In the continuing story of the NSA and their five eyes attempts to do to the world what the GDR’s Stasi did to East Germany, someone finally asks how did we let GCHQ capture and process the internet traffic of the British people, those using the transatlantic internet cables and using the decryption technology to spy on allies and diplomats engaged in economic talks and treaties. On the 31st October, Julian Huppert MP with cross bench support from Tom Watson MP and Dominic Rabb MP managed to get time in the Westminster Hall committee room to debate Parliament’s oversight of the Intelligence agencies, specifically GCHQ, but let’s not forget our old friends, the burglars at MI5. The debate was broadcast on Parliament TV, and transcribed in Hansard here. Both the Video and Hansard report the debate verbatim, and so if you want to hear what the MPs said, then you’ll have to use those resources. The rest of this article is a personal comment on the meeting.
Who’s the Criminals here?
The first is that a number of our elected representatives, mainly Tory consider both Snowden and the Guardian to be traitors. This is despite the US Government, eventually, welcoming the debate, a debate which in the USA is leading to legislative reform. Having said that, there are several federal arrest warrants in place for Snowden and as repeated in the debate, his choice of China and Russia as places of refuge are decisions used against him by the spies, their civil counterparts and their legislative allies. The British parliamentary shills argue that the Guardian has placed spies in danger, and that by sending the data abroad, they have committed a treasonous act. I am not sure how this works since the leaked data was US held, presumably in the USA. Julian Smith finished his speech with a privileged repeat of his allegations that the Guardian has behaved in an illegal and irresponsible manner. He has previously called for the Government to prosecute the Guardian. Another interesting argument is that since the Guardian has not alleged that GCHQ has committed a crime, there can be no public interest defence. This is all based on the proposition that RIPA authorises the Foreign Secretary to issue general surveillance warrants, and that such warrants are consistent with the European Charter on Human Rights’ Article 8 Right to Privacy. If the warrants are a legal over reach, all the evidence is the fruit of the poisoned tree. Tom Watson in his speech clearly states the problem with the democratic deficit is that the intrusion is colossal, that even if legal, this has been done without public consent, and Parliament has not discussed if these programmes conform to the European Convention on Human Rights (ECHR) Article 8, nor whether RIPA authorises this level of general surveillance. While Parliament has not discussed or debated these issues, it should be noted that because the warrants were secret, they have not been challenged in court, and thus neither judged by the UK Supreme Court, nor the European Human Rights Court in Strasbourg.
Secondly, for some Tories, not only is this level of intrusion legal, it’s necessary and normal because everyone is doing it. (Actually, only those organisations that can afford to build the supercomputers capable of breaking the encryption used on the internet, or forcing the compliance of one end of the secure session are doing it). It is clear that a number of Tory MP’s do not believe that the GCHQ actions are illegal, even the spying on the political leaders of allied nations. As Der Spiegel showed, Angela Merkel, the German Prime Minister has been bugged and her Blackberry messages decrypted using GCHQ code and obtained by the NSA. (Maybe GCHQ gave the NSA the code, rather than the messages, but some of these decryption techniques need to be applied to a stream of messages, the larger the stream the faster the crack).
Ben Wallace MP in a quite amazing speech, partly for his insouciant statement that Spies spy and if it’s in in the interests of the British State it should be done, also claimed that writing surveillance programs was in the capability of any programmer; I’d add that getting permission to run them on any computers that would yield any useful information would be in breach of any computer misuse laws.
Already, without being a member of a security service or a Government, I can find out how every person in this room shops, where they live, when they bought their car and what their credit rating is. I can probably get hold of everybody’s details without very much effort.
But probably not within the law, and this is a key and undiscussed part of the problem.
Wallace further argued that spies spy, and that Britain’s spies have the right to hack foreign states’ banking systems to discover tax evasion and avoidance. Wallace is an ex-Army Officer who served in intelligence in Northern Ireland during the Troubles. I am sure that this experience has shaped his views, but the “Truth & Reconciliation” process there is not yet complete; there is little doubt that parts of the Security and Police services in Northern Ireland broke the law and the stakes in this arena of the “Great Game” were very high. As part of the dialectic establishing that Britain’s spies have not broken the law, Julian Lewis MP made the point that Britain “has one of the best oversight regimes in the world” and stated that the intelligence services have been accused of no crime. These bald assertions are part of what the debate should be. Have they committed crimes? The Intelligence and Security Committee (ISC), the primary parliamentary body, a select committee, responsible for supervising the intelligence services has not discovered any, partly because they have no will, and partly because they are not equipped to discover criminal wrong doing?
