Evolution has provided our species with the invaluable advantage of reason, as well as the ability to act instinctively. Our intellect allows us to improve the quality of our decisions, not least about matters relating to our security, by reducing our ignorance of the dangers we face. We have learnt by experience that amongst those perils are the actions of those who mean us harm but are equally determined to remain undetected, leaving us unaware of the threats they pose. This is where secret intelligence enters the story. From Biblical times, when Moses sent spies into the land of Canaan, intelligence officers have always spied on the nation’s enemies in order to frustrate their intent.
Security is essential if society is to flourish, justify investment for the future and allow citizens to live normal lives. That means frustrating the designs of those who mean harm, hostile States and non-State groups, terrorist groups, and criminal gangs of every stripe, by uncovering their secrets. Such secrets need to be acquired without permission, in a word, stolen.
The ‘hidden guardian’ model
In the sixteenth century, Sir Francis Walsingham set up the first genuine European spy network for Queen Elizabeth I. Today, he can be regarded as the founding spirit of British intelligence. The network was used to gather intelligence about the threat of invasion, and to counter external subversion by Catholic European powers, as well as deal with internal sedition fuelled by the agents sent by the Vatican. Walsingham relied on the secret authority of the royal prerogative exercised by the Queen to justify doing whatever he judged necessary to protect his sovereign.
Such unrestricted use of the prerogative powers of the monarch lasted unchallenged until the outbreak of the English Civil War of the 1640s. Parliament then notably asserted that it was sovereign, not least by executing Charles I in 1649 and abolishing warrants authorising the torture of suspects. But parliamentary leaders knew they still needed secret intelligence. That meant paying secret agents, as well as retaining the services of the cryptographer royal, John Wallis, also professor of geometry at Oxford University and probably England’s finest mathematician before Newton. To symbolise the new parliamentary control, the custom of passing openly an annual secret vote to authorise, and limit, expenditure on the secret service came into being (it still exists today as the Single Intelligence Account). But no specific laws governed secret activity, or regulated those conducting it. And no questions about what the money was spent on and by whom were allowed to be asked in Parliament.
This publicly authorised, but still deeply secret, arrangement for protecting the State, which we could call the ‘hidden guardian’ model, lasted from the Restoration in 1660 right up to the period before the outbreak of the First World War. There is a trace of the concept in J. R. R. Tolkein’s Lord of the Rings. He describes the exploits of Lord Aragorn, a noble-born Ranger conducting a dangerous security mission in secret along the borders of Middle Earth, defeating dragons and orcs and other evils, to safeguard the hobbits sleeping snuggly in their hobbit holes unaware of the guardians who watch over them.
The looming threat from Germany as the twentieth century opened saw the first steps towards institutionalising British intelligence through the creation of a government department, the Secret Service Bureau. That rapidly divided into today’s domestic security service (MI5) and an external intelligence service (MI6). The value of signals intelligence was demonstrated during the First World War, and in 1919 the naval and army cryptographers were brought together to form what is today known as GCHQ.
There then followed an era we could characterise as ‘executive regulation’ in which senior government ministers exercised executive control of sensitive operations, such as authorising domestic telephone and postal intercepts and significant intelligence activity overseas that might, if exposed, have diplomatic repercussions. But the existence of the three British secret agencies was not publicly admitted and no laws regulated their activity. As the military historian Sir Michael Howard wrote with heavy irony:
In Britain the activities of the intelligence and security services have always been regarded in the same light as marital sex. Everyone knows that it goes on and is quite content that it should, but to speak, write or ask questions about it is regarded as bad form. So far as official government policy is concerned, the British security and intelligence services, MI5 and MI6, do not exist. Intelligence is brought by the storks and enemy agents are found under gooseberry bushes.
It was the European Court of Human Rights in Strasbourg in 1985 that pointed out the lack of law regulating intelligence activity such as telephone tapping and bugging. The court ruled that such activity could be justified for reasons of national security and for the detection and prevention of serious crime, but that it had to be conducted under the rule of law and with independent authorisation and oversight. The first fruit of this doctrine in the UK was a 1985 Act to regulate telephone tapping, bugging and other forms of intrusive investigation, followed in 1989 by legislation regulating the Security Service, and in 1994 by a corresponding law for the Secret Service and for GCHQ.
Spying in the era of rights
The resulting regime of legal compliance lasted until the controversies generated by the disclosures of material stolen by the US contractor Edward Snowden from the National Security Agency and its British partner GCHQ.
The media interest in the case made many people aware of the surveillance potential of digital technology in ways not previously recognised — namely, the amount of personal information that can be gleaned from the use of mobile devices and the Internet. American, British and European civil rights groups understandably launched legal challenges alleging privacy rights had been violated, and questioning where in law the authority lay that allowed agencies to collect such information in pursuit of intelligence on their suspects. Those challenges identified the need to update existing law and practice and to strengthen independent oversight. In the UK, after eighteen months of public debate and three independent inquiries a strong cross-party consensus was achieved on a new Act of Parliament to regulate such bulk access to digital data in ways that respected people’s privacy rights and provided for enhanced independent scrutiny of the use of those powers.
Democracy and the morality of espionage
The Snowden case, and other examples, outlined below, bring us to crux of the matter: Is there a way of distinguishing espionage in the service of democracy? Is it possible to have principled spying?
Throughout history, the State has had to authorise activity seen as unethical, involving invasions of privacy, theft, deception and betrayal of trust, activities that would be mostly illegal if conducted by a private individual or company.
The same line of argument is mounted both by democracies and by the rulers of autocratic states when it comes to protecting themselves. The various types of human and technical intelligence collection methods are common to both democrats and dictators.
