intelligence

The Little Blue Men: China’s Maritime Proxy-Warfare Strategy

September 9, 2016 by Cheng Lai Ki

By: Cheng Lai Ki

Maritime tensions in the East Asia region are undoubtedly a hallmark event of the early twenty-first century, as well as of the emergence of the People’s Republic of China (PRC) as a regional superpower in the East. Concurrent to existing tensions between Japan, Korea and the PRC over islands in the East China Sea (i.e. Senkaku), the emerging Eastern power has also begun to expand into the South China Sea – claiming its historical sovereignty. Coined as the ‘Little Blue Men’, China has increased the deployment of its Maritime Militia into the disputed waters within South-East Asia (SEAsia) over the past six months. This proxy-warfare strategy is similar to President Valdimir Putin’s ‘Little-Green-Men’ strategy of deploying civilian militia forces to support Russian operations during the Ukrainian Crisis.[1] China’s military and naval expansion in the region has not slowed, especially with the integration of the Type 053 Frigate into its Coast Guard Force in around June 2016.[2] While it remains relatively easy to track the progression of the People’s Liberation Army Navy (PLAN) and its new assets/platforms, tracking its Maritime Militia has proven somewhat more elusive.

The ‘Little Blue Men’ are China’s Maritime Militia formed of civilian fishermen and seafaring merchants. According to an article from Defense One, the PRC’s ‘Little Blue Men’ were ‘Chinese merchant and fishing vessels [behaving] in sharp contrast to China’s navy ships, “crossing the [USS Lassen’s] bow and manoeuvring around the [navy] destroyer even as they kept their distance”’.[3] Articles 27 and 28 in Section 3 of the United Nations Conventions on the Law of the Seas (UNCLOS) have established the immunity and relevant protective laws of civilian/commercial vessels conducting passage through ‘sovereign waters’. This issue has been under consistent debate after China’s disregard for the Court of Arbitration’s ruling on 12 July 2016 about China’s sovereignty of the South China Sea. The ruling effectively denounced most of China’s maritime activity in the region as non-innocent passage in an Economic Free Zone belonging to the surrounding SEAsian countries. The PRC has since vowed to disregard the ruling and continued to conduct operations and increased presence within the contested waters.

China’s use of the Maritime Militia is not a new strategy. It existed after the emergence of the Chinese Communist Party (CCP) in the 1920s and its solidification as China’s main political power in the 1960s. According to Erikson and Kennedy, the first recorded implementation of maritime militia can be linked to its island seizure campaigns during the 1950s – namely, the First Taiwan Strait Crisis (1955-96).[4] That PLAN has continued with this proxy-warfare strategy is evident from the 2012 seizure of the Scarborough Shoals from the Philippines and the 2014 repelling of Vietnamese vessels from a Chinese oil-platform located near the contested Paracel Islands.[5] The PLAN Maritime Militia has been defined by the commanders from the Zhongshan garrison as ‘an irreplaceable mass armed organization not released from production and a component of China’s ocean defence armed forces [that enjoys] low sensitivity and great leeway in maritime rights protection actions.’[6] In a 2014 Official PLA Publication, it described its Maritime Militia as ‘穿上迷彩是合格战士，脱下迷彩是守法渔民’; which can be translated into ‘a soldier when wearing camouflage, complying fishermen when not’. Such hybrid strategies can also be identified in Western civilizations, as with the historical use of privateers by the East India Trading Company to protect merchant vessels traveling the high-seas.[7] Despite this maritime proxy-warfare being a historically entrenched strategy, it has to be modernized to adapt to contemporary laws and operational platforms. What are the modern military strategic roots of China’s ‘Little Blue Men’? Outside of regional presence, what other objectives can an efficient militia support?

2013 Science of Military Strategy & Thousand Grains of Sand

The roots of China’s modern Maritime Militia strategy can be most recently traced back to the 2013 Science and Military Strategy publication and the concept of Forward Defence of its strategic space.[8] The concept essentially emphasises the need to shift possible contention locations away from China’s geographical (inclusive of coastal) territory and into its peripheral regions. By expanding its defendable dominion, China effectively increases the distances between itself and potential adversaries. This enforcement of forward defence can be further confirmed through the fortifications (i.e. runways and radar towers) made on the artificial islands in the disputed maritime regions in SEAsia. Yet, how does this apply to their Little Blue Men?

