Counter terrorism is dependent on a successful public-private partnership.
This morning, ADS was invited to attend the Home Secretary’s speech on counter terrorism. The speech will be of interest to the security sector as it:
- Identified a number of areas of concern that remain outstanding, where capabilities developed by the sector may help.
- Confirmed the government’s commitment to a number of existing initiatives, which the sector is (or will be) involved in delivering.
- Outlined new security measures to be included in a new Counter Terrorism and Security Bill, which the sector will undoubtedly be involved in delivering.
The Home Secretary seemed also to give an indication of how national security may be treated during the next Comprehensive Spending Review (CSR) and the 2015 Strategic Defence and Security Review (SDSR). She noted that ‘despite the debt crisis, we [the government] protected the budgets for counter-terrorism policing and for the security and intelligence agencies [in 2010]’.
The 2015 SDSR will take place in the context of a Comprehensive Spending Review that is very likely to propose additional reductions in public spending, but the Home Secretary’s remark suggests that at least some aspects of spending relevant to national security and resilience will continue to be prioritised. This is likely to be a cross-party position.
Areas of concern: social media, access to communications data and content
In her speech, the Home Secretary noted
Unlike other terrorist organisations, ISIL have the ambition to become a state in their own right, with all the financial clout and the military and technological possibilities statehood brings. They occupy around a third of the combined territories of Syria and Iraq, a land mass almost the same size as Great Britain. And their geographical location means that they are just a few hours flying time away from our country. Their sophisticated use of the internet and social media means they have a significant propaganda reach right across the world. And there is evidence that as well as inspiring many young Muslims to travel to Syria and Iraq to fight, they have given energy and a renewed sense of purpose to subversive Islamist organisations and radical leaders in Britain.
Social media and open source analysis will continue to be a significant area of interest for the government – and it is one in which the security sector is investing large amounts of Research & Development.
Indeed, tomorrow, the Intelligence and Security Committee will publish its report on the intelligence relating to the murder of Fusilier Lee Rigby. This report is likely to highlight that indications of Michael Adebowale’s increased extremism were visible through his internet use, but this was unknown to the Security Service. Social media is likely to be one aspect.
Another aspect is access to communications data and the ability to intercept communications. The Home Secretary is worried about the capability gap the authorities increasingly face as a result of changing communications technologies and encryption by commercial providers. Whilst the new Counter Terrorism and Security Bill will attempt to address part of the gap (see below), the Home Secretary was clear that more would need to be done in the next Parliament:
I must emphasise that these powers are limited and they do not mandate the retention of and access to data that would in all cases identify a suspect who has, for example, been accessing servers hosting illegal content. The progress in this Bill is welcome – but we will still need to return to the Communications Data Bill in the next Parliament.
The security sector believes that any obligations placed upon technology companies must be based upon a clear and transparent legal framework.
Ongoing initiatives: border security, tackling terrorist content online
The Home Secretary referred to three initiatives, which the government remains committed to and in which it will continue to invest:
1. The second generation Schengen Information System (SIS II). SIS II is designed to enable the exchange of information between national border control authorities, customs and police authorities on crime, national security and immigration matters. It consists of three shared components – a central system, Schengen Member States’ national systems, and a communication infrastructure between the central and national systems. The central system acts as a single point of information entry for the 29 Schengen States, connecting to all national IT systems in the region. SIS II will enable member states to introduce new types of data, such as biometric data, into the system. Member states can also set up new alerts on suspected criminal activity and link these with existing alerts on individuals or vehicles. Steria has been selected to provide an off-the-shelf system for the UK government.
2. Universal exit checks at the border by April 2015. Technology will enable some, though not all, exit checks. The Independent Chief Inspector of Borders and Immigration previously noted that the capability (formerly known as e-Borders) needed further development:
(…) In order for e-Borders to be used as the basis for the delivery of the Ministerial commitment to introduce exit checks by 2015, it must be capable of facilitating physical interventions where appropriate. We found that the Police did mount interventions against passengers leaving the UK as a result of information provided by e-Borders. In contrast Border Force was not able to exploit the system to intercept departing passengers because:
outbound immigration matches were not processed in real time; and
virtually all outbound commodity matches were deleted without further examination.
Border Force will need to address these issues and ensure that resources are available to conduct the necessary interventions at ports if e-Borders is to be used as the basis to deliver the commitment to introduce exit checks
In addition, there is
uncertainty about whether certain transport sectors will be able to accommodate the e-Borders requirements (particularly the railway and maritime sectors). For example, Eurostar tickets are sold from a large number of stations and outlets, not all of which have the facility to collect and transmit passenger data for e-Borders. Similarly, bookings systems used by ferry companies do not record passengers’ details, since they are concerned with selling deck space rather than individual seats. Only passengers who present as foot passengers are issued with individual tickets, and it would not be possible for the companies to collect their details and pass this on to e-Borders before the passengers presented at check-in. There are also difficulties in aligning e-Borders requirements with practices in the general aviation (e.g. private flights) and general maritime (e.g. leisure craft) sectors.
Finally, delays in securing agreement on an EU Passenger Name Record system continue to complicate the ambition for exit checks.
3. The Counter Terrorism Internet Referral Unit (CTIRU), which, since 2010, has secured the removal of 65,000 items from the internet that encouraged or glorified acts of terrorism. More than 46,000 of these have been removed since December 2013. At present, content relating to ISIL, Syria and Iraq represents around seventy per cent of the Unit’s caseload. The CTIRU is likely to have further capability requirements in coming months (for example, software) if it is successfully to meet the demands it faces.
New initiatives: aviation security, communications data, terrorist financing, civil liberties
Of relevance to the security sector, are four new measures announced by the Home Secretary:
1. Aviation security. The Home Secretary announced that the government would
toughen our arrangements for aviation security. This means requiring airlines to provide passenger data more effectively, changing the law to extend our ‘no-fly’ list, and strengthening our ability to impose security and screening requirements on travel to the UK. If airlines do not give us passenger information or comply with our security screening rules, we will ensure they cannot fly to the United Kingdom.
There are likely to be capability requirements for behavioural analysis, data analytics, detection of contraband, and improving the functionality of electronic passport gates.
2. Require internet providers to retain Internet Protocol (IP) address data to identify individual users of internet services. What this means in practice remains to be seen when the draft legislation is published on Wednesday: what information will service providers actually need to keep? The BBC has explored the complexities of this question. A good technical study of the issue of traceability on the internet has concluded that ‘if you are creating logs of activity for security purposes — because you might want to use the information to track someone down — then you must record not only the IP address, but also the source port number’; the author has also explored the practical difficulties of maintaining records and commented on how legislation in this area has been drafted in the past.
3. Of interest to ADS’ Security in Complex Environments Group (SCEG), which is the partner of the Foreign and Commonwealth Office for developing standards for the private security industry operating overseas, is the government’s decision to clarify existing legislation such that insurance and reinsurance payments for terrorist kidnap and ransom will not be permitted.
4. Set up a new independent privacy and civil liberties board. Given that the security sector develops and delivers much of the underpinning technology for the government’s security measures, ADS hopes that the sector will be represented on this board.