Programming

Wednesday, October 16, 2013

How about a Digital Privacy Act 2014

The recent exposés of the work of the NSA and GCHQ have led to the general consensus among politicians that more engagement and more oversight is needed of the work of the intelligence agencies. Here I will discuss the shape that I think this new legislation should take.

Andrew Parker, head of MI5, made a speech on the 8th of October, to answer the critics of the surveillance programs, but unfortunately I feel this speech fell short in several areas. It fails to acknowledge that real compromise is needed, and that individuals have a basic human right to privacy. Andrew Parker fails to see the irony that in order to preserve the freedoms we enjoy, we should impose total surveillance on all citizens, exceeding the quantity of surveillance suffered in East Germany by several orders of magnitude. He fails to realize that surveillance, not terrorism, is the biggest challenge to our freedom.

To understand just how appalling the current state of affairs is, we must use an analogy: A government agent has the master key to your house, and each day he comes in and look through all of your letters, correspondences, intimate photos, and can take copies to store indefinitely. There is no oversight on what agents may do, but there is no need for alarm because most of them are good eggs and not at all interested in those intimate photos of your wife or the contents of her underwear drawer. He installs a hidden microphone in each room in your house. But it's okay, because only people who are potential terrorists are targeted, such as those with one or more Muslim friends, those who have traveled abroad recently, environmental activists, politicians, journalists, bloggers, or those who express critical opinions of our security agencies.

Andrew Parker feels that the current incursions into our privacy are necessary and proportionate, but I disagree.

Given that most politicians lack the courage to stand up to such surveillance programs, we should at least explore what better oversight actually means. The first thing I would do is to rename the Data Communications Bill to the Digital Privacy Bill. This is because the surveillance aspect is already a done deal, and we need to focus on limiting the powers rather than reinforcing them. It would also be an easier sell to the Liberal Democrats and the general public.

First, the good news for the intelligence services:
  • We should continue to allow intelligence services to collect information using existing methods, including cable taps, span ports, hacking, back doors, decryption, radio signals, and to store the data for a limited period of time.
  • We can expect the cooperation of communications providers to install monitoring equipment.
  • Data can be stored for a maximum of five years.
  • Automated analysis of the all available data can be used to identify potential threats. This includes voice, image and text analysis of the contents of the communications.
  • Methods on how private data are gathered are not revealed. Only that the data has been gathered, and the identity of the data (host name, user name, file name or id).
  • Using "black hat" methods, including payments to hackers, malware writers and controllers of illegal botnets, is permissible via court order on a case by case basis. (And illegal otherwise).
Now the bad news for the intelligence services:
  • We need a proper definition of what is meant by "private", "public" and "confidential" data. 
  • Private data should match people's expectations. If you send someone a message (such as a lover, lawyer or journalist), then the fact that you have sent something and to whom is considered private. If you visit a website (such as health or legal pornography), then that fact is private. Files stored on your computer are private. Contact lists are private, unless explicitly made public by the user (such as Facebook or Twitter). If you share a photo to a private group of individuals, then that is expected to mean just the intended individuals, and not include government watchers.
  • In order for a human analyst to view "private" data, a court order must be obtained. The court order must explicitly state the reasons why the individual is under suspicion, (not just because some neural network said so), and there must be a reasonable suspicion that a crime has been committed or is being planned. What data is accessed is to be explicitly stated, as well as the motivation for viewing it.
  • An analyst is limited to viewing the data specified in the court order.
  • There is an audit trail of what information an analyst has viewed.
  • Private data can be used in court, but in that case the methods of interception must be revealed.
  • The automated analysis must not reveal private information, but it must generate a report which is sufficiently detailed to establish why an individual is under suspicion.
  • Oversight and enforcement that the computer systems and workflow comply with the legislation.
  • Ideally, the target of the court order must be notified that their private data are being seen by a human being. Such notification can be delayed by a court order, for a maximum of 10 years.
  • Retention of data beyond 5 years can be extended by court order to a maximum of 10 years.
  • Authorization to view private data is for a limited period of 30 days. After that, another court order would be required.
  • Where no further action is taken on an individual, they must be notified after the 30 day investigation period.
  • Certain professions, such as diplomats, politicians, lawyers and journalists, would have a much higher threshold to justify viewing their private data.
  • Statistics are published annually, showing the number of data items gathered, breakdown of data gathering by type (e.g. by web site), number of human views of private data, number of high profile individuals etc. Some, ideally all, of these statistics would be made public.
  • All interception methods must be revealed in detail after a period of 50 years.
  • Must not be used for civil uses, such as copyright infringement.
  • Private data must not be shared to any organization or government which does not have the same protections and respect for private data.
  • It is illegal to solicit others (and foreign agencies) to obtain private data other than via UK court order.
  • Any attempt to weaken commercial security systems, such as installing back doors, weakening protocols or encryption etc, must be approved by a court, and such methods to be revealed after 50 years.
  • Direct access to a user's systems, such as their home router, computer, storage devices, either physical, or remotely, requires a court order and a notification to the individual.
  • The act would need to be renewed every 5 years as the terrorist threat level goes down (leading ideally to total disconnection of the surveillance systems) or up.
  • The Bill would apply to all people, not just UK citizens. That is, court orders must be obtained to view the private data of foreigners. However in this case there is no duty to notify them.
There are many powers we could grant the police and security services, but we don't because we still aim to live in a free society. These safeguards are not too unreasonable, and offer the security services a great deal of freedom to do the good and generally well-intentioned work.

