Why GCHQ should focus on targeted interception
Targeted collection of data, based on probable cause, is a more effective way of detecting and preventing terrorism and serious crime, said Binney.
At the NSA, Binney was responsible for the first internet surveillance programme, codenamed ThinThread, which used sophisticated analytical techniques to identify and capture internet behaviour that fell into a “zone of suspicion”.
The technology was able to identify the warning signs of potential threats and bring them to the attention of analysts automatically.
Take, for example, the Orlando shooting, night-club massacre in July this year, said Binney.
“The fellow was on the FBI list for a couple of years, and had stated intent to do harm,” he said. “Then, when he bought an AR15, it was obviously capability, so now you have intentions and capabilities, so that should have raised him right to the top immediately.”
The NSA cancelled ThinThread just before the 9/11 attacks, but a subsequent test-run on the NSA’s own data showed that programme would have prevented the 9/11 attacks by spotting critical information overlooked by NSA intelligence analysts.
The technology behind ThinThread has never been implemented and, as a result, Binney argues that intelligence agencies find it difficult to separate critical information from the mass of data collected.
“The consequence means that people die first and then they go after the bad guys once they know who did the deed,” he said. “This means they have lost the purpose of intelligence, which is to give an alert of threats in advance so that action can be taken to stop attacks.”
The Anderson Review examined 60 case studies, put forward by the intelligence services, and concluded that bulk surveillance powers were the most effective answer to terrorism.
Proposed bulk powers
Allows the security and intelligence agencies to intercept the communications of individuals and organisations outside the UK and then filter and analyse that material in order to identify communications of intelligence value. The intercepted material includes contents, and data, for example including the sender and recipient of a communication, the time the message was sent, and technical details about the network.
This power was a tightly controlled secret until November 2015. It allows security services and law enforcement agencies to obtain data about phone calls and emails of UK citizens from phone and internet providers. Under the Investigatory Powers Bill, records will be aggregated into a single database.
Bulk equipment interference
The Investigatory Powers Bill authorises bulk hacking or the insertion of malware into computers or network infrastructure to retrieve intelligence. The power is designed to circumvent encryption technologies. It was allowed for the first time in February 2015.
Bulk personal datasets
Bulk personal datasets contain personal data relating to a number of individuals, the majority of whom are unlikely to be of intelligence interest. They include databases on individual’s travel, financial transactions and databases on companies. They can be obtained through overt or covert channels.
Source: Report of the Bulk Powers Review
“The bulk powers play an important part in identifying, understanding and averting threats in Great Britain, Northern Ireland and further afield,” the report said. “Where alternative methods exist, they are often less effective, more dangerous, more resource-intensive, more intrusive or slower.”
But Binney argued that, on the contrary, the case studies proved the case for targeted data intelligence, rather than bulk collection.
“They were all [about] people that were known, so a targeted approach would have identified them all right away,” he said. “And you would get the data as it happens, not after the fact. So none of the cases really prove the case for bulk mass surveillance. They prove the case basically for a targeted approach.”