ISC : Have you committed any crimes?
GCHQ : No.
ISC: Well that’s all right then.
The necessity of secrets
Some Labour contributors, most obviously two members of the ISC, (Blears & Howarth) believe that the security services have successfully defended Britain against terrorist threats, needed signals interception capability to do so, have complied with the law as it stands and that the ISC and the two commissioners are a more than adequate democratic safeguard and oversight. They are less certain that the law is fit for purpose. Howarth, in his speech made the point that the Security Services do not receive illegally obtained US information. They both believe that the Spies need to keep their secrets, so one has to ask if the believe that evidence discovered using secret means should remain secret in court. No-one did.
The assertion that the ISC is capable of performing the role specified was explored in some detail, although Michael Meacher made the point that its budget and staffing level are not public knowledge. The weight of opinion is that the vetting of membership, by requiring nomination by the Prime Minister, the historic appointment by the PM of its Chairman (sic), the appointment of ex-ministers, who are thus in a position to mark their own homework and the secrecy of its deliberations all contribute to a fundamental weakness in the oversight. Malcolm Rifkind, the current Chairman of the ISC, to my mind, played games with the appropriateness of the appointment scheme. It seems the Chairman is now elected by the Committee itself, from amongst its number, however, while Rifkind’s expertise as an ex Secretary for Defence and Foreign Secretary imply that he has significant experience in what the job entails, it offers little confidence that he has a desire to discover any wrong doing. He proved this in my eyes, by inventing a new surveillance doctrine,
it’s not surveillance if humans don’t access it
I am unclear that the British Electorate would agree, and how do you guarantee this if you give it to the Americans or if the databases become the subject of Norwich Phramacal orders.
On the other side of the debate, a number of contributors questioned if the current laws and the oversight of the intelligence services were good enough. The key question on the adequacy of the laws is whether it, by which we mainly mean RIPA, would stand judicial scrutiny that permitted either general surveillance and specific individually targeted investigations without probable cause.
The State of Law
On the question of whether criminality has occurred, we have two sides of a coin, the liberals argument is that if they have stayed within the law, then then maybe the law needs to change.
Obviously the main reason this has not yet occurred is because the warrants and surveillance were secret.
A number of people in the debate, are questioning RIPA, which leads to [secret] police proposing actions and politicians approving them, in secret. Even David Blunkett, a past Labour Home Secretary stated at a fringe meeting that the lack of judicial supervision is an outstanding problem. Huppert for one, argued that today’s law is no longer fit for purpose and quoted both Lord Carlile, the former independent reviewer of terrorism legislation and the US Congressional response to the Snowden leaks. While Tom Watson in his speech questions both the clarity of RIPA, suggesting that it would be struck down as incomprehensible by the European Court, and the legality of general surveillance under Article 8 of the ECHR. Huppert had earlier in the debate suggested a gold plated test of the appropriateness of new laws recommending the UK signs up to the international principles on the application of human rights to communications surveillance and stated that,
The thirteen principles are legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, due process, transparency, public oversight, integrity of communications, safeguards for international co-operation and safeguards against illegitimate access.
I don’t think they score well.
The NSA and GCHQ have broken the trust in internet computer secrecy. Julian Huppert MP in his opening comments came closest to raising the issue of trust on the internet. He quoted the Foreign Secretary, William Hague that cyber defence means defending encryption and ensuring that the British military and British commerce can keep their secrets and in the case of commerce establish “Trust”. I’d suggest that exercising leadership in decryption does not really align with the goal of effective cyber-defence.
Huppert in his speech raised the question that if GCHQ were so confident what they do was within the law, why were they so desperate for the Communications Data Bill to be passed. He also reminded the committee of the excoriating criticism made of the CDP by the joint house scrutiny committee which described its need as unproven, its remit to be disproportionate and its costings to be fanciful. (We might be a bit wrong on that one!)
If the law has been broken, it would not be the first time that the intelligence services have done so; the jury is still out over the use of torture and rendition in the War against Terror, a point made by David Winnick MP both in his speech and while interrupting Wallace.
Oversight, the case against
The key to the argument that Oversight is poor, is that we still don’t know if they’ve broken the law, and wouldn’t be looking if Snowden hadn’t leaked to the Guardian. Watson made it clear in an intervention later in the debate that this is a key weakness of the current oversight regime. The parliamentary Intelligence and Security Committee (ISC) did not know what GCHQ were doing until the Guardian told them.
