INTERNATIONAL INTELLIGENCE REVIEW AGENCIES
advertisement
INTERNATIONAL INTELLIGENCE REVIEW AGENCIES CONFERENCE 2008 AUCKLAND, NEW ZEALAND 6th to the 8th of OCTOBER PANEL 2 SELECTION OF CASES FOR INDEPTH REVIEW HOW TO SELECT WHAT IS OF SIGNIFICANCE AND THE CHALLENGE OF ASSURANCE OF COMPLETENESS OF INFORMATION PROVIDED IMTIAZ FAZEL CHIEF OPERATING OFFICER OFFICE OF THE INSPECTOR-GENERAL OF INTELLIGENCE SOUTH AFRICA 1 PART 1: BACKGROUND 1. Introduction Thank you for the opportunity to speak at this conference and this panel in particular on the important topic of case selection and the integrity of information in conducting oversight. Any discussion in this regard must be approached in the context of the oversight framework and history of the oversight entity in question. This paper will briefly examine the control environment in which intelligence services operated in Apartheid South Africa before exploring the transformation into the dispensation for intelligence and intelligence oversight in present-day South Africa. The discussion will then move on to the main subject of selecting significant cases for in-depth review outside of routine oversight, and conclude by addressing the challenge of assuring the integrity of information from the perspective of the Inspector-General in South Africa. We all agree that Intelligence Services are essential components of the security architecture in democratic societies. Their effective functioning however is dependent upon the imperative of secrecy and special intrusive powers to procure information. If not subject to safeguards, especially in an environment characterized by secrecy, these powers may be abused; manipulated or misdirected, having the possible effect of subverting the very purpose for which Intelligence Services were established. Case selection for in-depth review is therefore key to mitigating the risks associated with the abuse of the intelligence apparatus while ensuring that Intelligence Services properly serve their national security responsibilities. Poor case selection, however, could make oversight ineffective and the oversight of incomplete information may well dilute and even render oversight irrelevant. 2 2. South Africa: Historical Perspective, Oversight and Control The control of Intelligence in apartheid South Africa was characterized by close management of operational effectiveness in a war-time environment where administrative controls were only nominal and formal oversight and operational controls were largely absent1. Governance as a whole was characterized by an absence of clearly defined intelligence mandates and laws governing the use of intrusive powers, selective executive control, lenient judicial control and a lack of proper coordination mechanisms, bedevilling the Intelligence Community with fierce competition for political influence and material resources. Control systems within the Services evolved largely from practice and although many were documented, these were vague and designed to secure performance effectiveness rather than the responsible use of the invasive powers of the security apparatus. Intelligence activities during this era were characterized by counter actions against civil society, disinformation to promote party and sectarian political interests, suppression of the liberation movements and the liberal use of intrusive powers with consequent systematic gross human rights violations. Of importance to Intelligence Oversight is that these unlawful activities and morally questionable practices occurred in an environment beset by a lack of proper control and oversight - where the means justified the end, leaving room for executive fallback and use of ‘plausible denial’. 3. The New Dispensation for Intelligence and Oversight Intelligence and Security Sector reform in South Africa was a consequence of constitutional reform brought about by the new political dispensation that swept the country during the mid-1990’s. The resultant transformation of the security architecture was informed by a different strategic security environment and the broader democratic transformation of the South African society. Recognizing the important role of South Africa’s future security architecture, the newly adopted Constitution of the Republic of South Africa in 1996 provided for the 3 establishment of Intelligence Services. It did this within the context of a series of governing principles and safeguards designed to ensure that the Intelligence and Security Services pursue National Security in compliance with the law and act in accordance with the Constitution. The concept of National Security and national security policy also assumed a broader developmental context in a move away from the narrower regime oriented militarist approach it had superseded. Furthermore, the Constitution provides that Intelligence Services may only be established in terms of national legislation and formulates clear parameters for intelligence operations by prescribing that such legislation must regulate the objects, powers and functions of state Intelligence Services, including the intelligence arms of the Police Services and Defence Force2. For proponents of the democratic control of the intelligence services, the Constitution provides for the executive control and parliamentary oversight of intelligence services, and finally the appointment of a civilian Inspector-General to monitor their activities 3.. 4. Scope and Span of Oversight of the Inspector-General in South Africa The contemporary dispensation for civilian oversight of intelligence in South African was given expression by the Intelligence Services Oversight Act (Act 40 of 1994, as amended). The model for oversight is not intelligence service-centric and the Inspector-General is responsible for the oversight of the entire South African intelligence community. This community includes the domestic intelligence gathering arm, the National Intelligence Agency (NIA), the foreign intelligence gathering arm, the South African Secret Service (SASS), the Intelligence Division of the South African Defence Force (DI), and the Crime Intelligence Division of the South African Police Service (SAPS-CI)4. Within the confines of the intelligence community, the Inspector-General is compelled to perform a broad range of oversight activities although these exclude the oversight of human resources and financial administration. Although other important complimentary Oversight functions such as the evaluation of Intelligence Failures are relevant, core oversight is generally approached in three broad themes. These are the monitoring of the Lawful Conduct of 4 Intelligence Activities; the review of the Effective Performance of intelligence work and serving the Role of Ombudsman in investigating the complaints