The difference lies in motive. Is espionage necessary to defend the freedoms and values of a democratic State and protect its citizens, or to protect a regime from domestic challenge, including by suppressing internal dissent? If the former, it is possible to use those very democratic values to establish an ethical boundary around intelligence activity considered acceptable in defence of liberal democracy. In other words, we can establish a democratically determined ‘licence to operate’.
Such considerations are unlikely to bother regimes whose secret agencies operate under the personal protection of a dictator or autocrat, emboldened to do whatever they deem necessary for their protection. To take the obvious example of Russia, the military intelligence service, the GRU, sent officers to London in 2006 to assassinate their former colleague Alexander Litvinenko with radioactive Polonium 210. In 2018, they almost succeeded in using an illegal nerve agent, Novichok, to murder former MI6 agent and GRU colonel Sergei Skripal, (and his daughter) in Salisbury. Officers of the federal security service, the FSB, stand accused of attempting to assassinate Russian opposition leader Alexander Navalny, also using Novichok. In these cases the impression deliberately left is that the Russian regime whilst denying responsibility is not unhappy for the assumption to be made that it was a Russian operation.
A warning from Northern Ireland
In a democracy it matters to the public how agents of the State behave, not least towards citizens, and how they are held accountable. There is an expectation that intelligence and security agencies work with the consent of government, including, where necessary, provision in law. Yes, that allows them to operate outside normal conventions (essential if any secret intelligence is to be acquired) but subject to independent Parliamentary and judicial supervision of the most intrusive methods of gathering intelligence.
In the modern era public support in liberal democracies for covert activities of secret intelligence and security agencies cannot be taken for granted. In several countries, including Germany, it is still a live legal and political issue. The British experience illustrates that a strong majority in favour of allowing intrusive investigative techniques can be secured, with some provisos. Namely, that it is clear the measures are necessary in the light of genuine threats, that methods open to agencies are subject to the domestic rule of law, proper regulation and independent oversight, and that the powers are applied with restraint, and, in the words of the law, that they are necessary and proportionate.
In the 1970s Northern Ireland faced waves of sectarian murders carried out both by the Provisional IRA and by so-called Loyalist paramilitary gangs. Intelligence gathering was both essential and highly dangerous. The British Army set up a covert agent handling unit, and information from their agents inside terrorist gangs stopped some attacks. But for the agents to be useful as sources they had to be accepted by terrorists as active members of their organisations. The British State thereby left itself open to accusations of collusion, turning a blind eye to significant wrongdoing by its agents. Subsequent judicial investigations of allegations have not laid these fears to rest. The law on participating informants was shown to be unclear, and only now has fresh legislation been introduced to clarify how covert sources could be authorised to break the law in defined circumstances, such as by being members of prohibited terrorist organisations.
This legislation, and the legislation following the Snowden disclosures, clearly distinguish intelligence in the service of liberal democracies from that of autocracies. But this is relatively recent in historical terms. It has taken at least five centuries from seeing intelligence gathering as a secret no-holds-barred activity pour raison d’état to placing it under the modern rule of law.
And compliance with the law is an ongoing issue. The core of the principle of the rule of law, according to the former British lord chief justice Thomas Bingham is ‘all persons and authorities within the state, whether public or private, should be bound by and entitled to the benefit of laws publicly made, taking effect (generally) in the future and publicly administered in the Courts’. A publicly made law is accessible to the citizens who can understand how its provisions may apply to them.
The problem exposed publicly by, most recently, the Snowden case, was that the advanced methods of modern digital intelligence had simply not existed when the laws in force were passed. Subsequent official reports revealed the new discipline of digital intelligence was being imaginatively applied by GCHQ and other UK agencies, not just for interception of communications and searching of communications data, but also for the exploitation of bulk personal databases and computer network attack and interference with computers and servers. All done using statutory powers in a variety of Acts that Parliament used in ways that the public might not have been aware of.
At the same time, public concern over security threats was rising across Europe, following deadly terrorist attacks and a number of serious cyber-attacks, as well as Russian digital subversion. The issue became less one of questioning the need for digital intelligence tools, and more one of how best to construct a democratically acceptable legal framework to allow the reasonable use of them against those who mean us harm, that is, with independent oversight and sufficient transparency leading to the confidence that under no future government, of whatever colour, could these capabilities be misused.
The digital revelations nevertheless created a form of moral panic in Europe over fears of a future surveillance state. Such concerns continue to energise privacy and rights groups. Wider data protection fears have intensified EU Commission and European Parliament consideration of the privacy implications of the business model of the internet itself, with free at the point of use services like search engines and social media being paid for by the monetisation of the personal data of users, harvested in increasing quantities by internet companies for marketing purposes. Nor will technology stand still. Updated democratic ‘licences to operate’ will, no doubt, eventually be needed to cover new technologies, including those of surveillance by mini-drones, advanced facial recognition systems and the application of artificial intelligence algorithms for security purposes.
We have entered a new intelligence era, one I describe as the era of the social compact, in which, after extensive debate, the UK and most European nations have given new democratic licences to their security and intelligence agencies to operate under the rule of law.
The lesson of the long 500-year British journey is salutary for all democratic governments. We are in an age where national security can no longer just be a matter for the secret parts of the state. As part of their primary duty for national security Governments have to ensure the safety and security of the public against a variety of twenty-first century threats including terrorists, hackers, organised criminal groups and hostile States and non-State groups exploiting cyberspace to try to subvert our democracies. The active support and assistance of the public is needed. An important task for democratic governments must therefore be to stay ahead and ensure the mandates for their intelligence and security communities remain consistent with democratic values, duties and rights.