This was originally published on 24 October by the Lowy Institute for International Policy, Australia’s leading foreign policy think tank.
In counter-terrorism, it sometimes feels like every silver lining has a cloud. While the Mosul offensive is making steady progress into the Islamic State-controlled city, this success risks triggering the movement of IS fighters from Iraq and Syria to Europe and beyond.
Even if an immediate mass exodus of IS fighters to Europe is very unlikely, those that do leave Iraq and Syria over the coming months will pose a serious threat, particularly in Europe where the returning foreign fighter problem has been described as the biggest current security issue.
Beyond the obvious threat posed by individuals with experience fighting for a terrorist organisation, there are three elements that make their return so challenging.
First, foreign fighters may potentially return home undetected; the Paris and Brussels attacks made it clear what consequences this could have. Second, even when their arrival is identified, their motivations for returning are unclear. And finally, even when arrests are made, securing a conviction for terrorist offences might prove difficult, partially due to a lack of admissible evidence and partially because many of the terrorist offences introduced since 2012 remain untested in court.
It is still unclear how many fighters will return home. As Islamic State crumbles, fighters are unlikely to behave as a homogenous group. This splintering of the threat into multiple locations and/or groups might make it even less predictable and more difficult to track.
For national governments, knowing which of their foreign fighter contingent will choose which route will be difficult. Attempting to address this uncertainty by monitoring groups and individuals in multiple locations will require intelligence and security agencies to expend a large amount resources.
Which is why now might be the time for governments to consider a more proactive approach to shaping the foreign fighter outflow – specifically through a foreign fighter ‘amnesty’ or plea bargain scheme. Read the rest of this entry »
This was originally published on 22nd September by Computer Weekly, the world’s longest-running IT magazine.
If some campaigners against the UK’s Investigatory Powers (IP) Bill are to be believed, the use of bulk powers (or mass surveillance) by UK intelligence agencies is not only bad for your privacy, but the powers are also ineffective.
Like all plausible arguments, this has elements of truth. Intelligence agencies are struggling to cope with data volumes. And missed intelligence leads have resulted in successful terrorist attacks. However, the argument’s conclusion – that these issues and failures are a direct consequence of a bulk data collection approach – is flawed.
This is primarily due to the conflation of a range of issues. Conflation between the National Security Agency (NSA) and the UK agencies; between collection and analysis; between metadata and content; and, most importantly, between the past and the present.
GCHQ today is very different from the NSA left behind by noted critic of the IP Bill, William Binney, in 2001. Similarly, six-year-old leaked documents don’t “prove” the flaws of a bulk data approach in 2016. And the importance of bulk data to UK agencies is not invalidated by the questionable value of one domestically focused US collection programme.
If UK intelligence analysts are “overwhelmed by data”, there is little to suggest this is a symptom of bulk powers. Instead, it reflects the extent of the challenges faced by the UK government – there are too many intelligence targets. And, fundamentally, the reality of life in 2016 – multiple communications devices, permanent connectivity, and data generation on an unprecedented scale.
So how do the UK intelligence agencies use bulk data in 2016? read more
This was originally published on 1st September by ‘The Interpreter’, a blog run by the Lowy Institute, a Sydney-based think tank .
Although often identified as the group’s spokesman and chief propagandist, Adnani’s role was much more significant than that. Adnani was one of the group’s first foreign fighters and longest-serving members, having joined the nascent group in 2000. If reports are to be believed, he was even being groomed as a successor to Islamic State leader Abu Bakr al-Baghdadi.
This is not to underestimate the importance of his role as spokesman. While his messages are unlikely to have the radicalising resonance of Anwar al-Awlaki, Adnani’s blunt missives against the West made an impact.
Take, for example, Adnani’s call in 2014 for Islamic State supporters to ‘smash his head with a rock, or slaughter him with a knife, or run him over with your car…’ and the wave of unsophisticated but deadly attacks over the past two years, culminating in July’s truck attack in Nice.
Yet Adnani’s significance goes beyond his ability to recruit and legitimise the violence of disparate individuals and groups across the world. read more
This was originally published on 9th August by ‘The Interpreter’, a blog run by the Lowy Institute, a Sydney-based think tank .
The New York Times revealed more details last week about the activities of Islamic State’s external operations unit, the Amn al-Kharji. Central to the report was an extensive interview with returned German foreign fighter Harry Sarfo.
This isn’t the first time Sarfo has spoken to the media. Since his return from Syria in July 2015 and arrest by German authorities, he has given interviews to Der Spiegel and The Independent. And aside from including a (very worthwhile) video interview, little of what Sarfo said in the article was new.
What makes the story most noteworthy is that the events of the past few months are starting to make Sarfo’s testimony look worryingly accurate.