I would actually prefer that such surveillance proved unnecessary, as this kind of mass infringement on our rights becomes very difficult to reverse.

Sunday, October 13, 2013

Thoughts on Andrew Parker's speech

Andrew Parker's speech of the 8th of October is riddled with contradictions. In it, he tries to persuade us that the work of GCHQ is necessary due to terrorism, and not in the least bit alarming because of adequate oversight. He also talks about the need to protect our freedoms, more on that later.

To distill his argument, we are facing a terrorist threat which is so great, that if we were to stop mass surveillance, there would result in nothing short of a bloodbath. In short, we need to trust government's judgement on this.

The main problem is that getting blown up is clearly an infringement on my liberty, but so is mass surveillance. Make no mistake, intercepting and scanning all my private data and communications is a really big fricking deal. The probability that my communications are scanned and stored by the government is about 100%, and the probability that I will be harmed by a terrorist is about 0%. So I ask again, which is really the biggest threat to my freedom?

Andrew Parker is right on two things. Expecting to stop all terrorists is unreasonable, and we need to defend our liberties. Andrew Parker is however not giving us our liberties, but taking them away. He has infringed my fundamental human rights, but has given little in return. In attempting to defend my freedoms, he has taken them away.

The real question becomes how much of a bloodbath can we tolerate before I submit to mass surveillance? I would put the number into the tens of thousands (of deaths), before I would be agree to the Data Communications Bill. Make no mistake, there would definitely be a point, perhaps more than a 9/11, and definitely more than a 22/7, where I would gladly submit to this level of intrusion. This is not an invitation to the security services to stage another 9/11 either.

The real figures Andrew Parker suggests are far fewer. 330 convictions, most of them probably angry young men with legitimate grievances. Most of them would probably never follow through, or would get caught by other means. The moral backlash against such acts would in itself reduce them. Yes MI5 has saved lives, and thank you. But if the real aim here is to protect our freedom, then we just bit off our nose to spite our face.

I'm still mulling this speech over, but I am not happy with it at all.


Speech by Andrew Parker, head of MI5

I'm quoting this speech in full because I'm going to refer to it several times in future blog posts. It is taken from news.sky.com.

Below is a transcript of the speech by Andrew Parker, the head of MI5, to the Royal United Services Institute on October 8, 2013.

