PARIS -- A newly leaked document stolen by former National Security Agency contractor Edward Snowden last year reveals that one of the NSA's partner agencies within the "Five Eyes" Anglo-intelligence network -- Britain's Government Communications Headquarters (GCHQ), responsible for signals intelligence -- dedicated vast resources to fooling around on the Internet, according to journalist Glenn Greenwald. The GCHQ has reportedly developed tools capable of playing with the results of online polls; sending out spoof emails and Microsoft Office documents that, once opened, can grab and transmit files and info from a user's computer; collecting data from public profiles on LinkedIn and other social-networking websites; and discreetly increasing website traffic and rankings.
It's a troubling revelation, because it makes this very important government agency appear no more distinguished than a 15-year-compold computer hacker. I don't think British citizens are paying for that sort of thing.
We've all received emails purporting to be from our bank or email service provider, with instructions to click legitimate-looking links that would no doubt compromise our computer systems. If government intelligence services are just getting into the same game now, then the lack of return on the intelligence budget investment should be of more concern than the potential for abuse.
There are two possibilities. Either, as critics argue, these technical intelligence agencies are interested in vacuuming up as much nonspecific data as possible, regardless of whose data it is, or they are already employing these methods and tactics in a targeted fashion. In both cases, their efforts are misguided. Here's why.
If the general public is the target of volume collection, then it's like going to the grocery store to buy eggs but instead spending days emptying all the shelves. If an agency is spending that much time on everyone, there should be legitimate concern about whether it's adequately drilling down to the actual threats.
While intelligence agencies are busy playing with online polls and website traffic rankings, how much targeting is actually happening? I'm much less concerned about intelligence agencies scooping up information on random innocents than I am about the extent to which agencies' initiatives are effective on actual targets. No doubt satellite navigation systems have enabled successful drone attacks against terrorists, for example, but that's just one aspect of an entire defense system -- the one that we keep hearing about. What other tools have proven useful?
Can the sort of technological initiatives revealed by the latest Snowden leak produce an effective national security result, should the need ever arise? Is there measurable proof of increased effectiveness commensurate with the increased usage of these technological initiatives? Or are they just being fobbed off as a poor substitute for critical thinking and human analysis?
Oddly enough, it's probably easier to justify budgetary increases by laying claim to the creation of new technological programs, regardless of their proven effectiveness, rather than pointing to tangible results of plots that were foiled the boring, old-fashioned way.
These agencies appear to be concocting initiatives that suggest their targets are technologically imbecilic and oblivious to concepts related to manipulation and social engineering. The reality is anything but.
As reported by several EU member states in the latest European Union Terrorism Situation and Trend Report, published by Europol, terrorist fundraising already takes place in plain view on the Internet. Forget data trawling; only an astute understanding of pretext and cover, plus specific political knowledge, could enable the detection of what would otherwise look like benign "charity" fundraising.
According to the report: "In most cases, calls for donations were published on Internet sites and forums. In one counter-terrorism investigation, it was noted that supposed humanitarian aid activities were promoted via Facebook. Monetary donations were requested via an associated PayPal account. ... Raised funds are moved by various means, including money remittance companies, hawala (Arabic for 'transfer') traders, and/or the use of anonymous ('bearer') or preloaded value cards. The sale of prepaid phone cards has also been observed in the financing of terrorist entities."
The Europol report dispels the notion that terror suspects would be technologically inept enough to fall for government intelligence "honey traps" and other such trickery: "An increased level of security awareness is evident among extremists on the Internet. They have made use of commonly available anonymisation software (e.g. TOR), encryption applications designed and propagated by extremist groups (e.g. 'Mujahideen Secrets' and 'Asrar al-Dardashah') and private chatrooms (e.g. Paltalk)."
There is no question that technology has its place in intelligence work and is capable of enhancing human analysis and reasoning, but citizens must be able to actually see the evidence of that enhancement. They need details of the actual successes, such as the identities of apprehended or eliminated targets. They need explanations of how the technology proved to be of value (adequately redacted for national security purposes, of course).
Otherwise, when these types of documents leak out into the public domain, intelligence agencies are left trying to explain to taxpayers why they're investing in the ability to fudge online polls and play with website statistics. To be frank, it makes it sound as if government intelligence agencies are one step away from spending their days playing Angry Birds.