To realize their Forward Defence strategy within its maritime domain, China utilises its largest asset: its people. Chairman Mao once characterised the contentions China faces (and will face) as a ‘People’s War’; where everyone is equally confronted by the same threat, and hence arises the need for collective resistance.[9] As such, the notion of unity is an essential concept identifiable in leadership discussion across multiple topics as argued by Martin Jacques in a 2010 TEDTalk. This unity is essentially the concept of nationalism (or national pride), as stated in the 2014 official publication of China’s Maritime Militia, mentioned above. Adapting this to the PLAN’s Maritime Militia strategy, the 2013 Science of Military Strategy publication essentially suggests utilizing China’s grandiose civilian population to its advantage. This reflects another strategy known as Thousand Grains of Sand, where power can be obtained through exploiting the volume of the citizen population for intelligence and warfare purposes.[10] To skeptical security scholars, this deployment of civilians onto the frontline and exploitation of their attack immunity resembles a ‘human shield’. Evidence of this strategy is evident from incidents where detained fishing vessels were ‘rammed’ clear (and allowed to escape) by the larger Type-053 Frigates of the Chinese Coast Guard (essentially warships) escorts. This allows the PRC to project military presence in the maritime domain under the guise of protective escorts.

china-map — Fig 1. China’s Maritime Forward Defence Area The red line on the map indicates the general area of China’s maritime forward defence activities. It can be argued that this line essentially forms another ‘Great-Wall’ to defend its empire. Hence, the notion of forward defence but through regulated naval patrols, Maritime Militias (basically a human-shield) and artificial outposts.

Outside of Power & Control

Outside of establishing presence and control in the contested maritime region, an efficient militia can also provide significant human intelligence (HUMINT) support – as defined by Michael Herman’s HUMINT Pyramid.[11] The PLAN’s Little Blue Men are civilians nonetheless and are able to travel inconspicuously throughout several maritime regions. Although illegal, the identity of seafaring vessels is dependent on what flag they fly during their passage. In addition, when coupled with China’s extensive HUMINT infrastructure of embedded civilian spies, the Little Blue Men can easily become a means of payload delivery and asset deployment for the PLAN and other Chinese agencies. Of course, while these concepts remain , we should not deny the possibilities of such strategies – especially with China’s increasing recognition of Cross-Domain Warfare.[12] China recognises the need to defend its maritime peripherals to ensure a more inclusive security environment, especially after its geographical command reform in 2015 (See Fig 1).

In summary, China’s Little Blue Men strategy supports a greater concept of strategic space expansion through forward defence. Guided by Mao’s concept of all Chinese conflicts requiring national resistance, it is of no surprise that the CCP would be expanding its militia programs – something reflected in its HUMINT programs and even cyberspace according to Sheldon and MacReynolds.[13] Understanding that militaristic behaviour would significantly undermine the image projected by Xi Jinping’s administration, the party has turned to its massive civilian population. It is without a doubt that the objective of China’s ‘Little Blue Men’ is to support its strategic space expansion without projecting a direct military presence in the region. The employment of militia forces is a revitalization of its older strategies of creating a sort of maritime wall capable of intelligence gathering, early-warning and forward defense.

Cheng served as an Amour Officer and Training Instructor at the Armour Training Institute (ATI) in the Singapore Armed Forces (SAF) and now possesses reservist status. Currently undertaking his MA in International Intelligence and Security at King’s College London, his research revolves around security considerations within the Asia-Pacific Region and more specifically around areas of Cybersecurity, Maritime Security and Intelligence Studies. His Graduate thesis explores the characteristics and trends defining China’s emerging Cybersecurity and Cyberwarfare capabilities. He participated in the April 2016 9/12 Cyber Student Challenge in Geneva and has been published in IHS Janes’s Intelligence Review in May 2016. You can follow him on Twitter @LK_Cheng

Notes:

[1] Herman, M. Intelligence and Power, (Cambridge: Cambridge University Press), 1996.

[2] Qiu, M. ‘Chinese Military Strategy: Cross-Domain Concepts in the 2013 Edition’, Cross-Domain Deterrence Working Paper, (La Jolla, CA), September 2015.

[3] See Sheldon, R. & McReynolds, J. ‘Civil-Military Integration and Cybersecurity’, in Lindsay, J.R., Cheung T.M. & Reveron, (eds.) D.S. China and Cybersecurity: Espionage, Strategy and Politics in the Digital Domain, (New York: Oxford University Press), Apr 2015; for more information about China’s Cyber-Militias.

[4] “Little Green Men” a primer on Modern Unconventional Russian Warfare, Ukraine 2013 – 2014, (Fort Bragg, NC: US Army Special Operations Command), 2015.

[5] Lin, J. & Singer, P.W. ‘China arms up with a new warship’, PopularScience, (Jun 01 2016); [Online].

[6] Watson, B. ‘The D Brief: U.S. to China: No harm, no foul in the South China Sea’, DefenceOne, (Nov 3 2015); [Online], Available from: http://www.defenseone.com/news/2015/11/the-d-brief-november-03-2015/123349/?oref=search_Little%20Blue%20Men, (Accessed Sept 1 2016).

