Andrew Parker, the Director General of MI5, has delivered the annual Lord Mayor’s Defence and Security Lecture in London. In a speech entitled ‘A Modern MI5’, Parker set out the tools that he believes the Security Service needs to stop terrorism in the online age.
Parker stated that MI5’s ability to intercept communications has always been fundamental to its success, but that this task was becoming harder. MI5 needsto use a range of techniques to keep the country safe against threats in the UK, from overseas and online. This includes the ability to access data quickly, reliably and at scale in order to identify plots and “join the dots” in MI5’s investigations.
The Government is shortly expected to publish a draft Investigatory Powers bill, setting out a modern legal framework for the intelligence agencies (ie MI5, SIS and GCHQ) that reflects the challenges of a digital age.
The Director General draws confidence from MI5’s ability to innovate and adapt constantly throughout its 106-year history, whether tackling sabotage in the two World Wars and during the Cold War era, responding to the growth in international terrorism or countering the increasing cyber security threats which could otherwise undermine the UK’s economic prosperity.
Parker also offered personal perspectives drawing on his 32-year career at MI5. He stated that the international terrorism threat is now “on a scale and tempo” he had not seen before and that it may not have reached its high-water mark. Parker praised the work of MI5’s staff and partners for the work they do in keeping the UK safe.
He also welcomed the need for transparency in safeguards and oversight arrangements while maintaining the intelligence agencies’ ability to operate in secret so as not to give the UK’s adversaries any advantage.
The Director General’s Speech
“It has been the growth of our international counter-terrorism work that stands out over my three decades in the Security Service. The tragic events of 9/11 showed the world in the most chilling terms the lengths to which Islamist terrorists were prepared to go to inflict mass casualty attacks on the West.
“After a series of thwarted plots, that threat became a reality here in London on 7 July 2005 with the bombings on our transport system. Appalling acts committed by individuals who had grown up here in the UK, but who decided for their own twisted reasons to identify their own country as the enemy. Those individuals, and those who share their world view, represent a tiny fraction of the population, but the societal and security challenge this represents is a huge one.
“7/7 transformed our counter-terrorism operations. Since the early 2000s, MI5 has doubled in size to around 4,000 members of staff, and the majority of that growth has been in our counter-terrorism work which now makes up more than two thirds of our effort. We have developed a highly sophisticated and integrated response, working with the police, the SIS and GCHQ and other partners.
“That response is rightly the envy of many other countries all over the world, and it has been critical – on many occasions over the years – in keeping this city safe against the Provisional IRA threat in the 1990s, and against the Islamist terrorist threat we face today. Without those partnerships, we would not have the security that allows our society and economy to prosper.”
“Today, we face a three-dimensional threat: at home, overseas and online. An increasing proportion of our casework links to Syria and to ISIL. Even three years ago, when Jonathan Evans gave this lecture, we could not have predicted how the ISIL terrorist phenomenon has developed since. More than 750 extremists from this country have travelled to Syria, and the growth in the threat shows no sign of abating.
“We’re seeing plots against the UK directed by terrorists in Syria, enabled through contacts with terrorists in Syria and inspired online by ISIL’s sophisticated exploitation of technology. It uses the full range of modern communications tools to spread its message of hate and to inspire extremists, sometimes as young as their teens, to conduct attacks in whatever way they can.
“The speed at which the process of radicalisation can occur online, and the emphasis on relatively low sophistication, but nevertheless potentially deadly plots, are two major challenges that flow from ISIL’s mode of operation. On top of that, in a range of attacks in Europe and elsewhere, this year we have seen greater ambition for mass casualty attacks. All of this underlines the growing threat we face.
“Meanwhile, the threats to the UK from Al Qaeda in South Asia, the Arabian Peninsula and parts of Africa have not gone away, while terrorists continue to aspire to mass casualty attacks against the UK and our allies. All of this means that the threat we are facing today is on a scale and at a tempo that I have not seen before in my career.
“With our partners, we have thwarted six attempts at terrorist attacks in the UK in the last year, as well as several plots overseas. It may not yet have reached the high-water mark, and despite the successes we have had, we can never be confident of stopping everything. The death of 31 British nationals in the Sousse attacks in June was an appalling reminder of the threat.
“Beyond counter-terrorism, we’re also working in close partnership with GCHQ and with the City of London Police to provide advice and support to industry and to Critical National Infrastructure against the growing range and intensity of cyber threats we face, underpinned by the understanding we have from our investigations. That work spans the finance, energy, civil nuclear, telecommunications, water and transport sectors as well as Government institutions.
“When put together with the wider work we do against espionage threats, and our work on Northern Ireland-related terrorism, MI5 faces huge challenges and must make difficult choices every day.”
