This article was originally published on 30 June 2017 by UK online newspaper iNews.
Earlier this week, Swedish daily newspaper Expressen published a series of interviews with former jihadis, focusing on their struggle to find work on their return to Sweden. Particular challenges included explaining long gaps on their CVs, and the ease with which potential employers could find undesirable photos of them online.
As was quickly pointed out, they are not the first group of 20-somethings to wrestle with these challenges, even if explaining away a photo with an AK-47 and dead Syrian soldier is slightly trickier than most ‘gap year’ returnees.
Unsurprisingly, they have attracted little sympathy. Youth unemployment in Sweden (as in much of the rest of Europe) is high; surely individuals who provided military support to a barbaric terrorist organisation should be at the bottom of the list? And more obviously, why aren’t they in jail, rather than complaining about their employment prospects?
Unfortunately, the reality of prosecuting returning foreign fighters is far from straightforward.
Firstly, there is often a significant gap between what intelligence agencies know about an individual, and what they can prove in court – reports from human intelligence assets or technical intercept are typically inadmissible as evidence. Secondly, foreign fighters have become savvier about what they share online, and about ensuring they leave behind electronic devices before returning to the West. And finally, even where a returnee slips up, it often only provides evidence of travel to Syria or Iraq, not involvement in terrorist activity.
As a result, Sweden, like the UK and much of the rest of Europe, is faced with a large number of returned foreign fighters but somewhat limited options when it comes to immediate prosecution. In the UK for example, approximately 400 foreign fighters have returned, each of which potentially has the skills and battlefield experience to pose a significant terrorist threat.
In parallel to attempting to build a prosecution case, authorities have two options, monitoring and rehabilitation.
As we’ve so painfully discovered since March 2017, there are limits to the number of individuals that law enforcement and intelligence agencies can monitor at any one time. Due to the inflated threat they pose, returnees will typically be near the top of that target list. But with new leads or threats emerging on a daily basis, monitoring is a resource-intensive threat management tool, not a solution.
Which is why countries across Europe – notably Denmark, Sweden and Germany – are combining prosecution and monitoring with returnee rehabilitation programs, offering returnees an exit strategy from violent extremism. Central to which, are employment opportunities.
The logic behind these programs is clear – reintegrating foreign fighters into society is cheaper than the alternatives of ongoing monitoring or a costly prosecution. And if done well, they theoretically provide a long-term solution, not a temporary band aid.
It is still too early to assess the success of most of these programs, but that remains a very big ‘if’. And despite the potential benefits from both a resources and risk perspective, this story illustrates that any attempt to operate them at scale is likely to face significant (and understandable) opposition.
This was originally published on 18 May 2017 by the Lowy Institute for International Policy, Australia’s leading think tank.
As more details emerge about Donald Trump’s meeting with a Russian delegation last week, it appears that the worst fears of Israel’s intelligence agencies have been realised. While discussing the ISIS threat to aviation, Trump reportedly shared information identifying the source of recent reporting – an Israeli human intelligence asset.
Media reporting suggests that this intelligence had previously been tightly held within US Government circles. And that the full extent of the reporting had been withheld, even from the rest of the Five Eyes partnership.
On the face of it then, blurting out critical details in an attempt to impress Russia, a close ally of Iran, is about as bad as it gets. A former head of the Mossad has already suggested that Israel would think twice before sharing sensitive intelligence with the US in future.
As with all things Trump-related, it can be difficult to cut through the hyperbole. So just how big an issue is this? Read the rest of this entry »
The weekend before last, UK Home Secretary Amber Rudd did the rounds on the Sunday morning political chat shows, in the wake of the Westminster terrorist attack. Her comments around encryption, tech companies and their role in the fight against extremism and terrorism have (as she no doubt intended) dominated the news cycle and shaped the public post-mortem into the attack.
In response, I tweeted some initial thoughts, which I’ve included below in a slightly less condensed format:
As many have observed, Rudd’s comments appear opportunistic at best, given what we know about London attacker so far. Most obviously, as he wasn’t under active investigation, access to What’s App or other encrypted services would have been irrelevant in his specific case.
Her comments and the reaction to them are however, yet another example of the simplistic debate that surrounds the encryption issue, and help to conflate different aspects of the problem.
Access to encrypted communications differs pre, during & post investigation. In the context of the Westminster attack, only the latter appears to apply. The battle between the FBI and Apple over the iphone of the San Bernadino attacker also falls under this category. However, Rudd’s reference to ‘terrorist communications’, presumably therefore refers to those under investigation.
Few would argue that the UK authorities should be able to access these communications. But in terms of approach, accessing the communications of known terrorists is very different to making an assessment of potential leads. In the former example, the authorities have options beyond direct warranted access; these aren’t easy, they require significant resource, and most importantly, they are not available to all agencies, most notably law enforcement bodies.
