Congress Foreign Relations & International Law Intelligence

Summary: U.K. Intelligence and Security Committee Annual Report

Hayley Evans
Thursday, January 4, 2018, 1:00 PM

On Dec. 20, the U.K. Parliament’s Intelligence and Security Committee issued its annual report.

Published by The Lawfare Institute
in Cooperation With
Brookings

On Dec. 20, the U.K. Parliament’s Intelligence and Security Committee issued its annual report. Published pursuant to the Justice and Security Act 2013, the document provides a comprehensive overview of the committee’s work over the past year as overseer of the U.K. government’s intelligence and security organizations. The report contains recommendations to the British intelligence community on policy, expenditure, administration and operations issues. Unexpected events—notably the spring and summer terrorist attacks—left the counterterrorism areas conspicuously thin; additional reports related to those attacks are to follow.

First established by the Intelligence Services Act 1994 to oversee the U.K.’s three main intelligence agencies—the Secret Intelligence Service (MI6), the Security Service (MI5) and the Government Communications Headquarters (GCHQ)—the ISC now oversees an additional four intelligence organizations: the Joint Intelligence Organisation (JIO), the National Security Secretariat (NSS), Defence Intelligence (DI) and the Office for Security and Counter-Terrorism (OSCT). The panel has nine members drawn from both houses and who, subject to Section 1(1)(b) of the Official Secrets Act 1989, are given access to highly classified national security material in pursuit of their mandate. Where inclusion of that material would compromise U.K. national security interests, the committee has redacted the report; the published report is otherwise the same as the classified version presented to the prime minister.

This post will summarize the report’s 10 sections as well as its recommendations, with particular attention paid to Section 3 on international counterterrorism and Section 9 on international relationships.

Section 1: “The Work of the Committee”

The ISC Annual Report deals with the ISC’s work from July 2016 to April 2017. As the committee agreed on the text of the report prior to the dissolution of Parliament in May, the majority of the report reflects the ISC’s position as of April 27, 2017.

The ISC preliminarily notes three areas on which its work focused throughout the course of the year: The Investigatory Powers Act, diversity in the agencies, and committee resources. As Jillian Ventura wrote for Lawfare last year, the controversial Investigatory Powers Act authorizes a plethora of surveillance powers and includes provisions on the interception and retention of communications data, equipment interference, and bulk powers. The ISC acknowledges that, prior to the act’s grant of royal assent on Nov. 29, 2016, Parliament accepted several of the committee’s recommendations and amendments, including both a general privacy safeguard and greater independent oversight.

As for diversity in the agencies: In previous annual reports, the ISC has called for increased workforce diversity—noting that at senior levels in particular, the agencies’ workforce is not gender-balanced, nor is it reflective of the ethnic makeup of modern Britain. While commending the agencies for having made progress on inclusion and some diversity, the ISC again calls for greater diversity, citing the “business and operational benefits” that would accompany broader experiences and perspectives.

Section 2: “Agencies’ Assessment of the Threat”

In Section 2, the ISC paints a picture of the current threat to the U.K. and its overseas interests from multiple sources: international terrorism, terrorism related to Northern Ireland, hostile foreign state activity, cyber information theft and disruptive attacks, and the proliferation of weapons of mass destruction (WMD). As ISC Chairman Dominic Grieve notes in the report's press release, MI5 has evaluated the terrorist threat to the U.K. as “unprecedented in terms of the number of current investigations and the overall number of ‘individuals of interest.’”

First, the ISC states that the threat from international terrorism in the U.K. is “SEVERE—reflecting that an attack is highly likely.” Notably, this threat assessment is down from May, when the threat was at its highest level, “CRITICAL,” for three days following the Manchester Arena attack. The ISC notes that the current threat is predominantly driven by the activities of the Islamic State, as it “retains territory” and gains traction extraterritorially through its extremist narratives. The ISC also affirms the remaining threat to Western interests in al-Qaeda.

Next, the ISC states that the threat of terrorism in Northern Ireland is “SEVERE,” while the threat of terrorism in connection with Northern Ireland to the rest of the U.K. is “SUBSTANTIAL.” The Northern Ireland threat derives principally from dissident republican groups—including the “new IRA”—who are both opposed to the political process and committed to potentially lethal violence. Such groups continue to target members of the police and armed forces, as well as prison officers. At the time of the report’s publication, there had been four attacks in 2017, including a non-fatal “new IRA” shooting of an on-duty police officer.

The ISC then describes the threat to the U.K. from hostile foreign intelligence services, as they conduct espionage in search of obtaining government and military secrets, intellectual property, and economic information. Moving to the cyber threat more broadly, the ISC identifies two types of threat: “information/data theft” and disruptive attacks. These threats are from a variety of actors, ranging from state actors or terrorists to cyber criminals.

Finally, the ISC remarks on the U.K.’s continued efforts to prevent the proliferation of WMD, especially through countering the procurement of WMD-related equipment and materials.

Section 3: “International Counter-Terrorism”

Section 3 covers the primary focus of the intelligence and security agencies: counterterrorism.

The section begins with an account of the terrorist attacks in the U.K. and Western Europe at large in the two years since the 2015 Paris attacks. Markedly, this past year the U.K. has seen the first fatal attacks since the murder of Fusilier Lee Rigby in May 2013. The ISC assesses the Islamic State as the greatest threat to the U.K. and its interests abroad.

The Threat

While the “core” Islamic State organization operates out of Syria and Iraq, its wealth of propaganda, in combination with its external operations arm, allows it to direct attacks throughout the world. Despite significant military pressure coordinated against its territory in Syria and Iraq, the Islamic State has a number of affiliated branches elsewhere in the world, including the Arabian Peninsula, Sinai/Egypt, the Khorasan Province, and West Africa. (Harleen Gambhir wrote about the range of the group’s international affiliates for Lawfare in November.)

The scale of the current international terrorist threat is such that MI5 has never seen before. As of October 2017, MI5 investigations have resulted in the disruption of 20 major terrorist attacks since Fusilier Lee Rigby’s murder in May 2013. As of April 2017, MI5 was running approximately 500 current investigations into groups and individuals involved with Islamic terrorism. MI5 also had roughly 3,000 current, and 20,000 former, “Subjects of Interest” on its radar, with a “Subject of Interest” defined as “an individual who is being investigated because they are suspected of being a threat to national security.” In part due to the unprecedented numbers of current investigations and individuals of interest, MI5’s budget has grown 16 percent between 2010-11 and 2015-16.

MI5 and other intelligence agencies are also making significant efforts to identify and counter the activity of foreign fighters. Not only do these agencies utilize a number of restrictive powers—like passport removal and monitoring of U.K. ports of exit—to prevent British residents from training abroad, they also work to risk assess and pursue those individuals once they return. The risk posed by children who have grown up under the Islamic State, including its education and propaganda systems, creates a particular challenge. Here, the ISC urges the government to ensure that every returnee is assessed and monitored as appropriate and that every effort is made to reintegrate children into society.

Finally, the ISC categorizes the threat the Islamic State poses into three categories: (1) directed threats, (2) encouraged threats and (3) inspired threats. MI5 has recently increased its focus on “upstream” prevention of terrorist activity (“where ‘upstream’ refers to action outside the UK such as planning, preparation or direction for an attack in the UK”), including at times coordinating with international partners to disrupt threats that originate outside the U.K. With the OSCT director-general having identified the inspired threat as “where the growth is and looks like it is going to be going forward,” the ISC welcomes the government’s renewed focus on the “Prevent” strand of the U.K.’s counterterrorism strategy, called “CONTEST,” notwithstanding the breadth of criticism of the program to which the report summarily alludes.

Tackling the Threat

The ISC next details how MI5 and other intelligence and security agencies are tackling the threat from international terrorism, both domestically and abroad. Although MI5 spearheads the domestic counterterrorism effort, the three agencies—MI5, MI6, and GCHQ—now “have completely integrated capabilities.” The ISC commends this coordination, affirming that such coordination is essential to streamlined counterterrorism efforts. The ISC proceeds to applaud the agencies for their work, including the disruption of 20 attempted attacks since May 2013. Though certain information about the operations was redacted, some thwarted attacks include the July 2015 arrest and imprisonment of Junead Khan, who had devised a plot to attack U.S. military personal at a Royal Air Force base, and the September 2016 arrest and imprisonment of Haroon Ali Syed, who was attempting to procure weapons for an attack in the U.K., inspired by the Islamic State.

With the threat from international terrorism extending beyond national borders, many European countries have highlighted the need for better international coordination between security services. In July 2016, Georges Fenech, head of a French parliamentary commission of inquiry into the November 2015 Paris terrorist attacks, stated, “Our country was not ready; now we must get ready.” In relation to these attacks, the ISC references the numerous reports of the attacks’ perpetrators being known to French and Belgian intelligence services and police, notwithstanding the authorities’ failure to piece together all of the available information. Fortunately, MI5 reports that there are currently “unprecedented levels of cooperation with 5 EYES, CTG [The Counter-Terrorism Group] and a [tri-agency] approach.” Although the CTG is comprised of 30 European domestic intelligence services working outside EU structures, MI5 assured the ISC that Brexit will neither affect its membership of, nor relationship in, the CTG. Public reports suggest that the U.K.’s overall national security position in relation to the EU, however, remains to be seen.

Lessons Learned

The ISC next moves to the lessons the U.K. intelligence community has learned from recent terrorist attacks. Two areas of significant focus have been increasing Britain’s capacity to respond to both “marauding firearms attacks” and vehicle attacks. While response capacity is welcome, MI5 spoke of the “drive to jack up the intelligence coverage” such that the attacks do not even occur. Although the ISC is still considering in more detail the lessons learned from the spring and summer U.K. terrorist attacks—three out of four of which were vehicular—the U.K. began preparing for the possibility of a domestic vehicle attack following the truck attacks in Nice in July 2016 and Berlin in December 2016. OSCT has worked not only with the police, the Joint Terrorism Analysis Centre and the Centre for the Protection of National Infrastructure to identify the crowded places most likely to attract a terrorist attack, but also with individual sites and the private sector to help prepare them for possible attacks.

In January 2012, the U.K. replaced its system of control orders, implemented under the Prevention of Terrorism Act 2005, with a regime of Terrorism Prevention and Investigation Measures (TPIMs). Though control orders were underutilized, the government’s former Independent Reviewer of Terrorism Legislation, David Anderson QC, noted that the new TPIMs regime lacked some safeguards present in the old regime. The ISC commends the reintroduction of one safeguard that Anderson recommended—the power to relocate individuals away from extremist networks or other radicalizing influences—though it appears the government neither acknowledged nor heeded Anderson’s central recommendation: a power to require attendance at meetings with specified persons. The ISC also welcomes a number of additional amendments to the TPIMs, as well as an increase in the number of TPIMs being issued.

The ISC finally presents the lessons it learned through its review of the U.K.’s counterterrorism strategy, CONTEST. Originally published in July 2006 and updated in 2009, the current version of CONTEST was published in July 2011. With the government planning to launch an updated CONTEST strategy in the new year, the home secretary relayed some key themes that the new strategy will address, including a greater focus on Prevent and managing the return of foreign fighters from Syria and the region.

Section 4: “Northern Ireland-Related Terrorism”

The ISC next turns to a review of terrorism related to Northern Ireland. As discussed above, the threat level from such terrorism is “SEVERE,” meaning that an attack is “highly likely.” Indeed, terrorist activity is disrupted on a weekly basis. According to MI5, Northern Ireland represents the “most concentrated area of terrorist activity probably anywhere in Europe.”

Although threats from loyalist groups remain, the greatest threat comes from dissident republicans, notably, the “new IRA.” In 2015-16, intelligence and security forces disrupted more than 250 attempted attacks; in the same time period, dissident republicans conducted 16 terrorist attacks on national security targets. Despite its successes in the way of disruptions, MI5 believes the “new IRA” retains access to terrorist material and strong morale. Recently, due to a number of prison releases and the March 2016 murder of prison officer Adrian Ismay, MI5 assesses that “new IRA” leadership has been strengthened.

As of March 31, 2016, this subset of counterterrorism accounted for approximately 18 percent of MI5’s operational and investigative resources; international counterterrorism accounted for 64 percent of those resources. MI5 has stated that it is “eating into the problem” in Northern Ireland and that it hopes to continue to drive the problem down through maintaining heightened efforts. To that end, the ISC recommends that MI5 maintain its pressure on the “new IRA” in particular.

Section 5: “Cyber Security”

Section 5 covers the cyber threat to the U.K. and the government’s response. The cyber threat derives from three sources—state actors, organized criminals, and terrorist groups. As the internet of things—physical devices embedded with electronics and software and thus vulnerable to attack—has grown in recent years, so too has the possibility that attacks can have an extensive “real-world” impact. While technology companies are in the process of developing new “secure” operating systems for such devices, until the consumers and regulators demand better security, manufacturers will likely continue to produce cheaper, less secure products.

The Cyber Threat

After running through a list of recent cyberattacks—including the attacks on TalkTalk and Sony Pictures—the ISC turns to delineating the type of threat caused by each threat actor. Fortunately, though terrorists use the internet as a media and communications tool and would like to use it to conduct attacks, they do not appear to currently have the capability to do so. As GCHQ stated in January 2017, however, “that’s not to say that one day the intent and the capability won’t meet, because they usually do.”

By contrast, state actors are capable of carrying out highly advanced cyberattacks. The ISC recounts the Russian involvement in the October 2016 gradual release of emails belonging to the American Democratic National Committee (DNC) and Hillary Clinton campaign chairman John Podesta through WikiLeaks. Noting that Russia has taken a more brazen approach to its cyber activities, the ISC recommends that the detection and countering of state cyber activity remain a top priority for the government.

GCHQ has confirmed that protection of the U.K.’s political system from cyberattack remains a top priority for the National Cyber Security Centre (NCSC). While GCHQ monitors both the executive and government departments, it does not monitor parliamentary networks itself (though parliament has its own security team). In a similar vein, in March 2017, the head of the NCSC wrote to the U.K.’s major political parties, offering its assistance in protecting their data and networks.

The cyber threat from organized criminals remains significant; the ISC references the way that “cyber attack services” are bought and sold via anonymized web services. The U.K. experienced a major criminal cyberattack in 2015 using “Dridex” malware and affecting around half a million people.

The Government Response

The U.K. launched its first Cyber Security Strategy in 2011. In November 2016, it launched its new strategy—National Cyber Security Strategy 2016–2021—which is focused on three objectives: detect, deter and develop. While in the past, GCHQ’s approach to cybersecurity focused on the development of “high-end national defences ... and then just trying to encourage commercial development to take care of the rest,” it has recently undertaken a more structural approach to defending against low-level attacks. Called “Active Cyber Defence,” the new approach includes GCHQ assisting private companies in developing automated technological solutions to the prevention of cyberattacks.

The NCSC itself is a new organizational unit of GCHQ. The NCSC’s primary functions include: handling major incidents, providing protective security advice, and delivering a new operational strategy for U.K. cybersecurity. GCHQ has begun to consider whether or not it needs enforcement powers for cybersecurity measures. As of now, GCHQ believes its current arrangement—including soft measures like staff crossover—is succeeding in deepening cybersecurity cooperation with the private sector. Although the resources directed to the government’s cybersecurity activities have increased drastically, GCHQ still struggles to attract and retain a sufficient number of cyber specialists, due to competition with large technology companies. As such, the ISC recommends that GCHQ continue to develop innovative ways to ensure that it both recruits and retains skilled technical staff.

Section 6: “Offensive Cyber”

GCHQ and the Ministry of Defence both work to develop the U.K.’s offensive cyber capabilities, notably by establishing the National Offensive Cyber Programme (NOCP) in 2014. Offensive cyber covers a range of capabilities, including the ability to retaliate after a cyberattack, the capability to deny, disrupt or degrade target communications or weapons systems, and capabilities to attack wider systems and infrastructure. Having just finished the first of three tranches in the seven-year NOCP, GCHQ reported back its successes in delivering almost double the number of capabilities it had intended. Still, GCHQ noted how international legal concepts on this topic are underdeveloped. (For additional resources on this subject, see Matthew Waxman’s writing on the subject and and the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.)

Section 7: “The Intelligence Coverage and Effects Plan”

MI6 and GCHQ priorities are determined by the Intelligence Coverage and Effects (ICE) Plan. Introduced in 2016-17, this plan includes both the collection of information by the agencies (“intelligence coverage”) and the agencies’ engagement in activities which have “real-world” outcomes (“effects”). In addition, the plan delineates “themes” for which there are intelligence requirements—including sanctions, hostile foreign activity, and counterterrorism—and a prioritization of countries, regions, and organizations against which there are intelligence requirements. While the plan prioritization was redacted within the ISC Annual Report, Section 8 covers some key geographical ICE priorities.

Section 8: “Countries of Intelligence and Security Interest”

This section covers the activities of MI6, the GCHQ and MI5, notwithstanding the fact that the geographical element of the ICE Plan does not bind MI5.

MI5’s work on hostile state activity accounts for around 18 percent of its overall effort. By contrast, MI6 allocates two-thirds of its intelligence collection efforts against nation states, and GCHQ allocates a little under half. The National Security Secretariat (NSS) in the Cabinet Office currently has overall policy responsibility for countering hostile state activity in the U.K. The report notes that the NSS primarily serves a coordinating function and that locating the responsibility for hostile state activity policy in the Cabinet Office is a concerning symptom of increasing centralization of intelligence and security matters. Accordingly, the ISC urges the government to locate policy for hostile state with the rest of domestic-oriented national security policy, in the OSCT in the Home Office.

Russia

The past decade has seen a resurgence in the threat from Russia. One of MI6 and GCHQ’s principal priorities with regard to Russia is understanding the Kremlin’s objectives and intentions. MI6’s primary goal is countering Russian intelligence activities in the U.K. in order to protect the U.K. government and industry from espionage and influence operations. Defence Intelligence is concerned with Russian activities in the Middle East, and will be “part of an integrated effort reporting on [ISIL] and the Russian inputs [in the region].”

While Russian objectives in individual cyberattacks may seem obscure, and some have speculated that other attacks have been “false-flagged” as products of Islamic extremism, the ISC assesses: “It is possible that Russia is ostentatiously flexing its muscles towards the Wests under a deliberately thin blanket of deniability, or these may simply be providing a useful public cover for the Russian agencies’ practice runs.” Citing the U.S. Office of the Director of National Intelligence public report, the ISC notes there have been reports that cyberattacks—like that on the DNC—are part of a larger campaign to disrupt Western political discourse.

The ISC also references larger Russian disinformation campaigns across Europe. For example, the report references the shooting down of Malaysian Airlines Flight 17. As U.K. investigative search network Bellingcat points out, the ISC strikingly cites to MI6 written evidence that unequivocally states, “[W]e know beyond any reasonable doubt that the Russian military supplied and subsequently recovered the missile launcher” (emphasis added). While there is widespread acknowledgement of the missile launcher both coming from Russia and being returned there after the flight was shot down, many have been reticent to actually name the Russian military as the guilty party, as MI6 does here. Though Russia represents a major intelligence and security threat to the U.K., a channel of communication was still opened between the U.K. and Russia in relation to the 2014 Sochi Winter Olympics, as Sputnik also acknowledges.

China

The intelligence and security agencies have similar aims against China as they do against Russia: to understand China’s objectives and intentions and to counter Chinese Intelligence Service activity against U.K. interests. Many of China’s intelligence aims against the U.K. are economic, and according to GCHQ, China’s extensive cyber capabilities have enabled it to succeed in that end. Still yet, in October 2015, the U.K. and China announced they would not engage in commercial cyber espionage against each other.

Recently, concern about China’s involvement in the U.K.’s critical national infrastructure has heightened, with amplified concern surrounding the granting of a financing role to China in relation to the Hinkley Point C nuclear power station. In response to this controversy, the ISC avers that the intelligence and security agencies were consulted in the making of that decision.

Finally, MI6 has some contact with the Chinese Ministry of State Security; that relationship surrounding intelligence cooperation “continues to develop.”

Iran

The ISC notes that Iran’s motivations against the U.K. are more obscure than those of both China and Russia; GCHQ believes Iran is attempting a show of strength. Though MI6 is reducing its focus since the July 2015 Iranian nuclear deal, the agencies’ principal focus in relation to Iran remains counterproliferation.

North Korea

According to the ISC, North Korea’s aims against the U.K. and the West are both statecraft and economics, with the caveat that North Korea’s “economic attacks are reported to be a much cruder form of theft than China’s work against Western intellectual property.” Referencing the 2014 cyberattack against Sony Pictures, GCHQ has said there is a significant risk of a similar attack against the U.K. Though the ISC Annual Report does not directly attribute that attack to North Korea (“it has been widely reported ... as possibly demonstrated by the Sony hack”), it states that North Korea’s recklessness and unpredictability will pose a significant obstacle to the U.K.’s prevention efforts against such attacks.

Section 9: “International Relationships”

Five Eyes

The Five Eyes—comprised of the U.S., the U.K., Canada, Australia and New Zealand—is of great importance to the U.K. intelligence and security community. The ISC last visited Washington in September 2016, prior to the U.S. presidential election. The ISC measuredly notes that if certain views that President Donald Trump has expressed were to become official U.S. policy, those views—including the potential for a change in the U.S. relationship with Russia and Iran and the potential for a change in U.S. policy on the use of torture–could pose difficulties for the U.K.-U.S. intelligence relationship. While MI5 was clear that it would continue to “operate within the law and by our [the U.K.’s] values,” MI6 stated that “the most important thing for us is that we know what’s going on ... and that we are aware of any fundamental changes in the legal position, but there’s no reason to expect any.” The ISC similarly urges the U.K. to keep a close eye on any U.S. policy changes.

In its 2014 report on the intelligence relating to the murder of Fusilier Lee Rigby, the ISC expressed concern about the difficulties the U.K. faces in obtaining content from U.S. communications service providers (CSPs). As a result, the U.K.’s special envoy to the U.S. on intelligence and law enforcement data sharing, Nigel Sheinwald, encouraged the creation of an international framework to enable data sharing between countries with sufficient privacy safeguards. In July 2016, the Obama administration subsequently submitted a legislative proposal to Congress that would allow, but not require, U.S. CSPs to comply with U.K. warrants. Given the current status of these reforms, the ISC encourages the government to renew its efforts to further U.S. legislative reform.

This year, the ISC met with the Canadian government and parliament as Canada works to establish a parliamentary committee analogous to the ISC. The ISC also met with Australia’s intelligence review team as it conducts an independent review of Australia’s intelligence community.

European Partners and Brexit

Apart from the Five Eyes, the ISC also has important intelligence relationships with European allies on topics ranging from hostile state activity and international counterterrorism to serious and organized crime. Since the Brexit referendum, the ISC has looked at the risk that Brexit poses to U.K. national security. Several former heads of agencies have voiced their concerns. Notably, former MI5 director-general Jonathan Evans and former MI6 chief John Sawers wrote that “the EU still matters to the UK’s security.” Like Shannon Togawa Mercer and I highlighted last month for Lawfare, Evans and Sawers emphasized the impact Brexit might have on the availability of essential data to U.K. intelligence and security agencies. (For more information on current U.K. data protection law and its potential impact on U.K.-EU data regulation, see my earlier summary on the matter.)

With other agencies hinting at the areas in which Brexit will make their work more complicated (“[We] could be affected ... in areas like data sharing, what happens with borders ... what happens with law enforcement cooperation ...”), the ISC asked MI5 and GCHQ for a written assessment of Brexit’s potential national security implications. Each agency referred the ISC to the Cabinet Office to provide any information additional to that already contained within the Brexit White Paper, regarding negotiating issues as a political matter. While the ISC agrees that Brexit negotiating strategy does not concern the ISC, it also recognizes that Brexit has intelligence and security implications for the agencies. Therefore, the ISC urges the government to be more transparent in its assessment of the national security risks associated with Brexit, as well as how it plans to mitigate those risks.

Section 10: “Administration and Expenditure”

The final section of the ISC Annual Report covers the administration and expenditure of the U.K. intelligence and security community. After receiving an additional £2.6 billion in funding through the 2015 national security review plan, the agencies developed a joint Security and Intelligence Agencies’ Plan to allocate its investment. This plan details a number of objectives that the agencies hope to achieve over the five-year period during which they will receive the increased funding. They include:

  • recruiting and training an additional 1,900 intelligence and analytical staff across the three agencies,
  • creating a bigger and more capable global security and intelligence network to protect British citizens at home and abroad, and
  • helping companies and the public do more to protect their own data from cyber threats.

The ISC next turns to the Single Intelligence Account (SIA), the money voted by parliament to fund the work of the agencies. Every year, the U.K. publishes an SIA Financial Statement that covers budgetary information on MI5, MI6 and GCHQ. For years, the ISC has questioned the way the financial statement does not cover the division of funds between the three agencies. Last year, Mark Lyall Grant, then the national security adviser, agreed with the aim of increased transparency, as long as it involved something akin to rough percentages. In a similar vein, the ISC calls for sources of funding derived from places other than the SIA to be incorporated into the SIA to reduce complexity and increase transparency.

Section 10 also covers, in turn, the administration and expenditures for each intelligence agency and organization that it oversees: MI5; MI6; GCHQ; DI; NSS; JIO and OSCT. Each agency section includes information regarding budget, staffing, spending on agents, organizational design review, major projects and allocation of effort.

Additional Considerations

In addition to the publication of the annual report—albeit eight months later than planned—the ISC also published a report on U.K. lethal drone strikes in Syria in April of this year. On Dec. 20, Prime Minister Theresa May issued a statement in response to the latter report, markedly asserting that the 2015 drone strike against Reyaad Khan without prior parliamentary approval was “necessary and proportionate for the individual self-defence of the U.K.” Further asserting that Khan, a U.K. national, posed a “direct and imminent threat” to the U.K., May declared “there was no alternative to a precision airstrike in Syria” and there was “a clear legal basis for action in international law.” As the All Party Parliamentary Group on Drones noted in its Dec. 21 response, the prime minister’s claim that a “rigorous decision making process underpinned the airstrike” fails to address the inadequacies of current mechanisms of oversight.

Those interested in U.K. intelligence and security can look out for several additional reports in the coming year, including the ISC reports covering the spring and summer terror attacks. For an independent review of the police and intelligence communities’ handling of intelligence prior to those attacks, see former Independent Reviewer of Terrorism Legislation David Anderson QC’s Attacks in London and Manchester report, as well as his accompanying Lawfare post. The report of the current independent reviewer, Max Hill QC, will be published early in 2018. Also of future interest is the anticipated publication of the ISC’s findings on its Detainee Inquiry and its review of diversity in the intelligence community within the next couple of months. Finally, the government plans to launch an updated CONTEST strategy sometime in 2018.


Hayley Evans is a Research Fellow at the Max Planck Foundation for International Peace and the Rule of Law. She graduated from Harvard Law School, where she was co-president of the Harvard National Security and Law Association and Executive Editor for Online of the Harvard International Law Journal. Prior to law school, Hayley spent two years working for the Justice Department’s Antitrust Division. She graduated cum laude from the University of Notre Dame.

Subscribe to Lawfare