GCHQ
Page 54
This was hardly a procedure designed to permit immediate action. Moreover, Gibson also shows that GCHQ had prioritised the flow of sigint to RUC headquarters in Belfast and the border areas. Omagh was in a quiet area west of Belfast, and had been given a lower priority.48 Whatever the shortcomings of the system, it remains unlikely that the security forces could have responded in the limited time-frame available. Even with the most attentive real-time listening, for GCHQ to have analysed the conversations, contacted the right units in Northern Ireland, and for them in turn to have put several roadblocks in place, in a little more than an hour, is improbable. Quite simply, in real life, response times are not that fast.49
Much more convincing are the complaints about the way in which the dead hand of sigint security rules impeded the subsequent police investigation. GCHQ shared intelligence with the RUC Special Branch, which it saw as another intelligence service, but not with the CID officers pursuing the criminal investigations. Gibson concedes that this led to ‘a tension between Special Branch and CID’.50 GCHQ’s voice recordings might well have assisted in the CID’s subsequent efforts to identify and arrest the perpetrators. Instead they spent months trawling through call logs, in effect doing their own more primitive sigint, and as a result the trail went cold.51
The Omagh bombing underlined that ‘need to share’ was a major problem right across the British intelligence community. The sort of targets that were of rising importance in the late 1990s, including Middle Eastern terrorists, Colombian drug cartels and warlords in the former Yugoslavia, required closer and faster cooperation with MI5 and SIS. A well-worn system of liaison already existed. GCHQ had a small unit called ‘Z Division’, whose job it was to pass material to the other secret services and to agree on the use to which it could be put. However, the formal regulations surrounding the use of sigint, called ‘IRSIG’, largely drawn up by NSA, were proving cumbersome and made ‘Action On’ very difficult. (‘Action On’ was the phrase used to indicate permission to share sigint with colleagues with a view to taking positive action.) GCHQ’s instinct was always to hide its source. Now, a younger generation of MI5 and SIS officers was tending to bypass these obstacles, preferring to meet up informally with GCHQ personnel in the pleasant Cotswolds pubs around Cheltenham. This was a grassroots revolt, and during the late 1990s top managers in the British intelligence community had to accept the new trend. Organic connections were developing fast between the three secret agencies under the pressure of fast-moving day-to-day operations.52
In the summer of 1998, after only six months in office, Kevin Tebbit handed over to Francis Richards, who would be GCHQ’s fourth Director in as many years. Like his immediate predecessors, Richards was an outsider, but he was not entirely unacquainted with the secret world. He had served in the Army, including on Cyprus, and had then joined the diplomatic service. His father, Brooks Richards, had served in SOE during the war, and had been Cabinet Office Coordinator of Intelligence in the late 1970s. For Richards, and for Britain’s other intelligence chiefs, one of the pleasing aspects of the Blair administration was that the Prime Minister took intelligence seriously, partly because of his abiding enthusiasm for military intervention. However, in the late 1990s the emerging security issue was the rising tide of global organised crime. In early December 1999, Richards joined the Chief of SIS and the Director General of MI5 in an extended meeting at Downing Street on the ‘crime emergency’ facing Britain, including the threat from the Russian Mafia. GCHQ was asked to work more closely with the National Criminal Intelligence Service and to help set up a new unit called the Government Telecommunications Advisory Centre, which addressed the growing use of email and encrypted computers by organised crime.53
By the late 1990s the main threats that preoccupied government arose from shadowy non-state organisations rather than foreign countries. They included terrorism, organised crime and warlordism, together with a proliferation of private networks interested in nuclear, chemical and biological weapons. The common element among these new threats was that many of them operated clandestinely. The British response was to give more emphasis to intelligence-led activity. Indeed, as Britain’s borders became more porous, and with the growing volumes of international trade, there was little else that could be done. The expansion of the European Union seemed to suggest practically an open frontier for Britain that extended as far as the Urals.54 In June 2000 the shocking discovery of fifty-eight Chinese illegal immigrants who had perished in a container lorry at Dover highlighted how serious these matters were. The government was now reversing the cuts it had imposed on the intelligence agencies, because they seemed a plausible antidote to these intractable problems.55
