Read The New Spymasters Online
Authors: Stephen Grey
The use of intensive surveillance techniques was evidenced by the operation that discovered the 2006 plot in London to detonate liquid explosives on transatlantic planes. Those involved â young Britons mostly of Pakistani origin â had already raised suspicions because of their association with Rashid Rauf, a British Pakistani living in Lahore who was identified as a militant leader. (This was where the NSA and Britain's GCHQ became effective, when they had a starting point from which they could plot onward connections. It was rare that they could simply spot some anomaly in the ether, something suspicious in a randomly intercepted email. The main reason they found bulk interception useful was that, with huge storage capacity, they could sift retrospectively through all the harvested information and find past calls and messages once targets were identified.)
The level of surveillance and the mapping of the plotters' links were ramped up to include monitoring of the content of phone calls and emails â under warrants signed by the British Home Secretary. As suspicions grew, MI5 planted bugging devices in the men's homes and cars. The final stage â the physical surveillance of targets and listening to the content of calls â was always the most time-consuming. That explained why the FBI or MI5 would never have the manpower to follow every single lead. Although digital voice processing was improving, recordings of suspects still needed to be listened to by a human being. Following a single person on foot, without attracting notice, could involve twenty or thirty people. That was why, as one director of MI5 would put it, âBeing on our radar does not necessarily mean being under our microscope.'
27
Surveillance might be resource-intensive, but when directed against a small group â because of how society now embraced technology â a staggering volume of information became available. The fact that so many people carried a mobile camera-phone made everyone a potential spy. But the same camera-phone, and other personal technology, could be turned against a person and used to spy on them. The most valuable evidence-collectors were the suspects themselves.
Even among radical jihadists, who should have thought to be careful, it was surprising how many wanted to digitize their lives, to communicate online and record their innermost thoughts on their computers. Using different technical methods the NSA and GCHQ could frequently hack and copy such data.
Long before Snowden made so many of the tactics public, a member of the British Parliament's Intelligence and Security Committee disclosed: âIt is amazing how much these people are still chatting away to each other constantly, and how much we can pick up.' Such poor operational security reflected how these new recruits had been radicalized in the first place, through Internet propaganda and online forums. This was the dotcom generation of jihadis and they struggled to wean themselves off their digital fix.
For those who knew they were under surveillance, they might feel they were living in the dystopia foretold by George Orwell in his novel
Nineteen Eighty-Four,
where citizens âlive in a constant state of being monitored by the Party, through the use of advanced, invasive technology' and where hidden microphones and TVs with cameras inside could watch everyone ceaselessly. I once met an al-Qaeda suspect, an alleged financier, who felt so harried that he glanced in all directions constantly. As we sat in the café near St Paul's Cathedral, we could even spot an operative raising a camera to snap our little coffee rendezvous. But, unlike Orwell's description or, say, the Stasi in East Germany, where Orwell's vision was most closely realized, this surveillance was highly targeted. Unless a state chose the East German model and employed tens of thousands of operatives to monitor its own people, it was, if nothing else, impractical to watch everyone.
Nor was targeted surveillance as comprehensive and effective as implied, for example, by the 1998 film
Enemy of the State,
starring Will Smith as an embattled lawyer tracked everywhere by the NSA. Both electronic and physical surveillance had practical limits â and produced constant hiccups. In Britain, in July 2004, MI5 were tracking an al-Qaeda suspect, Dhiren Barot, who among other things wanted to blow up a tube train while it was under the Thames. But, though he was a prime target, MI5 embarrassingly lost track of Barot for five days in London. In 2006 he was sentenced to forty years in jail for his schemes.
28
In the US, the FBI trailed Najibullah Zazi all the way from Colorado to New York in 2009, but after he was stopped â on a pretext â by traffic cops on a bridge into the city, Zazi panicked. âEven though [Zazi] is not the brightest bulb in the terrorist chandelier, the thinly-transparent ruse of a “random” checkpoint stop did not fool him,' his lawyer said later.
