| Intelligence and Security Committee Annual Report 1999-2000 | ||||
|
Other Matters Report on the Agencies' handling of Mr Mitrokhin and his material 62. We reported to you on 20 April 2000 on the findings of our inquiry into the Security and Intelligence Agencies' handling of the material provided by Mr Mitrokhin. The Committee was only able to carry out this inquiry through access to all the relevant papers, including advice to Ministers, from both your and the previous administrations. We believe that, as a result, our Report24, while critical in a number of important aspects of the Mitrokhin affair, gave credit where credit was due, was recognised as a fair and objective review of the various issues, and put in proper perspective matters of keen public interest. 63. In the Report, we highlighted the fact that while mistakes had been made within the Security Service, the system to consult the Law Officers on prosecutions had been changed, and a new system and criteria for referral were being trialled. Additionally, we were told that the Director General of the Security Service would now report annually to the Home Secretary on the current status of all espionage cases. As part of that work, the Director General had employed a retired staff member to check the records to ensure that no other cases had slipped out of sight. We intend to monitor these new systems and will report to you again in due course. 64. In our last Annual Report25 we stated that we would take evidence on the intelligence contribution to the Kosovo campaign and the analysis of the material produced. To that end we took evidence from the three Agencies on their contribution to the campaign, together with the lessons they had learnt. We also received evidence from the Cabinet Office, MoD and FCO from their perspective as customers and users of the intelligence provided by the Agencies. We asked these departments to identify any shortcomings with the system, particularly in terms of response time, flexibility and quality. As part of this work we also took oral evidence from the Foreign Secretary, the Chairman of the JIC, and the MoD Policy Director. 65. We were told that the SIS and GCHQ provided very valuable intelligence before, during and after the campaign. The SIS made full use of its *** sources *** *** During the campaign itself, SIS provided intelligence on *** *** *** The SIS also provided intelligence *** *** Reporting also illuminated *** *** ***.26 66. GCHQ provided a flexible and in-depth service of intelligence, including*** *** *** It provided intelligence on *** *** GCHQ monitored the situation *** and helped to provide reassurances that *** *** *** GCHQ stated that some *** of the intelligence that went to UK customers was *** in origin27. 67. GCHQ did comment that *** *** *** The Committee is concerned that *** *** The Foreign Secretary stated that "*** *** ***28 The Committee noted that GCHQ is working with the MoD *** Additionally, we understand that GCHQ *** The Committee will continue to take an interest in this matter, to ensure that the Agencies' views can be taken into consideration *** in future conflicts. 68. The Agencies' customers were fully satisfied with the Agencies' reporting and were able to interact effectively with them to ensure best use was made of the available resources. The customers also stressed that "the close intelligence relationship with the US continued to be very important." The intelligence provided helped to inform the decision-making process across the range of Government activities, from decisions on overall direction of policy to issues such as targeting. The customers found the Agencies to be responsive to changes in tasking as circumstances changed29. 69. One particular requirement the Government put on the Agencies, and the MoD, was for suitably sanitised material that could be used for a variety of purposes, including being passed to NATO and other Governments or into the public domain. The MoD commented that this was one area where national assets were useful, as the UK had control over the sanitisation and distribution process30. The Government has also learnt that it needs to collect intelligence *** from the early stage of any crisis. The customers also commented that the Agencies were *** *** 70. The SIS told us that it was able to respond to the demands made upon it, but these demands placed a severe strain on its staff. *** *** *** *** The SIS identified the following lessons learned:
71. GCHQ *** GCHQ's effective planning now means that it has sufficient linguists (***) to cope with the workload. GCHQ's 24-hour *** watch *** *** Despite *** it was able in almost all cases to produce timely sanitised versions releasable to NATO and the UK commanders in the field. The lessons learnt by GCHQ were:
72. The Committee also took evidence from the Security Service on their role in the Kosovo campaign. The Service's role has been to identify and counter threats to national security from terrorist or espionage activity, including UK interests and nationals in the UK and the Balkans. During the campaign the Security Service *** *** *** *** On its recommendation, *** *** ***33. 73. GCHQ and SIS are continuing to devote *** resources to supporting the Government's policies in Kosovo and the Balkans, *** The Security Service continues to monitor activity and to provide assessments on the threats in theatre and within the UK. 74. Following up our stated interest in defensive Information Warfare (IW), we asked for an overview of the work being conducted to defend the UK against IW threats. The note covered the Government's work on critical national infrastructure protection (CNIP), identifying vulnerabilities and taking steps to address them34. The Committee has noted the characterisation of six key business sectors, which the Government judges to contain infrastructure systems essential to national well being: telecommunications, energy, financial services, water and sewerage, transport and Government itself. 75. We have been told that the intelligence requirements on information warfare and electronic attack became *** This reflected the increasing awareness of the potential impact of IW particularly in respect of the UK Critical National Infrastructure (CNI)35. 76. The launch of the National Infrastructure Security Co-ordination Centre (NISCC) by the Home Secretary in December 1999 provides the country with a single point access to the Government's CNIP arrangements. The NISCC, which is largely resourced by the existing Security Service and CESG baselines, acts as an umbrella organisation co-ordinating relevant activities in several departments and Agencies, including the Security Service, CESG, Cabinet Office, Home Office, MoD, DERA, DTI and the Police. One of the main activities of the NISCC is to issue alerts and warnings about security incidents and vulnerabilities, firstly within the UK and then wider to other international organisations, by means of the Unified Incident Reporting and Alert Scheme (UNIRAS). 77. Whilst the Committee did not take any oral evidence on IW this year, we did inquire how the CNI and Government responded to the "love letter" virus on 4 May this year. The Committee was disappointed to learn that the UNIRAS warning was not sent out until 12.45pm on 4 May. This, incidentally, compares with the House of Commons where a warning was issued at 10.33am. By then the virus had infected a large number of the Government's computer systems36. We established during our visit to the US that the failure to send out a more timely warning meant that the UK was unable to warn the US authorities of the virus before the US Departments started work. The Committee believes that the UNIRAS system should be reviewed to ensure that it is able to give far more timely warnings of serious virus attacks to both UK organisations and allies. 78. The Committee took evidence on the impact of the Data Protection Act 1998 (DPA) and the Human Rights Act 1998 on the files and information stored in the Agencies37. We considered two issues, the rights of employees to access material stored on them and the rights of individuals to see information stored by the Agencies about them. We noted that from 1 March 2000 when the DPA came into force, employees have the right to see information stored about them. The DPA allows for data to be exempted on the ground of national security, by means of a certificate. Other Data Protection exemptions, such as material given in confidence (referees' comments) and data that refers to more than one person, also apply. 79. We noted that an individual can, under the DPA 1998, apply to see what information an organisation is keeping on them. The information can either be on a computer or in a filing system. Under Section 28 of the Act the Secretary of State can issue a certificate withholding disclosure on grounds of safeguarding national security, in which case the applicant will be told that the Agency holds no information which the applicant is entitled to see. 80. On being informed that the information they have requested is being withheld on safeguarding national security grounds, the applicant can appeal against the certificate to the Data Protection Tribunal. Appeals will be heard by a specially constituted panel of the Tribunal comprising legally qualified deputy chairmen appointed by the Lord Chancellor and designated by him as capable of hearing such appeals, one of whom will be designated by him to preside. The Tribunal will generally be quorate at three and it must as a general rule proceed by way of a hearing. Hearings will generally be held in private but there is provision for public hearings in certain limited circumstances. 81. The practice and procedure of the Tribunal in respect of these appeals is set down in the Data Protection Tribunal (National Security Appeals) Rules (SI 2000 No. 206). 