I'd like to start by thanking Professor Michael Clarke and the Royal United Services Institute for offering this forum for my first published speech as Director-General of MI5.
RUSI is rightly recognised at home and around the world in the leading rank of independent, authoritative voices on national security matters.
I was appointed Director-General of MI5 in April. MI5 is a highly specialised and professional organisation. Its work has been critical to the safety and security of the country and our people for over a century.
Leading MI5 is both a tremendous privilege and an enormous responsibility. Those responsibilities are as wide ranging as they are serious.
Our work is ever more subject to public debate and scrutiny. I want to use the opportunity of my first public speech tonight to open my contribution to those debates.
I will focus on three things: the MI5 of 2013, and what guides and shapes it;  the enduring and diversifying threat from al Qaeda and its imitators; and third the question of how in a world of accelerating technological change MI5 will continue to be able to get the information it needs to protect the UK.
Let me begin with a personal perspective. I joined MI5 30 years ago, fascinated and drawn by the opportunity to work in a professional organisation doing work of real national importance.
That might sound starry-eyed, but it has been my genuine experience every day since.
Over the years, with many excellent colleagues, I have been greatly privileged to be part of MI5's work in protecting the UK through numerous extraordinary and historic events that have shaped the life of this country.
Covert threats to the UK's security can arise from many different quarters.
Wherever and whenever they do it is MI5's job to be there, gathering intelligence, investigating and disrupting to protect the United Kingdom.
We have seen countless examples of the capacity of individuals, groups and nations to act aggressively for a host of reasons, be it from fear, suspicion or a sense of grievance.
We are all too familiar with the way that terrorism, espionage, cyber attack, and weapons of mass destruction are all features of the darker side of our modern world.
Of course the type and mix of security threats shifts. Over recent decades new threats have emerged (al Qaeda), old ones have fallen away (Cold War subversion), mutated (Northern Ireland-related terrorism) or branched out in new forms (cyber espionage).
MI5 has changed with the times too. So have our close partner Agencies: especially GCHQ, SIS and the police, upon whom our work depends.
Together we have a rich and proud history of continually adapting, reshaping, developing new skills and ways of working, and growing innovative capabilities to meet new challenges.
The past decade has seen some of the greatest shifts in MI5's post-war history.
In recent years we have responded to the rising threat of Islamist terrorism, taken on a new lead role for intelligence work in Northern Ireland, built cyber work, and helped secure the Olympics.
As I speak today we are tackling threats on more fronts than ever before.
But some things don't change. For over a hundred years MI5 has been protecting this country and its people from many kinds of danger: through two World Wars, the Cold War and bloody campaigns of terror.
Critical to our success down the decades, and still today, are the enduring qualities that define MI5.
I had the pleasure of speaking to several hundred retired members of the Service earlier this year. The audience spanned recent leavers right back to a distinguished colleague who had served during the Second World War.
They strongly recognised those defining qualities that remain at the core of MI5 today: the energy, commitment and clarity of purpose; the deep importance of integrity, objective judgement, and the rule of law; operational agility, skill and sheer inventiveness; and the way we work together in common endeavour.
Security threats are a feature of the modern world, but they do not define it.
We are all lucky to be able to live without fear in a free society. It is the task of MI5 and all the vital partner agencies on whom we depend to keep it that way.
We deal with threats and dangers all day every day. But for the public at large security concerns are rightly not a dominant part of daily life. Lethal terrorist attacks in the UK remain rare. MI5 and partners have a long track record of detecting and preventing most attempts.
But our task is getting harder. The threats are more diverse and diffuse. And we face increasing challenges caused by the speed of technological change. Those are my twin themes tonight.
Terrorism
My predecessor spoke last year about cyber threats. This evening I am majoring on terrorism. Describing the reality of the terrorism threat we face is challenging in public discourse. I've heard too much exaggeration at one end, while at the other there can sometimes be an alarming degree of complacency.
A partial picture does the public a disservice. It ultimately tends to corrode confidence in what MI5 and others do, and why. That is one of the main reasons why my predecessors over the past 20 years have made it an occasional habit to speak on the record.
None of us joined MI5 to make public speeches. But I too believe strongly that the public is owed an explanation of the threats the country faces and what we are doing about them.
Ministers properly take the day-to-day role in doing that, but I think it right that from time to time the public also hear direct from those who work behind the scenes to defend them.
 I'm not focusing on Northern Ireland terrorism this evening in detail, but given its importance and its central part in MI5's work, I can't leave it without saying a few words.
We have obviously seen enormous progress in re-building normality in Northern Ireland in the fifteen years since the Good Friday Agreement. But we still have to deal with continuing incidents of violence on both sides.