[7] Erickson, A.S. ‘Revelations on China’s Maritime Modernization’, TheDiplomat, (Apr 16, 2016); [Online], Available from: http://thediplomat.com/2015/04/revelations-on-chinas-maritime-modernization/ (Accessed Sept 1 2016).

[8]Erickson, A.S. & Kennedy, C.M. ‘China’s Maritime Militia: What is it and how to deal with it’, Foreign Affairs, (Jun 23 2016), [Online]

[9]曾鹏翔, 傳志刚, 连荣华 [Zeng Pengxiang, Chuan Zhigang, Lian Ronghua], “科学构建海上民兵管控体系” [Scientifically Build a Maritime Militia Management System], National Defense, No. 12 (2014), pp. 68-70; as cited in Erikson A.S. & Kennedy C.M. China’s Maritime Militia, (Arlingotn, VA: Centre for Naval Analysis), 2016, pp. 1

[10] Cheng, LK. ‘Private Contractors, Governments and Security by Proxy: An analysis of contemporary challenges, governmental developments and international impacts of private military and security companies’, Dissertation: University of Leicester, (2015).

[11] Xiaosong, S. (eds), The Science of Military Strategy [战略学], (Beijing, CN: Academy of Military Sciences Press, 2013), 104.

[12] Cho, T.K. ‘Mao’s War of Resistance: Framework for China’s Grand Strategy’, Parameters, (2011); 6 – 18.

[13] Dunnigan, J. ‘China’s Thousand Grains of Sand’, Strategy Page: Dirty Little Secrets, (Jul 21 2005),

Image Source: http://files.balancer.ru/forums/attaches/2014/01/28-3351721-2101-2.jpg

Review: "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World" by Bruce Schneier

June 6, 2015 by Strife Staff

By: Christy Quinn:

Bruce Schneier, Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World.
New York, NY: W.W. Norton., 2015. Pp. 400. £ 17.99, ISBN: 978-0-393-24481-6.

If you’re not familiar with the Information Security community in the IT industry, it’s worth knowing that Bruce Schneier has earned the reputation of a prophet, sage and action hero combined. As a renowned cryptologist and technologist, Schneier has been a leading critic of the US government’s attempts to limit the global spread of encryption and recently of the NSA’s ‘bulk collection’ program of communication records of US citizens, following the disclosures by Edward Snowden in 2013. Data and Goliath, his latest book, addresses the challenge posed to privacy and individual liberty posed by both government “mass surveillance” and the exponential amounts of personal information collected by the private sector for profit.

One of the strongest insights to come from Data and Goliath is the symbiotic relationship between the commercial data gathering on users from private businesses and the arms of government security. Some of the more hysterical attacks on government surveillance perpetrated by crypto-anarchist campaigners like Julian Assange and Jacob Appelbaum have suggested that the Snowden revelations are evidence of the US government as an all-powerful police state with no physical or legal restrictions on its capability to reach into the lives of every person utilising digital communications around the world. Schneier suggests that many governments actually depend on private companies for data on their customers they gather for their own benefit in any case, and then either pay them for the privilege of collecting it or require it in return for market access. For example, telecommunications provider Vodafone provides approximately 29 countries direct access to internet traffic passing through their borders. In return, private companies are paying for more access to government records on citizens, such as drivers license data or anonymised health records, to enhance their own services. One of the results of the digital communication era has been the commodification of personal data, both as a means of national security and for private profit.

The crucial point of contention is whether the collection of customer data, often referred to as ‘metadata’, constitutes “mass surveillance”. One of the problems of establishing the nature of surveillance is the many different forms of metadata, which can vary considerably in the amount they tell you about the life of the individual. Schneier gives the example of telephony metadata, better known as call records. These do not give the collector the content of the call but instead the number dialed, the date of the call and the length of the call. A Stanford University study quoted by Schneier was able to establish considerable detail about the private lives of the anonymous participants from their call records alone, such as whether they were planning an abortion or growing marijuana in their own home. CIA director Michael Hayden, who is quoted in the book, is unequivocal about its value to US security; “we kill people based on metadata.”

