The Intelligence and Security Committee of Parliament (ISC) is an increasingly useless way for the Government to pretend to provide independent scrutiny of the secret intelligence agencies. The ISC's highly censored Annual report, sometimes provide a few tantalising glimpses of what these agencies are wasting our public money on, without providing any hard evidence of any actual successes, and with no indication of value for public money.
Having delayed publication of this censored report for over 3 months, the Government also gets to timetable the "debate" in the Commons about this Report, probably in another 6 months or so, judging by previous years.
The mainstream media have cherry picked the section on the failure of the SCOPE computer project, but have not bothered to look any deeper into the worrying projected increase in the size and intrusiveness of the Surveillance / Snooper / Secret Police State which this Report hints at, involving the general expansion of all of the intelligence agencies, and projects such as the Intelligence Exploitation programme, the IQ Programme, the Interception Modernisation Programme and the Communications Data Bill.
These all seem to be an expansion of snooping and data trawling through large numbers of innocent people's data, in pursuit of mythical "terrorist patterns", without any evidence that such snooping can possibly work technically, and without any effective error correction mechanisms and procedures, to investigate individual abuses, and to purge the records, provide financial compensation and issue a public apology to the inevitable victims False Positive matches.
Yet again, the ISC fails to scrutinise either the Serious Organised Crime Agency, or the various "domestic extremism" Police units set up by the unaccountable Association of Chief Police Officers, or any military Special Forces covert surveillance and reconnaissance units.
There is also no investigation of the revolving door whereby retired intelligence agency or police counter terrorism specialists join Private Military Contractor and Security / Mercenary companies.
ISC Annual Report 2007-08 [PDF 658KB, 58 pages]
The Government's Response to the ISC Report, is, as usual, even less informative than the Report itself:
Government Response to the ISC Annual Report 2007-08 [PDF 298KB, 8 pages]
Some Spy Blog notes and questions on the ISC report:
Reform of the Intelligence and Security Committee 4
One of the most impenetrable bits of the Report. There are no noticeable changes or reforms in evidence, which would have made this Committee into a proper independent watchdog of the Public's interest, with some real teeth, rather than a cosy co-conspirator with the Government politicians and the secret bureaucracy.
THE AGENCIES 7
The threat 7
The Single Intelligence Account 8
Government Communications Headquarters 10
We have no problems with GCHQ getting new and updated equipment to keep pace with the growth of the internet.
Internet programme - costing £*** million over the next three years, this project includes a number of elements which together are designed to enable GCHQ to keep up with the rapid progression of internet technologies. The project aims to improve the identification, interception and management of internet-based communications.26
26 One of the most significant challenges facing GCHQ is to maintain its capability to identify and intercept targets as communications - including telephony - increasingly move to Internet Protocol technology. This challenge is faced on a broader scale across the intelligence and law enforcement communities and the Home Office is therefore co-ordinating the Interception Modernisation Programme to address the challenge. This is covered in paragraphs 174 to 176.
Taking this at face value, assuming that GCHQ are not "policy laundering" their own demands by claiming that "it was MI5 wot made us do it, guv", there appears to be an insatiable demand for more electronic surveillance and snooping (see also the IQ Programme and Intelligence Exploitation in the MI5 Security Service section below)
35.Of GCHQ's total ICT effort, ***% was in support of Security Service operations and this continues to be a growing demand on, and a challenge for, GCHQ28 GCHQ has agreed performance targets with the Security Service for the level of support it will provide to operations; however, the Director of GCHQ told the Committee that these are extremely difficult to meet:
We don't quite meet the targets they set, but, frankly, the targets they set are at a level where it is very unlikely we ever would be able to meet them... I think their aspirations would almost always exceed our capability.29
Give them an inch, and they take a mile.
The Security Service 14
Why are they pretending to publish financial figures, entirely censored with "***" ?
Given the vast sums involved, and the apparent waste of resources, knowing what is spent, even to the nearest million pounds, on a particular department or project, offers no real clue as to its intelligence effectiveness and value for money, neither to potential enemies, nor to the Government, nor to the tax paying public, and is therefore not a security risk.
51. Whilst the Security Service continues to deploy resources on discovering new potential terrorist networks and plots, it is increasingly finding that intelligence about extremist activity relates to individuals who have already surfaced on some level in previous investigations. The Director General told the Committee:
[One of our priorities is] to try and know more about the people we already know about, rather than to find the people we don't know anything about. It would be nice to know about the unknown unknowns, but it is probably a less rich seam than knowing more about the people that we know are a threat to us.44
This means that the Service is focusing its efforts on making better use of the intelligence already at its disposal - it needs to innovate to improve the methods by which it collects, analyses and acts upon intelligence.
