away.
Ongoing military operations in the Middle East are targeting the foreign fighter contingent. These air strikes, and the continued use of foreign fighters as suicide attackers, means the size of the potential returnee problem is likely to slowly reduce over time.
However, there are practical limitations to relying on a solely military response, not least the sheer scale of the foreign fighter problem. For countries targeting their own citizens, human rights concerns and questions regarding the rule of law limit how broadly a military option can be used. This means that despite military progress in Iraq and Syria, a significant outflow of foreign fighters remains likely.
Which is why now might be the time for governments to consider an alternative approach; one that reduces the number of foreign fighters for whom current location or future intentions are unknown. Read the rest of this entry »
This was originally published on 24 October by the Lowy Institute for International Policy, Australia’s leading foreign policy think tank.
In counter-terrorism, it sometimes feels like every silver lining has a cloud. While the Mosul offensive is making steady progress into the Islamic State-controlled city, this success risks triggering the movement of IS fighters from Iraq and Syria to Europe and beyond.
Even if an immediate mass exodus of IS fighters to Europe is very unlikely, those that do leave Iraq and Syria over the coming months will pose a serious threat, particularly in Europe where the returning foreign fighter problem has been described as the biggest current security issue.
Beyond the obvious threat posed by individuals with experience fighting for a terrorist organisation, there are three elements that make their return so challenging.
First, foreign fighters may potentially return home undetected; the Paris and Brussels attacks made it clear what consequences this could have. Second, even when their arrival is identified, their motivations for returning are unclear. And finally, even when arrests are made, securing a conviction for terrorist offences might prove difficult, partially due to a lack of admissible evidence and partially because many of the terrorist offences introduced since 2012 remain untested in court.
It is still unclear how many fighters will return home. As Islamic State crumbles, fighters are unlikely to behave as a homogenous group. This splintering of the threat into multiple locations and/or groups might make it even less predictable and more difficult to track.
For national governments, knowing which of their foreign fighter contingent will choose which route will be difficult. Attempting to address this uncertainty by monitoring groups and individuals in multiple locations will require intelligence and security agencies to expend a large amount resources.
Which is why now might be the time for governments to consider a more proactive approach to shaping the foreign fighter outflow – specifically through a foreign fighter ‘amnesty’ or plea bargain scheme. Read the rest of this entry »
This was originally published on 22nd September by Computer Weekly, the world’s longest-running IT magazine.
If some campaigners against the UK’s Investigatory Powers (IP) Bill are to be believed, the use of bulk powers (or mass surveillance) by UK intelligence agencies is not only bad for your privacy, but the powers are also ineffective.
Like all plausible arguments, this has elements of truth. Intelligence agencies are struggling to cope with data volumes. And missed intelligence leads have resulted in successful terrorist attacks. However, the argument’s conclusion – that these issues and failures are a direct consequence of a bulk data collection approach – is flawed.
This is primarily due to the conflation of a range of issues. Conflation between the National Security Agency (NSA) and the UK agencies; between collection and analysis; between metadata and content; and, most importantly, between the past and the present.
GCHQ today is very different from the NSA left behind by noted critic of the IP Bill, William Binney, in 2001. Similarly, six-year-old leaked documents don’t “prove” the flaws of a bulk data approach in 2016. And the importance of bulk data to UK agencies is not invalidated by the questionable value of one domestically focused US collection programme.
If UK intelligence analysts are “overwhelmed by data”, there is little to suggest this is a symptom of bulk powers. Instead, it reflects the extent of the challenges faced by the UK government – there are too many intelligence targets. And, fundamentally, the reality of life in 2016 – multiple communications devices, permanent connectivity, and data generation on an unprecedented scale.
So how do the UK intelligence agencies use bulk data in 2016? read more
If the opposing sides in the mass surveillance debate agree on anything, it is the analogy that best describes the job of intelligence agencies. From Edward Snowden to UK Home Secretary Theresa May, the case for and against bulk communications data (particularly in counter-terrorism) rests on the best way to find ‘a needle in a haystack’.
As someone with recent experience using bulk communications data to identify and disrupt terrorists, I’ve always been struck by the gap between this analogy and the reality of my former day job.
Firstly, the similarities. Terrorists are usually extremely difficult to find. And the global nature of the terrorist threat means that you are searching for them across a large area.
But the analogy suggests a laborious, repetitive and unskilled process; an individual manually wading through a stack of hay to find a tiny needle. Using traditional methods – as a 2014 conceptual art performance demonstrated – this is extremely time consuming.
Yet in 2016, there are smarter, more efficient ways of completing this task. Faced with one or a number of haystacks containing one or a number of needles, I could hire a metal detector on my smartphone. Or outsource the job via Airtasker.
Read the rest of this entry »