Director of GCHQ Jeremy Fleming spoke at the CyberUK18 convention yesterday. All italicised quotes below are Fleming’s words from the speech.
“I’m going to talk about the way in which the threats we face are developing and how we’re approaching this challenge. I’ll talk about what we’re doing to take the terrorism fight online, how our adversaries are becoming more tech savvy, and how we in GCHQ are responding, operationally, technologically, and culturally, to keep up.”
His speech was very political, very supportive of the Tory government and displayed a view of the world with a rigid division between us and them.
“Hostile states, terrorists and criminals are emboldened and assisted by technology.”
The persuasive phrase “hostile state” revealed that Fleming thinks Britain is in a permanent state of war with someone somewhere. He doesn’t view the world as full of people but as divided between good and evil collections of people.
He warned that, for these “hostile states,”
“you only have to examine the investment some States are making in the development and use of cyber tools to disrupt, steal, and intimidate.”
That claim, that he made no attempt to verify or quantify, is set against Fleming’s celebration of British cyber activity:
“For well over a decade, starting in the conflict in Afghanistan, GCHQ has pioneered the development and use of offensive cyber techniques. And by that I mean taking action online that has direct real world impact. In recent years, we’ve worked closely with the Ministry of Defence and key allies to grow these capabilities at pace. Much of this is too sensitive to talk about, but I can tell you that GCHQ, in partnership with the Ministry of Defence, has conducted a major offensive cyber campaign.
We may look to deny service, disrupt a specific on-line activity, deter an individual or a group, or perhaps even destroy equipment and networks.”
Thus, Fleming thinks there is good hacking and evil hacking.
He tried to put British cyber attacks into perspective regarding the law:
“We know that these capabilities [cyber attacks] are very powerful. The international doctrine governing their use is still evolving. And as with all of our work we only use them in line with domestic and international law, when our tests of necessity and proportionality have been satisfied, and with all the usual oversight in place. Speculation to the contrary fails to understand the true values of my organisation, our military, and this country.”
His assertion that there is an “evolving” nature of “international doctrine” on cyber attacks is very convenient for GCHQ. The uncertainty about the location of the legal boundary allows GCHQ to break the law and then blame a lack of clarity.
The third sentence in the quote above was designed to confuse and obfuscate. Fleming said GCHQ cyber attacks are “in line with” the law; is that the same as being legal? He said GCHQ apply their “necessity and proportionality” tests; are these tests additional to the law or in opposition to it? He was deliberately vague about which it is. What is “all the usual oversight?” It appeared to be just another purposefully vague phrase.
The final sentence was disturbing. He preempted criticism and immediately tried to cancel it. GCHQ should always be available for scrutiny, but Fleming’s haughty attitude to likely criticism is indicative of a stance that fears inspection, that intends to obstruct scrutiny and that will denigrate any critics.
He had more to say on those “hostile” states:
“Hostile nation-states are rapidly building and enhancing their cyber tools to stay ahead in the global race. Whether it’s stealing another government’s secrets or the IP from a defence contractor, some states are willing (and very able) to do it. The Russian Government is widely using its cyber capability. Whether that’s NotPetya against the Ukraine’s financial, energy and government sectors, which eventually spread across the world. Or the use of industrial scale disinformation to sway public opinion. They’re not playing to the same rules, they’re blurring the boundaries between criminal and state activity. And they’re not alone. We’ve seen state-sponsored hackers conducting cyber-attacks to avoid sanctions – the release of WannaCry by North Korean cyber actors last year is a great example of that. Some of their malware tools are highly complex, using extensive infrastructure and advanced tradecraft. And we track these nation-states evolving quickly to respond to new defences.”
The “global race” of cyber warfare evoked the tone of Kubrick’s Dr. Strangelove; the UK would not want a cyberwar gap to appear. Fleming’s division of humanity into groups separated by state boundaries was on display again via his worries about “hostile” states “stealing another government’s secrets.” What are a “government’s secrets?” Governments are supposed to be administrative bodies who work for the people who elect them. Does Fleming, who has a long history in military intelligence, have any concept of what government is and what should be its relationship with the public?