52.The Service completed the first phase of its "Information Exploitation (IE) Programme" in June 2007 at a cost of £*** million. The programme provides tools to enable investigators to search across systems, map networks and analyse events based on time and geography. It therefore allows specialist analysts to focus on more complex,in-depth analysis. The second phase, when completed, will double investigative capability by transforming the Service's ability to process and exploit intelligence. It will improve the way investigators are able to use intelligence from a variety of sources, and provide what the Director General has described as "trip-wire" coverage of significant patterns of activity. It will also allow staff to bring the intelligence together and analyse it more effectively. This second phase has now been incorporated into the "IQ Programme".45
45 The "IQ Programme" is scheduled over the CSR07 period and beyond. It aims to build on the "IE Programme" by providing investigators with context and connections to what they already know about their targets, saving time on searches. The first part of the "IQ Programme" is scheduled to go live in 2009/10.
This looks like even more "Rich Picture" intelligence snooping (mentioned in previous ISC reports) on "significant patterns of activity".
We fear that this actually means even more data trawling of large numbers of innocent people's personal records, and the increased chances of abuse by authorised insiders, motivated by politics or religion, by irrational jealousy or financial gain. There is also the chance of authorised or unauthorised abuse of such data for financial gain via insider trading manipulation of the stock market etc.
There is also going to be even more domestic spying in the UK - more "agent handlers" must mean more Covert Human Intelligence Sources, double agents, undercover operatives and informers:
iii. increasing the impact and improving the effectiveness of the Service's
agent-running capability;42 and
42 The Service aimed to do this by increasing operational staff numbers (in 2001 the Security Service had *** agent handlers working against the ICT target - this has increased to *** currently and over the next three years will grow further), improving training of agent handlers and appointing a Head of Profession for operational officers to encourage best practice.
MI5 Northern Operations Centre
54. A very real practical benefit of the regionalisation programme is the ability to respond to events across the UK more quickly than before. The Director General explained:
If one takes, for an example, the events of the London/Glasgow attacks in June ...if we had... forward mounted some of the equipment and surveillance in the north ***, our response would have been considerably quicker in getting up to Scotland, particularly some of the equipment because we had to ind some way of getting the stuff up to Glasgow. You would be starting two-thirds of the way there, which would in fact have been considerably advantageous to us...46
The Security Service recently opened a Northern Operations Centre to provide an operational support capability from a base outside London. This is particularly beneficial given the UK-wide nature of the threat that the Service is trying to cover.
"two-thirds of the way there" between London and Glasgow, sounds like Manchester.
What possible communications or surveillance equipment, no matter how sophisticated, did MI5 need to move to Glasgow, which they could not have borrowed from Strathclyde Police or from the Scottish Crime and Drug Enforcement Agency ?
59. Another key non-ICT focus for the Service is its counter-espionage work. The Security Service dedicates 3.5% of its resources to such work, with particular focus on China and Russia.
60. The murder of the Russian dissident Alexander Litvinenko in London in November 2006 led to a serious deterioration in diplomatic and political relations between Russia and the UK.
In response to the Litvinenko murder, the Security Service increased its resource dedicated to Russia by around ***%. The Director General told the Committee that:
Counter-espionage work, to protect us against foreign intelligence agencies from the whole of the rest of the world, only takes up a measly 3.5% of MI5 the Security Service's resources ?
That is an astonishing statistic if it is true, but it does explain, somewhat, why the recent "spy" trials and allegations have not involved any "real" professional foreign intelligence agents, who must be laughing at MI5.
The Secret Intelligence Service 21
21 The SIS resource figures from 2008/09 inclusive will be reduced each year by a £*** million baseline transfer to the Serious Organised Crime Agency (SOCA).
58 These figures show spending in 2007/08 prices calculated on the basis of the latest HM Treasury deflators (as at 30 September 2008). As previously indicated (footnote 21), the 2008/09 to 2010/11 figures will be reduced by a £*** million baseline transfer to SOCA.
Has MI6 the Secret Intelligence Service transferred some of its functions to the Serious Organised Crime Agency, or is this just an accounting fiddle, to "rob Peter to pay Paul", to cover a shortfall in the SOCA budget from an unspent surplus from the SIS one ?
If the latter, then why is the ISC keeping this secret ?
CROSS-CUTTING ISSUES 26
Business continuity 26
GCHQ in Cheltenham, Gloucestershire, was nearly brought to a standstill by the River Severn floods, partly due to the disruption to transport etc. which affected their staff, the risk of electricity supply cuts, and partly due to the indirect loss of clean mains water (power failures to water pumping stations) , which could easily have affected the mainframe computer cooling and air conditioning systems.
