By Cindy Cohn
Deeplinks Blog – Electronic Frontier Foundation
Like clockwork, cynical calls to expand mass surveillance practices—by continuing the domestic telephone records collection and restricting access to strong encryption—came immediately following the Paris attacks. These calls came before the smoke had even cleared, much less before a serious investigation completed. They came from high places too, includingCIA head John Brennan and New York Police Commissioner Bill Bratton.
Seasoned law enforcement officers and the heads of spy agencies should know better than jump to conclusions before the facts are in. Sadly, these premature demands for more surveillance in the wake of tragedies are not unprecedented.
The most prominent example is the Bush Administration’s aggressive push for expanded surveillance powers after the 9/11 terrorist attacks, before a proper investigation could be carried out. We all now know from the 9/11 Commission that the Bush Administration failed to uncover the attacks and stop them not because of insufficient legal authority and not because they didn’t have sufficient information, but because of operational failures and internal rules.
Yet despite this, the Bush Administration rushed to Congress to give it broad new collection authorities in the USA Patriot Act. We also now know that along with the public law, the government used secret legal interpretations to gather even more data about innocent people, interpretations that have since been revealed as both shocking and unsupported. In response to its failure to properly act on the data it had, the government pushed to collect even more data.
Now we see a sadly similar exploitation of this latest international tragedy, again pushed by people who are supposed to be above petty politics.
First, Senator Tom Cotton has floated a bill suggesting that, as a result of the Paris tragedy, we continuing throwing money at the domestic telephone record collection program—which was itself based on an improper interpretation of section 215 of the Patriot Act. The program is set to end on November 29, 2015, switching from mass surveillance to a model of surveillance that is still too broad, but more targeted than the indiscriminate dragnet of the existing system.
One major reason Congress ended the broader program is that it didn’t work. Millions of dollars and over 10 years of effort later, two independent panels held there was no indicationthat the mass domestic telephone collection had ever assisted in thwarting a domestic terrorist attack. Of course the 215 program hasn’t even ended yet, so if it could have been useful in stopping the Paris attack—an unlikely proposition, given its domestic focus—it failed at that too.
More relevant, the massive collection program the government continues in the U.S. purportedly aimed at foreigners abroad under FISA Amendments Act section 702 failed to catch the Paris terrorists before they struck, as did the even bigger set of collections occurring abroad under Executive Order 12333, which include collections aimed at both France and Belgium, where the terrorists were allegedly based. That’s because big data and mass surveillance techniques are simply not useful for predicting or uncovering terrorist plots. Terrorism is far more difficult to predict than the purchasing or other patterned behavior that big data is reasonably good at identifying. Forget trading essential liberty for a little temporary safety: when it comes to identifying terrorists, mass surveillance leaves the public with neither.
So whether the focus is on spending our money on things that actually work or on protecting our Constitutional rights and our ability to be “secure” in our papers in the digital age, it’s long past time we shifted focus from the expensive “collect it all” strategies to more focused surveillance.
Second, the attack on strong, non-backdoored encryption would make Americans, and people all over the world, less secure. Every serious computer scientist has pointed out that there is no such thing as a back door that only good guys can go through. And at least so far, the information we’ve received is that end-to-end encryption wasn’t even used here.
The world is rightly horrified at what happened in Paris. We understand the desire to do “something” to shore up our security. But terrorism is aimed, in part, at pushing us to jump to conclusions and take panicky steps that inflict more pain and misdirect our resources toward failed and dangerous ideas. Luckily this time many voices are urging caution and careful analysis, and rejecting the cynical ploy of some to use our terror to take expensive and dangerous steps in the wrong direction.