However We Fight Terrorism, Ubiquitous Government Surveillance Isn't the Answer
Some are already calling it "Paris' 9/11."
The comparison of the Nov. 14, 2015, attacks on Paris to the Sept. 11, 2001, attacks on the United States evokes not just a profound level of violence and terror, but of an interruption in history, a bookmark in a timeline when the country shifted politically and allowed for an unprecedented level of government intrusion and surveillance into the private lives of its citizens.
In the wake of the Charlie Hebdo massacre in January, France introduced its first surveillance legislation since 1991 — a bill that would allow the government to wiretap communications, install secret surveillance cameras and sweep up metadata. Privacy advocates called it "highly intrusive" and said it posed a "grave new threat" to protected professions like journalism. The bill was passed in a landslide vote in French Parliament, 438-86.
In exchange for security, we're told we must trade our privacy, whether to the government or private corporations. And with every passing incident of aberrant violence, we're left asking when that promised security is meant to arrive.
Government officials and commentators are already trotting out Edward Snowden as an indirect cause of the Paris attacks by reasoning it could have been prevented if the terrorists didn't know the extent of government surveillance.
Legislators in the United States, as well as the prime minister of the U.K., have been asking for the weakening of encryption standards across the board so that state-level actors can peer into any potential threat. Meanwhile, the near-unanimous objection of the technology community is that weakening encryption on behalf of law enforcement would provide minor gains for the government and enormous gains for hackers and criminals.
For now, encryption works: But where privacy standards remain intact, intelligence authorities are brute-forcing their own solutions.
The FBI has been accused of either trying to break anonymous-communication software Tor or manipulate its network to unmask its users. Tor is often labeled as a "Web browser for criminals," or a tool for hackers to browse the seedy depths of the "dark Web" in order to buy guns and trade child pornography. The anonymous Internet is more than that: It's also a tool for victims of domestic abuse to seek information or support, or a way for journalists to connect with confidential sources. It is how Snowden covered his tracks as a whistleblower.
Weakening encryption on behalf of law enforcement would provide minor gains for the government and enormous gains for criminals.
Criminals are most certainly using these systems to their benefit — there's very little question about that. Former law enforcement officials told Yahoo News that Apple's iMessage and WhatsApp, two messaging systems that offer encrypted communications that can be erased after they've been sent, have allowed terrorists and criminals to plan attacks while evading detections. If the attackers in Paris used these kinds of communications, it's unlikely we'll recover the intimate details of their plotting.
Is it worth handing our private lives over to government surveillance so we might have a moonshot chance of preventing a few evil men from plotting terror in a basement? And even then, would that be possible?
The needle in the haystack: There's still the very real problem of whether ubiquitous surveillance works in the case of isolated incidents, or works well enough to justify how broadly it's applied. In the years following 9/11, statistical models generated a flood of thousands of false tips every month, none of which proved valuable.
The trouble is the sheer amount of data collected, and the inability of modern algorithms and machine learning to pick singular outliers from enormous data sets. As Matthew Williams, a researcher of computational criminology at Cardiff University in Wales, put it while discussing police surveillance with Mic, picking out singular acts of crime or terror from an indiscriminate pile of civilian noise is all but impossible.
"Finding terrorism plots is not a problem that lends itself to data mining," cryptographer Bruce Schneier wrote in the years after 9/11, long before Snowden revealed the extent of NSA surveillance programs. "It's a needle-in-a-haystack problem, and throwing more hay on the pile doesn't make that problem any easier."
Too much is unknown: It's been little over 24 hours that we've been exposed to the scope and relative sophistication of the attacks on Paris. They may have been recruiting on Twitter. They may have organized on Facebook. They may have plotted on paper, employed advanced encryption techniques or simply met in broad daylight under a camera's indiscriminate watch.
Assuming the Paris attacks will be listed in the same breath as attacks like 9/11, the Boston Marathon bombing and the Charlie Hebdo massacre, their significance is no evidence that what we need is more ubiquitous online surveillance. Politicians and national security leaders will continue to ask for more private data, more communications and more compliance from the companies that collect that information.
The act of "politicizing" a violent event is most prescient when we talk about the politics that are possible in its wake, and to say these attacks could have been prevented with increased surveillance is grounded more in rhetoric than in the science of data and technology.