This Security Expert Reckons Mass Surveillance Doesn't Stop Terror Attacks
This interview originally appeared in French on VICE France.
Today's terrorist attack in the Rhône-Alpes region of France, involving the decapitation of a man, has been met with widespread horror and condemnation. So have those in Tunisia, killing 28, and another in Kuwait killing 25. These horrific events are sure to fuel discussion about how to stop this kind of atrocity happening again.
Following January's Charlie Hebdo attacks in Paris, the French government decided to expedite a new surveillance law. Two days ago, on Wednesday 24th of June, French officials at the National Assembly gave the green light to that new law. France's new surveillance law has already been compared to the late American Patriot Act—an American anti-terrorism act passed after 9/11 which was criticised for its wide-sweeping powers that meant it was used against non-terrorists.
Such civil liberties concerns will be felt less acutely today. The argument that it was poor intelligence and surveillance that enabled terrorists to carry out the attack at the gas factory in Saint-Quentin-Fallavier have started circulating on French social media.
Back in March, we spoke to Bruce Schneier—an American cryptographer specialising in computer security. In his latest bestseller, Data and Goliath, Schneier makes the argument that—civil liberties implications aside—mass surveillance can't stop terrorist attacks. The interview takes on a renewed significance in the light of today's events.
VICE: The NSA uses the metaphor "connecting the dots" to justify its surveillance activities. However the US government actually struggles to ever connect those dots. Why is that?
Bruce Schneier: There is too much external noise when you do mass surveillance. The problem is that "connecting the dots" is neither the right method nor the right metaphor. When you look at a child's colouring book, connecting the dots is very easy because they are all visible—they are all on the same page and they have numbers written on them. All you have to do is move the lead of your pencil across your page, from one dot to the other, and there you go—the drawing is done.
In reality, those "dots" can only be seen and connected after things have occurred—so after each terrorist attack, if you want. When you look, it's easy to make the link between, say, an information request coming from Russia, a visit abroad, and other potential information gathered elsewhere. So with hindsight, we know who the terrorists are. That's why we're able to chase after them, but not stop them. Before an event occurs, there is an extremely huge number of potential "human dangers," and an even greater number of possible scenarios. There are so many variables to take into account that it's impossible to rely on a single potential course of events.
You're saying that mass surveillance cannot really stop terrorist attacks in the US. Would you say the same for France?
Mass surveillance is unreliable for statistical reasons, not for cultural or linguistic reasons. That analysis is valid for all countries, including France.
I was thinking more in terms of population size.
That doesn't change anything. Attacks can come from anywhere. So yes, mass surveillance is as ineffective in France as it is elsewhere.
So, the creation of a phone satellite that would intercept metadata and the black boxes that French operators would be provided with would be useless?
Yes. All it would do is breach people's right to privacy.
Why does France want to acquire such systems?
I can't speak for France, but I have a good idea of why the US use these techniques, even though they're pointless.
When intelligence officials speak in private, they acknowledge that mass surveillance is inefficient. But they see it as a sort of "insurance." They know that they need to be ready to do anything to fight against the terrorist threat, even if that entails doing something that's actually inefficient.
The problem is that the bureaucrats that make these decisions are not the people who feel their harmful effect. My guess is that France is thinking the same as the US.
Do you think these techniques already exist in France and that the new law is only a way of legitimising mass surveillance?
We know that national surveillance is not a new thing in France—it's been practised for decades. It's even been on the increase since we've started using online communication more and more. So yes, France is definitely trying to legitimise some already existing practices with this law, for sure, much the same way that many other countries are.
Is there any proof that the omnipresent surveillance that exists in the US—on the internet, with phone conversations—has actually helped to stop terrorist attacks in the past?
No. It's now a clear fact that the mass surveillance performed in the US has never stopped a single attack. On several occasions, the government was asked to justify its surveillance methods, and they have failed to ever do so. Sometimes, they provide scenarios and vague plans, but the data never withstands any test.
Are there better ways of stopping terrorist attacks then in your opinion?
What works and has proven efficient several times in the US, is to use "conventional" detective techniques—just following the clues. However there's an important caveat here: no method of surveillance or inquiry will ever stop a lone gunman.
There are simply never enough hints to stop the aggressor before he acts in such cases. Individuals such as the Fort Hood shooter, or Anders Behring Breivik , or the Charlie Hebdo attackers in France, will always be a problem. Early intervention aimed at identifying and helping troubled individuals before they become murderers is the only real solution here.