94. GCHQ has reviewed its business continuity plans following the summer floods of 2007, which resulted in significant disruption to both of its sites ***. The greatest challenge to GCHQ during the crisis was a lack of mains water supply - vital for computer cooling - since both sites held water reserves sufficient for ***. By sending home non- critical staff and switching off a number of non-critical computer systems, GCHQ reduced consumption until suppliers were able to put in place an adequate and reliable supply via road tankers. This allowed critical services to be maintained during the ten-day period during which the mains supply was interrupted.66
The Security Service
ii. It has ensured that, where it has expanded, the new sites add to its overall collective resilience.67 Loughside, in Northern Ireland, also provides a significant fall-back capability should Thames House suffer significant disruption.
67 Should Thames House be out of action, the Service can now maintain ***.
Secret Intelligence Service
100. SIS's business continuity plan covers a range of scenarios, from the short-term loss of Vauxhall Cross to the complete evacuation of staff out of London for two months. For an incident affecting only part of Vauxhall Cross, SIS would still be able to make use of two separate ***, whilst key staff could be deployed to work out of a number of alternative locations (***). There are also back-up duty officer arrangements for SIS ***.
101. SIS has nearly completed a major programme to duplicate its core IT and communications systems at *** to make it a viable alternative headquarters if Vauxhall Cross were completely out of action as a result of a serious incident. SIS also has a year-round emergency provision in place for the movement of staff out of London, although this does not address a scenario where ***.
102. SIS exercises its evacuation procedures regularly, and plans to hold regular desktop exercises 68 during 2008 to ensure that all teams across the organisation are aware of what to do in an emergency. In view of its dependence upon *** as a back-up site, we would expect SIS to test those arrangements regularly to ensure that they are fully it for purpose.
The new computer centre at Hanslope Park , near Milton Keynes, the Foreign and Commonwealth Office communications link with British Embassies and Consulates throughout the world, and the site of Her Majesty's Government Communications Centre, would be a logical choice for this back up centre.
The Agencies' non-ICT funding 28
Value for money and efficiency in the Agencies 28
HM Treasury "Gershon targets" about "efficiency" , published with every financial figure censored with *** are meaningless.
There is no attempt to measure or correlate actual intelligence successes and failures with the amount of public money spent to achieve these.
Media relations 30
STRATEGIC FRAMEWORK AND INTELLIGENCE MACHINERY 31
The Office for Security and Counter-Terrorism and CONTEST 31
Ministerial Committee on National Security, International Relations and
The National Security Strategy 33
The Head of Intelligence, Security and Resilience 35
The Professional Head of Intelligence Analysis 36
Incredibly, the ISC report does not even mention:
especially as the Cabinet Office now seems to have decided to increase his workload, by subsuming role oft the Professional Head of Intelligence Analysis into that of
Chairman of the Joint Intelligence Committee.
135. We are therefore very concerned that the post remained vacant since Jane Knight (the first post-holder) retired in August 2007. We are particularly concerned that the progress achieved during the previous two years may be lost. Although we note that the Deputy Professional Head has been covering both posts during this time, we question the extent to which one person can adequately cover two demanding posts at the same time. The JIC Chairman told us in January 2008 that thought was being given to the future of the Professional Head post - whether it should be a separate post, or whether it should be amalgamated within the JIC Chairman role. The Cabinet Office has since told us that a decision has been made to subsume the role within the JIC Chairman role.
The Joint Terrorism Analysis Centre 37
The Centre for the Protection of National Infrastructure 38
The Joint Intelligence Committee and Assessments Staff 38
See above for mention of Alex Allan, the Chairman of the JIC.
See also Document security in the Cabinet Office 47 below
The magnitude of this failed IT project disaster must be immense, if even this compliant ISC is forced to write:
147. SCOPE is a major cross-government IT programme aiming to improve the intelligence community's secure communications. The Committee has repeatedly raised concerns about delays to this project, a lack of preparation amongst partner departments, and the risks to the successful delivery of Phase II:
We remain very concerned, however, by the numerous delays... a general lack of preparedness for full implementation amongst SCOPE partners, and difficulties in providing a secure environment for the deployment of SCOPE overseas.
Last year we reported that Phase I had initially been implemented, but expressed concern at further delays to Phase II - which aimed to broaden the user departments and improve capability of their communications. This phase had been delayed and revised on a number of occasions. Last year we were told that considerable work had been done to reduce the risk of any further delay and to ensure its successful delivery between mid-2008 and early 2009
149. This year, however, the Cabinet Secretary told us that, despite all this work, Phase II of SCOPE has now been abandoned:
...we know that the way they were planning to do [Phase II] won't work... So we are working actively on ways in which we can achieve those benefits, but probably through rather different routes.