GCHQ’s contributions in this realm were valuable. This was illustrated by the capture of the exceedingly dangerous criminal Kenneth Noye. In 1996 Noye was the prime suspect in the notorious murder of Stephen Cameron in a road-rage incident on the M25 motorway. The perpetrator fled the motorway junction where the attack took place in a black Range Rover. Noye was also linked to a string of high-profile crimes, including the disposal of the assets from the Brinks Mat bullion robbery at Heathrow airport in 1983. After the murder, Noye slipped abroad: the police would visit no fewer than thirteen countries, including Russia and northern Cyprus, in their quest for him. Huge efforts were made to keep the search secret, since some police officers and one senior politician were thought to be in Noye’s pay. All the police had to go on were reports that he was in Spain and his current mobile phone number. In 1998 GCHQ used cell-site tracking of his mobile phone to identify his movements, and this allowed him to be located in Spain, despite numerous false identities. Stephen Cameron’s girlfriend, Danielle Cable, who had witnessed the M25 murder, was flown out to Spain to assist in his identification. One evening Noye was eating dinner in an expensive restaurant when four undercover detectives in T-shirts and shorts surprised him and handcuffed him. Britain’s most wanted criminal had been caught. Jack Straw, the Home Secretary, signed Public Interest Immunity certificates on 8 February 2000 to ensure that details of GCHQ’s role in finding Noye were not revealed in court.56
The police were so anxious about the safety of their witnesses that they were protected in a police station in north London with three separate air locks. Each witness was guarded by an armed policeman who had been specially vetted to ensure that he had no links to south London, where Noye operated. This caution was justified. Danielle Cable courageously gave evidence at Noye’s trial in 2000, and was later given a new identity. Alan Decabral, an eye-witness to the murder who also gave evidence, refused a new identity and was shot dead in his car in Ashford in Kent on 5 October 2001.57 To the dismay of GCHQ, its role in the effort against Noye was being discussed in the newspapers even before the case came to trial. This triggered a further operation, this time against journalists and their sources. Code-named ‘Operation Nigeria’, it caught journalists from tabloid newspapers on tape during a surveillance operation that showed they were procuring intelligence from a private detective agency which, in turn, obtained its information from corrupt police officers. Over the summer of 1999 the detective agency in question, known as Southern Investigations, was secretly bugged by the Metropolitan Police’s anti-corruption squad, CIB3, and one leading figure was recorded discussing how he had sold a story to a reporter about GCHQ’s role in tracking down Noye. It was also found that Southern Investigations had an informant in the Diplomatic Protection Squad at Buckingham Palace.58
No one could possibly argue that the identification and arrest of Kenneth Noye was anything other than an immense public good. Yet, because crime recognises no borders, this sort of work meant that GCHQ was being inexorably drawn into the controversial realm of domestic surveillance as well as having to engage with the contentious politics of internet privacy. During 1996 GCHQ and NSA had joined forces to put forward a solution to the problem of publicly available encryption, called ‘Key Escrow’. However, this idea had proved unworkable, and in any case the new
Blair government was unsympathetic to it. On 26 May 1999 Stephen Byers, Secretary of State at the Department of Trade and Industry, revealed the latest thinking on ‘Encryption and Law Enforcement’. Speaking at the Cabinet Office, he confirmed that ‘Key Escrow’ was finished, and now emphasised cooperating closely with the computer industry rather than fighting it. The government accepted that no single magic technique was likely to sustain interception in the face of rising use of encryption by criminals.59 Instead, it placed its hopes on new legislation called the Regulation of Investigatory Powers Act 2000, under which criminals would face serious penalties for refusing to offer up the keys to encrypted material.60