However, this definition of metadata varies from jurisdiction to jurisdiction; while in the US, the terms used in Google searches are treated by the NSA as metadata, in the UK they are treated under surveillance laws as ‘content’ which requires a warrant from the Home Secretary to access. The changing nature of many online services also masks them from government bulk collection. For example, if the UK government was monitoring your Facebook activity on a passive bulk collection basis, rather than actively spying on you, in theory they would only be able to see that your IP address logged on to Facebook’s online website. Without a warrant, they would not be able to see your friend’s list, any messages you made within your Facebook network or which group pages you visited. Facebook, on the other hand, would have full access to your personal data, which they can utilise to sell advertising to you and would be obliged to hand over were they issued with a warrant. Messages from users outside the UK to users in the UK could qualify for bulk collection, but only if they were deemed ’necessary and proportionate’ under surveillance laws. Other jurisdictions such as Russia and China make no such nice distinctions and seek the ‘full take’ of a user’s internet activity, legalistic niceties be damned.

This results in a confusing picture, particularly as the proportion of metadata collected and analysed by governments remains to be national secrets. The recent backlash against bulk collection of telephony metadata in the US has resulted in the fall of the Patriot Act, of one of the pillars of the post 9/11 national security state. Bruce Schneier’s book is an excellent contribution to the debate over internet surveillance and is an ideal education as to how the processes of personal data collection work. However, it is clear that this debate is far from over and that ultimately users will have to come to terms with how much of their personal lives they are willing to disclose to others.

Christy Quinn studied International History at the London School of Economics & Political Science and is currently reading for an MA in Intelligence & International Security at Kings College London. His research interests are cyber security, national security strategy and the Asia-Pacific region. He is a Guest Editor at Strife. Follow him @ChristyQuinn

Surveillance, bulk data collection and intelligence. Interview with Bruce Schneier

June 5, 2015 by Strife Staff

Bruce Schneier is an internationally renowned security technologist and the author of 13 books — including “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World” — as well as hundreds of articles, essays, and academic papers. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation’s Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Resilient Systems, Inc. You can follow him on Twitter @schneierblog

Christy Quinn: As of Tuesday, President Obama has just signed the USA Freedom Act into law, banning the NSA’s bulk collection of telephony metadata. Do you think this marks the acceptance amongst security officials and policymakers in the US that there need to be limits to metadata collection?

Bruce Scheier: It’s certainly a watershed moment, because it’s the first time the US government has placed limitations on the NSA’s metadata collection. The limitations are minimal, and won’t have much actual effect on the surveillance of Americans by the NSA. But symbolically, it’s huge. The question now is whether the members of Congress will pat themselves on the back for a job well done, or actually take the next steps and examine the vast array of domestic government surveillance programs.

The British Security Services have made the argument that they are struggling to cope with the growth in internet metadata produced by UK citizens and they need greater powers of mandated metadata collection to maintain their current surveillance capabilities. Do you think there is any value in this position?

I’m not sure it even makes sense. If an organization is struggling to cope with all the metadata its gets from its surveillance operations, how does giving it the ability to collect even more metadata make its job easier? How does giving it more surveillance data mean that it maintains the current surveillance levels? The governments of both the US and the UK make all sorts of claims about their surveillance capabilities and what they need, but they never back those claims up with any real data. The extreme secrecy surrounding these capabilities precludes substantive policy debates, but the extreme danger in allowing governments to conduct massive surveillance operations means that we must have those debates.

What is your response to the view that bulk collection by security services does not constitute mass surveillance, as no one is actively looking at all the collected data and is it is only examined selectively?

It’s a nonsense argument, and we all know it. Surveillance occurs when our actions are recorded, not when they’re examined. “We’re going to install a camera in your bedroom and record everything, but it’s not surveillance because we won’t look at the footage unless we want to.” “Yes, your cell phone will keep a constant record of your location, but it’s not surveillance, because we won’t access the information unless we think you’re doing something wrong.” These statements make no sense, because we know that once the data is collected and saved, it could be examined; therefore, we have to act as though it will be examined.

In “Data and Goliath” you recommend measures to your readers of how to avoid their metadata being collected, such as using anonymisation services like Tor. Do you think there is a public interest in people maintaining their privacy, or that it should be a matter of choice how much personal information you provide?

It’s a little of both. Privacy should be treated as a right, and not solely as a commodity that can be sold or bartered.

Do you believe there should be limits to encryption, just as there are limits to privacy?

The two are very different. Encryption is a technology; privacy is a human value. We trade off human values with each other all the time; that’s what many of our political debates are about. That has nothing to do with the current debate about limiting the strength of encryption. The debate is about whether we want to all be insecure from criminals, foreign governments, and everyone else because the police find that insecurity useful; or whether we should make our systems as secure as possible from all attackers, even though that inconveniences the police.

Do you agree with former GCHQ Director and Professor Sir David Omand that encryption could lead to ‘ethically worse behaviour’ by intelligence agencies by forcing them to compromise privacy in more intrusive ways?