At the time of writing, the Committee has yet to be provided with details of how the decision to scrap SCOPE Phase II was arrived at, what the cost implications are and what the options are for a replacement system.
N. We have consistently reported concerns about SCOPE and are appalled that Phase II of the system - on which tens of millions of pounds have been spent - has now had to be scrapped. We sincerely hope that lessons have been learnt from this failure and that they will be used when plans for the future are being drawn up. We also expect the development of any replacement capability to be subject to more stringent controls, and greater management and financial accountability, from the outset. We will be investigating the reasons for the serious failure of this important project, and will report on the matter in the forthcoming year.
That is about as strong a criticism as the ISC ever makes, but no Government Ministers or civil servants have taken personal responsibility for this failure and resigned, have they ?
Where is the Office of Government Commerce Gateway Review Process, or any equivalent, of this SCOPE project ?
N.B. none of the Intelligence and Security Committee members are qualified to understand the complexities of large scale information technology projects, and they are not resourced with independent experts who are.They may be able to comment intelligently on documents with which they are presented, but they will be likely to fail to ask the right questions about technological and "business" risks and assumptions, especially if these are not properly spelled out, or are entirely missing from the project documentation.
The Defence Intelligence Staff 41
The Commissioners 42
The combination of the secretive and toothless RIPA Commissioners, and the ISC does not provide the democratic accountability or the effective independent complaints investigation and remedial action procedure, which should be standard operating practice in a mature democracy.
Official Secrets Act 43
OTHER ISSUES 44
Rendition report 44
Intercept as evidence 44
The ISC report adds nothing to the equally censored Chilcot Review and Advisory Group Report:
- Chilcot Advisory Group on Intercept Evidence (lack of) Progress Report
- Privy Council Chilcot Review report on Intercept Evidence - more ***
Interception modernisation 47
174. The ability to intercept communications is essential to the UK's national security. This ability is threatened by advances in new technology. According to a recent Home Ofice study, the move to Internet Protocol (IP)-based communications will render the UK's domestic interception capability obsolete over the next decade.
This imprecise weasel wording conflates and confuses the processes of interception and communications traffic data analysis. It fails to distinguish between existing IP data communications (which are already snooped on), and current third party encrypted peer to peer Voice over IP telephony e.g. Skype, (which will always present intelligence agencies and the Police with de-cryption problems, but which does not affect communications traffic analysis very much) , and British Telecoms 21st Century Network, move to convert its old telephony switching backbone infrastructure into an entirely IP based one (which will make snooping on phone calls easier, not more difficult).
The Home Secretary told the Committee:
We do recognise the changing technology that we are facing, the way in which... both the collection and the dissemination of information and data will change fundamentally, and it will change more quickly in this country than it will in many others... The impact of that will be to massively degrade (unless we make big changes) our ability, not just to be able to intercept, but actually potentially to be able to collect the communications data in the first place in order to be able to target the interception.126
175. This is a very complex issue but one that must be addressed as a matter of priority. In response, the Home Office has established the Interception Modernisation Programme, which aims to update how intelligence and law enforcement agencies collect and access communications data. On 15 October 2008, the Home Secretary announced that a public consultation would begin early in 2009 to inform Ministerial decisions as to any future legislation which might be necessary.
16. The Communications Data Bill - which had included a provision "to ensure that public authorities can continue to have access to essential communications data" 127 - is now on hold until the outcome of the public consultation next year.
It is now March 2009, and there is still no sign of this promised public consultation.nearly 5 months after it was announced.
Document security in the Cabinet Office 47
180, The Committee wrote to Sir David Omand to draw his attention to the findings of an investigation into security arrangements in the Agencies that was commissioned by the Committee in 1999. One of the issues that concerned the Committee was the different arrangements relating to document security across the intelligence community. The investigation found that there are random exit searches in each of the Agencies, but that the Cabinet Office does not employ random searches, despite housing highly classified material in some areas.
On 28 October, the individual concerned appeared before Westminster Magistrates' Court charged under Section 8.1 of the Official Secrets Act. He pleaded guilty and was fined £2,500 and ordered to pay court costs.
i.e. "Cabinet Office official Jackson, 37, of Yateley, Hampshire, was fined £2,500 and will have to pay £250 costs. "
Investigation into BAE Systems 49
SUMMARY OF CONCLUSIONS AND RECOMMENDATIONS 50
LIST OF WITNESSES 52