Making the case for privacy in libraries after an atrocity

We must continue to defend civil liberties, no matter how difficult it seems

There is never a harder time to argue in defence of civil liberties than in the aftermath of a horrific and deadly terrorist attack. It’s easy to argue for universal rights during periods of relative stability, after all, what harm could possibly come to pass? But during times of bloodshed, of anger and of disgust, it’s somewhat harder to step back and make the case for civil liberties, even when that case appears to suggest a lack of will to tackle the cause of the bloodshed. But it is important that we do so, because we can be sure that those that are the enemies of liberty and freedom will be seizing the opportunity (whilst simultaneously failing to see who they share that cause with).

The suicide bombing in Manchester was truly horrific. Words seem inconsequential in these circumstances. What can you possibly say to the friends and family of the victims? There are no words. Only horror and sorrow.

Not everyone is without words, however. As is the case with every prior terrorist attack in the West, attention turns to the motivations of the perpetrator, the beliefs of the perpetrator, the intentions of the perpetrator. Sadly, for some, this consideration of the motives and intentions leads them to consider that it is necessary to curtail civil liberties to prevent further atrocities. We hear this argument made time and time again. We cannot permit a safe space for terrorists, we cannot allow them to communicate and plot away from the gaze of the security services. We must permit mass surveillance if we wish to put an end to the terrorism on Western streets. The reality is that this chipping away of civil liberties will have no effect whatsoever, other than to degrade our civil liberties, limit intellectual freedom and subject us all to state scrutiny.

When I write/talk about surveillance and its effects, I always make it very clear that I am talking about mass surveillance, not targeted surveillance. It’s an important distinction for me. No-one in their rights minds would oppose targeted surveillance. Whilst the targets of such surveillance may often be unwarranted, we accept as a society that the security services should monitor activity where there is a suspicion that a violent act will be perpetrated. Mass surveillance is quite different. It places us all as suspects. It places all of our actions under scrutiny, regardless of whether there is an objective reason to monitor us or not. It is indiscriminate, and it’s an invasion of our civil liberties. It is not a strategy that will have any substantive impact on tackling the wave of terrorism that has affected the West in recent years (not that we should solely be concerned with the relatively low amount of terrorism in the West). Indeed, we will be surrendering our civil liberties on spurious grounds with no material benefit for the state other than to provide it with a wealth of information about every single citizen. A dangerous thing indeed when crisis hit democracies turn to unstable demagogues like Trump.

To date, there is no evidence that mass surveillance would have prevented a single terrorist attack. As Ryan Gallagher outlines here, the perpetrators of a number of terrorists attacks between 2013-2015 were known to the police and/or security services. Post-2015 it continues to be the case. The Brussels attackers of 2016 were known to the police. Khalid Masood was known to the police. The Stockholm attacker was known to the police. Abu Yousif al-Bajiki was known to the police. And Salman Abedi was known to the police.

Despite the fact that they were all known to the security services, the government continues to press ahead with its assault on civil liberties. Following the Manchester attack earlier this week, it has been revealed that:

UK government ministers are planning to enforce new powers that would compel tech companies like WhatsApp and Apple to hand over encrypted messages, according to a report in The Sun.

The report was published less than 24 hours after Salman Abedi blew himself up at the Manchester Arena, killing 22 people in the process.

The UK government reportedly intends to lobby MPs to ensure that new rules — being referred to as Technical Capability Notices — get passed through Parliament soon as the general election is over on June 8.

It is hard to see how this is justified. When it is clear that these individuals are known to the security services, it is unclear why there is a need to facilitate access to encrypted messages (effectively ensuring a backdoor), particularly when it places all of us at risk. (And when I say “all”, I should more accurately point out that it will affect us all disproportionately, particularly in terms of race.)

Many people working in libraries get jumpy about the argument that we should be encouraging the use of encryption in libraries, not least because they argue we should not impede attempts to apprehend those engaging in criminal activity. But it’s important to remember that these tools only really offer protection for the average member of the public, they do not protect those that are of interest to the security services. If you are a target of the state, no amount of privacy orientated tools will protect you. They will protect you against mass harvesting of data, but they will not hide all of your activities from the state.

In all of the incidents referred to above, better targeted surveillance is the answer. Forcing the tech companies to install backdoors, or to “ban encryption“, is not a solution. It merely places at all at risk. Indeed, given the tacit acceptance that there are rogue forces operating online, it seems the height of irresponsibility to make everyone more vulnerable rather than ensuring our security to protect against such elements.