It’s hard to imagine those words coming from a legitimate government agency; the only thing GCHQ is “forced” to do is follow the law. To threaten people in this manner is loathsome, and illustrates the extent to which these intelligence agencies consider themselves above the law. Encryption makes everyone more secure. And if that security means that GCHQ has a harder job, that’s okay.

Interview - Sir David Omand on Iraq, the terrorist threat, and surveillance

March 27, 2015 by Strife Staff

Interview by Lee Watkins:

Professor Sir David Omand GCB, talking at Chatham House in September 2013. Photo: Chatham House (CC)

Sir David Omand, former Director of GCHQ, on the current security climate and the recent IPT rulings on GCHQ’s information gathering.

***

Besides your role as Director of GCHQ from 1996-1997, what are other highlights from your career?

I was Principal Private Secretary to the Defence Secretary during the Falklands War. That was a very intense experience, seeing things at close quarters. The other defining experience was the Bosnian War. I was Deputy Undersecretary of State Policy and in charge of the MoD’s policy, which eventually led to the NATO intervention and brought the conflict to a close. That was both extremely hard but also rewarding. A lot of people lost their lives.

I supported NATO’s intervention. This was a period of extreme tension between the US Congress and most of the parliaments in Europe. And so getting something everyone could agree on – that’s the kind of policy work that’s really rewarding. The UN, when it works well, is extremely good. But if you haven’t got full consensus from the Security Council, then it’s very difficult. Getting it under control by reconciling Europe and the United States and then getting NATO to take the lead transformed the situation.

Additionally, you contributed to the 2010 Chilcott Inquiry into the UK’s role in the Iraq War. What was your role during that war?

I wasn’t involved in the Iraq decisions myself, but I was a member of the Joint Intelligence Committee at the time of the Iraq War. I was security and intelligence coordinator in the Cabinet Office. At the time I was deeply involved in constructing the UK’s domestic counterterrorism strategy.

How would you respond to criticism that the Iraq War may have been counterproductive by creating more militant jihadists than it has deterred?

Islamic extremism predated the invasion of Iraq and the War on Terror; for instance the 1998 US Embassy bombings in East Africa carried out by Al-Qaeda or the attack on the USS Cole. You can’t draw a cause and effect conclusion, nor can you say that there’s a direct relationship. Denmark was just attacked just over a month ago and no one would accuse Danish foreign policy of being aggressive.

But there is no doubt that passions were aroused by the invasion of Iraq and I expressed that at the Chilcott Inquiry. The British intelligence committee’s assessment was that as a result of our actions in Iraq the threat level would go up. This didn’t necessarily mean they should not go ahead, but they had an awareness of this assessment. They judged that that was manageable.

What about statements by Al-Qaeda and other groups that their attacks are in response to Western foreign policy, for instance that 9/11 was retaliation for US troops stationed in Saudi Arabia?

They’re going to say that anyway. I think that the Far Enemy thesis applies. If someone like Zawahiri [the current leader of al-Qaeda] believes that the West will prevent the creation of an Islamic state in Egypt or Algeria, then they will try to strike back at the power of the United States. They see the United States, the West, Israel, as implacably hostile to the creation of a Caliphate, of an Islamic State – which we are, because we are so diametrically opposed. It is a clash of values. Which is not to say that these values are intrinsic to Islam – very few Muslim communities in the US or the UK would see eye-to-eye with them.

Public anxiety has been mounting for several years, not only about terrorist attacks but also about government surveillance. Are these fears well-founded?

Some of this is inevitable because the more you know about the threat, the more anxious you are liable to be. If you’re in a happy state of ignorance, your anxiety is less – until something happens. The UK’s terrorist threat level [recently raised to “Severe”] is a way to condition the public to the existing level of risk. That way you don’t have a gross overreaction - shouts of “This must never be allowed to happen again!” and legislating away our human liberties. We make it clear that it’s not possible to stop all attacks, and that isn’t the objective.

The intelligence community’s objective isn’t to stop all attacks?

The formal objective of the UK counterterrorism strategy is to reduce risk so that people can freely go about their normal lives with confidence. You want to stop every goal from being scored by the opposing team – but you know that that’s actually impossible. No team ever succeeds in keeping out all the goals, but at any one moment you’re desperately trying to stop them from scoring. In no way does that imply that you’re taking a relaxed or casual approach. It is the reality that actually, your team is not going to win every game. If you try to give an absolute guarantee, you get driven into actions that are counterproductive.

What is your response to the recent Investigatory Powers Tribunal (IPT) court ruling that the intelligence-sharing relationship between the NSA and GCHQ was illegal?

