Report of the Independent Surveillance Review
37
2.30
The threat too from organised crime to the UK is growing. A recent Europol assessment
suggested that the Internet and communications technology has created a professional,
continually evolving, service-based criminal industry which ‘drives the innovation of
tools and methods used by criminals and facilitates the digital underground through
a multitude of complementary services, extending attack capacity to those otherwise
lacking the skills or capabilities’. It also highlights the risk of online marketplaces and
fora, which ‘provide cybercriminals with a nexus for the trade of goods and services
and a hub for networking, creating an organised set of criminal relationships from an
otherwise disparate population.’28
2.31
The UK’s Cyber Security Strategy outlines the growing and dynamic threat, from
states and non-state actors via the Internet and communications technology, to steal,
compromise or destroy critical data. As the strategy makes clear, the scale of the UK’s
dependence on the Internet means that its prosperity, key infrastructure, places of work
and homes can all be affected.29
2.32
The use of ICT in espionage represents another important aspect of the threat. As the
Anderson Report notes, ‘Cyber espionage allows information to be stolen remotely,
cheaply and on an industrial scale at relatively little risk to the hostile state’s intelligence
officers or its agents’.30 This not only affects the government and its agencies – the
intellectual property of UK companies are just as much of a target.
Perceptions of the Agencies
2.33
The public’s support for legitimate state law-enforcement and security and intelligence
work is crucial, and the police and SIAs themselves are the first to acknowledge that they
require public consent – it underpins their licence to operate. Even if it is universally
accepted that the agencies must keep some operational details of their work secret, the
public must support in principal what the agencies do and be confident they are acting
within a legal framework. The public must also remain confident in the accountability
and oversight mechanisms which verify that the agencies are operating within justifiable
moral, ethical and legal limits, and their work carried out in the public interest. In the
words of the ISC, ‘There is a legitimate public expectation of openness and transparency
in today’s society, and the intelligence and security Agencies are not exempt from
that’.31 While almost four in five adults (79 per cent) in the UK are concerned about their
privacy online,32 they also appear – for the most part – to be supportive of the agencies
(see Figure 2).
28. Europol, ‘Key Findings’, The Internet Organised Crime Threat Assessment (iOCTA), 2014,
<https://www.europol.europa.eu/iocta/2014/keyfindings.html>.
29. HM Government, ‘The UK Cyber Security Strategy’, Annex 10.
30. Anderson Report, p. 44.
31. ISC, Privacy and Security, p. 2.
32. Big Brother Watch, ‘UK Public Research – Online Privacy’, p. 2.