The Parliamentary Intelligence and Security Committee, who are supposed to provide the public with independent scrutiny of the secret intelligence services, has actually written two Annual reports in the last 9 months.
11 March 2010: The Intelligence and Security Committee's Annual Report for 2008-2009 was laid before Parliament today by the Prime Minister. A copy of the Report can be found here. A copy of the Government Response to the Intelligence and Security Committee's Annual Report 2008-2009 can be found here.
The Committee has issued an accompanying Press Release, which can be found here.
These Annual Reports are not an adequate mechanism for holding the secret intelligence agencies to account, either for their waste of public money, or for how well they are doing their job.
See:
- The Register: GCHQ loses Top Secret laptops - And struggles to recruit net experts by Chris Williams
- BBC : A snapshot of spies and their accountability by Gordon Corera
Perhaps there is some good reason for the 8 month publication delay of this supposedly Annual 2008 - 2009 report , but since nobody trusts Gordon Brown not to lie by omission, we assume that there was some sort of petty political reason for the unnecessary delay.
Dr. Kim Howell's, the outgoing Labour chairman of the Intelligence and Security Committee, who will not be standing for re-election at the forthcoming General Election, seems a bit frustrated with the
"We also sent our Annual Report for 2009-10 to the Prime Minister on Friday 5 March 2010.
This is a shorter report, given the duration of the Parliamentary year, however it covers some
fundamental issues.[...]
We have been assured by the Prime Minister that this Report will also be published in good time before the debate next week.
This is an opportunity for Gordon Brown to show his respect or contempt for Parliament and the British public.
We would like to be proved wrong, but we assume that Gordon Brown will break this promise to Kim Howells.
The debate on the Intelligence and Security Committee Report is scheduled for this Thursday 18th March 2010.
On past performance, we expect a few paper copies this 2009 - 2010 report to have been made available a few minutes before, or perhaps even during this debate, in the Vote Office, giving MPs and others no time to read and analyse it beforehand.
We doubt if it will be published on the web until after the debate in the Commons.
Here are a few points which stood out for Spy Blog, when reading this censored ISC report:
GCHQ - Government Communications Headquarters
Difficulties in recruiting and retaining their target number of technical staff.
This is affecting the ability to defend against Russian and Chinese and other state sponsored cyber attacks:
27. Nevertheless, work to tackle the threat of electronic attack is about a third below the level planned. We have been told that the shortfall is because of the difficulties GCHQ has had in recruiting and retaining skilled internet specialists in sufficient numbers - although specialist recruitment campaigns have been set up to try and address this problem
The loss of 35 laptop computers discovered back in 2008, including 3 which could have held Top Secret information.
How many have they lost since then ?
MI5 - Security Service
51. The Security Service has continued its rapid recruitment programme and plans to grow to around 4,100 staff by the end of 2010/11 (compared with current staffing of approximately 3,500).47
47We have since been informed that this target has been reduced to 3,800
MI6 - Secret Intelligence Service
MI6 still seems incapable of managing its capital expenditure and IT project finances.
H. This is the second year in a row that the Secret Intelligence Service has failed to manage its capital spend across the financial year, putting both efficiency gains and value-for-money gains at risk.
This looks like an admission of failure, regarding Information Technology projects and budgets:
56. SIS has now appointed a senior official to manage IT budgets across the Service, an area where this kind of expenditure surge has been particularly prevalent. We hope that this appointment will help the department to plan more effectively and organise capital spending across the year.
Why was nobody doing this properly before ?
63. SIS recruited 204 new staff during 2007/08, against a target of 230 (the remainder having been selected but had not yet started). As at 31 March 2009, SIS had 2,253 staff; this is predicted to increase to 2,527 by March 2010.
An example of how ineffective the Intelligence and Security Committee is, can be seen from the 2003 / 2004 incident regarding the sale of an MI6 Camera on eBay, which contained some secret documents in its memory stick. They are only reporting on this 6 years after the security incident !