The IPT’s first ruling determined that British intelligence was in conformity with the European Convention on Human Rights (ECHR) and the British Human Rights Act. The second again upheld the way the intelligence mission was being conducted. They determined that this was not mass surveillance, but targeted surveillance. However, under ECHR, the UK has the obligation to keep the public informed of how the law applies to them [the intelligence-gathering authorities].

Specifically there were two GCHQ guidelines not in the public domain. These safeguards applied to information collection by the US about people in the UK. In essence, an analyst was required to have the same level of authority [the Secretary of State’s authority] to access this information as if it had been the UK who collected it. But the difficulty came in where the UK was physically not in a position to get the access but the US was. The safeguard meant that the legal equivalent of a warrant, a secretary of state’s authorization, enabled the analyst to go to the US and say, “Have you got anything on this guy?” So it’s essentially a safeguard.

The court determined that two paragraphs in the government’s evidence should be public. They are now public. One of them is entirely theoretical. Technically the government had been in breach of its obligations for the preceding seven years because it hadn’t made these conditions clear. It has now made them clear, so it is now in the right. They should have done this when they first had access to the US material. So I think that’s a good decision, because it reminds the government of their obligation to explain to the public how it all works, and it’s also an excellent decision from the government’s point of view because it reaffirms that the court believes that what is currently going on is lawful, and is consistent with ECHR and it’s not mass surveillance.

I’m slightly confused by your positive response to the ruling because my impression was that GCHQ’s protocol was deemed a human rights violation.

Interception law, which requires warrants and authorities – all of that was being complied with. You’ve got various safeguards for external communication, but because of the way packages switch networks you pick up a domestic communication instead. GCHQ explained that in those circumstances you still require the same level of authority to access the material. But what they hadn’t done was make themselves understandable to the public, under ECHR regulation. And if you look at the 2008 statement, it doesn’t cover this at all. A lawyer would say it does, but if you were a layperson and you read the act, would you understand it? And the answer is no, you wouldn’t.

The government should have done more to explain. And what they’re not explaining is safeguards, which is slightly paradoxical. But the public has a right to know what those safeguards are. Immediately when the judgment came out, all the civil liberties groups jumped on it – but simultaneously GCHQ said they were delighted with the judgment, that what they were doing was legal.

Yes, in part my surprise at your reaction comes from statements by groups like Privacy International, which has launched a campaign titled “Did GCHQ spy on you?” that has gathered 6,000 signatures. Is it not your impression that people feel their privacy is being invaded?

This is simply mischief-making. This is what lobby groups do – try to create this impression. Their privacy was not being invaded, but their right to have the law explained to them was not being upheld. Would they be entitled to any compensation? I hope not.

Do you feel that there has been an escalation of public fear of being spied on? A case of increasing paranoia, if you like.

Yet the polls show that two-thirds of the British public think that more powers should be given to intelligence agencies because of the threat of terrorism. This is a very vocal campaign run on behalf of a minority. Now, they need to be taken seriously – they should be taken seriously – but I don’t think you should run away with the idea that there is huge British public unease. On the contrary, the majority of the British public want the agencies to go on trying to stop attacks.

So you feel that the fears of a terrorist attack are higher than the fears of privacy intrusion? Both of these public concerns put pressure on the intelligence community.

A lot of unease is down to a simple conceptual error in confusing mass surveillance with bulk access. This problem has bedevilled the whole argument. The IPT judgment discusses bulk access. GCHQ has the ability to capture quite a lot of external communication – it’s still a tiny part of the internet – and then a filtering is applied by computers, looking for the specific indicators of the targets they’re allowed to access. What is allowed to be seen by an analyst is tiny. If analysts are seeking, say, Syrian jihadists, then they are only allowed to view what is permitted to them on the relevant certificate. That’s why the IPT concluded that this was highly targeted and not mass surveillance. But it does involve computers looking at the major bearers of information in order to find useful material.

When you think about it, there’d be no other way to find the IP address of a computer being used by a terrorist. How would you find the communication? There are arguments over whether you should feel that your privacy has been intruded upon, even if it’s just the computer whizzing through and throwing your stuff away, because it’s not what they’re looking for. And that argument will go on, but it wasn’t accepted by the IPT.

The key for me is, it’s not about the tools being used by the agency. They are essential. They’re needed to catch paedophiles and criminals and terrorists. Law enforcement is all about digital intelligence these days. Worry about the oversight. Who gets to sign the authority? Who checks they’re actually complying with the regulations?

So you feel it’s a question of human integrity rather than technology?

Yes. This is where the IPT comes in. The report by Rt. Hon Sir Anthony May, Interception of Communications Commissioner, again concluded there’s no mass surveillance going on. He has free access to all the analysts’ stuff at GCHQ and he was previously an appeal court judge, so he’s quite a formidable character.

