Intelligence agencies’ pitch for powers
Australia’s security and intelligence agencies are on a drive to improve public trust as they seek more intrusive powers, with the head of the powerful Home Affairs Department, Mike Pezzullo, declaring the social contract they have with the public has been damaged and needs to be redrawn.
Following a public speech in which he warned members of Australia’s security community they must be extremely careful not to overuse their capabilities, Pezzullo told The Saturday Paper this week that trust in security agencies had suffered in the past decade following the damaging leaks of classified information by United States government whistleblowers Edward Snowden, Chelsea Manning and others.
While condemning the leaks and describing Snowden’s actions in particular as “treasonous” – even suggesting foreign governments may have “played” him – Pezzullo says they exposed the extent to which spy agencies worldwide were monitoring citizens and gathering data. And that came as a shock to some.
The leaks forced governments to explain and justify their actions and, in some cases, modify their practices.
Until those leaks exposed the extent of government cyber operations, intelligence agencies had an unwritten deal with the general population that they could operate in secret – with appropriate oversight – because they were acting in the national interest.
“The traditional bargain up until about a decade ago was ‘we’re not going to talk about any of this, but you can presume that we’re keeping you safe’,” Pezzullo says.
“[People] by and large accepted it. The techniques are so secret, the sources are so secret, there are agents’ lives at risk, the nature of our very special capability, say, for cryptography, is so sensitive that we can’t even hint at how we do it. And so, people had a sense, partly through popular culture – you saw your Bond movies or whatever – that … all of this has been done in our name and it seems to be all okay and we’re safe. I think what changed [with] the disclosures of a decade or so ago … The citizenry in the West, at least, started to say, ‘Oh, there’s quite a lot actually, there’s a lot collected.’ ”
In a separate speech to the Australian Strategic Policy Institute on Monday night, one of the chiefs among Australia’s intelligence collectors, the director-general of the normally highly secretive Australian Signals Directorate, Mike Burgess, defended his spy agency’s activities, saying it had “come out of the shadows” this year.
“And that’s the way I intend it to stay,” said Burgess, noting that ASD had sent out its first tweet this week, including a wry one-liner: “Hi internet, ASD here. Long time listener, first time caller.”
Burgess outlined ASD’s now-expanded statutory role in both the military and civilian domains: to gather intelligence, advise defence, law enforcement and business on cyber threats and protect against – and in some cases disrupt – those threats.
He rejected suggestions in news reports earlier this year that it would be spying on its own citizens but did not rule out spying on those suspected of planning or committing offences, saying ASD had no interest in “everyday Australians”.
Burgess made a case for ASD’s recently expanded powers.
“Offence informs defence and defence informs offence,” he said – a phrase he would repeat twice more during the speech. “Or, to put it another way, to best catch a thief, you will need to think like one – or perhaps, be one.”
Pezzullo, in his speech on October 25 to the Australian National University national security college’s Women in National Security conference, conceded that the security community was “not good at mounting the argument” for what it does and relied too heavily on the fact that its practices were secret and would be obscured from public view.
“Too many of us have grown up with the instinct of ‘whack a classification on it, put a code word on it and no one needs to know’,” Pezzullo said last week.
“I’m sorry. Democracy is actually being tested, colleagues. Our licence to operate is being challenged.”
This week, in another speech and subsequent interview with The Saturday Paper, Pezzullo said the huge internet companies that collect massive amounts of data and then use or sell it for profit – and whose platforms have been hijacked in disinformation campaigns – were also contributing to public suspicion.
“Whether you’re in the private sector or the public sector, this question of the licence to operate – and what are the terms and conditions around the licence to operate, what is the nature of that contract – has to be, I would go so far as to say, rethought,” Pezzullo says.
Now they all have to better explain – and be accountable for – what they do.
And in a second speech in as many weeks, to fellow public servants on Tuesday through the Institute of Public Administration Australia, he warned that online “connectedness” had been revolutionary with its seemingly limitless reach but was also “narrowing our horizons of interest” by letting corporations restrict what users see.