In addition, there would be a new dedicated computer unit called the Government Technical Assistance Centre (GTAC), intended to break the codes that criminals used to encrypt their emails and computer hard drives. While this was nominally a Home Office unit, in reality code-breaking and code-making always meant GCHQ, and officials joked privately that ‘GTAC’ actually stood for ‘GCHQ Technical Assistance Centre’. Sure enough, in July 2000 GCHQ was asked to lend one of its top experts, Brian Paterson, to the Home Office to establish the unit.61 Even Paterson called GTAC a ‘euphemistic title’ for what was in effect a code-cracking unit at the Home Office. He explained that modern criminals tended to use the internet in three different ways. First, as a simple extension of ordinary crimes, such as fraud, theft and smuggling. Second, there were crimes which had only developed because of the existence of the internet, such as hacking and virus attacks.62 Third, there was the use of the internet by criminals as a means of communications or storage. When it came to the third problem, Paterson explained that domestic interception presented multiple difficulties. It required warrants literally signed by the Home Secretary, ‘even if it means getting him out of bed’. Moreover, in the era of the internet, interception was being made ‘very much more difficult by new technology’.63 Surprisingly, GTAC was developed, staffed, and then little used. Always partly run by GCHQ, it was quietly transferred to Cheltenham in April 2006.64
The number of criminals encrypting their emails and computer files proved to be fairly small. In fact, for a decade both NSA and GCHQ had been barking up the wrong tree in terms of their obsession with the dangers of Public Key Encryption. This was a small problem, compared to the sheer explosion of open communications, especially those based around the internet. In October 2002 General Michael Hayden, Director of NSA, explained to Congress that in the 1990s the number of mobile phones in the world had increased from sixteen million to 741 million. At the same time, internet users went from about four million to 361 million. Half as many landlines were laid between 1994 and 2000 as in the whole previous history of the world. International telephone traffic went from thirty-eight billion minutes a year to over a hundred billion.65 Both NSA and GCHQ were simply overwhelmed by a tidal wave of data, despite the fact that almost none of it was in code. One insider recounted that NSA had created a special facility with three years’ worth of storage capacity for intercepted internet traffic. ‘They filled it in eleven months.’66
By 2000, some intelligence chiefs had even begun to question the value of sigint in this era of superabundant communication. GCHQ and NSA could collect all of this new traffic, but they could not begin to listen to it or process it—so intelligence chiefs were at a loss to know what to do with it. One disillusioned code-breaker observed that it was like trying to pour a glass of water with a firehose. The costs of collecting all this material were huge, and the benefits were uncertain. In the United States, the price of satellite collection was threatening to overwhelm the whole intelligence budget, while in Britain the cost of transferring GCHQ’s massive computers to the new building had begun to rise alarmingly. More importantly, the new sigint, which focused on emails and mobile phone calls, only worked if you knew precisely who you wanted to listen to, since trying to listen to everyone in a globalising world was impossible. Was this the right kind of intelligence-gathering for the twenty-first century? Even as security agencies pondered this question, frightening events were lurking just around the corner that would give it a sharper edge.67
25
The 9/11 Attacks and the Iraq War
Tomorrow is zero hour…
Intercepted phone message, 10 September 20011
Shortly before 3 o’clock on the afternoon of 11 September 2001, Tony Blair was speaking before the Trades Union Congress in Brighton. His speech was hastily improvised, and was far removed from the subject he had expected to speak about. In the previous hour he had been informed of dramatic events unfolding in New York, where it was still morning. Two passenger aircraft laden with fuel had just hit the twin towers of the World Trade Center, which were soon billowing infernos. It was already clear that this was a deliberate attack, and Blair told his audience: ‘This mass terrorism is the new evil in our world today.’ At 2.59 p.m. British time, almost as Blair left the podium, the South Tower collapsed. The unprecedented scale of destruction was just beginning to dawn on the Prime Minister’s immediate circle.