His claim that ‘hundreds’ of operatives have been actively sent back to Europe by Islamic State (rather than simply returning), seems less outlandish after a summer dominated by a series of terrorist attacks inspired or directed by Islamic State.
Sarfo’s claims are given further credence by unnamed US intelligence sources and other returnees. And Islamic State spokespeople (in contact with undercover journalists) have similarly referenced large numbers of trained and capable operatives in Europe.
I’d previously hoped that these figures were inflated. After all, consistency does not always equal accuracy. Terrorist groups seek to influence as well as inform those under their command.
But the more we learn about the importance of external operations within the Islamic State operational structure, the more feasible these figures appear. read more
The past few months have been busy on a number of fronts; as a result, my blog updates have been rather infrequent. I live in hope that this is about to change, but in the meantime, here’s an overview of what I’ve been up to since May:
Firstly, as has become tragically apparent in the last 3 months, the terrorist threat has evolved.
As I wrote back in January, things were always likely to get worse before they got better. Not just because of a shift in Islamic State’s focus as their state-building project becomes unstuck. But more fundamentally because the world, and Europe in particular, are paying the price for the counter-terrorism mistakes that allowed Islamic State and others to exploit the permissive operating environment in Syria and Iraq.
As a result, the focus of my research and writing has been on how intelligence agencies have responded to the evolving terrorist threat, and what this means for counter-terrorism in the short to medium-term.
- Back in May, I looked at the potential implications of a Brexit vote on the UK’s counter-terrorism capabilities. Three months on, we’re still not sure what Brexit means; unsurprisingly, the future of the UK-EU CT relationship remains similarly uncertain.
- In June, I looked at the dangers of retrospectively criticising intelligence agencies for dropping investigations or missing clues that in hindsight seem so obvious..
- Finally, post-Nice attack, I looked at the limits of counter-terrorism in the face of low-capability/high impact attacks from individuals with no or limited interaction with known terrorists.
I discussed all of these issues in detail on an excellent new Australian podcast Sub Rosa, released in early August.
I’m just about to finish a longer piece for the Lowy Institute for International Policy on resilience and reducing the perceived terror threat. I’m hopeful that this will be published in late 2016.
Back in late June, I presented at an excellent NATO-sponsored conference, ‘Terrorist use of the internet’ in Dublin. My paper ‘Beyond big data – surveillance, metadata, and technology-enabled intelligence opportunities’ is due for publication in early 2017.
The conference coincided with me relocating to Europe (specifically London) rather more permanently.
The move shouldn’t have too great an impact on the focus of my writing and research; I’ll continue to keep a close eye on developments in Australian counter-terrorism from afar, and write for the Lowy Institute. But it will allow me to have a greater focus on counter-terrorism in the UK and Europe, and in particular, on the ongoing attempts to update the powers available to the UK intelligence agencies.
Watch this space.
Like most terrorism analysts, I have spent the last 6-7 weeks re-evaluating the terrorist threat to Europe following the terrorist attacks in Brussels on 22nd March:
- Firstly, I analysed European and French preparedness ahead of Euro 2016 for the Lowy Institute for International Policy. Despite my initially positive response to Saleh Abdeslam’s arrest, my concerns about Belgian intelligence and law enforcement capacity were tragically realised within a matter of hours of my article going live.
- Two days later, in a piece for The Age newspaper in Melbourne, I looked at the flaws in the Belgian counter-terrorism approach. And looked at what next – both from a tactical, operational approach, but just as importantly, from a messaging perspective.
- Finally, I’ve written on the need for greater collaboration between European intelligence agencies. Not just ‘better intelligence sharing’ but a fundamental re-appraisal of how Europe approaches the terrorist threat over the next 3-5 years. The first piece was published by the Lowy Institute, with a shorter piece appearing in the re-launched i newspaper in the UK.
David Wells worked for UK and Australian intelligence agencies between 2005 and 2014, specialising in counter-terrorism.
If the opposing sides in the mass surveillance debate agree on anything, it is the analogy that best describes the job of intelligence agencies. From Edward Snowden to UK Home Secretary Theresa May, the case for and against bulk communications data (particularly in counter-terrorism) rests on the best way to find ‘a needle in a haystack’.
As someone with recent experience using bulk communications data to identify and disrupt terrorists, I’ve always been struck by the gap between this analogy and the reality of my former day job.
Firstly, the similarities. Terrorists are usually extremely difficult to find. And the global nature of the terrorist threat means that you are searching for them across a large area.
But the analogy suggests a laborious, repetitive and unskilled process; an individual manually wading through a stack of hay to find a tiny needle. Using traditional methods – as a 2014 conceptual art performance demonstrated – this is extremely time consuming.
Yet in 2016, there are smarter, more efficient ways of completing this task. Faced with one or a number of haystacks containing one or a number of needles, I could hire a metal detector on my smartphone. Or outsource the job via Airtasker.
Read the rest of this entry »