Pages

4 December 2020

Inside the vault of Britain’s secret service agency

John Xavier

The GCHQ (Government Communications Headquarters) is one of Britain’s leading intelligence agencies known for its code-breaking achievements during the Second World War. Enter Behind the Enigma: The Authorized History of GCHQ, Britain’s Secret Cyber-Intelligence Agency (Bloomsbury Publishing): the first book to authoritatively capture the history of this secretive intelligence agency.

The 848-page book explores GCHQ’s early missions of information assurance and signals intelligence, underpinning why the organisation continues to be the top security and cyber-intelligence tool of Britain state.

In an email interview with MetroPlus, author John Ferris shares his perspective on surveillance, data gathering and how intelligence agencies have changed their approach to bring in contractors after the Edward Snowden episode — an incident which stunned the GCHQ.

In the book, you mentioned that bulk collection of data and of private messages happened in 1914. How different is it now?

It was collected from different media — cable and radio, as against cell phones and the Internet. It also was used only during wartime. Most importantly, almost all communications across the Atlantic between 1914 and 1919, and 1939 and 1945, were intercepted, read, analysed and used by states.

Today, bulk collection constitutes only a tiny part of international communications — and only an equally tiny part of these messages are ever read.

Signals intelligence (Sigint) agencies have limited abilities to examine connections between communications, and even less to break encryption. Therefore, they must ration their efforts in a rational way — i.e. against real threats and targets, like spies, terrorists or hostile states.

Very few of us [citizens] fall in those categories or attract their attention. State-directed surveillance against the communications of their citizens is dramatically weaker than people think in western countries.

Commercial entities have far more ability to analyse and read your data, than Government agencies do, and much more incentive to do so, because it makes them money.

Did people protest to such bulk collection of data back then, during the First World War? If yes, how did they organise and protest? If not, why didn’t they protest?

Neutrals protested, because they did not think that their communications should be censored. But they could do nothing about it, because the belligerents were more powerful and these actions were legal under international law. Citizens of belligerents often did not like the practice, initially, but accepted it as a wartime necessity, and ultimately took it for granted.

How do you view GCHQ’s approach to handling citizens’ data in the light of documents obtained by US National Security Agency whistle-blower Edward Snowden on GCHQ’s information collection for its mass surveillance programme?

These documents showed how far states could intercept international communications, and shocked even technical experts.

However, in both Britain and the United States, subsequent examination showed that these actions were legal, under British and American law, and that national authorities (including oversight committees in Congress and Parliament) had been properly informed of these practices.

Moreover, independent technical authorities, like the US Academy of Sciences in 2014, concluded that if states were going to conduct signals intelligence at all, the use of bulk collection was unavoidable.

All technically competent states did similar things — Chinese penetration of private and state communications in India at that time were well known. These practices will not go away, because they are powerful tools of intelligence for all states. To give them up is to conduct unilateral digital disarmament — if Britain gave them up, China and Russia and Germany would not. Neither would India. States will maintain competent cyber intelligence and security agencies for the same reason they do armies and navies.

How has the intelligence gathering agency’s approach towards hiring contractors changed after the Snowden episode?

Sigint agencies are much more careful in their employment of contractors today than they were in 2012.

As calls for data privacy and information security grow, how has intelligence gathering by the state changed in the past few years?

It varies by country. China and Russia do not care about these issues. Western states do care, but we live in a world where we are constantly closely monitored by multiple actors, almost all of which are private, whether commercial firms or cyber criminals.

Western states have found dealing with those problems difficult, and have not done well at it, except by having their own security and intelligence agencies block foreign cyber criminals, cyber intelligence and cyber subversion. Most western states have taken steps to ensure that security and intelligence agencies do not illegally acquire intelligence on their citizens — which is complicated by the undeniable fact that many of their citizens in fact pose security problems, like terrorists.

This requires serious attention to legal and political controls over intelligence and security agencies — which can be achieved. Western states have not in the least changed how they collect intelligence on foreign people or states.

Are nation-states doing enough to allay their citizens’ fear over mass surveillance?

They need to explain the nature of mass surveillance, and how limited their powers to do so are against their citizens. They should also show what they do and do not do — and why what they do is justified, in order to deter or defeat real threats. They need clear legal and political controls over the works of their agencies, and respected oversight agencies in legislatures, and they need to walk the talk.

Where can a line be drawn between a citizen’s right to privacy and right for safe living in their country?

Where it always has been. In western countries, before the Internet, state agencies needed to pass a high legal bar before they attempted to read the messages of their citizens. Precisely those controls can and should be enforced as, by and large, they already are done in North America and western Europe.

Behind the Enigma: The Authorized History of GCHQ, Britain’s Secret Cyber-Intelligence Agency by John Ferris (₹999) is available across major e-tailers and retailers.

No comments:

Post a Comment