82. The Tribunal is placed under a general duty to ensure that information is not disclosed contrary to the interests of national security. It must exclude the appellant and/or their appointed representative from all or part of the proceedings where it considers this to be necessary in order to comply with this general duty. Otherwise, the Tribunal is required to give the appellant an opportunity to address it, to amplify orally written statements previously furnished, to give evidence, call witnesses, question those giving evidence and make representations on the evidence. 83. If the Tribunal finds, applying judicial review principles, that the Minister did not have reasonable grounds for issuing the certificate, it may allow the appeal and quash the certificate. There is no appeal against the Tribunal's decision. 84. This system is designed to allow individuals who believe that the Agencies have incorrect or inappropriate information stored on them to pursue the matter. However we note that, as yet, no appeal has been made against a certificate. We will continue to monitor this system and will report again in due course. Serious Crime including organised illegal immigration 85. The Committee continued to examine the work conducted by the Agencies in the fight against Serious Crime, which includes drugs, illegal immigration rings and excise evasion. We visited HM Customs & Excise in Dover to see the scale of the drugs and excise evasion problem. We were told in the context of this work that *** of GCHQ's effort, *** of SIS's effort and *** of the Security Service's38 effort was against serious crime. The Chief of Defence Intelligence told us that *** of JARIC's effort was against serious crime39. The Committee also noted that the *** *** *** *** 86. We were briefed on the organised rings of smugglers operating within the UK to bring in cigarettes and hand-rolled tobacco from the continent into the UK and ***, via Europe into the UK. The main problems concerning excise evasion are individuals who buy large quantities of cigarettes and hand-rolled tobacco in Europe and then smuggle them into the UK without paying the duty and VAT through the Channel Ports. Additionally groups also buy container loads of counterfeit cigarettes *** and then import them to the UK either directly or through an intermediate country, again without paying duty or VAT. 87. Intelligence, from the Agencies and HM Customs and Excise's own sources, plays a key role in tackling this issue. However, we were told that over three-quarters of the seizures resulted from profiling work by Customs Officers in the ports, rather than intelligence40. This year a number of major smuggling networks have been closed as a direct result of joint operations. The Customs Officers were particularly complimentary about the work of the Security Service's surveillance teams. Additionally, the Security Service has targeted and frustrated the smuggling activities of ***41. 88. We support the Agencies playing a bigger role in combating excise evasion. However, the Agencies are still unable to allocate resources to all the operations for which their support is requested. We believe, as we stated in last year's Report42, that increasing the funding to combat excise evasion would result in a net benefit for the Exchequer. 89. We discussed the resources allocated to the fight against drugs. We noted that combating drugs is a JIC First Order of Priority requirement43 and that the Agencies are working together with law enforcement organisations both within the UK and the rest of the world. In our last Report44 we stated that the Committee believed that more could be done to stop the drugs reaching the UK. We were told that more is being done in this area but we are still not convinced that enough is being done. We noted that the Agencies have bid for additional funds to increase the work they do against drugs as part of the CSR, and this will be reviewed later in the year. 90. The Committee has been concerned about the scale of illegal immigration into the UK. We were told that the investigation of large-scale networks aimed at bringing illegal immigrants into the UK was *** requirement45. We were told that the SIS assisted in a successful operation ***, which broke up a major network. *** *** ***46. We were also told that the JIC had taken a paper on illegal immigration in June 2000. GCHQ and Security Service have also produced intelligence on this topic, but accept that they could do more47. We believe that directed and focussed use of the Agencies could assist the Immigration Service and even help to prevent tragedies such as the death of the 58 Chinese in June this year. 91. In our Report48 to you last year, we outlined the work the Agencies were conducting to ensure they were prepared to overcome any Millennium Bug related problems, both internally and externally. We had been told that the Y2K problem was being taken very seriously by the Agencies, second only to support to operations, and that work had first started in 1996. The Agencies reported their preparedness to us in November 1999 and in January 2000 they reported the outcome of the date change. We were also told that joint meetings had been held by the Agencies and their main customers to share and co-ordinate year end plans. 