He said that made it a potential threat to democracy.
“We should not delude ourselves,” Pezzullo told his audience. “In the digital age, the ‘truth’ is still mediated – by algorithms, foreign interference, market research, disinformation and so much more. We are not seeing, as the digital industrial complex would have it, the unmediated expression of the popular will, free of the taint of ‘power’. Rather, our shared sense of what is true is being undermined and power is being reframed under a veneer of ‘freedom’ – but without the apparatus of representation and the mediation of power which allows the latter to be held to account.”
Pezzullo’s double-headed pitch, combining self-reflection on overreach with warnings about threats posed by the companies that so many people trust with their sensitive information, coincides with the security agencies’ controversial bid for greater powers to access the encrypted data these companies hold and oversee.
Access would be targeted and would involve warrants.
Legislation aimed at giving the agencies the authority to access certain encrypted information is currently before the security watchdog, the parliamentary joint standing committee on intelligence and security.
The parliamentary inquiry has attracted dozens of submissions, many of which – including one from the Law Council of Australia – suggest the power it would give the agencies goes too far.
The Law Council warns it contains no acknowledgement that individuals and businesses are entitled to reasonably expect communications are confidential and could undermine Australia’s reputation as a secure place to do business.
Others, including the big tech companies, have warned that creating ways of accessing encrypted data could expose their systems to hacking.
Pezzullo is confident that issue is resolvable.
“If there’s a different way to write that provision which still keeps the idea, that’s a matter for the committee,” says Pezzullo. “We’re not going to pre-empt that.”
But he says the language of overreach is simplistic.
“This is to assist the interception of content that can already be accessed, except it’s dark,” he says, meaning the basic metadata can already be accessed legally but not the messages’ encrypted contents. “So, you’ve got to have a warrant, the AFP has got to have a suspect, ASIO’s got to have a person of interest.”
And the agencies’ activities are subject to oversight.
Pezzullo seeks to reassure the doubters. “Generally speaking, I mean, laws have been passed and you can assume that elected representatives who are in touch with community attitudes would not be passing those laws if they felt that there was a, you know, a vehement opposition,” he says.
“But the concern about safeguards, the concerns about transparency – who’s going to monitor folks in our positions – I think that discussion has been shifting for about 10 years.”
Defending the proper use of security powers, Pezzullo told the ANU conference last week that Australian agencies were scrupulous and were accountable. Any breaches of their rules, he said, paled in comparison with the unregulated practices in non-democratic regimes.
“On occasions, our misuse of that licence … is not egregious and certainly nothing on the scale of how some others misuse their licence to operate, because they just write their own licence,” said Pezzullo.
“So, we shouldn’t flagellate ourselves over it – our poor instinctive reactions to how to mount the argument about our licence is the one thing in our vocation I think we need to do a lot of work on.”
But the Inspector-General of Intelligence and Security (IGIS), who oversees 10 intelligence agencies – up from six, with this year’s restructuring of the security architecture and creation of the Department of Home Affairs – has found further work is required in their practices, too.
In her recently published yearly report, Margaret Stone, the current IGIS, listed a series of breaches in which the Australian Security Intelligence Organisation (ASIO) in particular had failed to comply with requirements, including sloppy administration, incomplete information supplied to ministers, incorrect targeting of phone intercepts and storage of data.
She said she was satisfied problems had been rectified but raised concerns about repeated mistakes in bugging Australians offshore thinking they were foreign citizens because that is what ASIO’s privacy rules presume.
The Australian Secret Intelligence Service (ASIS) and ASD also recorded breaches, although fewer than ASIO.
In relation to ASIO’s handling of sensitive financial intelligence, Stone detailed “extreme non-compliance” both with its own internal policies and its rules for handling information provided by another spy agency, the Australian Transactions Reports and Analysis Centre. In one case, ASIO had passed information to a foreign intelligence agency without approval. She said it still had not explained how it would avoid accidental disclosures in future.