Dominic Raab in his speech reinforces the point about the ISC by saying,
Finally, I am not convinced that the Intelligence and Security Committee is able to provide the oversight that we need. I say that without casting any aspersion on current or former members, least of all its formidable Chair, who is present today. I do not believe, however, that the ISC has the tools or the independence to do the job properly. It is billed as a creature of Parliament, but through its appointment and accountability, and under the statutory regime, it is ultimately and really beholden to the Executive. It needs to develop into more of a Committee of the House, tailored in a bespoke way, but acquiring more of the powers and independence of normal Select Committees, if it is to deliver the kind of oversight capable of commanding public confidence.
He failed to make the point that its budget and staffing are also inadequate, picked up Meacher & John McDonnell later in the debate when he asked if it were true that the ISC’s current resource is a retired Metropolitan police officer on a part-time basis?
One of the most memorable contributions came from John McDonnell MP, who proposed a number of reforms and actions,
- The legal opinions used to underpin the ongoing surveillance framework should be published, as the US Government have done.
- The budget and investigatory capacity of the Intelligence and Security Committee, the interception of communications commissioner and surveillance commissioners should also be published.
- The Investigatory Powers Tribunal should be reformed
- so that it is presumed that its hearings should be held in public,
- that it should state the reasons for reaching its decisions and
- that its judgements can be appealed in court.
- The need for Secretaries of State to approve appearances of the heads of agencies before parliamentary Committees should be ended, allowing the agency and service heads to give evidence in public where appropriate.
- The legal restrictions on British companies publishing transparency reports about surveillance requests should be lifted.
- details of the use of surveillance powers should be broken down by agency and published, rather than the single UK figure currently published, including the scale of international intelligence sharing.
- In addition, we should enhance whistle-blower protection for those who want to come forward from within the services, because that protection clearly seems inadequate at the moment.
He finished his contribution discussing how to move forward and in doing so, reinforced the arguments of those who suggested that the current ISC is flawed and its current membership incapable of leading reform that established openness and transparency.
The chosen option needs to have independence, resources and expertise and must be as open and as transparent as possible, while also avoiding conflicts of interest.
So for some, mainly Tories, the Guardian and Snowden are the problem, what the intelligence agencies are doing is legal, normal and desirable. Oversight is the best in the world. A number of Labour MP’s including it would seem the front bench agree. Some seem happy that the British Government are engaged in industrial espionage across the world and military spying on our allies.
For others, mainly Labour’s awkward squad and Huppert, (and probably Caroline Lucas of the Greens), the Guardian & Snowden are right to blow the whistle, the Security Services have a record of breaking the law and subverting both Parliamentary and even Government supervision. The Law is not good enough and general surveillance should be illegal or at least explicitly authorised, which on the two occasions that Parliament has considered it, they have not given permission. Also general surveillance is contrary to EU law, and unlikely to be agreed by the vast majority of member states that have been run by fascist and soviet coercive governments.
This debate leaves four questions unanswered.
- Have they broken the law? In particular, the Data Protection Acts and Computer Misuse Acts?
- Why didn’t Parliament discover this?
- Is the law fit for purpose?
- Does it breach the ECHR?
- Does it breach the EU aquis?
This article was originally posted on http://blog.davelevy.info
I watched the video a couple of days after the event, and made some notes. I then looked up the Hansard report. This article was written over the Xmas break and backdated to November, as that is when I started it. I have not blogged on the subsequent parliamentary select committee meetings on this issue, the ISC meeting which questioned the heads of the in intelligence agencies, nor the Home Affairs Select Committee which most importantly questioned Alan Rusbriger, the Editor of the Guardian.
The debate only briefly touched on the decryption activities of GCHQ, it is to my mind one of the undesirable if not criminal activities undertaken by the NSA. The evidence as to whether GCHQ were involved in this is unclear although we know it was GCHQ that broke Blackberry’s secrecy.
While writing this article, since I had assumed that GCHQ would not be able to afford the CDP on the grounds of disk space alone; I had not considered that a 3 day cache would be good enough for them, I began to speculate as to how much the compute would cost. We can assume that criminals and Anonymous illegally use other people’s computers in botnets; since they’re there do the British or US intelligence services?
Brute Force attacks can be reduced using statistical inference methods. These are more effective with larger encrypted data sets. Have they tapped encrypted streams? Legally?