Mass surveillance and bulk data collection won't prevent terrorism, warns ex-NSA director William Binney
Binney tells Joint Committee of MPs and Lords that targeted surveillance could've prevented 9/11
The bulk acquisition of communications and internet data proposed in the government's Investigatory Powers Bill will make it more difficult rather than easier for security services to apprehend terrorists and criminals.
That's according to William E. Binney, retired technical director of the US National Security Agency (NSA), who told a Parliamentary Joint Committee of MPs and Lords that forcing analysts to sift through billions of records overwhelms their ability to detect threats.
The draft bill - dubbed the 'Snooper's Charter' by critics - was reintroduced by Home Secretary Theresa May last year. It explicitly authorises security services to bulk-collect personal communications data and makes it illegal to even ask in court whether evidence was obtained via bulk surveillance.
Binney, who served at the NSA for over 30 years before resigning and turning whistleblower in 2001, was critical of these provisions.
"Dumping bulk acquisition on your analysts makes them fail and that's consistently what's happened. This is what I've objected to from the very beginning of this process in the NSA," he told the Select Committee, which was chaired by Lord Murphy of Torfaen.
"This has made their analysts fail and they've failed consistently since 9/11 and even before. So that's what my thrust is against: bulk acquisition," he said.
Binney painted a picture of intelligence analysts searching for the proverbial needle in an ever-growing haystack of information.
"The end result is so much bulk data that the analysts can't figure out what they have, that's the real problem. The problem of dealing with the intentions and capabilities and predictions [is that it is] an analytics problem, not a data problem," he said.
"What happens is you get so many matches it's like getting a Google return. Every time you use a Google query you could get a hundred, a thousand, a million or more returns. And that's on just the input for that day and every day is the same," Binney explained. "That means analysts can't get through it, they fail to see the threats. The end result is disfunctionality of the analyst and no prediction capabilities for stopping any attacks."
The alternative, he suggested is targeted surveillance, which has been used to great effect, but sometimes only after events such as the Paris attacks.
"People die and when they die you find out who did it, then focus on those people. That's when you do the targeted approach and now, like the French are doing, they're going after people and raiding them because they went after the people who did the attack, looked at the people they had relationships with," Binney said.
"They could have got all that data from a targeted approach and could have had the opportunity to stop them before the attacks," he added, telling the Committee that targeted data collection provides a "rich environment of information to figure out what attacks are going to happen", and that is cheaper and more effective than bulk collection - and of course less intrusive.
"If we did everything through analysis and collection smartly, in a targeted way, we'd give privacy to everybody in the world because you don't take in their data."
Referring to the 9/11 attacks, Binney suggested that targeted surveillance rather than bulk surveillance could have stopped the whole tragedy from happening.
"All of these people were in knowledge bases already. If they'd taken a targeted approach from the beginning, keeping the data finite, the analysts would have found the threats," he claimed.
Government surveillance whistle-blower Edward Snowden has also accused UK authorities of attempting to pass legislation designed to allow it to hack anyone's computer.