In his first public speech at RUSI, the Director-General rightly suggested that the leaks from Edward Snowden gave terrorists 'the gift to evade us and strike at will'. Nevertheless, the revelations should now be an opportunity to have a mature national conversation on the hierarchy of accountability in intelligence gathering.
We live in a surveillance society where everyone is assumed innocent until proven guilty. We might be sceptical of that principle now that we know GCHQ is able to access large amounts of global internet data. But we needn’t be. The data mining programmes, revealed by Edward Snowden, are a response to the fundamental challenge facing the intelligence agencies: how to do their crucial work in an era of big data.
As data has become more abundant (more than 5 billion people are calling, texting, tweeting and browsing websites on mobile phones) so agencies have had to find new ways of handling vast troves of data and metadata. What the agencies need is information about information.
In this data rich world it has become near impossible to find a needle in a haystack – today it is about finding the relevant haystack in a thousand fields (using a technique called Massive Volume Reduction). This means agencies have to sift through the data, which can be stored for up to three days to allow analysts to identify their individual targets of interest. Only when they have found their target and have applied for a warrant can intelligence agencies read the content of the email or mobile phone communication.
The idea that intelligence agencies have kept pace with the evolution in technology and are continually finding ways of mining new seams of data and information is what taxpayers expect those agencies to do. In return we demand those tasked with such a sensitive mandate to be locked into an accountability structure and process of oversight that ensures what they do is achieved within the law. We hope they follow due process and are regularly and robustly scrutinised by those we have elected to be guardians of our human rights and privacy.
As revelations from Snowden continue to appear via The Guardian, governments and their intelligence agencies are rightly trying to suppress further sensitive intelligence from being made public. This is to stop aggressive foreign intelligence agencies from securing even more access to those secrets; and it is likely that Chinese and Russian intelligence agencies will have secured a percentage of the information from Snowden and his co-conspirators.
In recent weeks there has been a call for the intelligence agencies to ‘show some leg’ – to open up the secret world and provide a window on their work. This is based on the mistaken belief that by doing so the agencies will solicit greater public support and thereby increase confidence and trust in the system. Trust and confidence are crucial but this isn’t the right way of going about it.
Governments have embraced this new age. A positive trend is for governments to publish more data online, and make reports and policy documents free to download for the public to read. This creates interesting challenges – such as strategy documents that describe our vulnerabilities to a terrorist attack and explain what governments require from law enforcement to prevent this from happening – but making such information free is central to a liberal democracy.
The military saw the potential of this new age long ago. No longer do stories from the battlefield remain in the Platoon – now you too can experience a fire-fight in Afghanistan through a soldier’s headcam. But has our thirst for information blinded us from seeing the consequences of too much transparency?
In early August, twenty-one US embassies and consulates, mostly in the Middle East closed in response to fears of an unspecified attack by terrorists. The US State Department issued a global travel alert until the end of August saying the potential for an Al-Qa’ida inspired attack was focused in the Middle East and North Africa. The story quickly unravelled exposing more information. In this case the media were soon reporting from US intelligence officials that the were embassies closed due to an intercepted communication between Ayman al-Zawahiri, the leader of Al-Qa’ida and Nasser al-Wuhayshi, the leader of Al-Qa’ida’s affiliate based in Yemen. The intercept was deciphered by a senior airman in the 70th ISR Wing, who was a cryptologic linguist and in charge of a team of electronic data analysts in one of the Air Force's signals intelligence units. But do we need to know this detail and what were the strategic considerations that led US officials to reveal this information? What is comforting to know is that the information was passed efficiently from the Senior Airman to the US Commander-in-Chief, demonstrating the hierarchy of accountability in action.
The Snowden revelations and subsequent debates demonstrate a worrying level of ignorance about how the intelligence agencies are governed and are made accountable. Perhaps this should not be surprising. The functions of GCHQ are set out in the Intelligence Services Act of 1994. One of the agency’s functions is to ‘monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material.’ The legislation was intended to be 'future proof' but the wording clearly reflects the prevailing technologies of the time.
