We Can Protect Ourselves

We Can Protect Ourselves

The Charlie Hebdo attack and the Boston Marathon bombings point to the solution: better surveillance.

By Holman W. Jenkins, Jr. in the Wall Street Journal

In the past few years, you could walk into certain office buildings in New York and not pass a security barrier on the way to the elevators. Not at big, brand-name companies, but in buildings housing smaller companies, a noticeable re-relaxation of security was taking hold.

That will change with the Charlie Hebdo attack, which raises the question, as did the Sony hack, of where private security leaves off and police responsibility begins.

Charlie Hebdo and Sony Pictures have two things in common; they were in the business of offending (for Hebdo it was a full-time business) and their security measures, while not trivial, failed to envision the threat that beset them.

The good news is that deterrence works. Many security experts and even former homeland-security chiefs who should know better have been heard lately declaring that defenders have to be right 99 times and terrorists have to be right only once. That’s the wrong way of analyzing the challenge. Terrorists aren’t looking to play roulette with our security measures. The 9/11 attacks worked because the terrorists did things we let them do. We let them bring box-cutters on planes. We instructed air crews to cooperate with hijackers. We can deter things we want to deter.

Much remains to be disclosed about the Paris attack, but the Charlie Hebdo assault likely wouldn’t have been attempted if the attackers had not been able to assure themselves access to the satirical magazine’s premises. An arriving employee, a Kalashnikov waved in her face, opened the door from the outside via a keypad. It’s no great insight to see that antiterror security requires a door controlled from inside.

In the Sony case, any business whose network must be usable by thousands of employees and millions of customers will be breachable with a stolen password. But a hacker ends up stealing nothing if the data he steals is properly encrypted, which Sony’s wasn’t.

And both companies had reason to suspect they were special targets for attack. That’s not a reason to avoid mocking Islamic extremism or satirizing North Korea (if more people did so, it would render terrorist attacks futile from the terrorist perspective); but it’s a reason to engage in adequate self-defense.

Still, the question of foreign sponsorship looms over all. Despite the fear of lone-wolf activities, lone wolves haven’t been up to mounting the kind of attacks that meet terrorist objectives for impact and intimidation, which the Paris attacks certainly did. As horrible as the French attacks were, they show our security steps are on the right track.

Notice certain parallels to the 2013 Boston Marathon attack. The Tsarnaev brothers may have been radicalized by watching Anwar al-Awlaki videos, but dead-brother Tamerlan made a murky sojourn in 2012 to Dagestan and Chechnya where he may well have received bomb-making skills and terrorist training. Tamerlan was known to U.S. authorities. He figured on U.S. no-fly and terrorist watch-lists.

The suspected leader of the French attacks, Said Kouachi, was known to French police. He served three years in prison for illegally seeking to emigrate to Iraq in order to fight the U.S. He was a student of Anwar al-Awlaki. He is known to have visited Yemen for al Qaeda training. He also featured on U.S. no-fly and terrorist watch-lists.

Which shouts that surveillance is a solution, and could have forestalled both attacks, if we could just improve its efficiency.

People who assert jihadist sympathies and cross borders in search of terrorist training and backing are enemy agents, deserving of being carefully tracked. We have the tools. U.S. privacy concerns are overblown. One word: EZPass. The U.S. government and private businesses already hold information on all of us—our health, our finances, our movements—that would be infinitely more distressing if leaked or misused.

Ridiculous, then, is our angst about phone metadata, which allows law enforcement quickly to connect phone numbers used by terrorist and criminal suspects (though not to monitor their calls). Let’s face it, the potential risks of phone-metadata abuse are so much less than the potential risk of abuse of the vastly more sensitive data that government and businesses protect on our behalf. So let’s grow up and move on.