UK sets up yet another costly spy agency

This art­icle was first pub­lished on RT Op Ed a month ago.

The UK Min­istry of Defence announced on 21 Septem­ber the estab­lish­ment of yet anoth­er Brit­ish spy agency, an amal­gam of mil­it­ary and secur­ity ser­vice pro­fes­sion­als designed to wage cyber war against ter­ror­ists, Rus­sia and organ­ised crime. The new agency will have upwards of 2000 staff (the size MI5 was when I worked there in the 1990s, so not incon­sid­er­able). I have been asked for a num­ber of inter­views about this and here are my thoughts in long form.

The UK already has a pleth­ora of spy agencies:

  • MI5 – the UK domest­ic Secur­ity Ser­vice, largely coun­ter­ing ter­ror­ism and espionage;
  • MI6 – the Secret Intel­li­gence Ser­vice, tasked with gain­ing intel­li­gence abroad;
  • GCHQ – the gov­ern­ment elec­tron­ic sur­veil­lance agency and best buds with the US NSA;
  • Nation­al Cyber Secur­ity Centre – an off­shoot that pro­tects the UK against cyber attacks, both state and criminal;
  • NCA – the Nation­al Crime Agency, mainly invest­ig­at­ing organ­ised crime;
  • not to men­tion the police and Cus­toms capabilities.

To provide Amer­ic­an con­text, MI6 equates to the CIA, GCHQ and the NCSC equate to the NSA, and the NCA to the FBI. Which rather begs the ques­tion of where exactly MI5 fits into the mod­ern scheme – or is it just an ana­chron­ist­ic and undemo­crat­ic throw-back, a typ­ic­ally Brit­ish his­tor­ic­al muddle, or per­haps the UK’s very own Stasi?

So why the new and expens­ive agency at a time of nation­al fin­an­cial uncertainty?

Of course I acknow­ledge the fact that the UK deserves to retain a com­pre­hens­ive and impress­ive defence cap­ab­il­ity, provided it is used for that pur­pose rather than illeg­al, need­less wars based on spuri­ous polit­ic­al reas­ons that cost inno­cent lives. Every coun­try has the right and the need to pro­tect itself, and the cybers are the newly-defined battle lines.

Moreover, it might be overly simplist­ic to sug­gest that this is just more empire-build­ing on the part of the thrust­ing and ambi­tious young Sec­ret­ary of State for Defence, Gav­in Wil­li­am­son. Per­haps he really does believe that the UK mil­it­ary needs aug­ment­ing after years of cuts, as the former Deputy Chair­man of the UK Con­ser­vat­ive Party and er, well-known mil­it­ary expert, Lord Ash­croft, wrote in the Daily Mail. But why a whole new intel­li­gence agency at huge cost? Surely all the exist­ing agen­cies should already be able to provide adequate defence?

Addi­tion­ally, by singling out Rus­sia as the hos­tile, aggressor state, when for years the West has also been bewail­ing Chinese/Ira­ni­an/North Korean et al hack­ing, smacks to me of polit­ic­al oppor­tunism in the wake of “Rus­siagate”, the Skri­pals, and Russia’s suc­cess­ful inter­ven­tion in Syr­ia. Those of a cyn­ic­al bent among us might see this as polit­ic­ally expedi­ent to cre­ate the etern­al Emmanuel Gold­stein enemy to jus­ti­fy the ever-meta­stas­ising mil­it­ary-secur­ity com­plex. But, hey, that is a big tranche of the Brit­ish, and poten­tially the post-Brexit, Brit­ish economy.

The UK intel­li­gence agen­cies are there to pro­tect “nation­al secur­ity and the eco­nom­ic well-being of the state”. So I do have some fun­da­ment­al eth­ic­al and secur­ity con­cerns based on recent West­ern his­tory. If the new organ­isa­tion is to go on the cyber offens­ive what, pre­cisely does that mean – war, unfore­seen blow back, or what?

