Just after midnight on Aug. 16, I was called by LBC Radio in London for a comment on a breaking story on the front page of The Daily Telegraph about British spies hacking the EU. Even though I had just retired to bed, the story was just too irresistible, but a radio interview is always too short to do justice to such a convoluted tale. Here are some longer thoughts.
For those who cannot get past the Telegraph paywall, the gist is that that the European Union has accused the British intelligence agencies of hacking the EU’s side of the Brexit negotiations. Apparently, some highly sensitive and negative EU slides about British Prime Minister Theresa May’s plan for Brexit, the Chequers Plan, had landed in the lap of the British government, which then lobbied the EU to suppress publication.
Of course, this could be a genuine leak from the Brussels sieve, as British sources are claiming (well, they would say that, wouldn’t they?). However, it is plausible that this is the work of the spies, either by recruiting a paid-up agent well placed within the Brussels bureaucracy, or through electronic surveillance.
The Ugly Truth of Spying
Before dismissing the latter option as conspiracy theory, the British spies do have experience. In the run-up to the Iraq war in 2003, the United States and the United Kingdom were desperate to get a United Nations Security Council resolution to invade Iraq, thus providing a fig leaf of apparent legitimacy to the illegal war. However, some countries within the UN had their doubts (including France and Germany), and the U.S. asked Britain’s listening post, GCHQ, to step up its surveillance game. Forewarned is forearmed in delicate international negotiations.
Gun: Threatened with prosecution
How do we know this? A brave GCHQ whistleblower named Katharine Gun leaked the information to The Observer. For her pains, she was threatened with prosecution under the draconian terms of the UK’s 1989 Official Secrets Act and faced two years in prison. The case was only dropped three weeks before her trial was due to begin, partly because of the feared public outcry, but mainly because her lawyers threatened to use the legal defense of “necessity”—a defense won only three years before during the case of MI5 whistleblower David Shayler. Tangentially, a film is being made about Gunn’s story this year.
We also have confirmation from one of the early 2013 Edward Snowden disclosures that GCHQ had hacked its way into the Belgacom network—the national telecommunications supplier in Belgium. Even back then, there was an outcry from the EU bodies, worried that the UK (and by extension its closest intelligence buddy, the U.S.), would gain leverage with stolen knowledge.
So, yes, it is perfectly feasible that the UK could have done this, even though it was illegal back in the day. GCHQ’s incestuous relationship with America’s National Security Agency gives it massively greater capabilities than other European intelligence agencies. The EU knows this well, which is why it is concerned to retain access to the UK’s defense and security powers post-Brexit, and also why it has jumped to these conclusions about hacking.
Somebody Needs to Watch the Watchers
But that was then, and this is now. On Jan. 1, 2017, the UK government finally signed a law called the Investigatory Powers Act, governing the legal framework for GCHQ to snoop. The IPA gave GCHQ the most draconian and invasive powers of any Western democracy. Otherwise known in the British media as the “snoopers’ charter,” the IPA had been defeated in Parliament for years, but Theresa May, then home secretary, pushed it through in the teeth of legal and civil society opposition. This year, the High Court ordered the UK government to redraft the IPA as it is incompatible with European law.
The IPA legalized what GCHQ previously had been doing illegally post-9/11, including bulk metadata collection, bulk data hacking, and bulk hacking of electronic devices.
It also gave the government greater oversight of the spies’ actions, but these measures remain weak and offer no protection if the spies choose to keep quiet about what they are doing. So if GCHQ did indeed hack the EU, it is feasible that the foreign secretary and the prime minister remained ignorant of what was going on, despite being legally required to sign off on such operations. In which case the spies would be running amok.
It is also feasible that they were indeed fully briefed, and that would have been proper protocol. GCHQ and the other spy agencies are required to protect “national security and the economic well-being” of Great Britain, and I can certainly see a strong argument could be made that they were doing precisely that (provided they had prior written permission for such a sensitive operation) if they tried to get advance intelligence about the EU’s Brexit strategy.
This argument becomes even more powerful when you consider the problems around the fraught issue of the border between the UK’s Northern Ireland and EU member Ireland, an issue about which the EU is being particularly intransigent. If a deal is not made, the 1998 Good Friday Agreement could be under threat and civil war might break out again in Northern Ireland. You cannot get much more “national security” than that, and GCHQ would be justified in this work, provided it has acquired the necessary legal sign-offs from its political masters.
Our Complicated World
However, these arguments will do nothing to appease the enraged EU officials. The UK government will continue to state that this was a leak from a Brussels insider, and publicly at least, oil will be seen to have been poured on troubled diplomatic waters.
(ChiralJon/CC BY 2.0)
Behind the scenes, though, this action will multiply the mutual suspicion and no doubt unleash a witch hunt through the corridors of EU power, with top civil servant Martin Selmayr (aka “The Monster”) cast as witchfinder general. With him on your heels, you would have to be a brave leaker, whistleblower or even paid-up agent working for the Brits to take such a risk.
So, perhaps this is indeed a GCHQ hack. However justifiable the move might be under the nebulous concept of “national security,” this event will poison further the already toxic Brexit negotiations. As Angela Merkel famously, if disingenuously, said after the Snowden revelation that the U.S. had hacked her mobile phone: “No spying among friends.” But perhaps this is an outdated concept—and the EU has not been entirely friendly to Brexit Britain.
I am just waiting for the first hysterical claim that it was the Russians instead or, failing them, former Trump strategist in chief, Steve Bannon, reportedly on a mission to build a divisive alt-right movement across Europe.