of members of the Services and the Public as regards the conduct of intelligence. Finally, these three core functions and others culminate in the production of the Annual Certificate of the Inspector-General in which he/she provides Assurance on the Operational Conduct of the Services to the Executive and the Legislature. Given this broad focus, both compliance with relevant laws and the proper performance of intelligence activities are relevant to case selection for oversight. Within this framework, the scope of oversight work is broadened further to include civilian intelligence – both domestic and foreign and crime intelligence, as well as defence intelligence. PART 2: THE FUNDAMENTAL PRINCIPLES AND CRITERIA THAT INFORM THE SELECTION OF CASES FOR INDEPTH REVIEW 1. Case selection: Securing compliance with the Rule of Law - The Intelligence Business as a Regulated Industry Essential to the understanding of the control and oversight of intelligence is an appreciation of the principle that the Intelligence Business is a ‘Regulated Industry’. This implies that intelligence activities are conducted within a regulated framework of controls, checks and balances. This framework encompasses the Constitution, primary legislation and executive instruction at the one end and detailed Polices and Standard Operating Procedures at the other. The evaluation of this framework is the basis for intelligence oversight and case selection for indepth review and its execution sets the parameters for professional, legitimate and lawful intelligence conduct and provides intelligence officers with certainty and confidence in their actions. A sound regulatory framework is essential to good governance and securing its four interrelated pillars within intelligence practice. These are respect for human rights and the rule of law; promoting transparency and accountability in public administration; enhancing administrative capacity and strengthening democratic 5 governance. In order to claim the benefit of exceptions to human rights standards on the grounds of national security, it is necessary that the security sector derive its authority from a sound regulatory framework. The challenge is to ensure that the regulatory framework is carefully designed and developed so that intelligence objectives are realized in an effective manner and within the framework of the law and due process. Mechanisms of control over intelligence activities should assist in guarding against the misuse of the state security system for personal or group interest. The system of checks and balances requires proper procedures for authorization and administration; limitations on the use of and period of use of special powers; limitations on the use and disposal of material obtained; procedures for control and accountability; clear delegation of responsibility and associated accountability and the maintenance of proper records and audit trails. Regulation implies careful operational planning together with internal and external regulatory compliance as essential prerequisites to operational activity. Case selection for intelligence oversight in our young democracy is heavily driven by the overriding objective of securing the parameters for professional, legitimate and lawful intelligence conduct. This means that in-depth reviews continuously strive to unravel the dynamics of intelligence activities, contribute to their proper regulation, and finally, monitor compliance with this resultant regulatory framework. Whilst the development of formal checks and balances is essential in ensuring intelligence conduct within the rule of law, it is recognized that these are dependent on sound personal, ethical and professional conduct and value systems within the Intelligence Services. Although strong views have emerged against the case for regulation on the basis of its impeding effects on operational effectiveness, we maintain and have promoted a culture where regulation is seen as being about ensuring that the Intelligence Services operate effectively and within the framework of the law, rather than being perceived as stifling operational effectiveness. 6 2. Human rights imperatives and case selection In South Africa, the Constitution and Bill of Rights ensure that never again shall human rights be violated by institutions of state, in particular by the intelligence and security services under the pretext of national security. Intelligence actions and activities which have the potential to intrude on the individual rights of all persons are therefore significant in determining cases for in-depth review. The more intrusive to individual human rights an intelligence activity or operation is, the more significant it is for selection for in-depth review. Against this background, the statutory requirement for the Inspector-General of South Africa to express an opinion whether anything done by an Intelligence Service during the course of its activities is unlawful, or constitutes an unreasonable or unnecessary exercise by that Service of any of its powers requires that any activity that is of an intrusive nature or may exceed the lawful mandate of a Service be a candidate for selection for in-depth review. The primary objective of these reviews is to determine whether or not proper criteria have been satisfied in the process of target identification and in the utilization of intrusive measures that impede on the human rights or civil liberties of individuals. Equally important is the inquiry as to whether or not an intelligence activity is within the mandate and is in pursuance of the priorities of the Service concerned. Intrusive measures or ‘special powers’ refer to the enhanced powers to security and intelligence services for the collection of intelligence information and which allow for the limitation of human rights, especially the right to privacy. Given that the South African Intelligence Services are required to act only within their powers in law, only lawful or regulated action can be justified by way of violation of human rights. In this regard the principle of proportionality is essential and implies a relationship between the level of intrusiveness of a method used and the magnitude of a particular threat under investigation, weighed against the adverse impact on 7 human rights. On the other hand, necessity implies that the powers of agencies can only be used where absolutely ‘necessary’ and alternative methods that are less restrictive of human rights have been given prior consideration. The principles of proportionality and necessity constitute the reasonable use of intrusive methods and underpin intelligence practice and consequently detailed oversight reviews. These reviews assure the protection of privacy from the use of intrusive methods through a determination of their lawful and reasonable application. The use of intrusive measures requires layered authorization in support of only genuine security threats. 