In the UK, I personally think that we have the model for the rest of Europe to follow. We’ve got parliamentary oversight, judicial oversight, got a specialist court for all of this. The bit that hasn’t been right has been the transparency vis-a-vis the public. The more transparent the government is, the more the public supports it. What Snowden has done is unleash a kind of worry – “What are they doing? How can I trust them?” – and in fact the more that comes out, for example through the IPT, the more people should be reassured that it’s a very organised system, it’s got checks and balances.

We’ve discussed concerns over too much information – what about worries over too little? In many cases, including the recent Charlie Hebdo attack, preceding a terrorist attack there is a trail of tweets, of blog posts, of other online clues that an attack will occur. Is there perhaps not enough access to information?

If you can get private correspondence, rather than public blogging, that will give you a better clue as to where they are – and do they have something big in mind? They may tip someone else off and say, “We’re going to do it on Saturday.” You can’t conclude one way or another about the Charlie Hebdo attack. It’s very important that people understand: intelligence work is a jigsaw puzzle. It’s putting together several jigsaw puzzles simultaneously. The pieces are all muddled up and you haven’t got the lid of the box. You can’t pick up one piece and say, “Without this, the attack wouldn’t have happened.”

It’s kind of a crazy question: “How many terrorist attacks has digital intelligence stopped?” Well, how long is a piece of string? If you’ve got reasonably good coverage of the people who mean you harm, you will stop most of them. The director of the security service indicated recently that the last dozen attempts in the UK have been stopped. Will the next one be stopped? Who knows. At least the score rate is good. And one would not want it the other way around.

Thank you.

Sir David Omand GCB is a visiting Professor in the Department of War Studies at King’s College London. He was the first UK Security and Intelligence Coordinator, responsible to the Prime Minister for the professional health of the intelligence community, national counter-terrorism strategy and “homeland security”. For seven years he served on the Joint Intelligence Committee. He was Permanent Secretary of the Home Office from 1997 to 2000, and before that Director of GCHQ. During the Falklands conflict he was Principal Private Secretary to the Defence Secretary, and he served for three years in NATO Brussels as the UK Defence Counsellor. He has previously written on some of these issues for Strife. You can find his article here.

Lee Watkins is an MA student in the Terrorism, Security and Society programme in the Department of War Studies at King’s College London.

Understanding digital intelligence from a British perspective

February 5, 2015 by Strife Staff

By Professor Sir David Omand GCB:

GCHQ building at Cheltenham, Gloucestershire. Photo: Ministry of Defence (creative commons)

The Snowden revelations revealed much that was never intended to be public. But to understand them they must be seen in their context, of a dynamic interaction over the last few years between the demand for intelligence on the threats to society and the potential supply of relevant intelligence from digital sources. All intelligence communities, large and small, and including those hostile to our interests, have been facing this set of challenges and opportunities.

First, the challenge of meeting insistent demands for secret intelligence. For the UK this is, for example, to counter cyber security threats and provide actionable intelligence about the identities, associations, location, movements, financing and intentions of terrorists, especially after 9/11, as well as dictators, , insurgents, and cyber-, narco- and other criminal gangs. The threats such people represent are real and - in many respects - getting worse and spreading.

These demands for intelligence have coincided with a digital revolution in the way we communicate and store information. The internet is a transformative technology, but is only viable because our personal information can be harvested by the private sector, monetized and used for marketing. So the digital age is able to supply intelligence about people, for example by accessing digital communications, social media and digital databases of personal information. And for intelligence communities, new methods of supply call forth new demands from the police and security authorities that could not have been met before the digital age. And their insistent demands for intelligence to keep us safe call forth ever more ingenious ways of extracting intelligence from digital sources.

For the democracies (but not for others such as the Russians and Chinese), there is an essential third force in operation: applying the safeguards needed to ensure ethical behaviour in accordance with modern views of human rights, including respect for personal privacy. For the UK, the legal framework for GCHQ is given in:

The Intelligence Services Act 1994 (Article 3 confers on GCHQ the functions of intelligence-gathering and information assurance with the sole purposes of national security, prevention and detection of serious crime and safeguarding the economic well-being of the UK from actions of persons overseas; Article 4 relates to obtaining and disclosing information).
The Regulation of Investigative Powers Act 2000 (Article 1 outlines the terms of unlawful interception; Article 5 outlines the powers of the Secretary of State to issue a warrant to make interception legal); Article 8 describes domestic and external warrants; Articles 15 and 16 provide safeguards and controls on storage, handling and retention of data).
The Human Rights Act 1998 including incorporating a ‘necessity and proportionality’ test to everything GCHQ does.

Like some elementary experiment in mechanics the resultant of these three forces – of demand, of supply and of legal constraints and public attitudes – will determine the future path of our intelligence communities.

