This article originally appeared in New Scientist.
Some U.K. politicians are trying once again to pass mass surveillance laws after the Paris attacks. It’s a misguided approach, says a computing researcher.
In response to the terrorist attacks in Paris, the U.K. government is redoubling its efforts to engage in mass surveillance.
Prime Minister David Cameron wants to reintroduce the so-called snoopers’ charter—properly, the Communications Data Bill—which would compel telecom companies to keep records of all Internet, email, and cellphone activity. He also wants to ban encrypted communications services.
Cameron seems to believe terrorist attacks can be prevented if only mass surveillance, by the U.K.’s intelligence-gathering center GCHQ and the U.S. National Security Agency, reaches the degree of perfection portrayed in his favorite TV dramas, where computers magically pinpoint the bad guys. Computers don’t work this way in real life and neither does mass surveillance.
Brothers Said and Cherif Kouachi and Amedy Coulibaly, who murdered 17 people, were known to the French security services and considered a serious threat. France has blanket electronic surveillance. It didn’t avert what happened.
Police, intelligence, and security systems are imperfect. They process vast amounts of imperfect intelligence data and do not have the resources to monitor all known suspects 24/7. The French authorities lost track of these extremists long enough for them to carry out their murderous acts. You cannot fix any of this by treating the entire population as suspects and then engaging in suspicionless, blanket collection and processing of personal data.
Mass data collectors can dig deeply into anyone’s digital persona but don’t have the resources to do so with everyone. Surveillance of the entire population, the vast majority of whom are innocent, leads to the diversion of limited intelligence resources in pursuit of huge numbers of false leads. Terrorists are comparatively rare, so finding one is a needle-in-a-haystack problem. You don’t make it easier by throwing more needleless hay on the stack.
It is statistically impossible for total population surveillance to be an effective tool for catching terrorists.
Even if your magic terrorist-catching machine has a false positive rate of 1 in 1,000—and no security technology comes anywhere near this—every time you asked it for suspects in the U.K. it would flag 60,000 innocent people.
Law enforcement and security services need to be able to move with the times, using modern digital technologies intelligently and through targeted data preservation—not a mass surveillance regime—to engage in court-supervised technological surveillance of individuals whom they have reasonable cause to suspect. That is not, however, the same as building an infrastructure of mass surveillance.
Mass surveillance makes the job of the security services more difficult and the rest of us less secure.