Intelligence and Security Committee - Annual Report 1998-99

Other Matters

Commercial Encryption

72. In light of the Government's proposals for the regulation of electronic commerce, we asked for evidence from the Home Office and Agencies on the effect that commercial encryption technologies would have on the work of the Agencies. The Agencies and law enforcement organisations stated56 that the ability to intercept and monitor communications in real time provides both the initial intelligence needed to mount operations and the ongoing intelligence to bring them to a successful conclusion. GCHQ stated in their evidence that ***

***

***

***

***

Currently *** of GCHQ's intelligence reporting results from the successful application of cryptanalytic and other technical skills. The Security Service told us that ***

***

***

The SIS stated that ***

***

***

***

73. The Home Office stated that "It is, however, the potential use of encryption rather than its current application which gives rise to the greatest concern. Communications technologies are converging around common digital protocols in a way which will soon allow new encryption methods to be applied equally to voice as to internet data traffic. When that happens, if nothing were done, the valuable interception capability would be progressively lost to the law enforcement services and to the Agencies". We therefore welcome the Government's proposals under the Electronic Commerce Bill to include powers to issue orders for the production of keys held by any person where they are required in order to decrypt material which has been, or is being, lawfully acquired. We understand that this would include interceptions under the Interception of Communications Act 1985 which is currently also under review. We will report to you as this matter develops.

Security Policies and Procedures

74. In recent years there have been a number of serious security breaches in the intelligence communities both in the UK and the US. In each of our previous reports, the Committee has emphasised its concern about the need to learn the lessons of these breaches and for the necessary steps to be taken. We understand that a number of enhancements have been introduced by the Agencies, but we remain concerned as to whether our recommendations have been fully taken on board and introduced throughout the security and intelligence community. Against this background, we have tasked our Investigator to conduct a stocktaking exercise into the security policies and procedures with particular reference to recent enhancements and the Committee's previous recommendations. We will report to you on the outcome of this work in due course.

75. We have also noted that the Security Commission has been asked by you to investigate and report on the case of Chief Petty Officer Hayden, who was convicted in November 1998 of offences under the Official Secrets Act. We understand that one of the reasons that you did not ask this Committee to report on the case is that CPO Hayden was a member of the Armed Forces and not of the Agencies. We await the Security Commission's report with interest.

External Records/Files

76. In our report last year, we outlined our interim conclusions in respect of the policy on the creation and retention by the Agencies, most notably the Security Service, of personal files. In particular, we noted the fact that the Security Service was reviewing its files relating to individuals aged 55 and over. Whilst recognising that the judgement in respect of the review and destruction of individual files is made solely by the Security Service, it was our conclusion that a form of independent check should be built into that process, particularly in respect of files relating to subversion.

77. We were pleased to note that in its response to our report last year the Government57 stated that "the Service will no longer surface records in the vetting context purely on account of membership of organisations hitherto considered subversive". We understand this to mean that if a person had been a member of an organisation previously considered to be subversive, that information would not be used in the vetting process.

78. In July 1998, the Home Secretary announced that he had invited the Advisory Council on Public Records to review the criteria which the Security Service employs to select files for permanent preservation on grounds of historical interest. However in the Government's response to our last annual report, it was stated that "the Government does not believe that the process of reviewing files for destruction would be assisted by independent scrutiny". The Home Secretary, during the debate on our report in November, then stated that he would look at the matter again. The Council reported to the Home Secretary in December last year recommending, inter alia, that officials of the Public Record Office with the appropriate security clearance would, in future, be invited to examine files which had been earmarked for destruction by the Security Service. This would provide a useful measure of external scrutiny of the selection process to ensure that historical records were not being destroyed. The Committee welcomes this development.

79. However, we were disappointed that in the period between when the Home Secretary agreed to look again at this issue and his acceptance of the Advisory Council's recommendations in January 1999, the Security Service continued its programme of destruction. We understand that around 3000 files were destroyed between November 1998 and January 199958. Where such reviews of policy are announced in future, we strongly recommend that immediate action is taken to avoid a repeat of this.

80. With regard to the destruction of personal files, the Director-General59 has told us that files are not destroyed if the subject was actively investigated by the Security Service using intrusive investigative techniques, nor if the file was used in a way that might have adversely affected the subject, such as an adverse trace during the security vetting process which affected their employment prospects. He also stated that files on organisations would not be destroyed. When asked if there were plans to release any information on people or organisations previously regarded as subversive, such as their names, he stated that there are currently no plans for the Service to release post-war information on individuals or organisations previously regarded as subversive. The Director General's view was that this could lead to potentially large numbers of requests for such information, as well as the loss of confidence of those agents and others who supplied information to the Service in confidence and to the exposure of intelligence techniques and methods which remain sensitive. We will wish to examine this matter further.