Into that force-field blundered the idealistic Edward Snowden, the Wikileaks-supporting information campaigners Poitras and Greenwald, plus a posse of respectable journalists.

Some are tempted to see Snowden as a whistleblower. But he certainly did not meet the three essential conditions for a legitimate whistleblower as far as the UK is concerned. He did not expose UK wrongdoing, he did not exhaust his remedies before going public, and he did not act proportionately by stealing and leaking so many secrets (including 58,000 British intelligence top-secret documents) to make his main case against the US National Security Agency’s collection of metadata on the communications of US citizens.

Close examination has shown that there is no scandal over illegal interception, or other unlawful intelligence activity, by GCHQ. The three elements of the ‘triple lock’ on GCHQ’s activities - the Foreign Secretary’s authorisations, the oversight by the Parliamentary Intelligence and Security Committee (ISC), and the legal compliance by the independent UK Interception Commissioner and the independent Investigative Powers Tribunal - have each separately concluded everything GCHQ does is properly authorized, and legally properly justified including under Article 8 of the European Human Rights convention regarding personal privacy.

The documents from these different oversight bodies are well worth reading for the unparalleled detail they provide into how interception by the UK authorities is authorized, carried out and audited so as to be always within the law:

The ISC Report.
The Interception Commissioner’s Annual Report for 2013.
The Investigative Powers Tribunal Judgement.
The Foreign Secretary’s Statement.
The Home Secretary has also described her role in authorizing legal interception of UK communications, including by GCHQ, here.

The inescapable conclusion from these documents is that GCHQ operates entirely within the law, including the 1998 Human Rights Act and therefore the European Charter of Human Rights in respect of freedom of expression and personal privacy.

What the documents do reveal is bulk access to the internet (authorized under Section 8(4) of RIPA 2000) in order to be able to reconstruct communications whose packets have been sent on different routes and to discover new communications of targets (who, to avoid surveillance, will adopt different identities). Targeted surveillance is what is conducted by the UK intelligence agencies. They will continue to need to try to collect intelligence on authorized targets for which the necessary legal authority exists, for example jihadist extremists from the UK who are fighting in Syria and Iraq and who may return to the UK as hardened and dangerous terrorists.

What Snowden and his supporters have failed to do therefore is to distinguish bulk access by computers to the internet – which the US and UK, France, Germany, Sweden and many other nations certainly do have – and so-called ‘mass surveillance’. Mass surveillance implies observers - human beings - who are monitoring the population or a large part of it. As the ISC, the UK Interception Commissioner and the IPT confirm, no such mass surveillance takes place by GCHQ; it would be unlawful if it did.

A similar misconception has arisen over the use of so-called metadata. The media have not explained that the UK uses a strict legal definition of ‘communications data’ (laid down in RIPA 2000) which covers the traditional ‘who called whom, for how long, when and where?’ of old-fashioned telephone billing, not the much looser concept of ‘meta-data’ obtained from internet and social media use. Thus accessing browsing history or other detailed digital metadata, whether from US or UK sources, is for British analysts equivalent to accessing ‘content’ which requires the relevant UK warrant signed by a Secretary of State. For domestic communications (both ends in the UK) that is the Home Secretary and for communications with one or both ends overseas by the Foreign Secretary.

Given the packet-switched nature of global internet communications it is possible that a domestic communication will be picked up in the course of overseas interception – but RIPA 2000 makes explicit provision to allow for this possibility, and provides safeguards (Sections 15 and 16) to ensure the same level of authorization is obtained.

So the issue is not the powerful tools themselves; they are necessary for public and national security. Nor is it the legality of how these tools are used today. The issue is how we the public can be sure that under any future government these tools cannot be misused.

We would be well advised not to have blind trust in the benevolence of any government. ‘Trust but verify’ should be the motto. With increasingly robust executive, Parliamentary and judicial oversight and publication of the results of their work we can and must ensure those tools will only be used in lawful ways that do not infringe beyond reasonable necessity our right to privacy for personal and family life or impose unconscionable moral hazard.

Professor Sir David Omand GCB is a visiting Professor in the Department of War Studies at King’s College London. He was the first UK Security and Intelligence Coordinator, responsible to the Prime Minister for the professional health of the intelligence community, national counter-terrorism strategy and “homeland security”. For seven years he served on the Joint Intelligence Committee. He was Permanent Secretary of the Home Office from 1997 to 2000, and before that Director of GCHQ. During the Falklands conflict he was Principal Private Secretary to the Defence Secretary, and he served for three years in NATO Brussels as the UK Defence Counsellor.

intelligence

Footer

Contact

Recent Posts

Tags