71. SIS advised the Committee that its IT and communications system in *** at that time required files (including scanned documents and other images) to be transferred via floppy disk. Staff found that it was possible to use the station's digital cameras, rather than floppy disks, to transfer larger files - even though this was a breach of security operating procedures - and this is how this data came to be stored on the camera memory stick.
The fact that the member of the public who bought this camera, preferred to sell the story to The Sun newspaper which published it in September 2008, shows just how secretive and out of touch with the public both MI6 and the ISC are.
There is also a question about how effective the SIS training and integration of new recruts is:
66. On the second point, the Chief explained that, due to the time taken to train new staff, and the time required for them to accumulate sufficient experience, the recent rise in staff numbers had yet to result in any real increase in terms of the numbers of staff who were actually deployable. As a result, SIS has reviewed its training arrangements and the Intelligence Officer New Entrants Course (IONEC), which was previously open only to Intelligence Officers and took six months, has been redesigned into two three-month modules open to a wider group of staff.53 SIS hopes that this will allow for the speedier deployment of new entrants into operational jobs and provide greater flexibility in terms of providing a greater number of staff who can do a wider range of jobs.54
54The Committee has been reassured that the benefits of the full IONEC are still being delivered to the Intelligence Officer cadre, but now in two separate courses, which provides more flexibility in terms of their deployment.
"Intelligence Officer cadre" - how very Communist of them !
Only six months training from a raw recruit into a fully deployable Intelligence Officer ? That does not seem long enough. It might explain the Daniel Houghton criminal case.
68. With the significant growth in staff numbers in recent years, as previously mentioned, SIS now has a higher proportion of younger and less experienced officers. This carries significant risk - one of the keys to managing this is ensuring that officers without sufficient experience can at least have access to the existing knowledge and expertise within the organisation. 56
[...]
At a less exalted but still very important level, failures properly to exploit tribal knowledge and information in SIS continue to contribute significantly to operational errors.
Backup Data Centre
In SR07 we didn't bid for the funds to do a new resilient facility. So we have done the initial study with the other two Agencies and that came back with a costing of about £*** million to £*** million. Prior to that GCHQ had done its own independent study on building a resilient data centre for itself and the prices were in that same sort of ballpark. As a result of those pieces of costing work, the three Agencies have concluded that none of the three of us have the funding within our baselines to pay that sort of bill. So we will be attempting to make the case in the next spending review to obtain the funding to do that.60
60Oral evidence - GCHQ, 24 January 2009.
So none of the three UK intelligence agencies have their own, or a shared, properly resilient secure offsite disaster recovery computer centre.
Defence Advisory Notice system
We note that the ISC mention the voluntary Defence, Press & Broadcasting Advisory Committee (see their website Defence Advisory (DA) Notice system and how even mainstream media like The Sunday Times ignores it
94. Our final concern relates to the lack of any real power. As Sir Bill Jeffrey said:
is a voluntary set of arrangements and... we meet... the responsible editors and other senior media people, but if in the end the journalist decides to ignore the advice and print something, there's nothing we can do about it.74
74Oral evidence - DPBAC, 20 January 2009.
This was illustrated in a recent case where Sunday Times published information that clearly fell under the DA-Notice system, yet it failed to consult the Secretary before the event, and then failed to respond to concerns raised both on the Media Side of the DPBAC and by the Secretary. In other words,
completely ignored the system and any subsequent remonstrations without any consequences. Given this example, it is manifest that there is a problem with the current system and further thought must be given to how to address this.
We assume that this is the Sunday Times story mentioned above: Oops! Building firm blurts out secrets of hush-hush MI5 HQ 14th June 2009
RICU -Research, Information and Communications Unit
The anti-terrorism propaganda unit, which aims to somehow positively "influence" potential terrorists:
Research, Information and Communications Unit
101. One of the units within OSCT working under the PREVENT strand is the Research Information and Communications Unit (RICU), which was established in June 2007 in order to counter extremist messages. It aims to:
- ensure consistency, across government, on counter-terrorism and counter-extremism messages;
- provide a unifed communications strategy across all departments involved in delivering aspects of PREVENT;
- undertake a wide range of "audience research" in order to identify how best to deliver these messages; and
- advise police forces and local authorities on how best to communicate with local communities in order to target those most at risk of turning to extremism.