81. We have taken information from the Data Protection Registrar about the changes in this area which will flow from the implementation of the Data Protection Act 199860. Under the Data Protection Act 1984, a certificate by a Minister that an exemption is required for purposes of national security could not be challenged, but the new Act will mean that individuals affected by a Ministerial certificate will have the right to appeal against such a decision to the Data Protection Tribunal. The 1998 Act confers on individuals certain rights which may go some way to meeting our concerns about personal files held by the Agencies. We intend to pay close attention to the effects of the enactment of the Data Protection Act 1998 in this area, and the development of individuals' rights under the Human Rights Act.

82. In our work to date in this area, we have concentrated on the destruction of files by the Security Service. We intend to consider these issues further, in particular, the creation of files and rights of access, and the verification of information held on individuals by the Agencies.

Defence Intelligence Staff (DIS)

83. We were unable to ascertain the effect of the Strategic Defence Review on the DIS as CDI was unable to brief us on these matters due to Operation Desert Fox and the military campaign in Kosovo. We will be taking evidence in the Autumn on both any changes in the funding and structure of the DIS as a result of the Government's Strategic Defence Review, together with the implications that these may have for the work of the Agencies, and the intelligence contribution to policy in the Kosovo campaign. We will also be examining the material produced.

Developing Oversight

84. Following the recommendation in our last Annual Report61 that the Committee needed its own investigatory capability, we were grateful for your agreement and support in the appointment of an Investigator. The Committee interviewed a number of identified candidates for the position, before selecting John Morrison, the recently retired Deputy Chief of Defence Intelligence, DIS, as the Investigator. Mr Morrison, who took up his appointment in June, will work part-time as required by the Committee and will conduct investigations into matters as directed by the Committee. He brings with him a great knowledge of intelligence matters, as he has worked alongside, but not in, the Agencies for almost all of his 32 year career.

85. The Investigator is a significant enhancement to the Committee as he will be able to pursue matters in much greater detail than we can. This was recognised by the Home Affairs Committee of the House of Commons, which stated62 that "the establishment of the post of 'Investigator' should make it [the ISC] more effective". He will work under the statutory authority of the Committee, as detailed in the Intelligence Services Act 1994 and will report directly to us. The Investigator will be able to inspect all documents, files and reports connected with the investigation, as well as interview key personnel, in preparing his report. He will then, in consultation with the appropriate Agency Head to ensure that operationally sensitive information is not unnecessarily disclosed, submit his report to the Committee. We will then consider the matter, together with any recommendations, and report, as necessary, to you. We see the Investigator reinforcing the authority of any findings we make, and to be an important element in establishing public confidence in the oversight system.

86. We have formulated a schedule for the Investigator, which will allow him to cover areas of substance, whilst allowing him the flexibility to divert his attention to immediate matters as directed by the Committee. We also believe that if the Agencies themselves wish a matter or event to be investigated and reported, they could invite the Committee to deploy the Investigator. In such circumstances the Investigator would still report to the Committee. As mentioned in paragraph 10, we have already tasked the Investigator to conduct a stocktaking exercise into security policies and procedures, with particular reference to recent enhancements and the Committee's previous recommendations. Mr Morrison will report back to us in the Autumn.

Oversight and Parliament

87. The Home Affairs Committee (HAC) of the House of Commons reported on the Accountability of the Security Service in June63. They concluded that the Intelligence and Security Committee (ISC) should be replaced by an inter-departmental select committee, "a reconstituted ISC", which reported to Parliament rather than to the Prime Minister. The majority of this Committee, with a minority dissenting, does not support this recommendation. We await, with interest, the Government response to the HAC report which will be produced in the Autumn. We note the statements in the HAC report on the success of the ISC, three of which are reproduced below:

"....the reports of the ISC itself have shed light on areas of security service activity which hitherto had lain in darkness. These developments have been an important advance on what had gone before."

"....we wish to record our view that the establishment of the statutory Intelligence and Security Committee has been a significant step forward over previous arrangements in providing democratic accountability."

"....we note that in practice the ISC has gone beyond even the limits of the three principal agencies to examine other intelligence work within the government."

 

57. Cm 4089, October 1998.

58. Evidence from the Security Service, June 1999.

59. Evidence from the Security Service, June 1999.

60. Evidence from the Data Protection Registrar, January 1999 and May 1999.

61. Cm 4073, October 1998.

62. Home Affairs Committee Report "Accountability of the Security Service", June 1999, HC291.

63. Home Affairs Committee Report "Accountability of the Security Service", June 1999, HC291.

Back to previous Section Back to Contents On to Next Section Back to other Official Documents pages
We welcome your comments on this site.
Prepared 8 August 2000