29
The result was that Zazi managed to lose his surveillance, and destroy or hide the explosive detonators and other materials he had for a bomb attack. Also in New York, the following year, a Pakistani-born US citizen, Faisal Shahzad, was quickly identified as the man who detonated a car bomb in Times Square, but he could not be located for three days. He was only found when he was sitting on board a Dubai-bound Emirates flight at Kennedy Airport in New York.
*Â Â Â *Â Â Â *
The main problem with all this spying by digital surveillance was overload. The secret services were hoovering up digital information about the world's population much faster than their analytic capability could develop. It was like the proverbial needle in a haystack. Intelligence agencies had multiplied the needles they were searching for but multiplied many times more the haystacks in which they were searching.
And counterterrorism was the victim of its own success. The more that agencies arrested, killed or just disrupted members of a terrorist network, the more they split the group into lone operatives. This atomized threat made both human and technical methods harder. Surveillance had no leads to start with and no human insider was present to warn about the operative.
It is frequently argued by the ill-informed that âif only' a certain piece of data had been collected, then the attacks of 11 September and many others since would have been prevented. But the usual problem is different. Often the key piece of information has been collected but is, metaphorically speaking, shut in a drawer unread. The biggest problem, as ever, is to sift out the relevant from the irrelevant.
Surveillance can give only limited clues about future human behaviour for the same reason that human intelligence is difficult to re-create artificially. The human mind has almost limitless options. It is hard to predict with any confidence, despite past behaviour, what an individual is going to do in the future. This was why many in the secret intelligence world were so scornful of the idea their job was to predict anything. Regardless of the ethics, if security agencies try too hard to investigate âpre-crime', it is easy to get overwhelmed with either false positives (someone who in fact has never even contemplated doing something bad) or unprovables (someone who might have contemplated doing something bad but would not actually do it). The reason the investigation of the London liquid bomb plot was successful was that Britain was prepared to risk the conspirators continuing their work until they had moved to the stage of very active preparation, signalling and providing proof of a clear intent to actually carry out the crimes they had talked of.
In the US, the bar for action and level of risk tolerance were far too low. The result was the endless trail of false leads, based on huge technical trawls, that made FBI work so tedious and boring after 9/11. âWe were always on the trail of ghosts,' as one former officer put it.
While many leads were false, the system got so overwhelmed that positive leads were being missed. On Christmas Day 2009, a 23-year-old Nigerian, Umar Farouk Abdulmutallab, tried to detonate explosives hidden in his underwear on a flight from Amsterdam to Detroit. It was later discovered that a month before the attack Abdulmutallab's father had gone to the US Embassy in Abuja to report that his son was mixing with extremists. A report had been filed by both consular officials and the CIA. It entered the American terrorism watch list (known as âTide'), but not with any kind of flag that would have required a special search of Abdulmutallab when he attempted to board the plane. (There were also eavesdropped emails or calls that were missed. By one account, intercepts in Yemen had mentioned âan unnamed Nigerian was being groomed for an al-Qaeda mission, and other communications spoke of plans for a terrorist attack during Christmas'.)
30
The knee-jerk response to cases like that of the âunderpants bomber', as he was called, was to collect and analyse yet more information. But that only guaranteed more information overload. As one technical expert warned, âThe more data you collect, the more you struggle to process, interpret, and move it. The bad news is that an avalanche can bury you alive.'
31
Intelligence collection was being overwhelmed by its own capabilities, but the same high-speed digitization capabilities that the NSA could so readily exploit were also the source of added real-world complexity, to some extent neutralizing the advantage gained. Digital financial transactions, for instance, meant money movements were easier to trace, but also that they were faster. The world itself was getting harder to read. As the director of NSA's signals intelligence, Maureen Baginski, had explained in 2001, âYou could literally stare for 25 years at the Soviet land mass and never have this kind of volume problem. They were slow, so it was okay if we were slow. Today, it's volume, it's velocity and it's variety.'