In early 2009, RICU's remit was widened to include the co-ordination of PREVENT-related news across Whitehall, and responsibility for preparing communications strategies to underpin all four strands of CONTEST.
102. The Unit is jointly funded by the Home Offce, the Foreign and Commonwealth Office (FCO) and Communities and Local Government, but is based in OSCT. RICU currently has 35 staff and a budget of £5.7 million for 2009/10. Of this budget, £1.5 million is expected to be spent on research, and £3.5 million on campaigns to "wer community voicesh as Muslim community groups.82
82Letter from the Home Secretary - 13 May 2009.
Even the ISC has noticed that it is very hard to see any quantifiable measurement of success or effectiveness of this strategy or of this particular propaganda unit, or to determine if the taxpayer is getting value for money.
The National Security Forum
107. When the Prime Minister announced the National Security Strategy in March 2008, he also outlined plans for a National Security Forum87 to advise the Ministerial Committee on National Security, International Relations and Development (NSID) on the strategy.
The Cabinet Office told the Committee that it is envisaged that the Forum would meet around six times a year and described its expected composition:
It will be a mixture of specialists... we would look at a range of the different areas that are represented in the National Security Strategy... [these will] include the intelligence and security field, including diplomacy... the military, including the police, but also science, academia, interest in conflicts and international developments [and]... have one or two lay representatives as well.88
108. However, we understand that the Forum will be appointed until 2010 and that, in the meantime, an interim forum has been appointed that, we were told on 8 April 2009, only once/sup>
Progress appears to have been painfully slow, given the importance the Government attaches to the National Security Strategy and its supporting structures.90
9090 We also note that the Joint Committee on the National Security Strategy has yet to be appointed.
Having said this, the impact of the National Security Strategy and Forum on the intelligence and security Agencies is very small, and these delays have not therefore had any bearing on their work. In addition, NSID and its sub-committees appear to have been functioning adequately without any significant advice from the Forum so far.
Another of Gordon Brown's attempts at creating policies through media soundbites, which has failed to be implemented properly in practice.
The other Whitehall departments and intelligence agencies seem to be ignoring this National Security Forum.
Given the way in which the Labour politicians abuse the voluntary services of independent scientists and experts, especially if they give advice which is unpalatable (e.g. the Home Office and their Drugs Advisory Committee), it would not be a surprise if they are having difficulty in finding good quality people who are willing to serve on this National Security Forum.
See our previous Spy Blog article back when this was announced:: National Security Strategy - bias, omissions and weasel words
SCOPE and CLiC
More on this expensive IT project disaster:
SCOPE
123. The SCOPE programme was established in 2001 as a major interdepartmental IT project designed to facilitate more efficient and effective information sharing across the wider intelligence community. It was intended to be delivered in two phases:
- Phase 1: connecting key departments (such as the Home Office and SOCA) to the existing secure communications network used by the intelligence community; and
- Phase 2: improving and expanding the secure communications network and extending the system's capabilities.
124. SCOPE has been dogged continually by problems and we have repeatedly voiced concerns about the programme. After a two-year delay, Phase 1 was eventually implemented in late 2007, and the Committee was assured (in January 2008) that concerted efforts were being made to ensure successful and timely delivery of Phase 2. However, just three months later, as we reported last year, the decision had been taken to abandon SCOPE Phase 2. We reported that we were appalled at what appeared to be a waste of tens of millions of pounds, and said that we would be investigating why this vital project failed, the associated cost implications and the options for a replacement system.107
However, there seems to be a more modest replacement programme underway called Collaboration in the Intelligence Community (CLiC):
CLiC
125. Following the failure of SCOPE Phase 2, GCHQ and SIS set up an initiative called Collaboration in the Intelligence Community (CLiC). This is intended to be a low-risk, inexpensive approach, providing incremental changes to existing systems, and designed to address the intelligence community's most urgent IT collaboration requirements. The Chief of SIS told us:
CLiC is designed to shore up... some of the capability that SCOPE 2 would have given us... We are doing really quite well on this more modest CLiC programme, which is not being run out of the Cabinet Office, it is being run out of SIS and GCHQ... and it will be of community-wide value when it is delivered.108
108 Oral evidence - SIS, 27 January 2009.
Note the implication that any IT Project which the Cabinet Office meddles with, is doomed to project management disasters. delays and cost overruns.