Making the case for civil liberties in the aftermath of any terrorist attack is difficult. Arguing for greater privacy in our libraries is not an easy case to make when government and media argue that such privacy is an impediment to preventing terrorist attacks. The reality is that ensuring privacy protects the most vulnerable, it does not protect those that seek to commit atrocities. The alternative to mass surveillance is not no surveillance at all, rather it is better targeted surveillance. When it comes to protecting library users, we need to ensure we don’t fall into the trap of believing the former, no matter how hard the government or media try to persuade us otherwise.

The Snowden revelations had nothing to do with Paris

Surveillance

Mass surveillance is simply about control, we should resist the calls to permit mass surveillance by our intelligence agencies. (Image c/o Frederico Cintra on Flickr used under CC-BY)

Encryption. It’s the weapon of choice for terrorist communications. At least, that’s what they say. Within days of the attack, the director of the CIA, John Brennan, complained about the hand-wringing over mass surveillance and claimed that the Snowden revelations about intelligence gathering had made it harder to identify figures involved in Islamic State. This was followed by FBI Director James Comey calling for “access to encrypted data” to detect terrorist threats. With the government’s attempts to legalise mass surveillance via the investigatory powers bill, the use of encryption technologies is once again on the agenda.

And yet…

In the wake of Paris it does not appear that encryption technologies were used by the terrorists in planning and organising the events that took place last week. Reports on Wednesday suggested that rather than using complex encryption technologies, the terrorists were simply communicating using SMS. Alongside the fact that at least one of the individuals was known to the intelligence agencies, it’s not clear what difference either mass surveillance or the beloved (and non-sensical) back-door to encryption would have made in this particular case.

This notion that encryption technologies provides a safe space for terrorists to plan their activities doesn’t hold up to much scrutiny. Of course Snowden gets the blame, he’s a “traitor” to the US specifically and the West in general (how dare a whistle-blower reveal that states are monitoring the internet activities of all their citizens), but there’s scant evidence that his revelations have made any difference at all. Much less that they have endangered anyone in any Western state.

A report recently published by Flashlight underlines the extent to which any suggestion by politicians, or intelligence agencies, that Snowden’s revelations have forced terrorists to adapt their communications strategies is complete garbage. Dedicated to gathering intelligence about online communities in the “deep and dark web”, they recently produced a report that suggests the Snowden revelations have had a limited impact. The primary findings from the report include:

  • The underlying public encryption methods employed by online jihadists do not appear to have significantly changed since the emergence of Edward Snowden.

 

  • Well prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them. As a result, the Snowden revelations likely merely confirmed the suspicions of many of these actors, the more advanced of which were already making use of – and developing –secure communications software.

The second of these is so obvious, it seems bizarre that it needs to be stated. Of course terrorists would have been aware that intelligence agencies would be attempting to monitor them and of course they would have been taking precautions. The Snowden revelations merely confirmed what they already suspected and, ultimately, reinforced that they were correct to make use of secure communications software.

This understanding of the use of encryption software by terrorists is not new. Before the Snowden revelations, in 2008, it was noted that encryption technologies were no more frequently used by terrorists than by the general population. Furthermore, that encryption technologies were more frequently discussed by intelligence agencies rather than by terrorists, primarily because of it is more “technically challenging” and therefore less appealing to use. Those that were technically able were, of course, would clearly have been using the technology back in 2008 – long before the Snowden revelations. If researchers were writing papers on the use of encryption technologies back in 2008, then of course terrorists who were seeking to hide their activities from the state would also be aware of the existence of such technologies. It would be breath-takingly naïve to believe that they weren’t aware of such technologies pre-Snowden. And no-one could reasonable accuse intelligence agencies of being naïve. They know that this is the case, but the political urge for mass surveillance is so strong, the will to talk up the threat of encryption technologies is so tempting and the desire to prevent future whistle-blowers revealing the undemocratic activities of the state, that of course they will link any terrorist attack to the information revealed by Snowden.

What we need to remember is that this is part and parcel of an effort to make Western democratic societies accept the need for mass surveillance. The facts don’t support it, but the desire to create a state in which everyone is monitored ultimately leads to a disciplined populace more easily controlled by the state (see Foucault). Encryption isn’t the problem. Mass surveillance isn’t the answer. As Paris showed, the information was there, the clues were present…mass surveillance or back doors to encryption wouldn’t have made one iota of difference in terms of the tragedy in Paris. As politicians and ignorant political commentators talk up the need for mass surveillance, we must not forget that one simple fact.