We know the self-confessed perpetrator of the Norway killings Anders Breivik purchased six tonnes of fertiliser, a key ingredient of explosives, in recent months.
We know he was under surveillance by the Norwegian Police Security Service. We know he spent an alleged 200 hours on Google searching for terms relating to bombs.
We know he emailed a copy of his 1,500 page “manifesto” to thousands of people just hours before the bombing and shooting that claimed at least 76 lives.
So why wasn’t any of this picked up and acted upon sooner?
Craig S. Wright, an expert in computer forensics, shines a light on online surveillance.
Anders Breivik is said to have spent 200 hours googling phrases such as “how to make a bomb”. How easy would it be for Google and other search engines to trace a user based on their search terms?
That would be possible, but extremely difficult. You’ve got to remember the large amounts of data a site such as Google filters every day. To then assess the reasons why people do these kind of things would be even more challenging.
Of course, there are also freedom of speech requirements to consider and potentially there are academics and other people with valid reasons for using for such search terms, and so it becomes difficult.
Also, if you are going to bust down someone’s door because they’ve done a search for bomb-making the question is: where in the world are they anyway?
Earlier in the year, I had to go to Venezuela because of online child porn being delivered out of that country. The difficulty is that Venezuela doesn’t have any extradition to the US or other countries.
I was even able to meet with some of the people behind the material, the organised crime groups, and they were quite blatant about what they’d done for the simple fact that no-one can take them out of the country and prosecute.
Do search engines have a flagging system whereby they are alerted whenever someone searches for words such as “bomb making”?
No, but they can set up this kind of system on request. The problem is that Google is a US company and most of their servers reside in the US.
If you look at the furore around the wireless network scanning issue a little while ago, any time Google starts monitoring anything, it has privacy advocates screaming at it. That’s a bit of a double-edged sword: they’re damned if they do, damned if they don’t.
On the other hand, if an organisation such as the FBI or Australian Federal Police (AFP) make a request with a court order and Google becomes protected to some extent, they can monitor and flag certain search terms. The difficulty is that they need something legally sanctioned in order to do so.
So unless an individual is already being watched by Google – at the request of a law enforcement agency – their search terms won’t be monitored?
That’s correct, and that was one of the issues with Norway. When you’ve got a person who’s being monitored by security forces in some capacity, but by no means high on the radar, then there’s no-one out there actively looking for them.
Even if they are a person of interest, unless someone’s gone to a court of law and got an operational certificate or warrant requesting online monitoring, then nothing is going to be done.
Should search engines be monitoring dubious search terms and tracing the individuals responsible?
The problem is that this course of action will drive people to alternate websites that aren’t monitored at all.
Websites such as Astalavista are hosted offshore, so even if the FBI or AFP wanted to access them they generally can’t – not legally anyway.
So even if search engines did more in terms of monitoring search terms, and tracing those who make the searches, it would actually make it more difficult to catch people – that’s the paradox.
On top of that, sites such as Google are corporations that exist to make a profit. If they start having to do all of this extra work monitoring and filtering search results, then it’s going to bring in opportunities for websites that don’t do it, who have lower costs.
As a result, things move away to less secure sites.
How common would search terms such as “how to make a bomb” be?
I wouldn’t see it as being all that uncommon. Being involved with universities and uni students, I know there are people that look up such things just because they can, as their way of rebelling against the system.
The Anarchist’s Cookbook is a good example: there are so many copies of it floating around it’s not funny. People just like to say: “Hey, look, I’m rebelling against the system. I’ve got a copy!”
Whether or not those people actually do anything mentioned in the cookbook – other than blow off their own fingers – is another question, but it’s the “I own it” mentality that goes through a lot of people when they go through uni.
Are we likely to see any changes in the way search engines monitor user behaviour as a result of the Norway attacks?
I can see calls for changes being made in some European countries where the privacy requirements currently protect the user to the point they don’t allow law enforcement to get access to anything.
There may be moves towards greater monitoring, but less privacy for users.