In order to achieve this task, GCHQ will intercept vast amounts of data which it does under the legal framework that governs the interception of electronic communications (RIPA 2000 & 2007). These two acts underpin GCHQ’s work. What the Snowden revelations tell us is that GCHQ operated its various programmes within the law. However, the revelations highlight that RIPA may no longer be suitable in the internet age (the Computer Misuse Act of 1990 is in similar difficulties) and sections of the Act should be reviewed.
The legislation also makes clear the responsibilities placed on the Director of GCHQ, who is accountable to the Foreign Secretary. The Foreign Secretary, in turn is accountable to Parliament. This hierarchy of accountability should provide us with confidence that a chain of command is in place that ensures individuals, programmes and policies are regularly reviewed, monitored and discussed by relevant officials in government and members of Parliament.
What is alarming therefore is the revelation by former Cabinet minister Chris Huhne, who revealed that, as a member of the National Security Council (NSC), he was unaware of the extent of GCHQ’s operations. The remit of the NSC is the ‘main forum for collective discussion of the government’s objectives for national security and about how best to deliver them in the current financial climate’. Mr Huhne had access and ample opportunity to speak to the Director of GCHQ either formally – at the weekly meetings of the NSC – and informally too. As Secretary of State for State for Energy and Climate Change (2010-2012), he would have been briefed on intelligence and sensitive sources as a priority when he was given the role, and will have certainly had a brief on GCHQ.
A related but separate issue is the level of oversight afforded to the intelligence agencies. If the right accountability measures are in place and greater transparency of their work is not sensible, how does the oversight of the agencies and their work measure up?
Like MI5 and SIS, GCHQ is overseen by the Intelligence and Security Committee, and the independent Commissioners for oversight (the Intelligence Services Commissioner and the Interception of Communications Commissioner), as well as the Investigatory Powers Tribunal (IPT). The Commissioners are able to comb through GCHQ’s work while the IPT was established as a result of the Regulatory Investigatory Powers Acts. The IPT consider complaints about the use of a number of intrusive powers used by intelligence services, law enforcement agencies and public authorities. Last but not least, GCHQ’ financial management and governance is answerable to the Head of the Civil Service, who is the principal accounting officer for the Single Intelligence account.
However, it is the role of the Intelligence and Security Committee (ISC) which has made headlines recently – not least because its Chairman made such a vociferous defence of the work of the intelligence agencies when a more impartial view would have been more appropriate. The Committee’s members include politicians from across both Houses of Parliament and all political parties. Its role in scrutinising the agencies has been an issue for some time. Only with the Justice and Security Act 2013 has the Committee become a Committee of Parliament; providing greater powers; and increasing its remit (including oversight of operational activity and the wider intelligence and security activities of Government). This change has been a long time in coming and represents a triumph for those seeking greater oversight of the intelligence agencies.
When Andrew Parker said the GCHQ leaks gave terrorists 'the gift to evade us and strike at will', he triggered a public debate in the UK that many thought was never going to happen. Such debate has been common place in the US and in Germany. Discussions have been going on – admittedly between select groups of interested parties for over a decade. And the news that the National Security Agency and GCHQ has been investing in capabilities to mine vast troves of data is not new either. In January 2001 the Congressional Research Service published a report titled NSA: Issues for Congress. The report said:
NSA’s efforts are being challenged by the multiplicity of new types of communications links, by the widespread availability of low-cost encryption systems, and by changes in the international environment in which dangerous security threats can come from small, but well organized, terrorist groups as well as hostile nation states... In some cases, NSA must resort to analyses of traffic patterns–who is communicating with whom, when, and how often–to provide information that may not be obtainable through breaking of codes and reading of plaintext.
The challenges facing Snowden’s secret state are on public record and have been the subject of much discussion over the past decade. The conversation has largely taken place behind closed doors between democratically elected officials and special interest groups: this might now change and for the better.
Senior Research Fellow