by Stephen Grey
Even the jigsaw metaphor did not convey the amount of ‘data points’ involved in modern terrorism analysis, insiders claimed. So many people and factors were being pieced together at once that only a computer, backed by large teams of brainy humans, could make sense of the problem.
The plotting of links between people, places, telephones, bank accounts and so on was nothing terribly new. But what was new was the scale of information available and in need of processing with the aid of machines. A glut of data was transforming intelligence. And it rarely brought enlightenment. As the bin Laden operation showed, secret intelligence was going digital. It was adapting to the new technologies that society was using as well as adapting its own specific technologies. This digitization is still incomplete. It is a transformation that has taken, and will continue to take, many years and the outcome is still uncertain.
* * *
In the specialized world of secret agents, technology had always been both a help and a hindrance. The secret agent in the traditional James Bond films was armed before his mission by ‘Q’, his quartermaster, with a series of wondrous high-tech toys, from exploding lighters to rocket-firing Aston Martins. In the real world, agents and handlers in dangerous situations try to carry as few gadgets as possible: they are too incriminating. ‘All those gadgets; that was just for Moscow hands,’ said one senior former case officer in SIS. (Under constant KGB scrutiny, Western intelligence officers in the Soviet Union did have to use ingenious devices to communicate with their agents.)
In the twenty-first century, though, even the purists acknowledged that technology was beginning to play a much bigger role in spying, starting with the preparation process for a recruitment attempt. Technology could be used to map out potential targets, to identify sources and to research profiles of people who might be recruited. ‘HUMINT informs and enables technical operations and vice versa,’ wrote Hank Crumpton, the former deputy head of the CIA’s Counterterrorism Center, after 9/11.22 Human agents on the ground, for example, helped suggest targets for surveillance and for air strikes by Predator drones in Afghanistan. In turn, the data from Predators helped to verify the reports from spies.
Crumpton also described how bad human intelligence made technical operations fail. He once went to great lengths to place a bug in an intelligence target’s apartment, only to have to remove it again after six months. The target had divulged nothing. It had been a bad choice. ‘Never underestimate the human factor; it’s the most important part of clandestine operations, more important than technology.’23
As had been the case with catching bin Laden, insiders said that the most important use of technology in fighting terrorism was in tracking, tracking and more tracking. It sometimes made an intelligence officer’s task feel more like police work than spy work. Paul Pillar, who retired in 2005 after twenty-eight years as a CIA analyst, latterly as a national intelligence officer for the Near East, said in an interview that the ‘basic process of taking information from human and technical sources and piecing it together’ was very similar to what domestic law enforcement did. Trying to make sense of some criminal gang was ‘very much part of the intelligence business. It was before 9/11 and it has been since then.’24
But whether used to track gangsters or terrorists, the science of surveillance became far more precise: borrowing the classic techniques of spy-catching from counterintelligence, adding the latest gadgetry of geolocation and bugging, and then turning them against the modern fanatic. ‘The techniques of identifying suspects, covert surveillance and bugging were developed to counter the Soviet KGB and GRU,’ said a former chief of GCHQ, Sir David Omand. These had been adapted, he said, and put to service against modern targets.25
Rather like JSOC had done in Iraq and Afghanistan, the civilian secret services began to adopt the technique of the ‘fusion cell’, where representatives of all the different secret agencies and of human and technical intelligence collection came together. In the US, this happened in the CIA’s ever-expanding Counterterrorism Center; in the UK, such teams were put together for different operations, both inside MI5’s headquarters on Millbank and over the river at SIS in Vauxhall. Even the listening agency, GCHQ, which traditionally kept aloof in its base in the West Country, sent its people to be fully integrated. Against the Soviets, where the counterintelligence risk was severe, the ‘need to know principle’ had been pre-eminent, but in this modern counterterror mission the (somewhat crass) slogan became ‘Dare to Share!’ Old hands at SIS found the change remarkable.
Modern global travel and communications had made the trail international. And that was why the secret services could be most effective. Planet Earth had no police force of its own; national and regional police forces struggled to get permission to operate in other countries, or get help from colleagues in other police forces. Foreign countries were often more willing to help if that assistance was kept secret. And if those countries would not help, then spy services had the option of jumping the fence and helping themselves to information.
As the West made counterterrorism the priority, a seemingly endless manhunt was launched that went far beyond the pursuit of people like Osama bin Laden who had already instigated murderous crimes of violence. Taking a lead from the French in the 1990s, secret services attempted to go after the crime in preparation, the conspiracy – what the 2002 movie Minority Report called ‘pre-crime’. While network analysis might of itself have been nothing new, it was now to be used for a wider range of targets, and to try to anticipate future behaviour.
So while much modern counterterrorist work was, to my mind, essentially police activity, albeit frequently conducted in secret or across borders, the contribution of the intelligence officer to this increasingly joined-up fight, Omand argued, was his future-oriented mentality. ‘Because the whole training of intelligence officers is forward-looking. It is predictive.’ The need to look forward was changing both intelligence work and police work, fusing their operations.