Capabilities we need
“As the threat has evolved, so too have our capabilities. Much of MI5’s early work focused on recruiting agents against the pre-war espionage threat and later communism. Running agents was – and remains – inherently risky and difficult work, but many of our greatest successes as an organisation have depended on it. Without the insight and bravery of our agents we would not be able to keep the country safe. The intelligence we gather from them remains central to our work today.
“Today, we need to operate increasingly across international boundaries, with the terrorist threat to the UK emanating from some of the most difficult environments possible, including Syria. We also operate in an online age against adversaries such as ISIL who use modern technology and media in an increasingly sophisticated way.
“The ability to intercept the communications of those who mean us harm has also been a key component in MI5’s toolbox throughout our history, and one which has always generated debate. In the years leading up to the Great War, interception was about accessing letters under a Home Secretary’s warrant, but the Post Office argued forcefully at the time it was undesirable to “shake public confidence in the security of the post” and that, in any case, it was improbable that any spy would correspond in this way.
“In fact, the interception of letters produced absolutely vital intelligence for MI5 in identifying espionage networks and preventing the flow of valuable information to our enemies.
“Interception remains a vital capability, but today the conversations of our adversaries are happening on a bewildering array of devices and digital platforms, often provided by companies based overseas. An increasing proportion of such communications are now beyond our reach, in particular with the growing prevalence of sophisticated encryption.
“We cannot, of course, hold back the tide of technological change. Nor do we want to, but the idea that that there are spaces where terrorists can communicate safely and increasingly out of sight of the intelligence agencies – ‘going dark’, as it is known – is not something that anyone either intended or voted for. It presents us with an enormous challenge.
“We all conduct so much of our lives online, carrying smart phones in our pockets, accessing information and communicating with each other in a whole variety of ways. That brings huge benefits to society and to the economy, but these same opportunities are also exploited by terrorists and those plotting against us. Information gathered from the technology terrorists use, often in the same way as the rest of us, may sometimes be the only way to stop them. We need the tools to access terrorists’ communications online just as much as we intercepted written communications and telephone calls in years gone by. This means securing the co-operation of Communications Service Providers in a much more diverse and globalised telecommunications market, both in the UK and overseas.
“Those providers rightly want to maintain the privacy and security of their customers’ data, but they also have an obligation – and, I would argue, an ethical responsibility – to work with law enforcement and other agencies to prevent their services being used for the purposes of serious crime and terrorism. We have strong partnerships, but this is an issue on which we need to continue to make progress.”
Mitigating the challenges
“We also need to draw upon a range of wider tools to mitigate the challenges. This includes the ability to conduct operations online and to mount IT attacks (known as equipment interference) – under a warrant authorised by the Home Secretary – against terrorist networks so that we can access their communications. It also means that our ability to access and analyse data is more important than ever before.
“We use data to save lives. Accessing data quickly, reliably and at scale is as fundamental to our work, whether that’s communications data (the ‘who’, ‘when’ and ‘where’ of communications, not that ‘what’) or whether it’s travel data, passport information or other data sets. Data is critical to our ability to identify threats in the first place, and it enables us to join the dots in our investigations and identify those who may be involved in planning attacks.
“Without communications data, for example, we could not have detected and disrupted numerous plots over the last decade as the terrorist threat to the UK has grown in scale and complexity. To take just one example, without vital access to such data sets, we would not have been able to identify, at speed, links between the individuals plotting to bomb the London Stock Exchange in 2010. We would not have been able to work with the police to prevent that attack.
“We use these tools within a framework of strict safeguards and rigorous oversight, but without them we would not be able to keep the country safe. As I have said before, we do not, and could not, go browsing at will through the lives of innocent people. I welcome the detailed scrutiny of this subject by the three independent reviews that will inform the forthcoming Investigatory Powers Bill: all three reviews rejected the notion that the intelligence agencies are engaged in ‘mass surveillance’, and all three concluded that we work within the laws set down by Parliament.
“We do not seek sweeping new intrusive powers in that legislation, but rather a modern legal framework that reflects the way in which technology has moved on, and that allows us to continue to keep the country safe.”
Transparency and trust
“This brings me to the theme of transparency and trust. For much of our history my predecessors, and Governments of different persuasions, have wrestled with the inherent tension between the necessary secrecy of our operations and the legitimate desire for greater transparency about the nature of our powers.
“A post-war review of the Security Service in 1945, quoted in the authorised History, concluded that “there is no alternative to giving [the Director General] the widest possible discretion in the means he uses and the way in which he applies them – always provided he does not step outside the law”. However, because the Service’s powers were not defined in law, their extent was, at that time, unclear.
