Gordon Corera’s Intercept – the Secret History of Computers and Spies: the internet grows darker
Once upon a time, my long-departed grandmother was an actress in silent movies. She was not very famous, but well enough known to attract the attention of the Inland Revenue, Britain’s tax collectors. They were, according to my father, the bane of her life.
Eventually she retired from acting to become a full-time mother to her children. But the demands from the Revenue kept coming. She decided that enough was enough. So she sent a letter to the tax inspector informing him that Miss Stevenson (or whatever her stage name was) was no longer alive, and would they therefore stop sending these tiresome letters to her address? The letters stopped, and she never heard from the Revenue again.
Twenty-five years ago I took a job with rather an eccentric company in Surrey. I say eccentric because not many company owners even in those days would have a large, flea-bitten dog lying across the entrance to his office. The office was in a wood-beamed house dating back to the 16th Century, and the entrance was at least six inches shorter than me. The challenge of stepping over the dog and remembering to duck left me with dents in my head that can still be felt today.
Even stranger was that he “employed” a bookkeeper who freely admitted that he didn’t exist. By which he meant that he was totally under the radar of officialdom. He paid no tax and no national insurance contributions. He was paid in cash, and there were no transactions he was aware of that would enable anyone to track him down. Some bookkeeper. Some company.
Could anyone get away with being a non-person today? Well yes actually. In the United Kingdom there are probably hundreds of thousands of people who entered the country illegally or overstayed their visas. They have effectively disappeared from official notice. Like the bookkeeper, they operate within the black economy. But should they decide to get into something of which the state disapproves, such as plotting a terrorist act or encouraging people to go to Syria, there’s a fair chance that they would catch the attention of the government agencies tasked with preventing such activities.
Given, post-Snowden, what we know of the capabilities of these agencies – MI5 and MI6 primarily, but with the government communications agency GCHQ providing increasingly close support – it’s pretty clear that if the government wanted to round up a large proportion of the illegal immigrants in the country, it could do so in fairly short order. It chooses not to because it has bigger fish to fry.
Those fish are the subject of Gordon Corera’s Intercept – The Secret History of Computers and Spies.
Corera is the BBC’s Security Correspondent. In his latest book, which could be subtitled “From Bletchley to Snowdonia”, he describes how computers – in the hands of the spies – have gone from single-purpose devices designed to crack German codes during World War II to vast repositories of data to be mined for the purpose of discovering the activities and intentions of individuals, companies and potentially hostile foreign powers.
Before the internet, the intelligence communities used the limited tools at their disposal to monitor their Cold War rivals. Who was spying on them? Was an attack imminent? What were the enemy’s capabilities? The main protagonists, America, Britain and the Soviet Union, relied on increasingly effective cryptology to keep their secrets secret. But codes could be cracked, and as at Bletchley Park, where the first recognisable computer, Colossus, was pivotal to the British war effort, computers increasingly complemented and to an extent replaced the input of human spies.
The internet, and the development of encryption tools that individuals and non-state actors could use to protect their privacy, changed everything. The door was not only open to libertarians, bombers and drug dealers to cover their tracks, but to governments that could use the internet to hack into companies and the institutions of other governments. And, it seems, this is precisely what they did on an industrial scale. Most notably the Chinese, whose People’s Liberation Army employed legions of hackers to suck western companies dry of their intellectual property.
In particular the Chinese wanted know-how related to military and communications technology. They would penetrate servers by exploiting security vulnerabilities, by phishing emails and through access granted by insiders in their pay. Before long intelligence agencies that previously had an offensive role, spying on foreign countries, were forced to go on the defensive in order to prevent potentially destructive attacks on institutions and infrastructure. Companies realised, too late in the case of some, how vulnerable they were, and likewise took action.
After 9/11, attention in the US turned to individuals who might be plotting against the state, be they in the homeland or in hot spots such as Pakistan, Afghanistan and Iraq. The main actors were the CIA and the National Security Agency (NSA). In the United Kingdom the GCHQ joined the so-called War against Terror. For the first time the NSA and GCHQ, whose remit up to then had been confined to targets in foreign countries, found themselves – because of their unique expertise in electronic surveillance – monitoring people in their own countries.