126. The first three areas CLiC will address are:
- development for Her Majesty's Revenue and Customs (HMRC) of an enhanced version of the SCOPE Phase 1 Top Secret desktop, which will enable HMRC to continue to receive intelligence and communicate securely via email. This approach will reduce the overall cost of Top Secret desktop systems through economies of scale;
- STRAP3A secure messaging - an email system for intelligence information that is subject to the highest protection standards. It is planned that, by the end of the 2009/10 financial year, up to seven departments (GCHQ, SIS, Ministry of Defence, FCO, Security Service, Cabinet Office and Home Office) will be able to exchange information at this level; and
- a pilot programme for 100 users to collaborate on serious crime work. GCHQ has told us that this pilot successfully delivered, over a two-month period, the UK's first Top Secret "shared workspace" between GCHQ, SIS and SOCA. In May 2009, we were informed that the next planned increment will be the expansion of the user base to around 600 to 700 users across the wider intelligence community.
127. A total of £*** million was spent on CLiC between August 2008 and the end of March 2009, with SIS and GCHQ each contributing £*** million and the remaining sum being provided by HMRC and the FCO. The largest cost element has been for specialist contractor staff and the development of technical infrastructure, with ***.
V. CLiC appears to be progressing well so far. We are optimistic that it will deliver some of the IT solutions that the (far more costly) SCOPE Phase 2 programme was unable to. It is regrettable that this same practical and incremental approach was not adopted in the planning of the SCOPE programme.
More implied criticism of the Cabinet Office incompetence with IT projects.
Note the difficulty in producing a properly secure It system even for only a few hundred or thousand users in the UK and worldwide.
There is no hope of producing an equally secure National Identity Register or National Childrens' Database centralised computer systems, with access by hundreds of thousands of authorised users.
SCOPE Overseas
128. The SCOPE Overseas project was initiated in November 2005, with the aim of providing secure email between some overseas posts and other domestic users on the UK Intelligence Messaging Network (UKIMN).
129. The UK infrastructure for SCOPE Overseas became operational in mid-2008. There
are now 12 posts connected to the UKIMN: ***
***.
In May 2009 the FCO told the Committee that *** would be connected in the coming months. The system will be rolled out to around 40 posts by March 2010. There is currently no FCO funding for further installations beyond April 2010.
So after 5 years, only a maximum of 40 British Embassies or Consulates, even though the UK is diplomatically represented in of over 120 countries, have access to this secure email system ?
That is totally unacceptable.
Every single British Embassy and Consulate should have secure communications technology available.
What is missing from this Report ?
- Why is there still no scrutiny by the ISC of the secretive Serious Organised Crime Agency ? It is connected into SCOPE and other intelligence agency machinery. and it conducts snooping, interception, intrusive surveillance and undercover Covert Human Intelligence Sources operations under RIPA and the Police Act 2006 Part III, which are indistinguishable from those conducted by an intelligence agency .
- Where is the scrutiny of Foreign Intelligence Agencies e.g. the US CIA, operating in the United Kingdom ? Are they properly subservient to MI5 and MI6 etc., or are they taking liberties with British citizens' privacy and freedoms, without any UK control or responsibility ?
- What about the use of Private Military Contractor / Mercenary companies, in intelligence gathering and surveillance roles ?
- Are any of these Private Military Contractors directly involved in, or indirectly complicit in torture ?
I just dont believe Gordon Brown. He is the same as Blair or Bush - so guys, where are these nuclear weapons in Iraq? I would like to know...
George