“The world feels very different today. We operate under the Security Service Act, which sets out our functions and principles that apply to all our work – a piece of legislation that MI5 actively championed. There is extensive legislation governing our use of intrusive powers, principally under the Regulation of Investigatory Powers Act 2000 – albeit legislation that needs updating for the online age. We are subject to rigorous scrutiny by the executive (through the Home Secretary’s role in personally signing off warrants for our most intrusive activity), by Parliament (through the Intelligence and Security Committee) and by the Judiciary through the two independent Commissioners (both former senior judges) and the Investigatory Powers Tribunal.
“As we prepare for the Government’s forthcoming legislation on investigatory powers, an unprecedented amount of material has been put into the public domain through the independent reviews I’ve mentioned. That’s something we welcome. We depend on the trust of Parliament and the British public to do our work, and it’s right that we should operate within a modern legal framework for the online age that better meets the increasing expectation of transparency. The inaugural Transparency Report to be published very shortly by the Government adds to that picture and is a welcome further step.
“Some things will necessarily need to remain secret if we are to continue to operate effectively against our adversaries. To take an example from our history, in the late 1920s, a public disclosure of intercepted Russian telegrams led the Soviet regime to move towards a more secure means of communications. As a result, little high grade intelligence was decrypted until the end of World War II – a period during which we now know that Russia was recruiting the Cambridge spy ring, the members of which were able penetrate the heart of British Government.
“In more recent times, I do not need to repeat the comments that others have made about the damage that Snowden’s disclosures have caused in giving our adversaries an advantage.
“When Parliament debated the Security Service Act in 1989, it was said there were never more than about 40 MPs in the chamber. I imagine the debates on the forthcoming legislation will attract rather wider interest, and it’s right that they do so. I hope that the public debate will be a mature one, informed by the three independent reviews, and not characterised by ill-informed accusations of ‘mass surveillance’ or other such lazy two-worded tags.
“Public trust in our work is vital, and that’s why I recently gave the first live media interview by a serving Director General. Now, a Today programme grilling is not something I hope to have to repeat too often, but I thought it was right to explain directly what MI5 is doing to tackle the terrorist threat and to talk about how we work.”
A modern MI5
“I want to finish by saying a few words about what a modern MI5 means for our people and the way in which we do our business. I have talked about our growth to the 4,000-strong organisation we are today, but it’s not just about numbers, of course. The skills we need today, and the way in which we work, are very different to those demanded by the organisation I joined in 1983.
“We are already a much more diverse workforce, employing staff from all backgrounds and drawing on a vast range of skills from many disciplines. Our work is more closely intertwined – and often co-located – with that of our partners, with each partner bringing its unique expertise to bear against the shared problems we face.
“We need to continue that journey of change if we are to address the modern challenges we face. Certainly, we need to retain and evolve our traditional strengths in gathering and assessing intelligence and recruiting and running agents. Just as important today are the ways in which we harness technology, our data analysis skills and the quality of our partnership working with SIS and GCHQ, with the police and with our various international partners.
“All these aspects of our work have been transformed beyond all recognition during my time in the organisation. They will need to transform again over the coming years as we respond to the scale and shape of the threat we now face in the online age.
“It’s the quality of our people and our partnerships – and that ability to adapt and innovate – that gives me greatest confidence about the future. All of our activity is conducted within the framework that Parliament has set, and our staff have ingrained in them the principles of necessity and proportionality – the language of our Act. They are intensely committed to our mission of keeping the country safe, and they are tirelessly professional and ethical in the way they conduct their work.
“The men and women of MI5 are ordinary people who do extraordinary things. They have a very strong ethos of public service, but yet their work often goes unnoticed in the public domain. I commend their skills and bravery, and those of the partners with whom we work, particularly GCHQ, SIS and the police.
“Let me conclude with this. In the coming months, we will see important choices that will set our path as an organisation for the next period. Government will determine the size and shape of our effort on counter-terrorism and cyber security – among other things – through the Strategic Defence and Security Review and the Comprehensive Spending Review. Parliament will consider our legislative framework and oversight through the Investigatory Powers Bill.
“You have seen from what I have said here this evening the scale and complexity of the three-dimensional terrorist threat we face in the UK, overseas and online. My own view is simple: there should be no more MI5 than is necessary to keep the country safe. It is right, in the democracy that we value and protect, that Government and Parliament make these choices.
“As we approach these decision points, it’s our strengths and values as an organisation, our people and our partners that give me confidence that the modern MI5 can continue to succeed in protecting this country in changing times, however tough that challenge can seem.”