Shostack + Friends Blog Archive

 

Do Wiretap Revelations Help the Terrorists?

loose-lips-sink-ships.jpgThe question is a fair and natural one to ask, and I’d like to examine it in depth. I think my intuitive answer (“revelations about wiretaps don’t help the terrorists”) is wrong, and that there are surprising effects of revealing investigative measures. Further, those are effects I haven’t seen discussed. Allow me to explain the logic.

First, terrorist organizations need to communicate on a wide variety of levels, from ‘moral support’ to target selection and dates. Second, we can wiretap all their communications, under a variety of legal standards.

So, should we talk about wiretapping of terrorists? The President has asserted that it ‘helps the terrorists’ in some way. Lets ask how that might be. Does talking about wiretapping help the terrorists? Revelations of wiretapping cause both awareness and fear. Either or both could lead to temporarily improved communications security process. What could those be? New crypto? New attention to detail? Better shredding? There are others, which I’ll talk about in a minute. For now, let’s work with the assumption that revelations lead to better adherence to security processes, and the second assumption that better security processes are bad for the listeners. Let’s take those two benefits one at a time.

The first is enhancing terrorist awareness of their threat environment. This is important. As time passes, people become complacent. As they become complacent, their investment in security processes drops off. (There are lots of interesting analogies to this in the business world.) Complacency thus helps the attacker, and hurts the terrorist. So revealing our wiretapping, reducing complacency, hurts the eavesdroppers. Unfortunately for the eavesdroppers, the terrorist exists in a highly adrenaline-filled environment, with regular revelations that his colleagues have been arrested, tortured, or assassinated. Each and every one of these events causes the terrorist to assess his security posture. So, our first assumption (revelations lead to better adherence to security processes), while true, is but one of many causes for that adherence.

Improved communications security is not the only effect of the revelations. What happens if a terrorist is already under surveillance? They may go to ground, or they may reveal alternate communication methods (phone numbers, email addresses, web sites) not yet known. Their security processes presumably include backup methods, and driving those methods into the view of the security services is an important goal.

At this point, we have something of a balance between two hard-to-quantify ideas: better operational security versus the value of exposing alternate channels. There is, however, one final effect of driving terrorists to ground, and it tips the balance.

The final piece is that al Qaeda terrorists gone to ground do not engage in attacks. That gives the investigative services more time to find and arrest them. To me, that tips the balance. Whatever benefits accrue to the terrorists through bless complacency are balanced by exposing additional channels. Delaying murder, and giving us another chance to prevent it tips the balance, even before the benefits of the rule of law are brought in. So! Bring on the revelations!
[Update: Yes, that’s the original poster, with the word “might,” as it appears at archives.gov.]

5 comments on "Do Wiretap Revelations Help the Terrorists?"

  • Iang says:

    It’s a little bit complex to analyse this in detail in terms of a risk assessment because neither side has the information that the other has.
    For example, one of the London bombers was caught by tracking his cellphone in Italy. So it was claimed! Assuming that is true, the bomber did not know that he could be tracked by cellphone or at least underestimated the probability. In this case, revelations will harm future pick-ups using that tracking method.
    OTOH, the bomber should have known. He had every reason and incentive and possibility of knowing. Underground, cypherpunk and crook elements have known for about 15 years that tracing via cellphone is a powerful tool.
    The same logic applies to the Bush revelations – any bombers in the USA should assume that they are being wiretapped over all technical means. No bomber would conceivably plan on requiring “constitutional rights” to protect him.
    So revealing any particular methods of tracing, tapping, tracking aren’t really going to make a lot of difference, IMHO. On the other hand, it sure sounds grand to wave the “national security” card every time you don’t want to do something.

  • nick szabo says:

    My take on the legal issues, which are gravely serious: The Justice Department vs. the United States Constitution.

  • Adam says:

    Thanks Nick!
    Note that you don’t have to lie about your email here, you’re free to leave that blank.

  • David Brodbeck says:

    It’s not exactly a secret that the U.S. government is capable of wiretapping. It doesn’t seem like the revelation that they aren’t always getting a FISA warrant before doing it would change anything from the terrorists’ perspective. (Unless maybe they had a plant on the FISA court, but that seems unlikely.)

  • “As time passes, people become complacent. As they become complacent, their investment in security processes drops off. (There are lots of interesting analogies to this in the business world.) Complacency thus helps the attacker, and hurts the terrorist.”
    Complacency and boredom also affects the wire tappers and especially the people who have to sift through mountains of Communications Data Traffic analysis reports, the precursor to focussing expensive electronic intercept resources, where the bottleneck is usually the availability of translation and interpretation services, rather than raw technical intercept capability.
    Since some terrorists, some of their supporters and many organised criminals are well versed in communications technology, what about the deliberate hoaxes and disinformation spread via electronic communications, launched on the assumption that that such communications are being monitored by the authorities ?
    This could be just force the authorities to generally waste resources or it could be used to help to achieve tactical surprise by planting disinformation about actual attack times and locations.
    This all adds to the “electronic chatter” which seems to have been cited several times in the past, as the reason for increased levels of security alert, both in the USA and in the UK.
    Strangely, the authorities here in Europe seem to think that they can actually investigate Subliminal Channels of communication e.g. letting the phone ring for a pre-determined number of times. They have pressed for the inclusion of logs of unanswered phone calls in the controversial European Union Data Retention Directive, which rather implies that they will be wasting investigative resources on people who are unfortunate enough to receive an accidentally or deliberately dialled phone call or SMS text from a suspect number.
    In the case of the terrorist suspect whose mobile phone(s) were tracked from London to Rome, ask yourself how many of the other innocent mobile phone users whose phones were logged as being in the same mobile phone Cell ID based locations, at the same time as the suspect, have been put under suspicion, and now have “possibly met with a suspected terrorist” recorded on their newly opened intelligence files ?

Comments are closed.