But given the range of powers in the IP Act, and how recently it was passed, it is hard for Rudd to argue that the UK is ill-equipped to counter the threat of known terrorists. Read the rest of this entry »
This was originally published on 22nd September by Computer Weekly, the world’s longest-running IT magazine.
If some campaigners against the UK’s Investigatory Powers (IP) Bill are to be believed, the use of bulk powers (or mass surveillance) by UK intelligence agencies is not only bad for your privacy, but the powers are also ineffective.
Like all plausible arguments, this has elements of truth. Intelligence agencies are struggling to cope with data volumes. And missed intelligence leads have resulted in successful terrorist attacks. However, the argument’s conclusion – that these issues and failures are a direct consequence of a bulk data collection approach – is flawed.
This is primarily due to the conflation of a range of issues. Conflation between the National Security Agency (NSA) and the UK agencies; between collection and analysis; between metadata and content; and, most importantly, between the past and the present.
GCHQ today is very different from the NSA left behind by noted critic of the IP Bill, William Binney, in 2001. Similarly, six-year-old leaked documents don’t “prove” the flaws of a bulk data approach in 2016. And the importance of bulk data to UK agencies is not invalidated by the questionable value of one domestically focused US collection programme.
If UK intelligence analysts are “overwhelmed by data”, there is little to suggest this is a symptom of bulk powers. Instead, it reflects the extent of the challenges faced by the UK government – there are too many intelligence targets. And, fundamentally, the reality of life in 2016 – multiple communications devices, permanent connectivity, and data generation on an unprecedented scale.
So how do the UK intelligence agencies use bulk data in 2016? read more
If the opposing sides in the mass surveillance debate agree on anything, it is the analogy that best describes the job of intelligence agencies. From Edward Snowden to UK Home Secretary Theresa May, the case for and against bulk communications data (particularly in counter-terrorism) rests on the best way to find ‘a needle in a haystack’.
As someone with recent experience using bulk communications data to identify and disrupt terrorists, I’ve always been struck by the gap between this analogy and the reality of my former day job.
Firstly, the similarities. Terrorists are usually extremely difficult to find. And the global nature of the terrorist threat means that you are searching for them across a large area.
But the analogy suggests a laborious, repetitive and unskilled process; an individual manually wading through a stack of hay to find a tiny needle. Using traditional methods – as a 2014 conceptual art performance demonstrated – this is extremely time consuming.
Yet in 2016, there are smarter, more efficient ways of completing this task. Faced with one or a number of haystacks containing one or a number of needles, I could hire a metal detector on my smartphone. Or outsource the job via Airtasker.
Read the rest of this entry »
Following my recent blog post on big data in counter-terrorism, I was asked to provide formal input to the Joint Committee assessing the UK ‘Draft Investigatory Powers Bill’. My full submission is available here; I have adapted it below.
To understand the utility of bulk communications data in intelligence and CT, you first need to re-consider the needle/haystack analogy typically used when discussing intelligence agency use of bulk datasets.
Instead, think about how you use the Google search engine, and how much Google – like the ability of intelligence agencies to process big data – has changed over the past 15 years.
Initially, Google only allowed relatively simple search terms. Many businesses had little or no internet presence, while Google’s ‘web-crawling’ technology did not necessarily access all those that did. In short, it lacked a comprehensive dataset to query, and as a result, it was difficult to use with confidence.
These data inconsistencies meant you could not be certain that Google had access to the data you were looking for, or whether the results it pulled back were relevant to your initial query. Like the intelligence analyst Mr Binney describes, you were confronted by too much irrelevant data. Even after clicking through multiple pages of results, you might not find what you were looking for; an alternative, more targeted method (say a local phone book) was often more effective.
In 2016 however, ‘big data’ is a reality. The internet is growing exponentially and plays a central role in everyday life. As a result, the Google search engine has access to a comprehensive and growing dataset. It is in the business of ‘bulk collection’. read more
William Binney, a former NSA technical director and whistle-blower, made headlines last week with his eye-catching claim that the UK’s draft Investigatory Powers (IP) Bill would ‘cost lives.’
Speaking to the Joint Committee considering the Bill, Binney claimed that bulk collection inevitably leaves intelligence analysts inundated with too much data. And that in counter-terrorism (CT) investigations, this would lead to key leads being missed and ultimately, the loss of life. He concluded that there was ‘no good operational case for bulk interception.’
Binney is unusual in the debate about surveillance and privacy – he is a privacy advocate who has previously done the day job of intelligence collection with distinction. As an expert witness, he has credibility.
But unfortunately in this instance, Binney’s views on the consequences of the UK’s proposed intelligence gathering approach are based on a flawed premise. And the intelligence agency he describes is based on out-dated or selectively leaked information. read more