In the quote above, Fleming accused Russia of “industrial scale disinformation to sway public opinion.” “They’re [Russia] not playing to the same rules [as us].” But, Russia is following the same path of disinformation as any other country. Has Fleming not heard of Strategic Communication Laboratories and Cambridge Analytica? Has he never read Daily Mail, The Sun, Express, Telegraph, Times or Evening Standard? Has he never looked at the social media comments of Tory chairman Brandon Lewis and deputy chairman James Cleverly or the official Tory twitter account? Has he never listened to a Theresa May speech and compared it to reality? Has he never heard of Lynton Crosby? The Russian government is certainly guilty of promoting disinformation, as is the UK government, USA, France, Germany, Australia, Canada, Ukraine, China, North Korea, South Korea, Israel, Spain, Saudi Arabia, etc. In Britain, the current government, previous governments and their respective advisers have been keen disinformation deliverers, various UK police forces have knowingly declared falsehoods to be facts and, surprise surprise, GCHQ and MI5 (Fleming’s previous employer) have been happy to impart untrue information; disinformation has been a key component of MI5’s work.
Fleming repeatedly expressed his concern about the cyber warfare gap. “It’s only a matter of time” and “I want to demonstrate how cyber has created a new threat landscape” emphasised his fears. He assured listeners to his speech that there exist plans “to stay ahead.” It wasn’t clear if the “threat landscape” is on the map on the big board in the war room. “Cyber has become an indispensable part of modern national security statecraft.” As General Buck Turgidson said “we’re still trying to figure out the meaning of that last phrase, sir.”
The key point in Fleming’s speech: Authoritarian laws
Fleming exalted the talents of the staff at GCHQ and the technical capabilities of the organisation. He depicted GCHQ as an almost magical place, but
“to do the extraordinary things we do, to be able to exercise the formidable powers at the Government’s disposal, requires strong laws.”
“Strong laws” means strongly in favour of what GCHQ desires. GCHQ does not always need strong laws to allow it to do what it wants to do but their existence gives it greater licence to avoid being hampered by the inconvenience of magistrates’ decisions or lawyers and judges who may try to obstruct GCHQ from monitoring innocent people.
The strength of law (in GCHQ’s favour) “was enhanced last year with the passing of the Investigatory Powers Act.”
The Investigatory Powers Act 2016 (IPA) legalised the previously illegal (but normal) practices of GCHQ, police and military intelligence related to monitoring the online activity of any member of the public, and it added extra legalisations of extreme intrusive behaviour. All independent liberal observers described the IPA as a collection of gross intrusions into private lives of any member of the public and wholly incompatible with any country that calls itself a democracy. No other country with a democratic system of government has laws that compare in severity of intrusion as the IPA. The activities that the IPA enables are not necessary for (or even connected to) a fight against organised crime or terrorism. The intent of the IPA is to make easier the inspection of the behaviour of political opponents to the government and, consequently, to reduce the activities of political opposition. (Fuller assessment of IPA here: Open Democracy article on IPA)
Fleming’s excitement about the IPA is personally damning. More than two decades in the mire of MI5 negated any concept he may have had of true democracy, of freedom and of personal privacy.
The speech concluded with careful repetition of GCHQ’s claim of a commitment to transparency and openness.
“I’m convinced there is a supporting responsibility on us, on me, to be as transparent as possible, to explain as much as we can to the wider public without jeopardising our core mission.”
“For me, in all that I have said, today is about continuing that openness, and of giving you a flavour of the world we operate in.”
“It’s transparent and open when it can be.”
The ‘open and transparent’ GCHQ indulges in mass secret surveillance of anybody with no warrants, no accountability and no explanation. (In the 1980s the ‘open and transparent’ GCHQ refused to allow trades’ union membership and it sacked employees who were members of unions.)
“GCHQ always acts lawfully,” concluded Fleming. He said that after describing earlier how GCHQ has persistently acted unlawfully and how it will continue to act unlawfully whenever it feels like.
Summary of Fleming’s vision for GCHQ
- Fleming’s military intelligence training eradicated any perception of privacy for the individual. It induced a professional outlook that separates government from the public and perceives anyone outside the government as a potential wrongdoer and a potential enemy.
- Fleming views the world as disconnected states that are in conflict with each other. His professional stance is acute xenophobia.
- Fleming sees the law as optional and pliable. His intent is that GCHQ should obey the law if it suits GCHQ.
During his praise for the staff at GCHQ Fleming said they
“understand the heavy responsibility of keeping the country safe, of protecting our liberal democracy.”
So, is it correct to assume that if the UK did not have a “liberal democracy” then Fleming would not guarantee his organisation’s cooperation with the government?
If, for example, the British electorate voted for a socialist government, would Fleming declare civil war?
Full transcript of speech: Jeremy Fleming at CyberUK18