Feeds

Drowning in data - complexity's threat to terror investigations

Knowing everything, except what happened?

Remote control for virtualized desktops

Obviously, the context of a suspect's actions is important in an investigation, whether or not those actions are in themselves illegal. If for example it had been known that the future July bombers were researching detonators then concern and further investigation would have been in order. The question of whether or not an action is illegal is however important. A legal but suspicious action requires investigation of context in order to determine intent, and to identify the actual crime, whereas an illegal action (which nevertheless might have a perfectly innocent explanation) allows prosecution without reference to or investigation of context.

And the wrong people sometimes get sent down. That however is not the immediate problem from the point of view of the system. Widespread prosecution for trivial and low-level offences will tend to overload the system and reduce focus on potentially more serious offences, while choking processes with low-level and irrelevant data, and directing resources down blind alleys. Police will frequently find themselves failing to find the conspiracy in cases where there really wasn't one.

Whatever though, once a suspect is on the radar they get turned over and their house torn apart, at which point evidence may emerge proving they're a more prosaic class of criminal instead (Or as well as...? Well, they might be). Alternatively, their computer data might reveal visits to suspicious sites or shady chatrooms, possibly meaning they're in possession of information likely to prove useful to terrorists, and possibly also producing other names, possibly in other countries, of people whose homes can be dismantled too. This also works in the other direction - several recent arrests in the UK suggest that police have been following up overseas tips based on the monitoring of email contacts and/or web site visits. Thus do the numbers grow.

It is, as the police would have it, perfectly possible that those charged with non-terrorist or low-level offences would later have committed more serious acts, and/or that longer and more intensive investigation would have uncovered the serious acts they intended to commit, and the mysterious terror mastermind. But it is also perfectly possible, and given the number of 'suspects' considerably more likely, that they weren't real terrorists in the first place and you've just bust the budget trying to prove they were.

How many? A few months ago press reports of the number of terror suspects in the UK climbed steadily to 1,200, a figure from theDaily Telegraph which is quoted in the Home Affairs Committee report. The Independent, however speaks of MI5 now investigating 8,000 (a BBC report puts the number as "less than one per cent" of a total of approximately 1.5 million UK muslims) al-Qaeda "sympathisers" , i.e. people who might become terrorists. As indeed they might do, but the number you come up with is always going to depend on how widely you cast the 'might' net. Back in the 70s and 80s there were quite possibly more than 8,000 sympathisers for the Red Brigades or the Red Army Fraction in the UK, and most certainly well over 8,000 for the Provisional IRA. The move from sympathiser to activist was however too great for most of them, and the technology of the time did not support the widespread monitoring of, for example, unguarded conversations in North London pubs. Today's technology and today's and tomorrow's legislative environment do however support this, meaning that the security services have an impressive and exponentially growing number of unguarded electronic pub conversations to follow up.

Most of which will be rubbish, kids who're never going to do anything, talking big. But some of them won't be. Even then though, the would-be terrorists aren't necessarily as dangerous as the headlines (themselves often orchestrated by security service "sources") would have us believe. The much-hyped and hugely expensive ricin affair (see Clarke calls for ID cards after imagining huge poison terror ring) was never any kind of threat, while the apparently non-existent chemical weapon police were seeking at Forest Gate could not have been built in any effective configuration by non-state organisations; anything that could currently be built by terrorists almost certainly would not work, or at best (from their point of view, obviously), would have been gloriously ineffective (see Homebrew chemical terror bombs, hype or horror?).

There we have two UK instances of large quantities of investigative resources being expended on first, a nutter (who nevertheless clearly should have been picked up), and on a threat that manifestly could not have existed. The Met, incidentally, strove long and hard to establish an international 'al-Qaeda connection' to the nutter, claiming last October that the investigation spanned "26 other jurisdictions" in addition to the UK. It said of this case: "The challenge was to analyse a huge amount of material, to identify the prime conspirators (and what it was they were plotting to do), and to clarify the roles played by each of the suspects. This proved impossible in the time available..." Indeed - but even if the conspiracy was more than the product of fevered imaginations triggered by a squealer in Algerian custody, the fact remains that it was centred on a joke recipe for a relatively ineffective poison. Would resources not have been better deployed against more immediately dangerous threats?

The State they're in Forest Gate shows that since the ricin affair the security services have acquired little scientific knowledge of the substances they're in hot pursuit of, and remain fixated on the largely illusory threat of chemical, biological and nuclear attacks. This clearly leads to pre-emptive actions that need not have happened.

The Met document describing the "challenge" of the ricin affair, a letter from the Met's Andy Hayman to then Home Secretary Charles Clarke in support of 90 day powers, also includes a "Theoretical Case Study", which is part bad movie terror threat script, part the Met's dream mega terror case. A "reliable" tip tells of terror attacks planned on the Houses of Parliament and British Embassies in Pakistan, Istanbul and "Morrocco" (sic). The attacks will take place in three months, using conventional and homemade explosives, and possibly CBRN (Chemical, Biological, Radiological and Nuclear). The tale then describes surveillance, 15 arrests, 55 forensic searches throughout the country, 4,000 exhibits, 600 documents in Arabic, boxes of Arabic videos, 100 ID documents, "over 268" seized computers, 274 hard disks, 591 floppy disks, 920 CD DVDs, 47 zip drives, 60 mobile phones, 25,000 man hours spent on CCTV, 3,674 analysing eavesdropping material, evidence gathering in 17 countries... The list goes on and, as the Met letter says ("statistics used are entirely typical"), it's a fair estimation of what the security services do when they think they're on to something.

Beginner's guide to SSL certificates

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.