If we go by what the USA has been exposed as doing over the last couple of dec­ades, partly from NSA whis­tleblowers includ­ing Bill Bin­ney, Tom Drake and Edward Snowden, and partly from CIA and NSA leaks into the pub­lic domain, a cyber offens­ive cap­ab­il­ity involves stock­pil­ing zero day hacks, back doors built into the inter­net mono­pol­ies, weapon­ised mal­ware such as STUXNET (now out there, mutat­ing in the wild), and the egre­gious break­ing of nation­al laws and inter­na­tion­al protocols.

To dis­cuss these points in reverse order: among so many oth­er rev­el­a­tions, in 2013 Edward Snowden revealed that GCHQ had cracked Bel­ga­com, the Bel­gian nation­al tele­com­mu­nic­a­tions net­work – that of an ally; he also revealed that the USA had spied on the Ger­man Chancellor’s private phone, as well as many oth­er Ger­man offi­cials and journ­al­ists; that GCHQ had been pros­ti­tut­ing itself to the NSA to do dirty work on its behalf in return for $100 mil­lion; and that most big inter­net com­pan­ies had col­luded with allow­ing the NSA access to their net­works via a pro­gramme called PRISM. Only last month, the EU also accused the UK of hack­ing the Brexit negotiations.

Last year Wikileaks repor­ted on the Vault 7 dis­clos­ures – a cache of CIA cyber weapons it had been stock­pil­ing. It is worth read­ing what Wikileaks had to say about this, ana­lys­ising the full hor­ror of how vul­ner­able such a stock­pile makes “we, the people”, vul­ner­able to crim­in­al hacking.

Also, two years ago a huge tranche of sim­il­arly hoarded NSA weapons was acquired by a crim­in­al organ­isa­tion called the Shad­ow Brokers, who ini­tially tried to sell them on the dark web to the highest bid­der but then released them into the wild. The cata­stroph­ic crash of NHS com­puters in the UK last year was because one of these cyber weapons, Wan­nac­ry, fell into the wrong crim­in­al hands. How much more is out there, avail­able to crim­in­als and terrorists?

The last two examples will, I hope, expose just how vul­ner­able such caches of cyber weapons and vul­ner­ab­il­it­ies can be if not prop­erly secured. And, as we have seen, even the most secret of organ­isa­tions can­not guar­an­tee this. To use the Amer­ic­an ver­nacu­lar, they can come back and bite you in the ass.

And the earli­er NSA whis­tleblowers, includ­ing Bill Bin­ney and Tom Drake, exposed just how easy it is for the spooks to manip­u­late nation­al law to suit their own agenda, with war­rant-less wiretap­ping, breaches of the US con­sti­tu­tion, and massive and need­less over­spend on pred­at­ory snoop­ing sys­tems such as TRAILBLAZER.

Indeed, we had the same thing in the UK when Theresa May suc­ceeded in finally ram­ming through the invi­di­ous Invest­ig­at­ory Powers Act (IPA 2016). When she presen­ted it to par­lia­ment as Home Sec­ret­ary, she implied that it was leg­al­ising what GCHQ has pre­vi­ously been doing illeg­ally since 2001, and extend their powers to include bulk metadata hack­ing, bulk data set hack­ing and bulk hack­ing of all our com­puters and phones, all without mean­ing­ful gov­ern­ment oversight.

Oth­er coun­tries such as Rus­sia and China have passed sim­il­ar sur­veil­lance legis­la­tion, claim­ing as a pre­ced­ent the UK’s IPA as jus­ti­fic­a­tion for what are claimed by the West to be egre­gious pri­vacy crackdowns.

The remit of the UK spooks is to pro­tect “nation­al secur­ity” (whatever that means, as we still await a leg­al defin­i­tion) and the eco­nom­ic well-being of the state. I have said this many times over the years – the UK intel­li­gence com­munity is already the most leg­ally pro­tec­ted and least account­able of that of any oth­er West­ern demo­cracy. So, with all these agen­cies and all these dra­coni­an laws already at their dis­pos­al, I am some­what per­plexed about the per­ceived need for yet anoth­er costly intel­li­gence organ­isa­tion to go on the offens­ive. What do they want? Out­right war?