Is mass surveillance necessary?

David Anderson QC, the independent reviewer of terrorism legislation, has just issued a report evaluating the effectiveness of bulk data collection in counter-terrorism, counter-espionage, and other work performed by the British security agencies. The report comes at a crucial moment as the government is attempting to steer its new surveillance legislation, the Investigatory Powers Bill, through parliament. That bill would give the government broad powers to hoover up emails (“bulk interception,” in the British government’s jargon), gather phone and internet records (“communications data”), hack electronic devices en masse (“bulk equipment interference”), and obtain “bulk personal datasets” on people not suspected of a crime.

However, human rightsgroups and some politicians have expressed reservations about the need for such intrusive capabilities. Earlier this year, in a debate on the bill, shadow home secretary Andy Burnham said that the government still had to “convince people that the powers are needed” and called for a review. In response, Anderson was appointed to conduct a fresh inquiry into the utility of such methods. His lengthy report largely vindicates the government, concluding there is a “proven operational case” for three of the bulk powers—bulk interception, bulk acquisition of communications data, and bulk personal datasets—and a “distinct (though not yet proven) case” for the fourth, bulk hacking. The impressive study gives more detail than was previously available and goes some way to establishing that such practices are essential. Use of other techniques, while “sometimes” productive, would be “less effective, more dangerous, more resource-intensive, more intrusive or slower” than broader powers, the report determines.

This is all well and good, but there are still reasons to be doubtful. The joint parliamentary committee assigned to scrutinize the bill interviewed multiple witnesses, some of whom criticized bulk tactics. One, former National Security Agency official William Binney, claimed that bulk data collection was counter-productive because it inundated the system with useless information, burying important leads and leaving analysts “overloaded.” His views appear to be corroborated by a secret 2010 report prepared for top British government officials which warns that MI5 is gathering more data than it is “able to exploit fully,” creating a “real risk of ‘intelligence failure.’” The report, leaked by former intelligence contractor Edward Snowden and published by The Intercept, backs up concerns about another British surveillance program, codenamed PRESTON, which targeted specific individuals within the UK but still collected far more information than analysts could adequately process. This issue was raised at a Lords debate recently, most vocally by Lord Strasburger, who warned that bulk collection could “risk hiding data about the bad guys under a tsunami of personal and private data about the 99 per cent of us who will never be terrorists or paedophiles.”

The US has pursued similar surveillance programs, involving broad email and phone record collection, since 9/11, when the Bush administration started tapping calls and collecting email and phone records in bulk. But this had questionable results. A 2014 study by the New America think tank, based on court records and other public data, found that bulk capabilities played a key role in a minuscule number of investigations, while traditional law-enforcement methods, such as tip-offs or the use of informants, initiated the majority of cases. After the Snowden revelations started emerging in June 2013 President Obama set up a special panel to review the NSA programs. It found that the bulk collection of phone records (“communications data,” in UK parlance) was largely useless, but determined that mass email interception was more effective. According to the review, email collection helped disrupt 54 terrorist plots, although it was unclear if more targeted methods might have sufficed.

New York Times reporter Charlie Savage obtained documents under the Freedom of Information Act appearing to show that the Bush-era program generated few, if any, useful leads for the FBI. The NYPD, working with the CIA, have placed Muslim communities in New York under broad, suspicionless surveillance since the 9/11 attacks, as the Associated Pressrevealed in 2012, but it was later admitted in court that these activities yielded no leads. Of course the US and UK programs are not identical, and it is possible, as Anderson writes, that the British system of “communications data,” is more effective than the now-defunct American version. But one still wonders if security services, faced with a deluge of intelligence, might be trying to drink from the proverbial firehose.

Far from needing more data, governments have repeatedly failed to act on information they already had. The most prominent example here is, of course, 9/11, when the CIA acquired key intelligence about two of the hijackers in early 2000 but did not tell the FBI until August, 2001. More recently, the “underwear bomber” who attempted to blow up an airliner over Detroit in 2009 was listed in a US terrorist database prior to the attack but still escaped detection. Likewise, Boston marathon bomber Tamerlan Tsarnaev was added to a US government database before the attack, but his name was misspelled so he was able to leave and re-enter the US. In Britain, the men who killed Lee Rigby in 2013 were known to the intelligence agencies before the attack, but MI5, MI6 and GCHQ failed to pursue leads and share details. Those responsible for theCharlie Hebdo and November 2015 attacks in Paris were known to the authorities in advance, but, swamped by foreign fighters returning from Syria, European security agencies lack the resources to adequately monitor each potential threat.

Data, on its own, is not enough to foil terrorist attacks. Competent human resources are also required to process and share that data. No one doubts the importance of surveillance in counter-terrorism. But could we not monitor people the traditional way—using targeted warrants—without infringing on the privacy of so many? Should we and other countries divert precious resources away from gargantuan bulk programs to support more flesh-and-blood spies and analysts? While Anderson’s report makes a strong case for bulk methods, there are still reasons to be sceptical.