MI5 is necessarily focused on the darkest end. Various terrorist factions remain determined to kill people.
We and the Police Service of Northern Ireland detect and disrupt the vast majority of their attempts. But occasionally we are all stung with the tragedy of wanton murder, as we saw most recently with the shooting of David Black last November.
Rejecting the political process in Northern Ireland, these ragged remnants of a bygone age are in a cul-de-sac of pointless violence and crime with little community support. We will continue to work with the police to put these thugs and killers in front of the Courts.
Turning to international terrorism, let's start with the plain facts: from 11 September 2001 to the end of March this year 330 people were convicted of terrorism-related offences in Britain.
At the end of that period 121 were in prison, nearly three-quarters of whom were British. In the first few months of this year there were four major trials related to terrorist plots.
These included plans for a 7/7-style attack with rucksack bombs, two plots to kill soldiers, and a failed attempt to attack an EDL march using an array of lethal weapons.
There were guilty pleas in each case. 24 terrorists were convicted and sentenced to more than 260 years in jail.
Today, the threat level for international terrorism in the UK is assessed to be 'substantial': attacks are considered a strong possibility. But what does that really mean?
Since 2000, we have seen serious attempts at major acts of terrorism in this country typically once or twice a year. That feels to me, for the moment, unlikely to change.
While that tempo seems reasonably even, the ground we have to cover has increased as the threat has become more diversified.
Ten years ago, the almost singular focus of the international CT effort was al Qaeda in South Asia.
Since that time we have seen violent Islamist groupings in various countries and regions exploiting conflict, revolutions and the opportunity of weakened governance to gain strength and refuge.
Some have adopted the al Qaeda brand, becoming franchised affiliates with what at the same time has been a declining al Qaeda core in South Asia.
A time-lapse sequence of a world map over the past decade would show outbreaks in Iraq, North & West Africa, Yemen, Somalia, and most recently Syria.
Al Qaida and its affiliates in South Asia and the Arabian Peninsula present the most direct and immediate threats to the UK. For the future, there is good reason to be concerned about Syria.
A growing proportion of our casework now has some link to Syria, mostly concerning individuals from the UK who have travelled to fight there or who aspire to do so.
Al Nusrah and other extremist Sunni groups there aligned with al Qaeda aspire to attack Western countries.
The ability of al Qaeda to launch the centrally directed large scale attacks of the last decade has been degraded, though not removed.
We have seen the threat shift more to increasing numbers of smaller-scale attacks and a growing proportion of groups and individuals taking it upon themselves to commit acts of terrorism. It remains the case that there are several thousand Islamist extremists here who see the British people as a legitimate target.
Overall, I do not believe the terrorist threat is worse now than before. But it is more diffuse. More complicated. More unpredictable.
We have again seen the reality of terrorism this year. At the In Amenas gas facility in Algeria and then in Nairobi two weeks ago, we saw once more the unconstrained intent of the terrorists in action and the impact on Britons living and working around the world.
And on 22 May, Fusilier Lee Rigby was brutally killed in Woolwich - the forthcoming trial prevents me saying more. And we have seen violent attacks against Muslims and Mosques.
Counter Terrorism
I'd like to turn now to counter terrorism. The months preceding 7 July 2005 saw widespread scepticism about the threat...
Surely it couldn't happen here? I was Counter Terrorism Director the day al Qaeda murdered 52 people in London. I led the Service's CT response - a story for another day.
But the steps we and our partners were then able to take with an injection of new resources led directly a year later to what has been described as the biggest counter terrorism success in modern history.
Al Qaeda tried to bring down a number of transatlantic airliners using liquid bombs - the reason why there are restrictions on taking liquids on planes today. Like so many other attempts before and since, we were able to detect that plot and, with partners, stop it.
But, as events have tragically shown, we can't stop them all.
There can be no doubt that the UK has one of the most developed and effective set of counter terrorist capabilities and arrangements in the world. But I don't say this with any boasting.
As I've often said to heads of sister agencies overseas who have made such admiring remarks, what we have in the UK is not the product of some clever consultant on a management away-day with a flipchart and a marker pen. It was not designed and implemented in some giant leap.
The reality is of course that the UK has built and then advanced through many stages a set of defences over four decades in response to near-continuous severe terrorist threat.
Over that time in Great Britain and Northern Ireland thousands of people have died at the hands of terrorists. We have continually adapted, adjusted and advanced what we do to counter it, applying hard won lessons, sometimes painfully learned.
With partners in GCHQ, SIS, and the police, we continually challenge ourselves to move forward and keep improving. Increased investment and the skilful leadership of my predecessors have created a Security Service in the UK that is the envy of the world.
Similar advances have been made in the agencies we depend upon.
In one sense counter terrorism is an extraordinary proposition. Let me say what I mean.