Stone also criticised the lengthy delays in ASIO processing security assessments, especially in immigration and citizenship cases.
Speaking to The Saturday Paper, Pezzullo, in whose portfolio ASIO now sits, says the breaches and other difficulties, most of which the agencies themselves identified and reported, must be seen in the context of the huge volume of intercepts and other surveillance activities that the agencies undertake every year.
“Look at all the cases that they are running, look at all the information that ASD collects, look at all the reports that ASIS collects,” he says. “It’s got to be kept in perspective. Where is the Margaret Stone equivalent, or the inspector-general of intelligence and security in non-democratic authoritarian states?”
Specifically, he compares both the activities and the oversight processes in Australia to those of Russia’s General Staff of the Armed Forces, which is also known as the GRU, an abbreviation of its Russian name.
“Where is the annual report of the GRU? Where is the annual report of the oversight body of the GRU that indicates how many times the GRU misused and overreached in terms of its powers?”
Pezzullo’s comments about the challenges technology and social media pose to both security and democracy echo sentiments expressed by the former United States director of national intelligence in the Obama administration, James Clapper, who has been in Australia recently as a visiting professor at the ANU.
On October 9, Clapper gave a public lecture in which he canvassed the challenges to and developments in intelligence and security.
“Social media has huge intelligence implications, so you have to take that into account,” said Clapper.
“If the intelligence community doesn’t stay up on technology and if the government that owns that intelligence apparatus chooses not to invest in intelligence, do research and development, well over time that intelligence apparatus will become less and less relevant to policy-makers. One of the first things you learn in intelligence school – first week – [is that] there are only two conditions in life: there’s policy success or there’s intelligence failure. No other conditions.”
The image of intelligence officers as the whipping boys and girls for governments’ bad decisions got a laugh at the university lecture.
But his message – like those of Mike Pezzullo and Mike Burgess – was serious: intelligence agencies needed the capacity to speak “truth to power” and provide the most accurate assessments they can because doing anything less is dangerous.
Clapper’s further comments may provide a hint as to why security chiefs have embarked upon what appears to be a sudden public relations campaign – one Pezzullo declines to confirm but does not deny and also coincides with the encryption bill’s consideration by the joint standing committee.
James Clapper also pointed to the leaks of the past decade, especially the work of Edward Snowden. “In the aftermath of Snowden, the takeaway lesson is that the intelligence community should have been more transparent,” he said.
What Snowden exposed was a program that involved the US’s National Security Agency (NSA) tracking what is known as telecommunications metadata, in this case the phone numbers of people making and receiving calls – including Americans – and the lengths of the calls, without names or their actual content.
It was a program put in place as a direct result of the September 11, 2001 terrorist attacks, in which phone calls were made from outside the US to people within the country and the agencies had no way to link them.
Clapper insists the powers were important – powers similar to those Australian agencies now also have – but says the government and NSA should not have been so secretive about them.
“In retrospect, had that just been explained to people – and the Congress – in the wake of 9/11, you could have got legislation big enough to drive a truck through,” said Clapper. “No one would have objected.”
As an aside, he suggested Americans should be no more worried about that than about the database the Federal Bureau of Investigation maintains on millions of innocent citizens.
“So, by the way, two years later after the Snowden revelations they passed another law … where instead of NSA maintaining the metadata, what NSA now does is go to the providers and ask for it,” Clapper said.
“I’ll leave it to you to decide how much you trust the providers to protect that information,” he continued, “the irony is, now NSA can request even more data. Because NSA was only storing data from three providers – about 30 per cent of phone calls. Now they get 90 per cent.
“But it ain’t the government. So that makes everybody feel better.”
Australia’s proposed new law would access the encrypted content of the data and the message from security agencies here is that those companies are not necessarily the good guys.
But when it comes to the two Mikes – Pezzullo and Burgess – Clapper’s aside may help explain the charm offensive.
This article was first published in the print edition of The Saturday Paper on Nov 3, 2018 as "Turning on the monitors". Subscribe here.