92. In November 1999 the SIS reported that they had tested all 276 of their systems and proved that they were Y2K compliant. They had also placed special contingency communications equipment *** overseas locations to make them independent of local power and communications providers. The SIS told us that there would be extra staff on duty and on call over the period, together with a "Millennium Manager". In January 2000 the SIS reported that it had not suffered any significant Y2K-related problems in their computer systems and that all their communication links with other government departments and overseas stations were functioning normally49. 93. GCHQ reported that by November 1999 94% of its over 1300 systems had been certified Y2K compliant and that they were on track to be ready on time. They had also made contingency arrangements for backup power and telecommunications both in their UK sites and abroad. GCHQ told us that a Millennium Control Centre would supplement the normal 24 hour operation, with a tiger team *** in attendance and a larger pool of *** technical and production staff on call. In January 2000, GCHQ reported that there had been some *** mostly minor, failures of its systems directly related to the millennium bug; there were a further *** indirect faults. None of these had any significant effect on intelligence production. They also noted that CESG had repaired the Whitehall secure Intranet50. 94. The Security Service reported that by November 1999 the Service was rated at 99% by the measures used for the Cabinet Office's monitoring purpose. They had put in place fully independent alternatives for each of their critical strategic IT systems and the Millennium Manager and Y2K Director were confident that the Service would be able to sustain the Service's outputs with no significant disruption. In January 2000 the Security Service stated that all systems worked normally, with two minor exceptions. Of these two areas affected, one was promptly fixed and the other was managed through business continuity plans. The Service stated that there was no disruption to its outputs51. 95. All the Agencies told us that they were able to deal with the millennium issue because of their preparation and planning. They told us that their work had found faults in commercially available software and that these enabled revised Y2K patches to be given to other government departments. Regulation of Investigatory Powers Bill 96. The Committee has continued to take an interest in the legislation being introduced by the Government. In our last report we outlined why the Agencies needed the ability to intercept and monitor communications in real time and the effect that commercial encryption would have on the Agencies. These powers, and the revision of the Interception of Communications Act 1985, have been encapsulated in the Regulation of Investigatory Powers (RIP) Act. 97. The Government accepted our views on the RIP Bill on limiting those who could apply for an interception warrant and amended the Act accordingly. We also note that the RIP Act will amalgamate all the previous Tribunals into a single, but regionally based, Tribunal. This will allow, to anyone who believes that their Human Rights have been abused, or that the Agencies and Law Enforcement Organisations have acted improperly, a single point of contact to handle the complaint. We have also noted that the positions of the Intelligence Services Commissioner and the Security Service Commissioner have been amalgamated. In practice this is not a significant change as the same person discharges both positions, currently Lord Justice Simon Brown. However, the new position will also cover the warrants issued for the MoD operating abroad. 98. We were also briefed on the establishment of the National Technical Assistance Centre (NTAC). The NTAC will be a twenty-four hour centre operated on behalf of all the law enforcement, security and intelligence agencies, providing a central facility for the complex processing needed to derive intelligence material from lawfully intercepted computer-to-computer communications and from lawfully seized computer data, which are being increasingly encrypted. The NTAC will also support the technical infrastructure for the lawful interception of communications services including Internet Services. We noted that the NTAC will be located in Thames House, but that it will be operated by the National Criminal Intelligence Service (NCIS) on behalf of the Home Office. The three Agencies will provide the NTAC with both some staff and fund part of its activity. They will also be fully engaged in its operation and will be customers of its product. Visits to Romania, Poland and USA 99. The Committee visited Romania and Poland during the period 11 to 15 October 1999. A full list of whom we saw can be found at Appendix B. In Romania we were the guests of the Romanian Parliamentary oversight committees for the Romanian Intelligence Service (SRI) and the Foreign Intelligence Service (SIE). During our visit we had useful meetings with the Minister of Interior, the Presidential adviser on National Security, the heads of SRI, SIE and the Military Intelligence Service and the Parliamentary oversight committees. 