Terrorism, because of its nature and consequences, is the one area of crime where the expectation sometimes seems to be that the stats should be zero.
Zero. Imagine applying the same target to murder in general, or major drugs trafficking. That is the stuff of 'pre-crime' in the Tom Cruise movie 'Minority Report'.
Life is not the movies. In a free society 'zero' is of course impossible to achieve in the face of persistent and serious threats - though we will keep stretching for it.
The utter unacceptability of terrorism is the reason why so much effort is rightly devoted to intelligence work to detect plans and thwart plots before they occur.
A strong record of success risks creating an expectation of guaranteed prevention. There can be no such guarantee.
And then there is the difference between knowing of someone and knowing everything about them.
Let me say what I mean. With greater resources since 7/7 we have worked very hard to identify as many as possible of the people in the country who are active in some way in support of terrorism.
As my predecessors have said at different times, there are several thousand of them, with varying degrees of involvement. My repeating this immediately risks conjuring the perhaps reasonable-seeming assumption that knowing who somebody is means MI5 then somehow knows everything about that person and can continually monitor every aspect of their life.
We cannot.
The idea that we either can or would want to operate intensive scrutiny of thousands is fanciful.
This is not East Germany, or North Korea. And thank goodness it's not. Successive Governments have made careful decisions about both the scale and powers of organisations like MI5, proportionate to the threats, and have gone no further. Britain is a democracy that rightly prizes the freedom of the individual. We do not want all-pervasive, oppressive security apparatus.
Knowing of an individual does not equate to knowing everything about them.
Being on our radar does not necessarily mean being under our microscope. The reality of intelligence work in practice is that we only focus the most intense intrusive attention on a small number of cases at any one time.
The challenge therefore concerns making choices between multiple and competing demands to give us the best chance of being in the right place at the right time to prevent terrorism.
There are of course processes for making these decisions, but I can't emphasise too strongly that it is not and never can be a precise science, and it should not be treated as if it were.
It centres on the art of judgement by intelligence professionals, who rarely have more than fragments of a picture to work with.
We are not perfect, and there are always things we can learn, do better and sharpen up on.
That we have a habit of doing so is one of our enduring strengths. And it's right that independent scrutineers like the Intelligence and Security Committee (ISC) can look at what we have done and help point out areas in which we can improve.
I am very pleased that we are a highly accountable Service. It is critically important to the sort of country we all want to live in that organisations like mine do not have free rein, and equally that we are not politically directed.
We operate under law. I am in charge of our operations, but am accountable to the Home Secretary. She in turn is accountable to Parliament and the British People, responsibilities that I know she treats with the utmost seriousness.
There is an important double-lock there: Ministers cannot direct MI5 operations, but equally I have to explain and answer for what we do. MI5 initiates operations, but conducting the most intrusive activity requires the signed authority and consent of the Secretary of State in every instance.
Our accountability goes much further. MI5 is overseen independently by Parliament through the ISC, inspected by two independent Commissioners (usually senior Judges), held to account on any complaints from the public by a senior and independent Tribunal of judges and lawyers, and audited by the National Audit Office. We give evidence in court.
Rightly, these arrangements are tough and testing. They have just been strengthened further by the passage of the Justice and Security Act.
This has expanded the powers and the resources of the ISC by a significant degree, allowing them for the first time to investigate operational matters of significant national importance.
I welcome this reform and the enhanced confidence it can give to the public.
The fact that much of this oversight necessarily happens out of public hearing leads some commentators to mistake silence for weakness. That is plain wrong. From my experience, I know that all of the bodies I have mentioned and their supporting staff pursue their responsibilities very fully, professionally and conscientiously.
We are also coming soon to the first Public Hearing at which the Agency Heads will be televised answering questions from the ISC in Parliament.
Whilst it can never replace the value of candid and classified evidence given in closed session about the detail of our work, it will be an important and visible extension of the accountability process and one which is transparent and tangible to the British public.
Challenges
I want to mention some of the challenges we face doing our work in the future. I'll do so in the way I talk about this to my staff.
I often describe the work of MI5 as a duality: keeping the country safe today, and ensuring we remain able to do so tomorrow. In other words, doing all we can to tackle the threats the country faces today, while also positioning ourselves and developing the capabilities we need to be able to protect the UK against future threats.
That second aspect might seem obvious but in a rapidly changing world it is becoming ever more important. It will require constant effort and forward thinking if we are to have the ways and means to hold back tomorrow's threats.
