Remember the 2008 film by Christopher Nolan, The Dark Knight, starring Christian Bale as Batman? There’s a scene towards the end of the film when Batman is desperately trying to find the Joker (played by Heath Ledger), who is about to carry out a terrorist attack on Gotham City. Batman has bugged the phone of everyone in the city, creating a system that will allow him to find the Joker. He has a machine that will recognise the voice of the Joker. If the Joker speaks within range of any phone in the city, then this will give him the Joker’s location. Batman finds the Joker and the two hang out for a while before Batman… goes on the run? (I still don’t really understand why Batman had to take the blame for killing Harvey Dent.)
Read previous episodes of the #MeAndMyRights series
That might sound like an effective way of fighting terrorism through mass surveillance. But it's fiction. It's not how mass surveillance works in practice. Security services are trying to use mass surveillance to uncover new terrorist suspects and plots that remain unknown to them. So they don’t actually know who they’re looking for. If they already knew about a suspect, they would just bug their phone or intercept their emails using targeted surveillance.
In simple terms, here’s how mass surveillance usually works. First, the security services collect or intercept masses of information. That could be millions of emails sent over a number of weeks in a particular country. Next, the authorities filter this data to try to narrow down the information they look at. For example, they might only keep those emails that contain a particular phrase or only emails sent from a Hotmail address or from a particular city. Then analysts search through what is left. But even after this filtering exercise, so much information is left over that analysts usually aren’t able to look at most of it. And security services would need to double check that anyone who does come up as a potential suspect is really involved in terrorism. When this happened in the USA, FBI investigators were sent out on thousands of wild goose chases to interview people who turned out to be completely innocent. That's quite a waste of resources that could instead be used on more traditional and effective methods of investigation.
Simply too much information
So how helpful is mass surveillance? Mass surveillance has never been useful to identify a terrorist suspect or prevent a terrorist attack. This is the conclusion reached by two studies into claims by the National Security Agency in the USA that mass surveillance had been key to the country’s fight against terrorism. One of these investigations was carried out by the US Congress, which had access to classified documents and was able to interview people working for the NSA.
But why is mass surveillance such a useless tool for catching terrorists? It’s mostly because it just produces too much information. Security services drown in information, even after they have filtered it using their search criteria. There is so much information that they are unable to tell what is important and what is not, who is a genuine suspect and who is innocent. Let’s go back to the Batman example to give you a flavour of why mass surveillance doesn’t work. Imagine that the security services have developed a magic terrorist detection device, similar to Batman. Imagine that the security services have a record of the voices of all the terrorists in your country, and that their magic device can use complicated algorithms to detect, with 90% accuracy, when someone speaking over the phone is a match with a terrorist. Let’s say there are 3000 terrorists in total in your country. That means that the device will detect 2700 terrorists. That doesn't sound bad, does it?
Read previous episodes of the #MeAndMyRights series
Accuracy matters a lot
The problem for the security services is that if the system is 90% accurate, that means it is 10% inaccurate. So one in every 10 times it listens to an innocent person talk on the phone, it will inaccurately identify that person as a terrorist. If you have 30 million phone users, then you’re going to wrongly identify 3 million people as terrorists. And you won’t be able to distinguish between the innocent 3 million people and the 2700 genuine suspects. You would need to carry out follow-up investigations on over 3 million people in order to pick out the 2700 terrorists. Keep in mind that 90% accuracy for a test to detect terrorists is unrealistically high. We just used this number to illustrate how even a seemingly accurate test can produce results that are useless. Considering that terrorists adapt their behaviour to avoid detection, detection methods currently used by security services are likely to be much less accurate. For example, in this fictional scenario, a smart terrorist would probably use a voice modulator to disguise their voice.
At the end of The Dark Knight, Batman’s toy-maker, Lucius Fox (played by Morgan Freeman), destroys the mass surveillance machine. He persuades Batman that it’s unethical because it’s such a huge invasion of the privacy of innocent individuals and that it’s dangerous because it puts a huge amount of power in the hands of whoever controls it. As much as I like Christopher Nolan, this explanation of why mass surveillance is a terrible thing isn't good enough. But don't worry, over the coming weeks we’ll explain in more detail why mass surveillance is so dangerous for our democracies.