The view that intelligence work meant prediction was not shared by all. One former senior SIS officer rejected the whole idea. ‘It is a real fallacy, a widespread one, that we do prediction. Secret intelligence comes down to answering the question: “what’s really happening?”’ An agent or intercept could give an insight into what was happening off stage, what was being debated or planned, for example. But he could not say what would happen next. This distinction was important. In counterterrorism, while all agreed that good intelligence might identify an active terrorist plot-in-progress or specific plan of attack, there was real disagreement over the extent to which technology and more far-reaching surveillance could be used to peer even further into the future.
But whether or not intelligence was predictive, modern counterterrorism, as Omand rightly suggested, was definitely about looking towards the future. It required a logic of pre-emption. The pursuit and prosecution of criminals in the past would normally follow a crime being committed, he said. But in the era of the devastating suicide bomb, criminal punishment after the fact served as no deterrent to the martyr. So the requirement for the intelligence agencies and today’s police, working together, he argued, was to identify the potential terrorists before they could organize and commit their criminal acts.
When deployed against Soviet spies or the IRA, surveillance techniques and the technology available were kept completely secret. But – even before the revelations of whistle-blowers like Edward Snowden in 2013 – the deployment of the intelligence services in the 1990s to assist in combating organized crime and then prosecuting terrorist plotters had allowed some of those secrets to slip out.
The techniques on display – as Dearlove had described – involved the broad surveillance of telephones, Internet and travel data, a focus on connections that appeared suspicious, the trawling of foreign communications (which could be conducted by the UK and US agencies without any special warrant) and then, when suspicions narrowed down, the application of more intrusive measures, like bugging cars and h
omes and listening to domestic phone calls.
What, then, was the role left for the human spy? At all levels, a human source might help focus inquiries or provide the basis for an interception warrant. But it was rare for agents to be central. That was partly because they were usually, for deliberate reasons, kept peripheral to any plot. As Omand said, ‘All intelligence work involves managing moral hazard. For example, it will be hard to find informants within a terrorist gang who are not guilty of criminal offences and do not have blood on their hands. Thus there is always a risk of being accused of colluding with wrong-doing. It is hard enough with a narcotics gang, worse with a serious terrorist organization. The chances of infiltrating such networks with undercover officers are slight and recruiting those already inside the network is hard and dangerous for all involved.’26
On the other hand, much valuable information had been volunteered to the authorities by the communities in which the terrorists sought to hide or from which they had sprung. Ordinary people often wanted the chance ‘to better themselves and not to be lumped in with the extremists in the eyes of the rest of society’, according to Omand, who said they got ‘much more of that kind of volunteered HUMINT than [information] from deep penetration agents’. Also, with much looser networks of terrorists and the ‘increasing risk of lone wolves’, there might ‘not be a lot to penetrate by traditional HUMINT methods’ – in other words, even a very good spy might get nowhere near discovering an active plot. It had, however, sometimes been possible ‘to go up the food chain to the organizers and instigators of jihadist terrorism overseas, including by following their communications, contacts and movements’. That was the value of complementing human intelligence operations ‘by having bulk access to global communications’.
The use of intensive surveillance techniques was evidenced by the operation that discovered the 2006 plot in London to detonate liquid explosives on transatlantic planes. Those involved – young Britons mostly of Pakistani origin – had already raised suspicions because of their association with Rashid Rauf, a British Pakistani living in Lahore who was identified as a militant leader. (This was where the NSA and Britain’s GCHQ became effective, when they had a starting point from which they could plot onward connections. It was rare that they could simply spot some anomaly in the ether, something suspicious in a randomly intercepted email. The main reason they found bulk interception useful was that, with huge storage capacity, they could sift retrospectively through all the harvested information and find past calls and messages once targets were identified.)
The level of surveillance and the mapping of the plotters’ links were ramped up to include monitoring of the content of phone calls and emails – under warrants signed by the British Home Secretary. As suspicions grew, MI5 planted bugging devices in the men’s homes and cars. The final stage – the physical surveillance of targets and listening to the content of calls – was always the most time-consuming. That explained why the FBI or MI5 would never have the manpower to follow every single lead. Although digital voice processing was improving, recordings of suspects still needed to be listened to by a human being. Following a single person on foot, without attracting notice, could involve twenty or thirty people. That was why, as one director of MI5 would put it, ‘Being on our radar does not necessarily mean being under our microscope.’27
Surveillance might be resource-intensive, but when directed against a small group – because of how society now embraced technology – a staggering volume of information became available. The fact that so many people carried a mobile camera-phone made everyone a potential spy. But the same camera-phone, and other personal technology, could be turned against a person and used to spy on them. The most valuable evidence-collectors were the suspects themselves.
Even among radical jihadists, who should have thought to be careful, it was surprising how many wanted to digitize their lives, to communicate online and record their innermost thoughts on their computers. Using different technical methods the NSA and GCHQ could frequently hack and copy such data.
Long before Snowden made so many of the tactics public, a member of the British Parliament’s Intelligence and Security Committee disclosed: ‘It is amazing how much these people are still chatting away to each other constantly, and how much we can pick up.’ Such poor operational security reflected how these new recruits had been radicalized in the first place, through Internet propaganda and online forums. This was the dotcom generation of jihadis and they struggled to wean themselves off their digital fix.
For those who knew they were under surveillance, they might feel they were living in the dystopia foretold by George Orwell in his novel Nineteen Eighty-Four, where citizens ‘live in a constant state of being monitored by the Party, through the use of advanced, invasive technology’ and where hidden microphones and TVs with cameras inside could watch everyone ceaselessly. I once met an al-Qaeda suspect, an alleged financier, who felt so harried that he glanced in all directions constantly. As we sat in the café near St Paul’s Cathedral, we could even spot an operative raising a camera to snap our little coffee rendezvous. But, unlike Orwell’s description or, say, the Stasi in East Germany, where Orwell’s vision was most closely realized, this surveillance was highly targeted. Unless a state chose the East German model and employed tens of thousands of operatives to monitor its own people, it was, if nothing else, impractical to watch everyone.
Nor was targeted surveillance as comprehensive and effective as implied, for example, by the 1998 film Enemy of the State, starring Will Smith as an embattled lawyer tracked everywhere by the NSA. Both electronic and physical surveillance had practical limits – and produced constant hiccups. In Britain, in July 2004, MI5 were tracking an al-Qaeda suspect, Dhiren Barot, who among other things wanted to blow up a tube train while it was under the Thames. But, though he was a prime target, MI5 embarrassingly lost track of Barot for five days in London. In 2006 he was sentenced to forty years in jail for his schemes.28 In the US, the FBI trailed Najibullah Zazi all the way from Colorado to New York in 2009, but after he was stopped – on a pretext – by traffic cops on a bridge into the city, Zazi panicked. ‘Even though [Zazi] is not the brightest bulb in the terrorist chandelier, the thinly-transparent ruse of a “random” checkpoint stop did not fool him,’ his lawyer said later.29 The result was that Zazi managed to lose his surveillance, and destroy or hide the explosive detonators and other materials he had for a bomb attack. Also in New York, the following year, a Pakistani-born US citizen, Faisal Shahzad, was quickly identified as the man who detonated a car bomb in Times Square, but he could not be located for three days. He was only found when he was sitting on board a Dubai-bound Emirates flight at Kennedy Airport in New York.
* * *
The main problem with all this spying by digital surveillance was overload. The secret services were hoovering up digital information about the world’s population much faster than their analytic capability could develop. It was like the proverbial needle in a haystack. Intelligence agencies had multiplied the needles they were searching for but multiplied many times more the haystacks in which they were searching.
And counterterrorism was the victim of its own success. The more that agencies arrested, killed or just disrupted members of a terrorist network, the more they split the group into lone operatives. This atomized threat made both human and technical methods harder. Surveillance had no leads to start with and no human insider was present to warn about the operative.
It is frequently argued by the ill-informed that ‘if only’ a certain piece of data had been collected, then the attacks of 11 September and many others since would have been prevented. But the usual problem is different. Often the key piece of information has been collected but is, metaphorically speaking, shut in a drawer unread. The biggest problem, as ever, is to sift out the relevant from the irrelevant.
Surveillance can give only limited clues about future human behaviour for the same reason that human intelligence is difficult to re-cr
eate artificially. The human mind has almost limitless options. It is hard to predict with any confidence, despite past behaviour, what an individual is going to do in the future. This was why many in the secret intelligence world were so scornful of the idea their job was to predict anything. Regardless of the ethics, if security agencies try too hard to investigate ‘pre-crime’, it is easy to get overwhelmed with either false positives (someone who in fact has never even contemplated doing something bad) or unprovables (someone who might have contemplated doing something bad but would not actually do it). The reason the investigation of the London liquid bomb plot was successful was that Britain was prepared to risk the conspirators continuing their work until they had moved to the stage of very active preparation, signalling and providing proof of a clear intent to actually carry out the crimes they had talked of.
In the US, the bar for action and level of risk tolerance were far too low. The result was the endless trail of false leads, based on huge technical trawls, that made FBI work so tedious and boring after 9/11. ‘We were always on the trail of ghosts,’ as one former officer put it.
While many leads were false, the system got so overwhelmed that positive leads were being missed. On Christmas Day 2009, a 23-year-old Nigerian, Umar Farouk Abdulmutallab, tried to detonate explosives hidden in his underwear on a flight from Amsterdam to Detroit. It was later discovered that a month before the attack Abdulmutallab’s father had gone to the US Embassy in Abuja to report that his son was mixing with extremists. A report had been filed by both consular officials and the CIA. It entered the American terrorism watch list (known as ‘Tide’), but not with any kind of flag that would have required a special search of Abdulmutallab when he attempted to board the plane. (There were also eavesdropped emails or calls that were missed. By one account, intercepts in Yemen had mentioned ‘an unnamed Nigerian was being groomed for an al-Qaeda mission, and other communications spoke of plans for a terrorist attack during Christmas’.)30