100. We then went to Poland as the guests of the Parliamentary Special Services Committee. In Warsaw we met the Minister Co-ordinator of the Polish Security Service, the National Security Adviser, a representative of the Office of State Protection (UOP) and the head of Military Intelligence (WSI). 101. During the visits, we concluded that, in countries where the people had once been oppressed by the internal intelligence organisations, Parliaments have sought to create a system of very strong democratic oversight. In Romania, we were told that the parliamentary oversight Committees receive daily reports from their respective agencies and recommend the budgets to the President and Parliament. In Poland, we were told that the Parliamentary Special Services Committee also sets the budgets of the intelligence agencies and calls the agencies to account for their actions and plans. 102. The Committee visited the USA between 7 and 12 May 2000. A list of whom we saw can be found at Annex C. We met both the House Permanent and Senate Select Committees on Intelligence, together with the heads and representatives of the US Intelligence agencies and the Presidential Foreign Intelligence Advisory Board (PFIAB). We also visited the Joint Interagency Task Force East, a US organisation set up to co-ordinate and analyse anti-drugs intelligence in real-time involving the US intelligence and law enforcement agencies, the four armed services and allied nations. 103. In submitting this Report to you the Committee looks to the Government to ensure a prompt response. The Committee was disappointed that last year's Annual Report, which was delivered on 6 August 1999, was not published until 25 November 1999 and that the Government's response was not published until 28 January 2000. Parliament did not have the opportunity to debate the Report until 22 June 2000, which was nearly twenty months after the debate on the previous Committee's Report. It clearly took too long for the Annual Report 1998/99 to be published, responded to, and debated. The Committee looks to the Government to ensure much prompter handling of this Report. 104. During the course of the year, the Committee and the Cabinet Office agreed to modify the way the Investigator reports to the Committee from that published in the Government's response to our last Annual Report. Now the Investigator, on completing a report, sends it to the Agencies for factual checking. He likewise sends relevant sections to Departments that have contributed to the report (normally the Foreign and Commonwealth Office, Ministry of Defence and the Cabinet Office). The Investigator then presents the Report to the Committee. We can use the Report as we wish, although the Heads of the Agencies are given the opportunity to comment to us on our draft conclusions before we report to you. 105. The addition of an Investigator to the Committee's staff has allowed us to pursue complex issues in considerably more depth. The investigations have also spurred the Agencies and the Community as a whole into re-examining aspects of their policies and procedures. The Investigator ensured that Departments and Agencies were kept informed of his developing findings; as a result they did not always wait for him to submit his report to us but took early and positive action in problem areas he identified.
24 Cm 4764, June 2000. 25 Cm 4532, November 1999. 26 Evidence from SIS, May 2000. 27. Evidence from GCHQ, May 2000. 28 Evidence from the Foreign Secretary, June 2000. 29. Evidence from MOD/FCO, May 2000. 30. Evidence from MOD, June 2000. 31. Evidence from SIS, May 2000. 32. Evidence from GCHQ, May 2000. 33. Evidence from the Security Service, May 2000. 34. Evidence from the Cabinet Office, May 2000. 35. Evidence from the Cabinet Office, April 2000. 36. Evidence from the Cabinet Office, May 2000. 37. Evidence from SIS, GCHQ and the Security Service, March and April 2000. 38. Evidence from GCHQ, SIS and Security Service, April and May 2000. 39. Evidence from CDI, March 2000. 40. Evidence from HM Customs & Excise, May 2000. 41. Evidence from the Director General of the Security Service, April 2000. 42. Cm 4532, November 1999. 43. Evidence from Cabinet Office, July 2000. 44. Cm 4532, November 1999 45. Evidence from Cabinet Office, July 2000. 46. Evidence from the Chief of SIS, May 2000. 47. Evidence from SIS, GCHQ and the Security Service, April and May 2000. 48. Cm 4532, November 1999. 49. Evidence from SIS, November 1999, January 2000. 50. Evidence from GCHQ, November 1999, January 2000. 51. Evidence from the Security Service, November 1999, January 2000.
|
||||