In the main they were looking at metadata – information about who was doing what and going where, rather than what they were actually doing. Who had made calls or sent emails to who, rather than the content of the conversations. The task of finding the needle in the haystack was made easier by technology that enabled them to recognise intersecting patterns of activity. Once they had identified “persons of interest”, they needed warrants that authorised them to listen to calls and read emails related to specific individuals. Use of individual warrants in the UK resulted in a number of high profile arrests, including those of the second, unsuccessful, wave of bombers in July 2005.
Meanwhile we were entering the era of Big Data. Private organisations, such as credit card companies, social media sites and banks, were collecting huge amounts of information about their users. New software tools enabled them to target individual customers based on their social preferences and buying habits. Which is how Amazon, for example, sends you recommendations of products you are likely to buy, and offers of cheap flights to destinations you are contemplating mysteriously arrive on Facebook or in your email account.
To exploit this data governments demanded access for their purposes. The US and the UK passed legislation compelling companies to hand over their data on demand. Access to a much richer set of data – both at home and abroad – enhanced their ability to identify threats to national security. Not without opposition, however. Civil liberties organisations have argued that if governments are able to trawl through these huge and comprehensive repositories of data, for what other purpose might they use the capability – either now or in the future? Not good news for my grandmother had she been alive today, perhaps, or for the bookkeeper who didn’t exist .
Then came Edward Snowden, a contractor with the NSA. The documents he stole from the NSA revealed the full extent of what the intelligence agencies were up to. According to the British and US governments, his revelations seriously affected the counter-terrorism efforts of both countries. The warriors, plotters and planners of jihad very quickly changed their methods of communication to avoid detection.
Corera ends his narrative in the present day with a set of moral and practical dilemmas. Can we justify secure encryption on grounds of civil liberty, when some use it to do bad things? Can we be sure that our governments will use their powers responsibly when others are using cyber capabilities to oppress their citizens? To what extent should national entities govern the internet? Will every country – like China – end up with a Great Firewall, behind which they can control their citizens as they wish (see this article on the BBC website about Thailand’s plans, for example)? And how do we protect our infrastructures in the age of the Internet of Things against cyber-attacks such as the Stuxnet virus that disabled Iran’s nuclear centrifuges?
What is clear, according to Corera, is that the US has exploited home advantage – as the country through which until recently 80% of internet traffic passes (the other 20% passes through the UK), and as the source of the vast majority of technical innovation over the past seventy years. Whether that will remain the case in the future is debatable. China is well aware of its vulnerability on these grounds, hence the Great Firewall and the rise of home-grown technology powerhouses like Huawei.
Whatever the posturing, the US, China and Russia are well aware that a principle of mutually assured destruction applies. Just as today’s great powers can destroy each other and themselves with nuclear weapons, they can also inflict great damage in a cyber war. Yet the economies of each need each other. So an uneasy accommodation recognising that “spies will be spies” will no doubt continue. But no such accommodation exists between governments and insurgent groups, between governments and individuals that seek to bring them down, and between major powers and smaller countries prepared to wage asymmetric war against them.
Personally, I can live with the possibility that my government can find out what they need to about me. I have no secrets likely to be of interest to them. If I did, I would most likely keep them in my head. But then again, I freely express myself in this blog, and I’m acutely aware that if I were a citizen of Egypt or several of its neighbours, were I to say exactly what I thought about my government, my life could be made extremely uncomfortable.
What conditions might lead to the British government doing the same as Egypt? Who knows, but it doesn’t bode well to hear an anonymous former general implying that if a Labour government led by Jeremy Corbyn were to downgrade the capabilities of our armed forces, a coup might be forthcoming. One would hope that the intelligence services would quickly pick up on that possibility. But would they be listening in on the colonels? And what if a future government decided to extend its existing powers of surveillance under its anti-terrorism laws in order to clamp down more effectively on tax evasion? One only has to look at the emergency powers of surveillance introduced under the US Patriot Act in the wake of 9/11, or the UK Regulation of Investigatory Powers legislation enacted in 2000 to see how individual rights to privacy can be chipped away, never to be restored.
I’m not sure how many people will end up reading Intercept, or indeed how many of us actually care about the issues Gordon Corera raises. But we should. It’s an important subject. The book requires some concentrated reading, but it’s a fluent and accessible exploration of one of the major dilemmas of our time.