Josh Lee | Contributing Writer
It has been well over a year since Edward Snowden leaked classified files showing how the NSA and GCHQ were monitoring civilian internet activity on an industrial scale. Phone records, browsing history, private e-mails, Facebook messages and even medical and banking records could all be accessed by simply searching an individual’s name or telephone number without prior authorisation. Tech companies including BT and Vodafone had secretly granted GCHQ unlimited access to their network of undersea cables, which carries much of the world’s phone records and internet traffic. The most recent revelation describes how the world’s largest sim-card manufacturer, Gemalto, was hacked in order to allow both agencies to monitor the content of a large portion of the world’s cellular calls. Both agencies have been found to have acted unlawfully in courts of their respective countries.
The need for a government to have some degree of surveillance to counter security threats to the nation, or to identify criminal activity, is almost unanimously agreed. In addition, there has been a tolerance of ‘information-gathering’ in pursuit of the economic or political interests of a nation. However, a debate has raged over the necessity of blanket surveillance of the civilian population in order to catch “the needle in the haystack”. This practice has been defended in two ways. First, it is argued that the collection of metadata is essential to counter-terrorism operations, and secondly that those who are doing nothing wrong have nothing to fear.
A debate has raged over the necessity of blanket surveillance of the civilian population in order to catch “the needle in the haystack”.
The evidence against the counter-terrorism argument is substantial. In the wake of the scandal, NSA chief Gen Keith Alexander spoke at a Las Vegas security conference in which he referred to “54 terrorist related activities” that had been “thwarted”. He was later forced to apologise for the inaccuracy of that statement at a Senate Judiciary Committee hearing. The NSA itself has only publically identified four of these cases. The first two involved the transfer of money to groups affiliated with Al Qaeda. The second two involved the arrests of Najibullah Zazi and David Coleman Headley. Zazi was planning an attack on the New York subway and Headley, responsible for attacks in Mumbai in 2008, was planning an attack on a Danish newspaper. Crucially, neither of these two men were identified by the warrantless collection of metadata. Both were already known to the intelligence community and thus could have been monitored by obtaining a warrant, as was common practice prior to the 2007 and 2008 surveillance laws.
A valid argument has also been made that the volume of data being collected floods the system, making it harder to identify genuine threats. This is perhaps most relevant to the horrific murder of Fusilier Lee Rigby in May 2013. The UK’s Intelligence and Security Committee (ISC), chaired by Sir Malcolm Rifkind MP, published a report in November 2014 that stated, “given what the agencies knew at the time they were not in a position to prevent the murder of Fusilier Lee Rigby.” However, both of the men who carried out the murder were already known to UK agencies. Michael Adebolajo had been known since 2008, and at one point was classified as a high priority target after trying to enter Somalia to join al-Shabaab. Michael Adebowale, meanwhile, came to MI5’s attention in 2012. GCHQ monitored communications between Adebowale and a well-known Yemeni Al Qaeda contact codenamed “SOI Charlie”, but failed to pass the information onto MI5. SOI Charlie was also communicating with Adebolajo, and was responsible for linking the two attackers. Due to this failure of communication between GCHQ and MI5, this link was not noted.
Adebowale also used Facebook Messenger five months before the attack to communicate with a foreign-based extremist referred to as “Foxtrot”, to whom he described in graphic detail his future plot. One message even contained the phrase “Let’s kill a soldier.” In reference to this, Malcolm Rifkind and the ISC report stated, “It is highly unlikely that the agencies could have discovered this on their own before the attack.” However, information provided by Edward Snowden shows GCHQ, through the XKeyscore program, had virtually unlimited access to private Facebook messages. The contents of the messages would have been stored for between three and five days in the instance that they were not picked up by an analyst, in which case they can be stored for up to five years. The failure to discover the messages was evidently due to poor management on behalf of GCHQ, and nothing to do with a lack of power to act as has since been suggested. Mass surveillance is not just an abhorrent and illegal invasion of privacy, but an ineffectual one at that. It also seems to risk actively disrupting counter-terrorism operations.
The second argument, that those who have nothing to hide have nothing to fear, is perhaps true on a personal level. To the average person, whether their private information is being collected or not poses no risk to them. But what about the law abiding citizens who are being targeted by the NSA and GCHQ?
The types of people without whom we would still not know what harms security agencies were capable of were ranked as a threat second only to terrorists.
In March 2012, the FBI issued Google a secret search warrant signed by a federal judge, along with a gag order, which prevented Google from telling the media. The warrant required Google to hand over all the information they had on three Wikileaks staff members. This included all e-mails (even ones deleted by the targets), phone records and bank details. Snowden explained in August that that he chose to contact Laura Poitras as an outlet for his leaks as the NSA had targeted her for a documentary she made on the Iraq war.
Perhaps the most revealing insight into how the security services view journalists came from GCHQ. Its internal security assessments routinely list a hierarchy of “influencing threat sources” in which investigative journalists are ranked between terrorists and hackers. The types of people without whom we would still not know what harms security agencies were capable of were ranked as a threat second only to terrorists. One matrix even scored journalists with a “priority” of three out of five where terrorists scored two out of five. It was only for its lower score in “capability” that journalists ranked lower overall.
Both NSA and GCHQ operate in a manner that perceives the civilian population to be the “enemy”. The “if you’re not with us, you’re against us” assumption is a seductive one for the closed, secretive world of the security elite. Democratic openness is all too easily perceived as the problem. In the end, the unfettered exercise of large-scale information gathering makes us all less secure.
