Expanding Powers of ‘Lawful Disruption’ into Cyberspace

By May 20, 2015 No Comments

Western governments are sounding reinvigorated concerns over “unprecedented, diverse, and serious” threats of radicalization[1] and domestic terrorist attacks. These concerns are propelling some of the most sweeping changes of national security agencies since 9/11.

Changes to national security agencies bring together two dominant trends in intelligence and counter-terrorism: a continued desire for state monitoring and control through the ‘policing of cyberspace,’; and a blurring between security intelligence agencies and law enforcement powers that bestow lawful authority to engage in “kinetic” measures—otherwise known as physical powers in domestic digital environments.

The surveillance and hacking capabilities of signals intelligence (SIGINT) partners such as the National Security Agency (NSA), Canada’s Communications Security Establishment (CSE), the UK’s GCHQ, New Zealand’s GCSB, and Australia’s ASD—otherwise known as the ‘5 Eyes partnership’—have garnered unprecedented scrutiny in the past two years.[2]

The global ambitions of 5 Eyes partners to “collect it all, know it all, and exploit it all” are often understood in relation to the foreign signals intelligence operations, which include wide reaching systems for collecting electronic data and the use of ‘offensive’ hacking techniques. These hacking techniques were central in assisting armed interventions to infiltrate and exploit foreign adversaries (Harris 2014) during US military operations in Iraq.[3]

Further trends in the cyber-policing environment are unfolding beyond those used by the 5 Eyes.

Western domestic governments are currently redoubling their legislative and technical efforts for cyber capabilities and operations. These efforts are premised on an analysis of an emergent global threat environment, which manifests domestically as a violent attack by a small extremist group or ‘lone-wolf’ actor that has been subject to a process of radicalization. While the threat might be increasingly omnipotent, it is also simultaneously thought to be stubbornly hidden and difficult to detect. In spite of this, there appears to be little contestation that the threat is increasingly considered as inseparable from communicative practices that take place on the Internet.

The RCMP recognizes the Internet as a platform that is, “used to radicalize and recruit youth in North America” (RCMP 2011). The US Department of Homeland Security points to the “Internet as a Terrorist Tool for Recruitment and Radicalization of Youth” (US DHS 2009). Similarly, in a recent national security committee session in Canada, Conservative Party of Canada MP, Dianne Albonczy, described the global threat of terrorism and radicalization as a process that, “starts with technology, and a lot of it is happening on the Internet” (Albonczy 2015).

During a recent debate on proposed new powers for Canada’s Security Intelligence Services (CSIS), Ray Boisvert, the former Assistant Director repeated a phrase that is perhaps by now the most well recognized mantra of Western government counter terrorism strategies: “We will engage the threat, wherever it will emerge” (CPAC 2015).

The threat is widely accepted to be emergent, potentially identifiable, and most certainly facilitated through digital environments. Such readings of the Internet as a, “radicalization accelerant” (RCMP) are now firmly welded to a post 9/11 security governance strategy that pursues proactive operations as a means to monitor, forestall, or disrupt a terrorist attack before it occurs.

Accelerating Tactics and Blurring Legal Powers

Against the wider background of Western governments’ interpretation of cyberspace as a dangerous domain, domestic security intelligence and law enforcement agencies are concerned about not having modern legal and technical tools to engage radicalization or otherwise identify the potential for extremist acts of violence.

Western governments are undergoing massive structural changes. These changes fuse new legal powers and technical capabilities together in a threat response that is global in scope and directed at the global information communication networks.

As part of this trend in the past decade, boundaries between security intelligence agency functions and law enforcement powers have been blurred and weakened. These law enforcement powers often include carefully circumscribed lawful capacities to access, disrupt, detain, or otherwise engage in search and seizure practices in digital environments. Agency functions have traditionally been restricted to the collection, analysis, and disclosure of advice to law enforcement.

This blurring collapses the organizational differences between information collection and policing functions and places the practices into a complex networked technological environment that spans multiple legal jurisdictions. Just as law enforcement agencies have been expanding their intelligence gathering capabilities, security intelligence agencies have been seeking new powers to carry out “kinetic” measures—but these trends do not occur without grave implications for the administration of justice, democratic accountability, and important considerations surrounding human rights.

Considering Trends of Lawful Disruption Canada, US, and Australia

As recent as last week, an FBI in-house 9/11 Commission Report castigated the bureau for its inability to adapt to a complex national security that environment.

As a response to this shortcoming, the report recommends a reinvigorated mandate to more effectively deal with, “adaptive and increasingly tech-savvy terrorists, more brazen computer hackers, and more technically capable, global cyber syndicates” (FBI 2015). The curren,t “age of Internet Radicalization,” according to the report, “poses an unprecedented challenge” that demands, “continuous innovation for the FBI.” (FBI 2015: 51)

Cyber-related programs have already been the fastest growing part of the FBIs budget (Harris 2014). In 2012, the FBI was spending USD$296 million on its multiple cyber-related operations. Just one year later, officials were given an additional $86 million to develop the FBIs Next Generation Cyber Initiative that have expanded the bureau’s intelligence gathering and cyber-security capabilities (Harris 2014).

According to security researcher and author Shane Harris, in his book @War, “the FBI is looking a lot more like the CIA or NSA. Most of the new staff are intelligence analysts and hackers, not law enforcement officers.” (Harris 2014: 128)

And yet, while not all of the FBIs cyber operations are specifically grounded in counter-terrorism strategies, the growing attention towards cyber capabilities illustrates the larger trend of law enforcement agencies orienting towards intelligence agencies. They are doing this by enhancing monitoring capabilities and increased capacities to carry out ‘offensive’ hacking operations in the name of national security.

In US foreign operations, the CIA has also recently announced a dramatic overhaul that has ended the traditional separation between spies and analysts. The agency has redirected these powers to, “understand all of the aspects of [the] digital environment” according to CIA Director John Brenner. The restructuring involves the creation of a new division—the Directorate of Digital Innovation—which now subsumes two previous divisions that were responsible for monitoring social media and performing cyber-penetrations and attacks.

In the UK, the Association of Chiefs of Police Officers (ACPO) initiated the creation of the Counter Terrorism Internet Referral Unit (CTIRU). Since creation in 2010, the CTIRU has been responsible for the takedown of approximately 75,000 individual items from the Internet that incites or glorifies terrorist acts under Section 3 of the UK’s Terrorism Act 2006.[4] In France, a similar takedown program from the French Interior Ministry has just been rolled out and authorises decisions without judicial oversight.

Perhaps nowhere else have these changes manifested in unprecedented ways than in Canada. Currently proposed changes in the Anti-terrorism Act 2015 (Bill C-51) would authorize the Canadian Security Intelligence Services (CSIS) to, “take measures, within or outside Canada, to reduce threats to the security of Canada.” The powers in C-51 collapse the distinction between intelligence collectors and analysts, and, importantly, would also provide CSIS with a very broad mandate to conduct kinetic “measures” under a Federal Court warrant that may, “contravene a right or freedom guaranteed by the Canadian Charter of Rights and Freedoms” or that may otherwise be, “contrary to other Canadian law.”

According to Canadian legal scholars Craig Forcese and Ken Roach, this bill will allow CSIS to conduct kinetic powers, “to reduce threats to the security of Canada,” both inside or outside of Canada, so long as they ensure no bodily harm, no obstruction of justice, and no violation of integrity.

The expansive powers of disruption from security intelligence agencies into domestic digital environments are significant. Bill C-51 could explicitly authorize through secret court order—in principle and according to the letter of the law—a clandestine security intelligence service to engage in measures like: hacking, manipulation of information or speech, or the disruption online environments.

Carve outs from Bill C-51, which may have been intended to protect ostensibly lawful protest, have been found by Forcese and Roach to be limited. Constraints to the bill that protect the public exclude intelligence gathering and potential kinetic measures of, “otherwise democratic activities with a loose and distant relationship to actual espionage, sabotage, foreign-influenced activities, political violence or terrorism or subversion.”

In Australia, the recent passing of three tranches of national security legislation have also bestowed kinetic powers to the Australian Security Intelligence Organisation (ASIO). The provisions enable ASIO to move from an agency tasked with collection, assessment, and advisory, to include lawful powers of disruption in digital environments. The National Security Legislation Amendment Bill (No. 1) 2014 allows ASIO powers to access and “add, copy, delete, or alter data” on a targeted computer under warrant. The definition of “computer” was also modified in the ASIO Act to mean “one or more computers,” “one or more computer systems,” “one or more computer networks,” or “any combination of the above.” Based on this definition, the enhanced powers of digital disruption could, at least in principle, apply to the entire Internet.

These brief international examples are neither isolated nor coincidental. Each detail is part of a nascent trend in the blurring between security intelligence operations and lawful measures used to disrupt and interdict online environments.

Where in-house capabilities to engage kinetic environments are limited, the weakening of legislative restrictions creates avenues for security intelligence and law enforcement agencies rely on latent cyber capabilities of their respective SIGINT agencies to readily fulfill their national security mandates.

It would appear that kinetic cyber operations are an increasingly sought after capability in the national security tool kit of technological capabilities and legal authorizations. However, these trends point towards an unprecedented securitization of online environments. The subversion of cyberspace—in ways that directly target domestic citizens in a blurred line between disruption and potential criminal investigation—invites serious considerations about the administration of security, justice, and democratic accountability of contemporary counter-terrorism strategies unfolding in cyberspace.

From Insecure Networks to Uncertain Justice

Many commentators have noted how SIGINT agencies are jeopardizing Internet security for the broader population; they are exploiting weaknesses in foreign government’s network security to gather and analyze lucrative information for national security interests.

Exploiting vulnerabilities provides a seemingly comparable advantage in foreign intelligence. This is carried out through a range of operations that exploits networks through: mass surveillance and data-mining; offensive hacking operations that rely on the use of malware; tactics to weaken encryption standards; and more brazen attempts to ‘design-in’ back-door access points to digital services instigated by the private sector.

Beyond the problematic tradeoff of network security for national security in the realm of SIGINT agencies is another challenge to our core social values. The blurring of security intelligence and law enforcement powers in digital environments raise an additional number of concerns for the administration of justice.

Any pre-crime kinetic engagement that interrupts, adds, deletes, or otherwise manipulates digital information poses a concern of human rights and privacy if it is an authorized violation of the law. It could also taint the evidentiary record and undermine a criminal legal investigation.

A number of procedural questions also emerge. With a large number of operatives plowing into the digital environment, how might so many intervening agencies coordinate in such a way that one another’s activities do not undermine already existing investigations? Are security authorities versed enough in digital environments to consider how their interventions might influence ongoing criminal proceedings in barely detectable ways? What measures are in place that would ensure adequate verification and oversight of operations in digital environments? Thus far, in relation to Bill C-51, there is very little.

Moreover, dominant trends in the national security domain that involve the operation of kinetic powers in networked technological environments will inevitably encounter a range of jurisdictional quandaries that exacerbate already existing legal grey zones.  The implications for democratic accountability in security intelligence operations and any subsequent criminal investigation into counter-terrorism operations remain fraught without a meaningful system of verification provided through adequate oversight and review regimes.

In the struggle to combat an “unprecedented and diverse” threat of terrorism on the Internet, extraordinary capabilities are filtering down into the routine practices of security intelligence and law enforcement agencies—whether through the assistance of SIGINT partners or otherwise. It is important that these transformations are met with appropriate safeguards of oversight, accountability, to prevent abuses of power.