Balkinization  

Wednesday, July 13, 2005

Post-London Terror Laws

Anonymous

Terrorist attacks generally produce legislation. And, predictably, a number of European countries are talking about beefing up their anti-terrorism laws now that London has been attacked. The problem with the laws that follow anti-terrorism attacks is that the laws are often unrelated to the terrorist attacks to which they are allegedly a reaction. And, they are often unlikely to deliver the security they promise. But, in moments of public panic over terrorism, legislators and their publics will often act rashly to pass laws that saner minds in saner times would question.

So, what are the proposals on the table Post-London?

Charles Clarke, the British Home Secretary, proposed on Monday requiring all telephone companies and internet service providers to keep all emails, text messages and phone records for three years to enable security services to comb through them for clues to terrorist plots. Italy has followed suit with a similar proposal for all internet service providers to archive all email records for three years. Both Britain and Italy also propose both making it impossible to buy anonymous cell phone cards anymore and generating a central database of that would keep track of who makes which cell phone calls. And the EU Justice Ministers, meeting today, agreed that keeping email records for at least a year was a good idea.

Britain was also determined to press forward with a controversial proposal for national identity cards, including fingerprints and “face scans” as encoded biometric data. The EU Justice Ministers also agreed to extend fingerprinting with the use of identity cards to the entire Schengen open border zone. Perhaps coincidentally, US Secretary of Homeland Security Michael Chertoff proposed just today that the United States require all foreign visitors to the United States to provide all ten fingerprints upon first entry, instead of just one. Fingerprinting has become the new magic bullet in the war against terrorism.

And there will no doubt be other proposals to come.

What is wrong with the proposals on offer?

Indiscriminately collecting all email, text-message, phone and internet records results in piling up mountains of data without getting any more precise information about terrorists, except by accident. Ditto with indiscriminately collecting millions, perhaps billions, more fingerprints. What terrorism investigations need is more precise, carefully linked information that tends to narrow down the list of suspects rather than create a larger haystack in which to search for the few needles that the security services need to find. But many anti-terrorism proposals have this “making the haystack bigger” quality which does not lead to increased security in any obvious way. It does, however, violate the basic rule-of-law principle that a government should have a concretely individuated suspicion before it can undertake investigations of individuals’ private conduct.

What is the case for indiscriminately compiling information about everyone in a country, a territory, on the internet, in the world? The defenders of such tactics claim that data-matching can turn a few clues into a magically generated list of precise suspects. Suppose, they say, you can match all people who stayed in a particular hotel on the same night a known terrorist did with all those who also called the same phone numbers the terrorist did? (Never mind that terrorists, like ordinary hotel guests, may call to check the weather or the time. Would the system be sophisticated enough to distinguish innocent from guilty common calls or – for that matter – wrong numbers?) Suppose, they say, that a known terrorist emailed a particular person in Berlin. Wouldn’t it be helpful to know who else had emailed that person on the same day? Supporters of data-matching tend to believe that mere statistical correlation means substantive association. And supporters of data-matching also tend to believe that it will be clear what to look for in these immense databases in the first place.

It’s very seductive to believe that one could have enough data to scan the patterns and locate whole networks of terrorists without ever leaving one’s office. Seductive, yes – but delusional.

And these giant data-collection efforts have huge costs. They are expensive in sheer monetary terms – both to compile and to maintain. Such systems tend to be riddled with errors which can have monumental effects on those whose records contain such errors. The privacy violations in compiling the database, in having every person in the database fall briefly under suspicion in each search at the cost of being potentially wrongly associated with terrorism, are immense. Proving negatives when the finger of accusation points at you can be a long and ghastly experience. When the associations are merely statistical, error becomes routine.

Perhaps even more importantly, the inevitably scarce resources that can go to fighting terrorism are channeled off old-fashioned policing, in which actual leads are concretely chased down and in which detailed and actual clues are processed through actual human minds. Generally, when terrorism suspects are found, it is because of a detailed forensic investigation, such as the one that has been conducted on the scenes of tragedy in London. Or because someone who knows all of the details of particular terrorist networks, like the legendary investigative magistrates Jean-Louis Bruguiere or Baltasar Garzon, puts together concretely contextualized clues. Their methods also raise human rights concerns, but at least they start from the proposition of individuated suspicion.

We should fight the effort to compile massive amounts of personal data on everyone in sight on the off-chance that a clue to a terrorist attack might be located in a statistical match down the road. The proposals that are emerging from the London attacks are a seriously misguided way to fight terrorism.

Comments:

Post a Comment

Older Posts
Newer Posts
Home