Let me explain. Our success in the future depends on how well we are able to respond to two principal themes. I have mentioned the first already: the diversifying threat landscape on all fronts. The challenge for us and for SIS and GCHQ is how to spread our effort effectively across a broader, shifting front.
As always we will need to ensure we are at all times looking where the problems for the UK are developing most strongly. That applies across the whole range of fronts, not just terrorism.
The second, perhaps greater, challenge is the accelerating technology race.
The internet, `big data', and leaps in technology continue profoundly to change how we all live.
There are healthy debates about how society and indeed the economy gain most from the best, while setting aside less welcome effects. Its relevance to our subject tonight is in the opportunities it gives to terrorists, and the challenges posed to us in tracking what they do.
What do I mean? The internet is used by terrorists for many purposes: broadcasting their propaganda, radicalising vulnerable individuals, arranging travel, buying items, moving money and so on. But the primary issue is communication.
When I joined the Service, communication between remote individuals was by telephone or by letter. Where there were grounds to do so, both could be covertly intercepted under legal warrant.
We could reasonably assume that we could acquire the whole content of the target's communication for analysis. At a lower threshold we could acquire their call data: a list of what calls they had made and received, without the content.
The internet and related technologies offer a rather different world - better in so many ways, but better too for the terrorists.
Through e-mail, IP telephony, in-game communication, social networking, chat rooms, anonymising services, and a myriad of mobile apps the terrorist has tens of thousands of means of communication. Many of those routes are now encrypted. Further advances are made every day.
How the UK decides to respond to these developments will directly determine the level of security available against the threats we face. Retaining the capability to access such information is intrinsic to MI5's ability to protect the country.
Shifts in technology can erode our capabilities.
There are choices to be made, including, for example, about how and whether communications data is retained. It is not, however, an option to disregard such shifts with an unspoken assumption that somehow security will anyway be sustained. It will not. We cannot work without tools.
Technologies advance all the time. But MI5 will still need the ability to read or listen to terrorists' communications if we are to have any prospect of knowing their intentions and stopping them.
The converse to this would be to accept that terrorists should have means of communication that they can be confident are beyond the sight of MI5 or GCHQ acting with proper legal warrant.
Does anyone actually believe that? We would all like to live in a world where there were no good reasons for covert investigation of people. But as events continue to prove, that is not the world we are in.
And let me be clear - we only apply intrusive tools and capabilities against terrorists and others threatening national security.
The law requires that we only collect and access information that we really need to perform our functions, in this case tackling the threat of terrorism. In some quarters there seems to be a vague notion that we monitor everyone and all their communications, browsing at will through people's private lives for anything that looks interesting. That is, of course, utter nonsense.
What we know about the terrorists, and the detail of the capabilities we use against them together represent our margin of advantage.
That margin gives us the prospect of being able to detect their plots and stop them. But that margin is under attack. Reporting from GCHQ is vital to the safety of this country and its citizens. GCHQ intelligence has played a vital role in stopping many of the terrorist plots that MI5 and the police have tackled in the past decade. We are facing an international threat and GCHQ provides many of the intelligence leads upon which we rely.
It makes a vital contribution to most of our high priority investigations. It causes enormous damage to make public the reach and limits of GCHQ techniques. Such information hands the advantage to the terrorists. It is the gift they need to evade us and strike at will. Unfashionable as it might seem, that is why we must keep secrets secret, and why not doing so causes such harm.
In closing, let me remind you of something that is too easily forgotten. MI5 is in the end an organisation of members of the public from every walk of life who care very much about the sort of country we live in.
That's why they work there. Believe me it's not for the money. Our whole raison d'être is the protection of the freedoms we all enjoy. The fundamental principles of necessity and proportionality run deep in the Service.
We bring thoughtful and considered balance to decisions about use of intrusive techniques. Far from being gratuitous harvesters of private information, in practice we focus our work very carefully and tightly against those who intend harm. The law requires it. All our internal controls, systems and authorisation levels are built accordingly and subject to independent inspection and oversight.
Threats are diversifying, but not diminishing. The internet, technology and big data are transforming our society. We have a tough job to do in rapidly changing times. We can't stop every plot, much as we try and much as we would like to. There are choices ahead that will determine whether we can sustain what we do, or accept that it will erode.
But, standing before you today, I can say that we are well placed to tackle the bulk of the threats we face, most of all because of the support we receive from our colleagues in GCHQ, SIS and the police and, most of all, because of the commitment of the men and women who make up MI5.