Special Branch officers were worried about an attack on Blair’s car, perhaps by helicopter, so he was taken back to London by train. Later that afternoon he spoke to his intelligence chiefs, who were almost certain that the Islamic terrorist organisation al Qaeda was responsible. John Scarlett, Chair of the Joint Intelligence Committee, offered the view that it was the only group with the capability to mount such an attack. Blair was an avid reader of intelligence, but al Qaeda was not familiar to him. At 5.30 he chaired a formal meeting of ‘Cobra’, the Cabinet emergency planning committee, in its special bunker under Whitehall, which focused on the imminent threat to Britain. Privately, his main anxiety was that the Americans might overreact, retaliating immediately and massively.2 The next day, the heads of the three British intelligence and security services flew to Washington to express solidarity and to underline their determination to do everything to assist. It was a gesture that was greatly appreciated by the Americans.3
In London, the Stock Exchange had been evacuated on the day of the attack, along with Canary Wharf. The skies over London, Paris and other European capitals had been closed to civilian air traffic. Cabinet Ministers felt safe enough meeting in ‘Cobra’, deep below ground, but eventually normal routines had to resume. The Labour Party conference in Brighton was only a few weeks away, and security for the Cabinet there was now a massive headache. The Ministry of Defence wanted to park a warship armed with surface-to-air missiles just off the seafront in case ‘unauthorised planes looked as if they were going to attack the conference centre or the hotel’. David Blunkett, the Home Secretary, thought this was a little excessive. It was then suggested that missiles should be mounted on the roof of the conference centre, or in lorries nearby. In the end, the security forces settled for crash barriers to prevent vehicle-borne bombs.4
In America, an intelligence post-mortem had already begun. On 10 September NSA had intercepted two messages from Afghanistan. One of them said ‘The match is about to begin,’ and the other ‘Tomorrow is zero hour.’ The messages were in Arabic, and were not translated until the day after the attacks. Much was made of these messages in the weeks and months that followed, but their significance is now debatable. Even had they been translated immediately, they were not actionable. Although they appear to allude to an impending attack, they do not specify where, when or how. ‘On Sept. 12 when they looked at these intercepts, no one knew who these people were,’ noted one official.5
Al Qaeda had been NSA’s number-one target since 7 August 1998, when it had bombed the American Embassies in Kenya and Tanzania.6 By contrast, GCHQ had begun to take a pronounced interest in the organisation only relatively recently. The Director of GCHQ, Francis Richards, confirmed that the al Qaeda leader Osama bin Laden had only been ‘a major preoccupation’ for Cheltenham since 2000.7 Nevertheless, GCHQ had picked up some of the growing ‘chatter’ during the summer of 2001, including messages to Middle Eastern journalist
s based in London. There was much talk about impending attacks, and Western embassies were already on high alert. On 6 August the crescendo of imprecise warnings had resulted in a section of President Bush’s Daily Brief headed ‘Bin Laden Determined to Strike in the US’, which underlined the al Qaeda leader’s determination to retaliate for previous Cruise-missile strikes against his training compounds in Afghanistan. It also reminded Bush that al Qaeda had bombed the World Trade Center in 1993. But no intercept gave any direct indication of the time or place of the planned attacks. Senior members of the Bush Cabinet were sceptical about the idea that al Qaeda was responsible for the attacks on the twin towers and the Pentagon, and Secretary of Defense Donald Rumsfeld went so far as to say the intercepted messages were possibly a hoax or a deception.8
After 9/11, the sigint agencies found themselves in crisis. For much of the 1990s the absence of a single high-profile threat had led to cuts in their budgets, just at the time when NSA and GCHQ were struggling to keep up with rapid changes in communications technology. Indeed, one of the problems later identified by the 9/11 Commission set up to inquire into the attacks was that the intelligence agencies had taken on very few new staff in the 1990s. In the wake of 9/11 they moved from famine to feast, and after further terrorist attacks such as that in Bali in October 2002, money was no object. Everywhere there were calls for more intelligence, and for wider international cooperation between intelligence and security services. Even the United Nations, an institution that was traditionally allergic to intelligence agencies, passed Security Council Resolution 1373, which placed a legal duty on all states to ‘find ways of intensifying and accelerating the exchange of operational information, especially regarding actions or movements of terrorist persons or networks’.9