12 November 2014

What Would NSA and Its Allies Do If the Internet Was There But No One Knew How to Spy on It?

The Big Counterterrorism Counterfactual

Stephen M. Walt

Foreign Policy, November 10, 2014

The head of the British electronic spy agency GCHQ, Robert Hannigan, created a minor flap last week in an article he wrote for the Financial Times. In effect, Hannigan argued that more robust encryption procedures by private Internet companies were unwittingly aiding terrorists such as the Islamic State (IS) or al Qaeda, by making it harder for organizations like the NSA and GCHQ to monitor online traffic. The implication was clear: The more that our personal privacy is respected and protected, the greater the danger we will face from evildoers.

It’s a serious issue, and democracies that want to respect individual privacy while simultaneously keeping citizens safe are going to have to do a much better job of reassuring us that vast and (mostly) secret surveillance capabilities overseen by unelected officials such as Hannigan won’t be abused. I tend to favor the privacy side of the argument, both because personal freedoms are hard to get back once lost, but also because there’s not much evidence that these surveillance activities are making us significantly safer. They seem to be able to help us track some terrorist leaders, but there’s a lively debate among scholars over whether tracking and killing these guys is an effective strategy.

The fear of being tracked also forces terrorist organizations to adopt less efficient communications procedures, but it doesn’t seem to prevent them from doing a fair bit of harm regardless.

So here’s a wild counterfactual for you to ponder: What would the United States, Great Britain, and other wealthy and powerful nations do if they didn’t have these vast surveillance powers? What would they do if they didn’t have armed drones, cruise missiles, or other implements of destruction that can make it remarkably easy (and in the short-term, relatively cheap) to target anyone they suspect might be a terrorist? Assuming that there were still violent extremists plotting various heinous acts, what would these powerful states do if the Internet was there but no one knew how to spy on it?

For starters, they’d have to rely more heavily on tried-and-true counterterrorism measures: infiltrating extremist organizations and flipping existing members, etc., to find out what they were planning, head attacks off before they occurred, and eventually roll up organization themselves. States waged plenty of counterterrorism campaigns before the Internet was invented, and while it can be difficult to infiltrate such movements and find their vulnerable points, it’s not exactly an unknown art. If we couldn’t spy on them from the safety of Fort Meade, we’d probably be doing a lot more of this.

Second, if we didn’t have all these expensive high-tech capabilities, we might spend a lot more time thinking about how to discredit and delegitimize the terrorists’ message, instead of repeatedly doing things that help them make their case and recruit new followers. Every time the United States goes and pummels another Muslim country — or sends a drone to conduct a “signature strike” — it reinforces the jihadis’ claim that the West has an insatiable desire to dominate the Arab and Islamic world and no respect for Muslim life. It doesn’t matter if U.S. leaders have the best of intentions, if they genuinely want to help these societies, or if they are responding to a legitimate threat; the crude message that drones, cruise missiles, and targeted killings send is rather different.

If we didn’t have all these cool high-tech hammers, in short, we’d have to stop treating places like Afghanistan, Pakistan, Iraq, and Syria as if they were nails that just needed another pounding, and we might work harder at marginalizing our enemies within their own societies. To do that, we would have to be building more effective partnerships with authoritative sources of legitimacy within these societies, including religious leaders. Our failure to do more to discredit these movements is perhaps the single biggest shortcoming of the entire war on terror, and until that failure is recognized and corrected, the war will never end.

Third, and somewhat paradoxically, if we didn’t have drones and the NSA, we’d have to think more seriously about boots on the ground, at least in some places. But having to think harder about such decisions might be a good thing, because it would force the United States (or others) to decide which threats were really serious and which countries really mattered. It might even lead to the conclusion that any sort of military intervention is counterproductive. As we’ve seen over the past decade, what the NSA, CIA, and Special Ops Command do is in some ways too easy: It just doesn’t cost that much to add a few more names to the kill list, to vacuum up a few more terabytes of data, or to launch a few more drones in some new country, and all the more so when it’s done under the veil of secrecy. 

I’m not saying that our current policy is costless or that special operations aren’t risky; my point is that such activities are still a lot easier to contemplate and authorize than a true “boots on the ground” operation. By making it easier, however, the capabilities make it easier for our leaders to skirt the more fundamental questions about interests and strategy. It allows them to “do something,” even when what is being done won’t necessarily help.

Lastly, if U.S. leaders had to think harder about where to deploy more expensive resources, they might finally start thinking about the broader set of U.S. and Western policies that have inspired some of these movements in the first place. Movements like IS, al Qaeda, al-Nusra Front, al-Shabab, or the Taliban are in some ways indigenous movements arising from local circumstances, but they did not spring up out of nowhere and the United States (and other countries) bear some (though not all) blame for their emergence and growth. To say this is neither to defend nor justify violent extremism, nor to assert that all U.S. policies are wrong; it is merely to acknowledge that there is a causal connection between some of what we do and some of the enemies we face.

But if some of the things the United States (or its allies) is doing are making it unpopular in certain parts of the world, and if some of that unpopularity gets translated into violent extremism that forces us to spend hundreds of billions of dollars trying to protect ourselves, then maybe we ought to ask ourselves if every single one of those policies makes sense and is truly consistent with U.S. interests and values. And if not, then maybe we ought to change some of them, if only to take some steam out of the extremist enterprise.

What I’m suggesting, in short, is that the “surveil and strike” mentality that has dominated the counterterrorism effort (and which is clearly reflected in Hannigan’s plea to let Big Brother — oops, I mean the NSA and GCHQ — keep its eyes on our communications) is popular with government officials because it’s relatively easy, plays to our technological strengths, and doesn’t force us to make any significant foreign-policy changes or engage in any sort of self-criticism at all.


If we can solve the terrorist problem by throwing money at it, and enriching some defense contractors and former government officials in the process, what’s not to like? 

To be clear: I’m not suggesting we dismantle the NSA, fire all our cryptographers, and revert to Cordell Hull’s quaint belief that “gentlemen [or ladies] do not read each other’s mail.” But until we see more convincing evidence that the surveillance of the sort Hannigan was defending has really and truly kept a significant number of people safer from foreign dangers, I’m going to wonder if we aren’t overemphasizing these activities because they are relatively easy for us, and because they have a powerful but hard-to-monitor constituency in Washington and London. In short, we’re just doing what comes naturally, instead of doing what might be more effective.

No comments: