MI5 - The Security Service

Third Edition

© Crown copyright 1998
Applications for reproduction should be made to HMSO Copyright Unit,
The Stationery Office, London
First published 1993
Second edition 1996

---

Foreword by the Home Secretary

[Jack Straw photo omitted]

I welcome this, the third edition of the Security Service booklet. It contains much new material about the Service and its work. It will always be necessary to exclude details about operations, sources and methods. And there remains a need to protect the identities of the members of the Service and its agents, so that they may continue their work effectively and safely. Nevertheless, both I and the Director General are keen to publish as much information about the Service as possible. The booklet demonstrates that commitment.

I hope that the booklet will help dispel the myth that the Security Service is unaccountable and has no effective oversight. In fact, the Service is subject to a substantial regime of Ministerial, Parliamentary, judicial and financial oversight which ensures that its work is given effective external scrutiny without affecting its ability to perform its functions. It operates on a sound statutory basis which prescribes its functions, defines its accountability and establishes a complaints procedure for individuals. Those arrangements are described in this booklet. The Government will keep them under review and in doing so has available the detailed and careful work and advice of the statutory Intelligence and Security Committee composed of Members of the Commons and the Lords.

The Security Service plays a vital part in countering the threats of terrorism and espionage, which endanger our society, and the spread of weapons of mass destruction, which presents a global threat. More recently the Service’s skills have been harnessed in support of the law enforcement agencies in tackling serious crime.

During my time as Home Secretary I have taken a close interest in the work of the Security Service. I have met many of its staff and talked to them about their work. I have been struck by their keen awareness of their responsibilities, and strong adherence to the ethics of Public Service. The staff of the Service are very careful, not least to ensure that the intrusive techniques which they necessarily have to use are only brought into operation after all procedures – internal as well as statutory – are complied with. Their sense of team work, and their commitment, would do credit to the best run public or private organisations. Our Security Service is held in the highest regard among its counterparts in the international community. I am glad to have this opportunity to express my support for the Security Service and my appreciation for the dedication with which it carries out its important and difficult work.

---

Introduction by the Director General

I am glad to introduce this latest version of the Security Service booklet.

The Security Service’s tasks are both to investigate and to counter covertly organised threats to the UK such as terrorism and espionage. The Service’s effectiveness lies in its ability to obtain and exploit secret information, which those under investigation may go to some lengths to keep hidden. Both I and the Service’s staff are well aware that our investigations are necessarily invasive of individuals’ privacy. We do not take our responsibility for that work lightly, and willingly cooperate with the various accountability arrangements and safeguards that exist in law to govern the way we operate. Although it is not required by statute, I also believe it right, like my predecessor, that we should make as much information as possible available to the public about the Service, its work, and the framework within which it operates, while preserving the essential secrecy of its operations. That is the purpose of this booklet, the first edition of which was published in 1993, followed by a second edition in 1996.

This new edition outlines the Service’s functions, statutory basis, oversight, accountability and funding arrangements and describes the Service’s organisation. It also describes the range of current threats that the Service is working against, from terrorism and espionage to the proliferation of weapons of mass destruction and serious crime. Their context and the way that the threats have changed in recent years, particularly with the end of the Cold War, are also described. It explains how the Service does its work and how it relates to other organisations. Various areas of policy are covered, including the retention and destruction of records, and the Service’s role in employment vetting. It outlines the Service’s history and addresses some of the common misconceptions about our work.

I hope that you will find it interesting and informative.

[Photo omitted] Stephen Lander CB

Stephen Lander CB was born in 1947. He was educated at Bishop’s Stortford College and the University of Cambridge, where he obtained a PhD in history. He then worked for three years for the University of London Institute of Historical Research. In 1975 he joined the Security Service and subsequently worked in a variety of investigational, policy, operational and management roles. He was appointed Director General in April 1996. He is married with two children.

---

Statement of Purpose and Values The Security Service is the UK’s security intelligence agency. Our purpose is to protect national security and economic well-being, and to support the law enforcement agencies in preventing and detecting serious crime. We do so by collecting and disseminating intelligence; investigating and assessing threats, and working with others to counter them; advising on protection; and providing effective support for those tasks. In working together to fulfil our purpose, we are guided by a commitment to: legality integrity objectivity a sense of proportion about our work; and respect and consideration for each other and for those with whom we work outside the Service.

---

Contents

1. The Security Service: Overview 6

2. Facts and Figures 9

3. The Functions of the Security Service 11

Statutory basis: The Security Service Act 1989
Political Impartiality

4. The Nature of the Threats 12

Terrorism
     Terrorism related to Northern Ireland
     International Terrorism
Espionage
Proliferation
Serious Crime
Subversion
Protective Security
     Vetting

5. The Nature of Security Intelligence Work 22

Sources of Intelligence
     Operations under Interception and ‘Property’ Warrants
     Agents
     Surveillance
Information Management and Record-keeping
     Retention and Destruction of Files
Intelligence as Evidence and the Law of Disclosure
Relationships
     with Government Departments and the Central Intelligence Machinery
     with the other Intelligence Agencies
     with the Police and other Law Enforcement Agencies, and the Armed Services
     with Foreign Security and Intelligence Services

6. Organisation, Management and Staffing 28

Organisation
Staffing
Recruitment of Staff
Staff Development and Training
Staff Forum
The Staff Counsellor
Equal Opportunities
Anonymity of Staff

7. Oversight, Accountability and Funding 31

Roles of the Home Secretary and the Director General
Intelligence and Security Committee (ISC)
Security Service Tribunal
Security Service Commissioner
IOCA Tribunal and Commissioner
How to Complain
SO(SSPP)
Funding Arrangements
Permanent Secretaries’ Committee on the Intelligence Services (PSIS)
National Audit Office

8. A Brief History of the Security Service 35

9. Myths and Misunderstandings 38

Annex 1 – The Security Service Act 1989 41

Annex 2 – Excerpts from The Intelligence Services Act 1994 49

---

6

1. The Security Service: Overview

What is the Security Service?

The Security Service (commonly known as MI5) is responsible for security intelligence work against covertly organised threats to the nation, such as terrorism, espionage and the proliferation of weapons of mass destruction. It also assists law enforcement agencies in countering serious crime. The Service operates within a statutory framework under the authority of the Home Secretary. It does not investigate individuals or organisations unless they fall within its statutory remit. It has no executive powers, such as the authority to arrest people.

Section 2 – Facts and Figures p9

Section 3 – The Functions of the Security Service p11

Section 8 – A Brief History of the Security Service p35

Section 9 – Myths and Misunderstandings p38

What is security intelligence work?

Security intelligence work involves the investigation of organisations or individuals who pose security threats (such as terrorists), and the provision of advice and assistance to protect against those threats.

The Service’s judgments about the focus of its work are subject to external scrutiny, including by Ministers. The Service’s investigations are intended to obtain pre-emptive information, such as details of plans and capabilities. It aims to do so undetected by the targets of its investigations, sometimes over a long period. Intrusive covert methods, such as the use of telephone interception and concealed microphones, may sometimes be necessary. Of the many investigations that may be under way throughout the Service at any one time, only a small proportion will involve the use of intrusive techniques. Tight controls apply to the use of intrusive techniques and to the management, retention and disclosure of the Service’s records.

The intelligence obtained is used as the basis for planning actions to counter the threat. These actions are often taken in collaboration with other organisations, notably the police. Intelligence is also used as the basis for advice to Government on the nature of the threat, and for the formulation of practical advice on what protective action might be appropriate, for example, in terms of the physical security of buildings, or the vetting of staff in sensitive positions. The Service sometimes provides evidence in support of criminal prosecutions resulting from its work.

Section 4 – The Nature of the Threats p12

Section 5 – The Nature of Security Intelligence Work p22

Section 9 – Myths and Misunderstandings p38

What are the Service’s resources and priorities?

The Security Service budget for the financial year 1997/98 was less than £140m. Direct expenditure on the Service’s core areas of work accounted for around two-thirds of the total budget, apportioned as follows:

_________________________________________ Per cent _________________________________________
Terrorism related to Northern Ireland	25.0
International Terrorism	15.5
Espionage	12.0
Protective Security	7.5
Serious Crime	2.5
Proliferation	2.0
_________________________________________

---

7

The remaining major areas of expenditure are: technological development – in a constantly changing environment the Service must invest in the development of its investigative capabilities in order to maintain a technological edge over sophisticated targets and to enhance efficiency; assisting other agencies in their work, such as the Secret Intelligence Service (SIS) and Government Communications Headquarters (GCHQ), and the Royal Ulster Constabulary (RUC); work to ensure compliance with the Service’s accountability arrangements, together with internal security, financial management and resource planning.

Section 4 – The Nature of the Threats p12

Section 7 – Oversight, Accountability and Funding p31

How is the Service organised?

The Service currently employs around 1,900 people (a full-time equivalent strength of 1,860), who are mostly based at its headquarters at Millbank in central London. The Director General has a Deputy who oversees intelligence operations, and there are six Directors. The Service is divided into branches, each headed by a Director. Drawn from all walks of life, the staff are a mixture of specialists (including linguists, technicians and surveillance officers) and generalist intelligence and administrative staff. The Service operates an equal opportunities policy.

Section 6 – Organisation, Management and Staffing p28

What are the checks and balances?

In a democracy there is an inherent tension between the existence of a Security Service with intrusive investigative capabilities and the preservation of individuals’ privacy. As long as covert threats to the nation persist, the Service may need to invade the privacy of a very small minority in order to protect the security of the great majority. But there must also be safeguards. In addition to its own tightly drawn internal controls, the Service is subject to the following external oversight and accountability measures:

• The Director General is accountable under the Security Service Act 1989 to the Home Secretary. The Director General is appointed by the Home Secretary in consultation with the Prime Minister and is required to submit a report to them annually. The Director General is statutorily responsible for all aspects of the operations and efficiency of the Service, and for ensuring that it obtains and discloses information only in accordance with its functions under the Act.

• The Security Service Act provides for an independent Tribunal, supported by a Commissioner (a senior judge), to investigate complaints about the Service from members of the public. The Commissioner is also responsible for reviewing the issue by the Secretary of State of Property Warrants under the Intelligence Services Act 1994.

• The Interception of Communications Act 1985 also provides for a Tribunal, supported by a Commissioner (also a senior judge), to investigate complaints about interception of telephone or postal communications. The Commissioner is also responsible for reviewing the issue of interception warrants by the Secretary of State.

• Under the Intelligence Services Act 1994, the Service, together with SIS and GCHQ, is overseen by the Intelligence and Security Committee, a committee of Parliamentarians, on matters of expenditure, administration and policy.

• The Service’s performance, plans and priorities are subject to external scrutiny and validation by a senior Whitehall committee, known as SO(SSPP), reporting to Ministers.

---

8

• The Service’s budget is set by Ministers under arrangements similar to those of other government departments.

• The Service’s accounts are audited by the National Audit Office.

Section 7 – Oversight, Accountability and Funding p31

How does the Service relate to other organisations?

Although it has self-standing statutory functions, the Security Service works as an integral part of the UK’s overall intelligence effort, alongside SIS and GCHQ. The three agencies assist one another in the pursuit of their functions. The Service is in close contact with relevant departments in its work, particularly the Home Office, Foreign and Commonwealth Office, Ministry of Defence and Northern Ireland Office. There is a close operational relationship between the Service and UK police forces, who are responsible for taking many of the actions arising from the Service’s work. The Service also cooperates closely with other UK law enforcement bodies, such as HM Customs and Excise, and with the armed services. Overseas, the Service receives assistance from a wide range of foreign security and intelligence services (nearly 100 in all). These productive relationships are key to the Service’s ability to tackle threats to UK interests internationally.

Section 5 – The Nature of Security Intelligence Work – Relationships p26

How can I get in touch with the Service?

The MI5 Phoneline – for providing information to the Service

Since March 1998 a public telephone number – the MI5 Phoneline: 0171 930 9000 – has been available for those wishing to provide information to the Service to assist it in its work. Members of the public may for instance become aware of activities which they think may be relevant to the Service’s functions: others may be personally involved with groups investigated by the Service, or closely associated with them, and may have information to offer via the Phoneline. As an alternative to the Phoneline, information may be sent in writing to the Service’s Enquiries Desk (details below). Any information provided, and the identities of callers, will be treated with the greatest care.

The MI5 Phoneline should not be used for enquiries about the Service, including employment opportunities, which should be sent instead to the Enquiries Desk. In addition, it should not be used for reporting information about imminent threats to life or property, which should be passed to the police using the 999 system, or via the Anti-Terrorist Hotline – 0800 789321 – which is for giving the police information about a terrorist incident which has happened or is about to occur.

Enquiries about the Service

Members of the public who wish to write to the Security Service, including those with enquiries about joining the Service, should contact:

The Enquiries Desk
PO Box 3255
London SW1P 1AE

All correspondence will be treated in the strictest confidence.

---

9

2. Facts and Figures

Formed in:	1909, as the Secret Service Bureau; it became MI5 in 1916, and then the Security Service in 1931
Director General:	Stephen Lander CB (since April 1996)
Headquarters:	Thames House, Millbank, London SW1
Number of staff:	around 1,900 in total; full-time equivalent of 1,860 of whom: 54% are under 40 47% are women 5% work part-time In addition, over 100 staff from other UK departments and agencies are currently working in the Service
Total budget:	less than £140 million for 1997/98

Breakdown of 1997/98 budget:

---

[10 not used]
11

3. The Functions of the Security Service

The Security Service is the security intelligence agency of the United Kingdom. Its functions are to protect national security, to safeguard the economic well-being of the UK against threats from overseas, and to act in support of the police and other law enforcement agencies in the prevention and detection of serious crime. The Security Service’s key responsibility is for intelligence work to investigate and counter covertly organised threats. These include terrorism, espionage and the proliferation of weapons of mass destruction. In addition it provides security advice to help reduce vulnerability to threats.
The Service exists under the authority of the Secretary of State (the Home Secretary), who answers to Parliament for the Service.

Statutory basis: the Security Service Act 1989

The Security Service Act 1989¹ sets out the functions of the Service and describes the nature and range of threats that the Service is responsible for countering:

“The function of the Service shall be the protection of national security and, in particular, its protection against threats from espionage, terrorism and sabotage, from the activities of agents of foreign powers and from actions intended to overthrow or undermine parliamentary democracy by political, industrial or violent means. “It shall also be the function of the Service to safeguard the economic well-being of the United Kingdom against threats posed by the actions or intentions of persons outside the British Islands.”

In 1996 The Security Service Act was amended by the addition of a serious crime function which took effect in October of that year:

“It shall also be the function of the Service to act in support of the activities of police forces and other law enforcement agencies in the prevention and detection of serious crime.”

The protection of national security and economic well-being and the prevention of crime are recognised in Article 8 of the European Convention on Human Rights as providing a legitimate basis, in appropriate cases, for interference by a public authority with an individual’s right to respect for his or her private and family life, home and correspondence. Case law under the Convention (the Leander case of 1987) also recognises that a State may set up a security service to gather and disclose information on citizens; but the State must put the security service on a clear legal basis, and must also ensure that there are adequate and effective guarantees against abuse. These requirements are reflected in the legislation for the Service, which sets out a number of statutory mechanisms for the oversight and control of the Service and its work (see Section 7 – Oversight, Accountability and Funding).

Political Impartiality

One of the responsibilities that the Security Service Act places on the Director General is to ensure “that the Service does not take any action to further the interests of any political party”. This encapsulates the important principle that in a democracy a domestic security service must be apolitical: its role is to protect democracy, not to influence its course. This means that the Service must not act in a way that might be seen as favouring one political party. It also means that the Government of the day may not press the Service into any action for party political reasons.
_______________
1 See Annex 1 (page 41) for the full text of The Security Service Act 1989.

---

12

4. The Nature of the Threats

At any one time there is a range of threats of differing types, which the Service must address with finite resources. A key task for the Service therefore is to ensure that resources are allocated according to the nature and comparative gravity of those threats. Annually, the Service’s judgments on these matters are validated externally, including by Ministers. The chart below gives an idea of how the relative proportions of the Service’s effort against the main threats have varied since 1990.
Security threats to the UK have changed greatly in recent years, most notably with the end of the Cold War, which in turn ended the Service’s long-standing focus on the very substantial threat posed by the Soviet Union and its Warsaw Pact allies. In parallel, the threat to British parliamentary democracy from subversion diminished over a number of years and is now negligible. However, the fall of the Soviet bloc generated instability throughout the former Soviet Union and beyond; that instability and the loss of centralised control added to other threats, including the proliferation of chemical, biological and nuclear weapons of mass destruction, and the spread of organised crime. Espionage against the UK has continued, although the overall level of threat has reduced. Terrorism has persisted throughout.
The threats are described overleaf.

---

13

Terrorism

Since the late 1960s, the Security Service has been involved in combating terrorist threats to British interests, both within the UK and overseas. The proportion of the Service’s resources devoted to countering both Northern Ireland-related and international terrorism has increased substantially over the years. In recent years terrorist attacks of all kinds worldwide have averaged almost 60 a month, so terrorism is likely to remain a focus of activity by the Service.
Countering terrorism is a complex task, not least because of the difficulty of obtaining accurate information about the intentions and activities of secretive and sometimes highly organised groups, many of which are based in inaccessible areas overseas, sometimes under the protection of regimes whose interests they also serve. The collective effort – both nationally and internationally – as well as the techniques involved, have had to keep pace with the increasing sophistication of terrorists and their operating methods.
In an open and democratic society, the initial advantage is likely to lie with the terrorists. In particular, there are limits to what can be done to prevent attacks which are planned and launched from abroad. The Service’s principal objective is therefore, over time, to erode the capacity of terrorist groups to initiate and sustain campaigns against British interests and those of Britain’s allies. There have been significant successes – many of them invisible to the public – in preventing acts of terrorism both in the UK and abroad, in helping law enforcement agencies to arrest terrorists and in otherwise disrupting their activities.
Terrorism related to Northern Ireland
Between 1969, when the most recent phase of the Troubles began in Northern Ireland, and April 1998, more than 3,000 people lost their lives, and more than 30,000 were injured as a result of terrorist violence. Substantial economic damage has also been caused. In addition to the human casualties, the cost of city-centre bombings, such as those in the City of London in April 1992 and April 1993, in London’s docklands in February 1996 and in Manchester in June 1996, was substantial.
The main terrorist organisations on the republican side – the Provisional IRA (PIRA), Republican Sinn Fein’s ‘military wing’, which calls itself the ‘Continuity IRA’, and the Irish National Liberation Army (INLA) – have sought, by violent means, to create a unified republic in the island of Ireland. Although they have been most active in Northern Ireland, republican terrorist groups, especially PIRA, have carried their attacks to the British mainland and to the continent of Europe. Foreign nationals as well as British subjects have been killed and injured as a result. British politicians have been killed and on two occasions PIRA has attempted to kill members of the Cabinet: the bombing of the Conservative Party Conference in Brighton in 1984 and the mortar attack on Downing Street in 1991.

Thirty-seven improvised explosive devices under construction by a PIRA team in London arrested in July 1996 following a joint investigation with the Metropolitan Police.

Northern Irish loyalist paramilitary organisations, notably the Ulster Volunteer Force (UVF), the Ulster Defence Association (UDA) and the Loyalist Volunteer Force (LVF), have all been involved in a violent campaign in response to what they claim to regard as the threat posed

---

14
to the protestant community in Northern Ireland by republican terrorism. Much of their activity has been essentially sectarian in character, often resulting in the random murder of Catholics who may have no connections of any kind with republican terrorism. Before the ceasefire declarations in August 1994, loyalist groups were murdering more people than PIRA.
Both loyalist and republican groups, especially PIRA, have for some years sought support from outside the island of Ireland to sustain their campaigns of violence. Such support has included the provision of weapons and finance. PIRA’s principal supplier during the 1980s was Libya, but the organisation has also acquired weaponry and related equipment via sympathisers in North America; through thefts; and from the arms black market in Europe. Other groups have been less ambitious, relying mainly on small scale purchases from dealers and criminal contacts. Funds have frequently been obtained through criminal activities in Northern Ireland and the Republic of Ireland, but they have also been obtained further afield – for example by loyalist groups in Britain and by republican groups from sympathisers overseas.
In Northern Ireland the Security Service works in support of the Royal Ulster Constabulary in respect of Irish-related terrorism. On the mainland of Great Britain, the Security Service was given lead responsibility for intelligence work against Irish republican terrorism in 1992. This role was in addition to its existing work against loyalist terrorist activity on the mainland and against all overseas manifestations of Irish-related terrorism (such as weapons procurement and PIRA attacks in Europe). Between 1992 and April 1998, the Service’s work with the police against Irish republican terrorism resulted in 18 convictions for serious terrorist-related offences. Many intended attacks, including large city-centre bombings, were prevented. In addition, various attempts by loyalist terrorists to obtain weaponry from the mainland have been disrupted in joint operations with the police.

A home-made sub-machine gun recovered in 1995 following a joint police-Security Service investigation into attempts by the UVF in Scotland to procure weapons on the mainland.

The Service’s work on the threat from terrorism relating to Northern Ireland is set against the backdrop of political developments, including, significantly, the agreement reached in April 1998 which set out the basis for a political settlement, subject to referendums North and South of the border. As with all of its work, the Service monitors closely any changes in the nature and level of the threat, including that posed by groups opposed to the peace process (such as the recently created 32 County Sovereignty Committee), and makes adjustments to the effort deployed accordingly.
International Terrorism
For many years the UK has also been exposed to the threat of terrorism originating overseas. British interests, and the interests of its friends and allies, have been threatened and attacked at home and abroad. Nationalist or separatist struggles in Europe, North Africa, the Middle East, the Indian sub-continent and the Far East have given rise to such terrorism, while minorities, religious extremists and others have used violent methods to advance their causes. As an illustration, the Algerian Armed Islamic Group (GIA) has been responsible for widespread massacres in Algeria itself, as well as a series of bombs in France in 1995; the Palestinian group

---

15
HAMAS mounted a series of suicide bomb attacks in Israel; and Egyptian terrorists carried out three major attacks on tourist buses between 1995 and 1997, as well as an attack on tourists in Luxor in November 1997 in which 58 people (including six Britons) were murdered. These and other similar groups have supporters in the UK.
Britain’s involvement in multi-national peacekeeping and similar international initiatives – such as in the Gulf and in former Yugoslavia – has also resulted in a terrorist threat to British interests. For example, buildings used by British and allied forces were the targets of large vehicle-bomb attacks in Saudi Arabia in 1995 and 1996.
British citizens and businesses are vulnerable to terrorism, both as targets in their own right and as bystanders to others’ quarrels. British soldiers, officials, business people and tourists have all been the victims of terrorism. As well as widely-reported events such as the July 1994 bomb attacks on Israeli and Jewish targets in London, recent years have seen Britons involved in terrorist-related kidnappings in Kashmir, Indonesia, Colombia, Chechnya, Yemen and Cambodia, and caught up in the terrorist seizure of the Japanese Ambassador’s residence in Lima in December 1996. In addition, some terrorist groups and their supporters have sought to use Britain as a place to raise funds, procure equipment and recruit new members – activities which are in themselves usually non-violent, but which can often contribute significantly to terrorism elsewhere.
Some states have used – and some continue to use – terrorism as an instrument of foreign policy, either by means of their intelligence services or through sponsorship of surrogate terrorist groups. For example, the investigation of the bombing of Pan Am Flight 103 over Lockerbie in 1988 resulted in warrants being issued for the arrest of two Libyan officials, believed to have been involved in the attack. The targets of state terrorism have also included their own dissidents and émigrés. State sponsorship has included the provision of weapons, training, finance and refuge to terrorists.

State sponsorship of terrorism – a Libyan shipment of arms and explosives to PIRA on the Eksund, intercepted in 1987 by the French authorities. The contents of earlier Libyan shipments have continued to feature in republican terrorist operations.

Like other industrialised states, the UK has been affected by developments in technology, and particularly in information technology and military weaponry, which give terrorists access to greater sophistication and know-how than a generation ago. The Security Service needs to keep abreast of these developments in order to continue to counter the threat posed. In addition, the Service investigates any indications that terrorists or other extremists might be developing or trying to obtain chemical, biological, nuclear or radiological materials as terrorist weapons.
As in the field of Northern Ireland-related terrorism, the Security Service works closely with UK law enforcement agencies and with overseas security and intelligence services to disrupt terrorist activity – not only specific attacks, where pre-emptive intelligence permits, but also the procurement of weapons and funds. Recent years have seen both kinds of disruption

---

16
successfully employed against UK-based terrorists or their supporters. In responding to terrorist attacks against British interests overseas, the Security Service works closely with the Secret Intelligence Service (SIS), and with both the Foreign and Commonwealth Office (FCO) and the British mission in the country concerned. The Service also advises the FCO and other relevant government departments on the changing terrorist threats to British interests abroad.

Espionage

During the Cold War the Security Service devoted much of its effort to countering the skilful and well-resourced intelligence services of the Soviet Union and its Warsaw Pact allies. The collapse of Soviet communism in 1991 and the disintegration of the Soviet Union brought fundamental changes to this area of the Service’s work. Most Central and East European Intelligence Services, formerly little more than Soviet surrogates, were reformed to serve new, democratically elected governments. The Security Service, along with other western security and intelligence agencies, took the opportunity to assist many of them in their efforts to reorganise and reorientate their work and functions. This assistance included advice on how to integrate their intelligence machinery within the framework of a democratic system of government. These new relationships have developed to allow the exchange of information on subjects of shared concern, such as terrorism and the proliferation of weapons of mass destruction.

[News clip] Russians expelled for spying The Norwegian Prime Minister has postponed a visit to Moscow following revelations of Russian espionage activity.

March 1998 – The intelligence targets of Russians expelled from Norway included European Union and NATO matters.

In line with the now reduced threat, the Service currently devotes only 12% of its budget to all aspects of counter-espionage. This is significantly less than in the period prior to the fall of the Berlin Wall, when around a half of the Service’s resources were focused directly on the substantial espionage threat posed by the Soviet Union and its allies alone.
But espionage against the UK continues. A range of countries seek to advance their political, economic and military objectives using covert methods against the UK, and the spectrum of interests on which they are seeking to gather information is wider than in the past. Since the end of the Cold War, Russia and the UK have developed a new and increasingly cooperative relationship. Despite this, however, Russia has retained its substantial and active overseas intelligence collection effort. After a period of retrenchment in the early 1990s, both the civilian and military Russian intelligence services renewed their efforts to send intelligence officers to London. A number of cases illustrate the continuing Russian espionage threat in the 1990s: in the UK, Michael John Smith, who worked for electronics companies engaged in sensitive government work; in the US, Aldrich Ames (CIA), Harold James Nicholson (CIA) and Earl Edwin Pitts

---

17
(FBI); and Francis Temperville, a former employee in the Directorate of Military Affairs at the Atomic and Energy Commission in France. All of these were convicted of spying for Russia.
The Security Service’s counter-espionage work is focused on:

• investigating leads that may result in the identification of spies who are providing foreign countries with sensitive information damaging to the UK’s national security or economic well-being; and

• disrupting the activities of those foreign intelligence officers who ‘talent-spot’ and recruit as agents individuals who have access to British secrets.

A few of the spies who have been identified in the UK in the past were controlled directly from abroad, but the great majority have been run by foreign intelligence officers based in this country. Historically, the Government has insisted that nationals of certain countries obtain visas before being allowed to enter the UK. This allows the Service to recommend, where necessary, that a visa be refused on national security grounds. Over the years, this precaution has severely hampered foreign intelligence services in their efforts to place intelligence officers in the UK to recruit and run agents.
As well as those who work under cover of postings in the diplomatic community, foreign intelligence officers have also tried to gain access to sensitive information in the UK by masquerading as trade officials, businessmen or members of scientific delegations. The greater flexibility of modern travel and the growing emphasis on the acquisition of sensitive commercial, economic and technical information, mean that foreign intelligence services may increasingly use short-term visits of this sort as cover for their intelligence operations.
On their home ground, or in other countries where they encounter little opposition from the local security agencies, foreign intelligence services are able to be far more aggressive in their espionage efforts against British interests. Consequently, for many years the Service has worked with other government departments, especially the Foreign and Commonwealth Office and the Ministry of Defence, to protect government personnel and premises overseas from espionage attack.

Proliferation

Since 1992 the Service has played a part in countering the threat posed by the spread of weapons of mass destruction (WMD), namely nuclear, chemical and biological weapons, and their strategic means of delivery (usually ballistic missiles). The collapse of the former Soviet Union has led to increased dangers in this area. The sale of WMD components and missiles is an attractive source of revenue for economically hard-pressed countries. There are ready buyers, particularly in the Middle East, for materials either to rebuild confiscated stocks or to provide a deterrent against an aggressive neighbour. More than 20 countries are currently seeking to evade international controls to develop WMD capability. Some are hostile to the UK and its allies; some have unstable regimes. Iraq’s use of chemical weapons in the past has been well publicised.
There is therefore a substantial threat from proliferation which goes far wider than the UK. The response of the international community in seeking to prevent proliferation is expressed in the Nuclear Non-Proliferation Treaty, under which the UK, as a signatory, has a duty to act against proliferators. The direct threat to the UK is twofold: first, that our armed forces will be exposed to the threat of WMD when deployed overseas; and secondly, that the UK will itself come within reach as longer-range missiles are acquired by potentially hostile or unstable countries.
Much of the material, technology and expertise required for WMD programmes can be found in the UK. Although the UK has stringent export

---

18
controls in place, the countries that are trying to procure equipment and know-how use increasingly sophisticated, covert and devious methods to circumvent these controls. These include the use of front companies and middlemen, and of students sent to the UK for postgraduate study. There are also increasing indications of the use of non-proliferating countries as apparent destinations for WMD-related materials, which are then shipped on to their true customers.

Iraq, early 1990s – artillery shells filled with mustard gas agent.

The Security Service, acting in cooperation with other government departments and agencies, aims to counter proliferation activity in the UK by:

• investigating attempts by proliferator countries to procure materials and expertise from the UK which could aid WMD programmes;

• investigating the potential benefits to WMD programmes that students and academics from countries of concern may obtain from study in the UK (the intangible transfer of technology). When necessary the Service may advise that such students and academics should be refused entry to the UK; and

• visiting UK companies, chambers of commerce, universities, and professional and trade associations to raise their awareness of the activities and requirements of proliferator countries, and to obtain information on their dealings with them. For instance, more than 700 companies have been visited since the start of the programme in 1992.

Serious Crime

On 14 October 1996 new legislation extended the Service’s statutory remit to include supporting the law enforcement agencies in work on serious crime. This change in the Service’s remit reflected the Government’s intention that Security Service expertise should also be deployed in the fight against serious crime. The Service’s work in this area has been financed from within existing Service resources.
The 1996 legislation makes it clear that the primary responsibility for work against serious crime remains with law enforcement agencies. Close working relationships with those agencies, including the National Criminal Intelligence Service (NCIS) are therefore central to the way that the Service carries out its work in this area. The legislation requires there to be arrangements governing how the Service fulfils its role in serious crime work. Under these arrangements, the Service is tasked to take on investigations on a case-by-case basis, where it is agreed that its particular skills, knowledge or capabilities are likely to help the investigation. The Service will then bring to bear its investigative capabilities as required, with a view to assisting the law enforcement agency to collect the necessary intelligence.

Subversion

Subversion in the UK is essentially an historical phenomenon. The Security Service Act does not use the term ‘subversion’, but provides a definition of it by reference to actions which are “intended to overthrow or undermine parliamentary democracy by political,

---

19
19
industrial or violent means”. The concept of subversion was therefore focused on hostility to the democratic process. It embraced both extreme left wing (Communist, Trotskyist) and extreme right wing (Fascist) subversive groups, and included those whose allegiance lay with countries hostile to the UK. Historically, Britain faced a very real threat from subversive organisations which sought to undermine parliamentary democracy – and had the capability to do so – most notably during the Cold War. Indeed some of these organisations made no secret of their intentions. Their activities were of concern to successive governments and were an important subject of attention by the Security Service. A particular focus of this work was to deny members of such groups access to sensitive government information. This was achieved through the vetting process announced in 1948 by the Prime Minister, Clement Attlee.
Subversive groups (including, in the past, Communist organisations) have sought to infiltrate and manipulate bona fide organisations, such as trade unions or pressure groups, as a way of exercising influence out of proportion to any support they could achieve through the ballot box. The Service investigated the activities of the subversive groups, but not the organisations they sought to penetrate. The Service never investigated people merely because they were members of trade unions or because they campaigned on particular issues such as nuclear disarmament.
Since the late 1980s, and particularly following the end of the Cold War, the threat from subversive organisations to British parliamentary democracy has declined and is now insignificant. With the collapse of Soviet communism, and taking into account the intentions and declining capabilities of subversive groups, the Service scaled down its work in this area over a number of years. The Security Service currently has no investigations in this area. During the financial year 1997/98 only 0.3% of the Service’s resources were allocated to the remnants of this work, predominantly to pay the pensions of retired agents.²

Protective Security

As well as countering the threats described above, the Service also works to reduce the vulnerability to those threats through its contribution to the protection of government assets and the UK’s critical infrastructure. This aspect of the Service’s work is integral to its function of protecting national security.
Protective security is concerned with protecting the confidentiality, integrity and availability of information and other important assets. It encompasses such problems as how to protect against acts of terrorism; against unauthorised access to buildings or computer systems; and against eavesdropping or interception of sensitive communications. The work has many aspects, including advising on locks and cabinets, passes and passwords, building structures, guards, fences, walls and intruder detection systems. It includes vetting arrangements for those who are authorised to have access to the protected assets, making them aware of threats and encouraging them to act securely. It also includes contingency planning, for when things go wrong. The Security Service provides specialist advice to Government on all of these matters. Its role is threefold: assessing the threats, advising on policy and practice and assisting with the security planning of major projects or important installations.
Protective measures must be appropriate to the threat. The Service’s intelligence branches identify and, as far as possible, take action to counter specific threats to national security. They also study the ways in which hostile organisations operate: for example, the modus operandi of terrorist organisations and the kind of weapons they employ; and the methods used by foreign intelligence services, together with
___________________
2 The role of agents in the work of the Service is described in Section 5 – The Nature of Security Intelligence Work (page 22).

---

20
the types of intelligence they are trying to acquire. Such information provides the basis for assessments of the level and type of threat to individual departments and the assets they hold. Taking into account additionally the number of security incidents, such as computer viruses and hacking, theft or accident, the Service is able to provide assessments of the nature and extent of different kinds of threat which need to be protected against.
The development and coordination of the Government’s central policy framework on protective security is the responsibility of the Cabinet Office. The Service provides specialist advice on the practical development of that policy. Where security of IT systems is concerned, the Service operates jointly with the Communications-Electronics Security Group in GCHQ. Within the Government’s central framework each department is responsible for the security of the assets it holds and is required to identify the risks to those assets, drawing on the threat assessments provided by the Service. They then implement security measures to reduce vulnerability to these risks in the most cost-effective way. The Service is able to provide guidance on how to do this, but responsibility for identifying risks and implementing security measures rests with the department itself.
The Service also advises certain organisations outside central government. For example, it advises those parts of industry which are involved in sensitive government defence and other contracts. It also advises those elements of commerce and industry whose services and products are of critical national importance: those which, if damaged, would cause unacceptable economic disruption, widespread loss of services or serious hazard to the public. The industries concerned include air, rail and sea transport, oil, gas, water, telecommunications, power generation and distribution, and banking.

One of the electricity installations targeted by the PIRA team arrested in July 1996 following a joint investigation with the Metropolitan Police. If their operations had been successful, extensive damage would have been caused to the electricity supply in the South East of England.

Vetting

The purpose of personnel security measures, of which vetting forms a part, is to provide an acceptable level of assurance that people with authorised access to sensitive government information or valuable assets will not abuse that access – for example, by passing secret information to a foreign government, or using it for personal financial advantage. As with protective security as a whole, overall policy in this area is set by Government, while individual departments have responsibility for their own security within the framework of that policy. This means that departments conduct their own background enquiries (such as police record checks, references, interviews etc) on applicants to sensitive posts and make their own decisions on whether or not to employ particular individuals. The Security Service does the same for its own staff. The vetting process is overt: security clearance cannot be sought for an individual without his or her consent.
Since before the Second World War, the Security Service has assisted government departments and organisations by providing a service of

---

21
record-checks on candidates for sensitive posts. In 1948 the Attlee Government formally introduced security vetting aimed at excluding both communists and fascists from positions where they might damage the security of the state. In support of this policy, during the Cold War the Service sought to identify members of subversive organisations. The ending of the Cold War has substantially altered the view that is taken of individuals with a record of involvement in various subversive organisations, and in recent years the main emphasis has been on protecting government information and important installations from individuals with terrorist connections. The policy of vetting for sensitive positions in government was reaffirmed in 1994 by the Prime Minister, John Major.
The Security Service Act 1989 stipulates that the Service may disclose information for use in deciding whether someone should be employed only if it does so in accordance with arrangements approved by the Home Secretary. Under those arrangements, if the Service finds that it has a relevant record on a candidate for a sensitive post, it will make a brief summary assessment of the suitability of the individual purely on security grounds. In the vast majority of cases, the Service has no record of the individual concerned. The existence of a record does not necessarily imply that an adverse assessment will be submitted. In 1997 the Service gave assessments in fewer than 0.1% of the vetting cases submitted by departments for checks, the majority relating to some degree of connection with terrorism or espionage.
The Security Service’s role in the vetting of an individual by a government department is based solely on its records – the Service does not investigate or interview candidates for sensitive posts, nor does it look into aspects of their character or behaviour. Even where the Service does disclose information in response to a vetting check, its assessment may contain the judgment that the information need not on its own prevent the candidate from having sensitive access. In those cases the department considers whether it has other grounds for doubting reliability before reaching a decision.
In respect of the Service’s contribution to vetting by departments, the oversight arrangements that form part of the Security Service Act 1989 provide recourse to the Security Service Tribunal (see Section 7 – Oversight, Accountability and Funding). The Tribunal’s responsibilities include the investigation of complaints from individuals who believe that the Service has improperly disclosed information about them in a vetting context:

“If and so far as the complainant alleges that the Service has disclosed information for use in determining whether he should be employed, or continue to be employed, by any person or in any office or capacity specified by him, the Tribunal shall investigate whether the Service has disclosed information for that purpose and, if the Tribunal finds that it has done so, they shall determine whether the Service had reasonable grounds for believing the information to be true.”

---

22

5. The Nature of Security Intelligence Work

The Security Service is not the only organisation with responsibilities bearing on national security, or involved in collecting intelligence about security threats. Others play important roles within their own specific functions, notably the Secret Intelligence Service (SIS), Government Communications Headquarters (GCHQ), Departments of State and the law enforcement agencies. The particular role of the Security Service is to:

investigate – to obtain and then to collate, analyse and assess secret intelligence about threats; counter – to act, and enable others to act, to counter specific threats;
advise – to keep Government, and others as appropriate, informed of the threats, and to advise on the response, including protective security measures;
assist – to provide relevant assistance to other agencies, organisations and departments.

In its approach to its work the Service aims to achieve a strategic advantage over the ‘targets’ of its investigations. Over time, the Service seeks to build up a detailed body of knowledge about target organisations, their key personalities, infrastructure, plans and capabilities. This enables the Service to assess the level and nature of the threat they pose which, in turn, informs the further deployment of intelligence resources to counter their activities. This is a cyclical process involving adjustments being made continually on the basis of new intelligence or events.
The assessment of threats is thus a central and distinctive component of the Service’s work and provides the basis of decisions about resource allocation, counter-action and protective measures. The Service’s judgments about the magnitude of the various threats to national security, and hence the distribution of the Service’s efforts, are subject to scrutiny and validation by a senior inter-departmental committee (SO(SSPP)) and then by Ministers (see Section 7 – Oversight, Accountability and Funding). Similarly the Service’s judgments on its priorities are adjusted in the light of the national requirements for intelligence drawn up by the Joint Intelligence Committee (JIC) (see ‘Relationships’ in Section 5) which are also approved by Ministers.

Sources of Intelligence

In carrying out its statutory functions the Service draws on the following principal sources of secret intelligence:

• the interception of communications;

• eavesdropping, which involves covertly monitoring the speech of targets under investigation;

• agents³ within target organisations; and surveillance (following and observing).

At any one time the Service may be conducting many investigations, but only a few will draw on the full range of techniques. In planning deployments, the Service aims to operate with the minimum of intrusion and expense, and in proportion to the threat. In complex investigations, several different techniques will be used in combination, and much of the skill lies in deciding the most effective blend.
Organisations which pose a threat to national security often go to considerable lengths to prevent and detect efforts to investigate their activities. The Security Service aims to gather
_____________________
3 In Security Service terminology an ‘agent’ is a human source working within or close to a target organisation, who provides intelligence in secret to the Service. Agents are not members of the Service.

---

23
intelligence while ensuring that the targets under investigation remain unaware of the Service’s interest in them. Clearly there is a need to prevent the compromise of a potentially successful investigation while it is running, but the Service also needs to look to the future. Keeping secret the details of intelligence methods is important if the Service is to retain them for use in future intelligence operations. Secrecy is also vital to ensure the safety of individuals, including agents.
The Security Service Act makes the Director General responsible for ensuring that there are effective arrangements within the Service to control the acquisition and disclosure of information. A major aspect of this control is a structure of internal mechanisms designed to ensure that the Service responds only to genuine threats, and does so with proper regard for the law, proportionately to the threat, and with appropriately senior authorisation for intrusive measures. These essential safeguards are also designed to allow fast-moving investigations to proceed swiftly, with proper authorisation, but without being hampered by unnecessary bureaucracy.
Operations under Interception and ‘Property’ Warrants
Operations to intercept mail and communications on the public telecommunications network must be specifically authorised by a warrant signed by the Secretary of State under the Interception of Communications Act 1985 (IOCA). Interception warrants may only be issued if the Secretary of State considers that the warrant is necessary in the interests of national security, or for the purpose of safeguarding the economic well-being of the UK against threats from overseas, or in order to prevent or detect serious crime.
The Intelligence Services Act 1994⁴ provides for the issue of ‘property’ warrants by the Secretary of State. The effect of a property warrant is to authorise otherwise unlawful entry into, or interference with, someone’s property – for example, for the purpose of eavesdropping or conducting a clandestine search. Property warrants may only be issued if the Secretary of State is satisfied that the proposed action is necessary on the grounds that it is likely to be of substantial value in assisting the Service to fulfil its functions, and that what the action seeks to achieve cannot reasonably be achieved in another way. It is usually the Home Secretary who issues interception and property warrants for the Security Service.
All intended operations of this sort are subject to extensive scrutiny both within the Service and outside, for example at the Home Office. Final authorisation is a matter for the Secretary of State and is only given on the basis of a formal submission which contains a detailed account of why the warrant is required. The submission also sets out the nature of the threat, the intelligence background, and confirms that the scope of the operation falls within the statutory functions of the Service. Applications for warrants must be approved by senior managers within the Service, and are then scrutinised by senior officials before submission to the Secretary of State. Arrangements are in place for the most urgent cases to be processed quickly.
Agents
Agents represent one of the most important sources of secret intelligence. Agent operations are run by specially trained officers and can last for long periods, sometimes for many years. The Service attaches particular importance to ensuring that its agents – many of whom are inevitably at risk through their work for the Service – are managed securely. Management arrangements for agent operations are also designed to make sure that the case is kept under proper control, drawing on advice from the Service’s legal advisers as necessary. For
_____________________
4 See Annex 2 (page 49) for relevant excerpts from The Intelligence Services Act 1994.

---

24
instance, a key objective is to avoid placing the agent in the role of agent provocateur, by enticing those on whom he or she is reporting to commit criminal acts which they would not otherwise have committed.
The Service pays close attention to the personal welfare of its agents, both during their agent career and after their active work for the Service has ended.
Surveillance
Surveillance operations involve the covert observation of targets under investigation in order to obtain intelligence about their movements and the identities of those with whom they are in contact. Surveillance is carried out by highly skilled, specialist officers who may work in vehicles, on foot or from fixed observation posts. The Service’s surveillance section is practised at operating in concert with others, particularly the police.

Information Management and Record-keeping

Intelligence operations rely on high quality record-keeping and information management systems. Some intelligence leads are too fragmentary or imprecise to be of immediate value. Nevertheless, small details – for example, of the membership and modus operandi of target organisations – are important because they provide the raw material on which the assessment of individual threats is based, against which new intelligence is judged, and from which further investigations can be developed. The Service’s record-keeping is central to supporting the capacity for sustained, integrated research and analysis which underpins all of the Service’s work.
The Service’s records include both paper files and computer records. Paper files remain for the present the main working documents of the Service, but computer-based documents are becoming increasingly important. The Service also makes extensive use of computer systems for the indexing and retrieval of its records. No government department or other agency has access to the Service’s databases, although the relevant authorities will be given access as necessary to specific information for the purpose of court cases. Within the Service there are additional controls which limit access to particularly sensitive data relating to the Service’s operations and investigations.
Detailed criteria govern the opening of files on individuals and organisations. These criteria specify the circumstances in which opening a file and initiating enquiries are justified within the terms of the Service’s statutory functions. They are kept under continual review and are formally checked for currency, relevance and propriety on an annual basis. In his report to Parliament for 1991, the Commissioner under the Security Service Act described in detail the Service’s controls on its files.⁵
The Service currently holds in total about 440,000 files which have been opened at some time since its establishment in 1909. Of these, approximately 35,000 files relate to Service administration, policy and staff, and 40,000 concern subjects and organisations studied by the Service. About 75,000 files relate to people or groups of people who have never been investigated by the Service such as those who have received protective security advice. This leaves about 290,000 files which relate to individuals who, at some time during the last 90 years, may have been the subject of Security Service enquiry or investigation. Of this 290,000 some 40,000 have been reduced to microfilm and placed in a restricted category to which Security Service staff have access only for specific research purposes. A further 230,000 files are closed so that staff may use them where necessary in the course of their current work, but may not make enquiries about the subjects of the files.
_________________
5 Security Service Act 1989 Chapter 5 – Report of the Commissioner for 1991, published by The Stationery Office (Cm 1946).

---

25
Therefore the great majority of the Service’s file holdings do not relate to individuals who may be under current investigation by the Service. The number of files which fall within that category is around 20,000. Of that number, about one third relate to foreign nationals – typically members or associates of foreign intelligence services or terrorist groups, leaving approximately 13,000 active files on UK citizens.
Retention and Destruction of Files
The Service must take account of a number of potentially conflicting factors when considering the long-term retention of files which are no longer of current interest. There are some specific legal requirements. First, the Service has a responsibility to provide the Security Service Tribunal with any details it requires of enquiries made about a complainant, or of any disclosure made for vetting purposes, since the Security Service Act came into force in December 1989; relevant records must therefore be retrievable. The Service must also comply with the requirements of the Public Records Act 1958 in identifying records of historical interest for permanent retention and eventual transfer to the Public Record Office. In practice, this means retaining files for future release that would otherwise have been destroyed as obsolete. The Service receives advice from the Public Record Office in judging which files to retain on historical grounds.