Mass electronic surveillance doesn't work, warns Open University security lecturer

David Cameron's plan to make all internet communications readable slammed by IT security specialist

Mass, unrestricted internet surveillance does not work and may even be counter-productive, claims a researcher at the Open University.

His claims echo those made by David Davis MP to Computing before Christmas that the security services don't lack for information, whether electronic or intelligence gathered on the ground. Rather, their problem is that they have too much information and are unable to prioritise.

"Surveillance of the entire population, the vast majority of whom are innocent, leads to the diversion of limited intelligence resources in pursuit of huge numbers of false leads. Terrorists are comparatively rare, so finding one is a needle in a haystack problem. You don't make it easier by throwing more needlel-ess hay on the stack," wrote Ray Corrigan, a senior lecturer in mathematics, computing and technology at the Open University, in this week's New Scientist.

Corrigan was writing in response to Prime Minister David Cameron's call for all encrypted communications to have official backdoors so that they can be read by government agencies at any time. The idea is that any communication involving encryption would have the decryption key lodged with a trusted third party of some description, that government agencies could tap at any time in order to read those communications.

Cameron also plans to reintroduce the Communications Data Bill, which has already been rejected twice - including by Cameron himself when he was leader of the opposition. Cameron was blasted as ignorant and ill-informed in response to his calls for encryption to be weakened.

"Cameron seems to believe terrorist attacks can be prevented if only mass surveillance, by the UK's intelligence-gathering centre GCHQ and the US National Security Agency, reaches the degree of perfection portrayed in his favourite TV dramas, where computers magically pinpoint the bad guys. Computers don't work this way in real life and neither does mass surveillance," continued Corrigan.

"Brothers Said and Cherif Kouachi and Amedy Coulibaly, who murdered 17 people, were known to the French security services and considered a serious threat. France has blanket electronic surveillance. It didn't avert what happened."

The French authorities had stopped keeping track of the Islamist terrorists who struck in France last week because they judged that they were not such a major threat.

"The French authorities lost track of these extremists long enough for them to carry out their murderous acts. You cannot fix any of this by treating the entire population as suspects and then engaging in suspicion-less, blanket collection and processing of personal data...

"Surveillance of the entire population, the vast majority of whom are innocent, leads to the diversion of limited intelligence resources in pursuit of huge numbers of false leads. Terrorists are comparatively rare, so finding one is a needle in a haystack problem. You don't make it easier by throwing more needle-less hay on the stack," warned Corrigan.

He concluded: "It is statistically impossible for total population surveillance to be an effective tool for catching terrorists. Even if your magic terrorist-catching machine has a false positive rate of 1-in-1000 - and no security technology comes anywhere near this - every time you asked it for suspects in the UK it would flag 60,000 innocent people...

"Mass surveillance makes the job of the security services more difficult and the rest of us less secure.