32
*Â Â Â *Â Â Â *
One of the biggest weaknesses of the digital manhunt was that those most susceptible to being tracked digitally were the innocent. They had no special reason to encrypt their emails or adopt false identities or anonymize their use of the Internet. As the CIA discovered, when they worked through papers and files seized at his compound, Osama bin Laden had stayed completely off the telephone and Internet grid. He had sent couriers dozens of miles away to transmit his emails from random public computers. My research into the CIA's rendition programme showed that, at least in the early days after 2001, too often people had been wrongly labelled terrorist suspects because some overly simple link analysis had classed an innocent connection with a suspected militant as proof that that person was a militant too. An analysis of a terrorist's phone calls might show many calls to another number; he might have been calling his girlfriend, who had no knowledge of his crime. But the key call to a terrorist associate might actually be made via another phone â a payphone, for instance. This was the âlaw of weak connection': the weakest link might actually be the most important.
When I asked veteran intelligence officers about the quality of technical intelligence â particularly intercepts â over the years since the Second World War, most suggested that it went in waves. Over several decades, the CIA were sent a copy of every telegram in and out of the United States. All overseas phone lines were at one point tapped. There were years when interception had huge coverage. Then people found other ways to communicate, different codes and encryption, and legal restrictions were enacted by Congress. Some even argue that the expansion of the digital world has left the ultimate customer, the political leader and the security agency, with broadly the same level of secret intelligence, only collected now at vastly greater expense. âIt's just impossible to keep up,' said one former CIA chief of clandestine operations, although he did not suggest not trying. But while that pessimism is justified when dealing with hard secret intelligence targets â those who try to conceal their secrets â the truth is that the modern citizen is easier to find and put under surveillance than ever before. What has also certainly changed, with advances in technology, is the ability of technical intelligence to work really well in hindsight â in reconstructing events and tracing known enemies. It remains, as always, much less good at looking forward and predicting new targets, new threats.
*Â Â Â *Â Â Â *
With all this tracking and technology, how have real spies fitted in?
In Britain, the intense study of travel plans and networks of suspected militants helped pinpoint targets for recruitment of agents. Of particular interest was anyone who had attended places where militants ran training camps (such as the Pakistani tribal areas or Somalia) or where there were active conflicts, such as in Syria. As Mike Sheehan, former counterterrorism coordinator at the NYPD, put it, âConnectivity back to the camps is the key to being operationally effective.'
33
According to some youngsters who were approached, and their lawyers, one method used by MI5 to recruit was to discover some violation of immigration laws in a suspect's family and then put pressure on the target to cooperate. MI5 has made use of new powers under the Terrorism Act 2000 to detain, question and search young British Muslims when they arrive back in the UK after a trip abroad. Although these individuals were not suspects, they said they were pressured to work as informants for MI5. Mohamed Nur, a 25-year-old community worker in Camden, north London, said he was visited by an MI5 officer and a policeman disguised as a postman. He told a newspaper, âThe MI5 agent said, “Mohamed, if you do not work for us we will tell any foreign country you try to travel to that you are a suspected terrorist.”'
34
His claim could not be verified, but within certain Muslim communities many youngsters certainly felt harassed. It was also arguable that, if useful intelligence could be garnered by such methods, then some ill-feeling was a price worth paying.
Security officials in Western agencies typically denied using blackmail, claiming it would backfire, would produce unreliable information and would be unethical. But as one veteran CIA case officer put it, âThat's all bullshit. We do what we have to do.' He pointed out there was a distinction between a straight and unsubtle blackmail threat and a more nuanced exploitation of a weakness. A recruiter might, say, let the target realize he was aware of that target's weakness (for example, that he had entered the country illegally), without uttering any explicit threat to expose him. Or, even better, once such weakness had been identified, the recruiter could try to offer himself as a solution to that problem (for example, offer to legalize his status). But, while less brutal, this was still a form of blackmail, he argued.