Sunday, August 22, 2010

Keeping Tabs on Terrorists: Aaron Mannes & V.S. Subrahmanian in the "Wall Street Journal"

The Wall Street Journal Asia just posted an article my colleague V.S. Subrahmanian and I wrote on the ongoing game of catch-up intelligence agencies are forced to play as terrorists quickly adopt and adapt the latest communications technologies.

* AUGUST 22, 2010

Keeping Tabs on Terrorists
India's spat with the maker of the Blackberry underlines a broader technological challenge for intelligence agencies.


The war on terror came closer to home this month, when the Indian government pressured Canadian company Research in Motion to hand over encryption keys for its popular Blackberry device. New Delhi claims terrorists are using the company's secure networks for covert communications. The United Arab Emirates, Saudi Arabia and Indonesia—all of which face significant terror threats—have also expressed concern. But such moves may do more harm than good.

India's concern is clearly justified: Terrorists are using new media sources to facilitate covert communications that—directly or indirectly—have led to numerous deaths. According to the U.S. National Counterterrorism Center's Worldwide Incident Tracking System, Pakistan-based terror group Lashkar-e-Taiba (LeT), perpetrator of the deadly 2008 Mumbai attacks, is responsible for over 700 fatalities in India during the last five years.

But publicly browbeating RIM into providing its encryption keys is a Pyrrhic victory. Terrorist organizations can only survive if they study the capabilities of their adversaries and adapt. Terrorist organizations backed by intelligence agencies tend to be even more sophisticated. If terrorists know that Blackberries are monitored, terrorists will not employ them—or will do so only in combination with other channels of communication in order to evade intelligence agencies. The much-publicized nature of India's threat to Blackberry thus may well have compromised potential operational gains.

LeT's Mumbai attack shows how quickly terrorists adapt to new technology. According to the publicly released portion of an Indian intelligence dossier, the LeT terrorists were in continuous communication with their Pakistani handlers using a mix of mobile phones and an obscure Voice over Internet Protocol provider called Callphonex. Handlers based in Pakistan were able to monitor Indian security efforts, providing real-time intelligence to the terrorists that prolonged the attack for three days and provided the terrorists with the media exposure they craved. In other words, using readily available commercial technology, the Mumbai terrorists created an effective battlefield communication system.

Intelligence agencies, on the other hand, are often slow to develop the monitoring mechanisms needed for new communications media. This is a weakness that terrorists systematically exploit. As new communications media proliferate, security analysts are forced to play a constant game of "catch up" irrespective of whether a Blackberry or Google hand over their security keys and provide server access.

Security agencies need to quickly identify emerging communication technologies and develop monitoring mechanisms tailored for each new media in almost in real-time. The technical and analytical requirements of monitoring Voice over Internet Protocol, for example, are very different from those needed to monitor photo-sharing sites. Monitoring mechanisms must be grounded in systematic research about how people actually use communications media and how new forms of communication can be monitored.

This sounds like an impossible task, but it isn't. These studies can be combined with "red team" activities in which specialists game out the terrorist role in live and virtual simulations to consider how new technologies can be used. An important virtue of "red teams" is not that they will always identify specific terrorist methods, but that they will foster a culture of rapid adaptation to technological innovation within the security services.

The development of monitoring mechanisms is a technical issue, distinct from the legal and ethical question of when a nation should monitor electronic communications. However, well-designed monitoring mechanisms can help intelligence agencies operate ethically and within the laws and discern appropriate targets for surveillance from legitimate, legal online activity. It is in the absence of effective monitoring mechanisms that states may be tempted to take in data without discrimination, violating the privacy rights of their citizens.

While there are legitimate security needs that require communications companies to provide access to their systems, simply obtaining more data without developing both a process and technology to monitor emerging communications media is a losing proposition even for the most capable intelligence agencies. As new communications technologies proliferate, smarter intelligence strategies are needed to get ahead of terrorists and prevent rather then react to the next attack.

Mr. Subrahmanian is the director and Mr. Mannes is a researcher at the University of Maryland's Laboratory for Computational Cultural Dynamics.

1 comment:

raveendran nair said...

Technology comes with pro and cons....