By Fiona O’Cleirigh and Bill Goodwin
The French intelligence services could have prevented the Paris terrorist attacks of November 2015, a former US intelligence chief told MPs and peers.
William Binney, a former technical director of the US National Security Agency, told a parliamentary committee that intelligence agencies are missing important data on terrorist attacks, because they are overwhelmed with electronic data.
Giving evidence on the Draft Investigatory Powers Bill, which gives the intelligence services and the police bulk access to the population’s internet, email, and telephone records, Binney said that the approach risked overwhelming analysts with information.
The Paris attacks might have been prevented if French intelligence services had targeted their surveillance, he told the committee of MPs and Peers scrutinising the draft bill on 6th January.
“They could have got all that data right up front with the targeted approach, and they could have had the opportunity to stop them before the attack.”
Bulk data collection has led to lives being lost
The draft bill introduces new data interception powers for UK intelligence agencies and police, including a requirement that internet and phone companies keep records of their customers emails, phone calls and web browsing activities for 12 months.
But Binney claimed that history shows that the collection of the population’s data on such a massive scale, has resulted in people losing their lives, because intelligence analysts are unable to separate the important information from the mass of data collected.
“The end result is dysfunctionality of the analyst, and no prediction of intention of capabilities, no stopping of any attacks. People die,” he said.
Mass surveillance programme failed to help Danish intelligence services
Jesper Lund, Chairman of IT-Political Association of Denmark, who testified alongside Binney, told the committee that the mass retention of data had failed to help the Danish intelligence services.
Although Denmark started collection of internet records ten years ago, the scheme became redundant after seven years, through lack of use.
“The Danish experience, based on similar objectives as this bill, ended up with the conclusion that internet connection records were really not useful for law enforcement work.”
UK bill fails to make case for mass retention of data
The UK Information Commissioner, Christopher Graham, also giving evidence, said that the government had failed to make a clear case for retaining data clear in the 296 page draft bill.
“The one thing we don’t have in the voluminous material put before us is any real evidence, as opposed to the occasional anecdote, for the utility of the information that is sought.”
Twelve months was an arbitrary period to collect the population’s internet and email communications, he told MPs.
“There is no particular explanation why twelve months, rather than six months or eighteen months, is desirable,” he said.
In written evidence, the Information Commissioner, warned that there was an increasing danger the UK will become a society where few aspects of people’s daily private lives are beyond the power of the state.
“This poses the real and increasing risk that the relationship between the citizen and the state is changed irreversibly, and for the worse,” he said.
Calls for sunset clause on data collection
He told MPs and Peers that a sunset clause be introduced to allow Parliament to review the effectiveness of the surveillance powers in the draft bill.
“I think that it would be sensible and wise for Parliament to review from time to time how it is working in practice; what use is being used of this great mass of data that would be required to be retained by communications service providers,” he said.
Graham said that only two examples given in the draft bill of useful data that would be opened up to the intelligence services were “bizarre” – the electoral register and the telephone directory.
“That information is already available – explicitly – legislation is amended to make sure that that information is available to the security services.”
And he raised concerns over the additional security risks that would be created as a result of bulk data acquisition.
“Information rights are impacted and a risk is created simply by the amassing of this huge amount of personal information that may or may not be needed for the purposes for which it has originally been collected.”
The Information Commissioner said that he needed greater auditing powers to ensure communication service providers store the public’s internet data securely, and ensure that it is deleted after 12 months.
“I need that more specific legal power to make sure we crack on with things in a business-like way.”
Why Denmark abandoned its bulk collection programme
Jesper Lund, Chairman of IT-Political Association of Denmark, revealed that under the Danish interception scheme, fifty per cent of the population were not covered data collection. But even those who were covered yielded little useful information.
“Even in those cases, the police were not able to come up with a realistic case of use of communications records for the investigation,” he said.
This was partly due to the logistics of collection. The internet is not as structured as the telephone system, he said.
“Every communication is broken into packages, which are transmitted independently. The internet will be a really large database and there will be a needle in a haystack problem whenever you use this data.”
Lund said that citizens’ perception that all of their activities could be monitored by the state, raised questions of proportionality.
“Even if only a small fraction of that data is ever going to be accessed, citizens will still have the feeling that whatever they do on the internet is going to be accessed; that was not the case before.”
Asked by the Bishop of Chester why the British government has chosen bulk collection of data, rather than a targeted approach, Binney said that the UK was following the example of the US National Security Agency.
The NSA in-turn was motivated by finding ways to spend the large volumes of cash given to the organisation after the 9/11 attacks.
“They took [the approach] because the NSA took it. The NSA did it because of contractors and the interest of contractors in getting money and feeding. There was an awful lot of money upfront.”
NSA Gravy Train
Binney criticised former NSA who took their skills and contacts from the NSA into the private sector companies working on lucrative NSA contracts.
“People would retire from the NSA and then go and work for the contractors and use their influence to get more contracts.”
He said that such practices effectively compromised the decision-making process that should have been protecting ordinary citizens.
“Publicly, I accused them of trading the security of the people of the United States and the free world for money; and that is why they did it.”
In a challenge to Binney, Victoria Atkins, Conservative MP for Louth and Horncastle, said that many serving law enforcement officers and security services witnesses who have already testified to the committee in favour of increased investigatory powers.
“Their evidence has been that they need these powers,” she said. “Are you telling this committee that each and every one of those witnesses are wrong and, indeed, possibly misleading the committee?”
“I guess I am,” said Binney.