We learn this morning that MI5 has launched an internal inquiry into how they didn’t catch Salman Abedi, the Manchester bomber. He was reported to them five times, apparently, even by his imam – the spooks looked into him, but after a while discontinued their investigation. Perhaps we will learn that there has been an egregious intelligence failure but I doubt it. I suspect that in time, we’ll learn every detail about the case of Salman Abedi and it will likely expose the grim realities of counter-terrorism. And also that, as I argued in my most recent Daily Telegraph column, we’re about as safe as we’re ever likely to get.
Yes, you can say that the signs were all there: the trips to Libya, links to jihadis, the glorifying of suicide attacks and strange behaviour: one of his neighbours said he was flying what looked like the Islamic State flag at his house. The implication is that one phone call to MI5 should have been enough: the spooks should have tapped his phone, hoovered up the evidence then banged him up. But the spying game is very different now, and catching a determined jihadi is one of the toughest tasks that the world of espionage has faced.
Here’s an example. Seven years ago, a 25-year-old university dropout – an obvious loser – was caught in Kenya trying to join the terrorists of al-Shabaab. When he got back, MI5 was understandably all over him. For a while, they put a 24/7 watch on him. After two years of obsessive monitoring, they had found absolutely nothing to suggest terrorist intent – he seemed to be a drug dealer, doing his business from phone boxes, but nothing worse. So after shedloads of money and resources, they gave up. A month later, he brought a meat cleaver and killed Drummer Lee Rigby on the streets of Woolwich.
So to say that Michael Adebolajo was ‘known’ to the security services is a gross understatement: as Jonathan Evans, MI5’s then director-general put it, they had thrown the ‘kitchen sink’ at monitoring him. But they found nothing and, looking back, there was nothing to find: one day he decided to execute a soldier near where he lived.
And as Niall Ferguson said in the Sunday Times, do you have any idea how many dodgy young men with links to Islamists there are? There are 3,000 people on MI5’s watch list, with an astonishing 20,000 suspects ‘known’ to them, with 500 active investigations under way. As Charles Moore said in the Daily Telegraph on Monday, this stands against 50-odd people they were watching in the IRA era and 250 suspected Islamists before the 9/11 attacks. The figure has been stagnant at 3,000 for a while now, but not because the threat isn’t growing. It’s because there’s a limit to how many people 4,000 MI5 staff can keep an eye on.
So how to catch them? The most dangerous terrorists don’t send emails, and when they do communicate they have several accounts – which the spies can only access in serious circumstances. It’s a myth to think that every email can be tapped by spies: almost all, now, have sohisticated encryption. Ten years ago, only about 10 per cent did. It’s wrongly assumed that GCHQ can press a ‘hack’ button and read or intercept anyone’s email, Skype or Facebook message. The spies could hack when in the days where most of the world’s cable messages came via London but the facility doesn’t exist in a post-Snowden era where near-impregnable encryption comes as standard. They can send a warrant to intercept anything handled by a UK-registered company, but have no jurisdiction over the US tech giants. And this is a major problem.
Again, let’s look at the Woolwich murderer. The massive inquiry that followed that atrocity discovered that he had sent a social media message to a friend saying ‘let’s kill a soldier’. The odds are that the Manchester bomber will also have sent emails that will, in retrospect, point to his atrocity. But the parliamentary inquiry into Woolwich found that even had MI5 been watching the attacker, they probably wouldn’t have been able to intercept this message because they don’t have the tools. This is a point that deserves to be understood more widely than it is.
Companies like Facebook rarely consider themselves obliged to respond to UK intelligence requests for information – to the chagrin of the spies. Twitter, for example, says it will only respond to requests from US officials. And yes, MI5 can ask the CIA to lodge a request – but in practice, this is only done in a ticking-bomb scenario where there is a known threat to life. If the spies are just trying to check someone out, they can’t escalate this to a CIA or FBI request. They need the co-operation of Facebook, Twitter, Google etc.
Crucially, the US tech giants – who run a fair chunk of communication of British citizens – often refuse to co-operate with the UK authorities. So even a year after the Woolwich attack, GCHQ was not able to get hold of five of the killer’s various social media accounts. Even when the terrorist had been convicted, and the UK government was involved in the very important business of establishing what (if anything) went wrong, the spies couldn’t get the Americans to play ball.
Against this backdrop – the sheer numbers, and the evolution of technology that means UK authorities have no direct jurisdiction over UK communications – it’s fairly easy to see how the spies could ‘lose’ a terror suspect who had been reported for nothing more than being a bit mad. It was the IRA who summed it up best: the spies need to be lucky all the time, and terrorists need to be lucky just once. Decades on, this remains the case.
Comments