Skip to Main Content

How the Terror Watchlist Actually Works

The perpetrators of recent attacks were "known to police." So who else is on the watchlist, and what did they do to get there?

A person is detained by police following the terror attack on London Bridge Photo by Furqan Nabi/PA Wire/PA Images
A person, right, is detained by police in Barking, East London, following the terror attack on London Bridge.

06/06/2017
Vice
By Mark Wilding

In the aftermath of a terrorist incident, you'll often hear that the attackers were known to the authorities. That's because, at any one time, the UK security services are monitoring thousands of potential terrorists. But what does that actually mean? And if the perpetrators are known to the authorities, why aren't they stopped? 

Neil Shortland is the program manager at the University of Massachusetts Centre for Terrorism and Security Studies, and previously worked on counter-terrorism within the UK Ministry of Defence. I spoke to him about the concept of a terrorist "watchlist" and how attackers sometimes slip through the net.

VICE: Hi Neil. What exactly is a terrorist watchlist?
Neil Shortland: The idea of a watchlist is to identify people who are vulnerable to becoming involved in terrorism and to assist in prioritising where finite police resources should be focused. It's also to prevent people from engaging in certain activities – the classic example is that if you are on a watchlist you shouldn't be allowed to fly. It's supposed to put restrictions on certain individuals, but it's also about identifying that relatively small subset of a large population that could be engaged in terrorism to allow the security services to focus on those individuals who pose the greatest risk.

How many people are on a watchlist in the UK?
Three-thousand is the number of people who are deemed risky individuals. The issue is that, for every individual, you need 12 members of law enforcement to effectively conduct surveillance on them. That obviously exceeds the number we actually have. So within that watchlist you have to pick you who follow and who you don't. The watchlist is large and it is exceeding the capacity of the organizations that are in charge of counter-terrorism and surveillance.

Who decides who's added to the list?
Ideally it should be a result of information-sharing between the police and the security services. The watchlist has to cover an awful lot of things. If you think about what a terrorist is, you've got someone who may go and carry out an attack in the UK, you've got someone who may go abroad and come back, you may have financiers, recruiters, bomb makers. Each will be picked up by a different agency. It's going to be a collaboration between MI5, MI6, the police and crime agencies.

So how might someone end up on the list?
There are numerous ways that you could be added. The best way to conceptualise it is direct and indirect. Direct is when, by some way of your own volition, you come to the attention of the security services. Someone could report you and say, "I'm worried about this person." Indirect is when your name or information comes up in connection with someone else who is being investigated. After the Manchester bombing there's been a huge investigation. Anyone coming out of the bomber's social networks or phone may find themselves on this list. One of the issues is that social media has added to these numbers. There are so many people who present as extremists – they are loud and opinionated and are low-hanging fruit. That adds to this workload.

How do the security services prioritise who they should be keeping an eye on?
It's the million dollar question. There's this idea that national security means more pervasive intelligence. If you look at almost every terrorist attack in the US and the UK in the last five or ten years, the one thing that always comes out is that the person is known to law enforcement or the security agencies. These people are identified, and at the time they are not assessed as high risk. We've got 3,000 people who could be high risk, and nothing statistically that is going to differentiate those 3,000 from the three that are going to be involved in terrorism. The second issue is, even if people are risk-assessed correctly, things can change and suddenly that person is now high risk. It's an impossible problem. Risk assessment in terrorism is very, very hard, and we don't know how to do it. The amount of work we're asking of the agencies involved is far exceeding their capacity.

How are people on the watchlist monitored?
When someone is identified as high risk, the security around them normally involves detailed and continued surveillance. That continues until that person engages in a criminal activity and they can be arrested, or until it is decided that they don't pose a risk. That judgment takes into account other individuals who may be deemed a risk at the time. Let's say an individual hasn't done something for a month and then three new individuals emerge who are very high risk. It's hard to emphasise enough how hard these choices are for the people who have to make them. You're asking them to make crystal ball decisions. Every now and then they are going to make the wrong call. Or it's the right call at the time and, six months later, it turns out to be wrong. The whole issue with the watchlist is there are more people who could be high risk than we can conduct surveillance on.

So how effective has this system been at preventing terrorist attacks?
There's no question we are much better at stopping terrorism than terrorists are at doing it. In terms of plots detected versus successful plots, the security services are winning by a long shot. The problem is, they can't stop them all. The issue with the watchlist specifically is one of false positives. There are a lot of people on the watchlist that will never do anything. That bit isn't successful – it has a wide net. It's the fundamental trade-off. We could stop all terrorism if we removed all civil liberties. It's about that balance.