3. Case Selection and the Review of Performance Effectiveness Within the confines of their statutory mandates, in South Africa, the operational Priorities of the Intelligence Community are largely driven by the Annual National Intelligence Estimate and resultant National Intelligence Priorities, approved by Cabinet, together with Business Plans approved by the Minister. Case selection for in-depth performance review at the operational and strategic levels of intelligence practice is therefore informed primarily by government priorities. Given the importance of their proper performance, these selected cases and associated in-depth reviews are directed at inquiring whether the Services are fulfilling their statutory mandates and delivering on identified priorities, are responding to the needs of their varied clientele, have the required operational capacity and resources and are performing their activities in an effective manner. At the operational level, performance review mirrors the intelligence process and seeks to assess the quality of and strategies for intelligence collection, quality and sophistication of intelligence analysis and finally the timeliness of dissemination of sound policy advice, warning or other intelligence process outcome, largely on a sample approach. These initiatives are conducted at both the macro-organizational level and in relation to specific operations or priority areas within an Intelligence Service. At the strategic level, performance evaluation includes an assessment of the manner in which the Services interpret and operationalize their respective 8 statutory mandates or priorities and consequently develop focus areas, operational priorities and plans. Oversight assessments at this level are also directed at reporting systems and product flow, the coordination and sharing of intelligence within the intelligence community, highlighting performance weakness that may give rise to performance gaps or intelligence failures and the effectiveness of the intelligence landscape as a whole. The selection of cases for in-depth review and determining what is significant is further informed by the priority level associated by government with a particular operation or intelligence focus area. These are generally prioritized in three bands of importance and also reflect the level of significance for oversight case selection. 4. The Primary Determinant: Oversight Risk and Case Selection A risk management system, which rates the risk associated with an intelligence operation, priority or method has recently evolved as a key driver in the selection of cases for in-depth review and for determining the intelligence operations, priorities or methods qualifying for selection as areas of significance. From a performance perspective, intelligence priorities or operations are evaluated as being of high risk where the risk of their poor performance or non-performance is rated as high or where their proper performance is seen as essential from a band rating perspective. From a compliance or regulatory perspective, intelligence methods are evaluated as being of high risk where non-compliance with appropriate rules and laws is rated as high or where the practice of the method may have an adverse impact on the human rights or civil liberties of intelligence targets. Risk rating serves as the overall driver in the selection of cases for in-depth monitoring and review where high risk operations, priorities and methods enjoy more oversight effort in relation to those with lower levels of assessed risk. Accordingly, the process of selecting cases for in-depth review must also be informed by a scientific and objective evaluation of a multiplicity of factors 9 informed by various sources of information available to a review agency with regard to the activities of the intelligence community. Above all, staying informed about the challenges, priorities, deficiencies and developments in the intelligence community is all important in determining what is of importance to oversee and the level of effort necessary for such oversight! PART 3: THE CHALLENGE OF ASSURANCE OF COMPLETENESS OF INFORMATION PROVIDED 1. Introduction Intelligence Oversight contributes towards the democratic accountability of the Intelligence Community and the safeguarding of the fundamental rights and freedoms of people within the borders of South Africa. Its execution however can only be realized through unlimited access to information held both within the Intelligence Services and by members of the Public. While effective intelligence services are vital for national security, they necessarily have to conduct most of their activities under conditions of secrecy. This poses limitations for oversight and accountability. The need for accountability and proper disclosure on the other hand, is paramount to enable and facilitate proper oversight of intelligence activities and operations. Against this background, the very nature of intelligence work therefore tends to heighten the risk of incomplete information received for inspection or inaccurate representations obtained from management about operational activities. Given these possible risks, the integrity of data or information obtained from a Service must be high to enable a Review Agency to provide an acceptable level of assurance that an intelligence Agency acts within the framework of the rule of law and with respect for human rights. A single exclusion or misrepresentation of significance is sufficient to dilute the oversight effort as a whole or even render parts of it meaningless. 10 The basic challenge of making Intelligence Services accountable and compelling them to make full disclosures of their activities to Review Agencies is one that is common to all intelligence oversight mechanisms. 2. Statutory Powers of Access to Information Review Agencies being creatures of statute are generally provided with the power of access to information and premises of intelligence agencies over which they have an oversight responsibility. In South African law, no information may be withheld from the Inspector-General on any ground and members of the Intelligence Services as well as members of the public are compelled to provide information and documents required for oversight. Although denial of access is a punishable offence for both members of the Services and of the public, our experience has demonstrated that while legal sanction is a valuable deterrence, securing the cooperation of the intelligence Services and their members requires a finer approach than recourse to the courts. 3. Cooperation or Prosecution: Approach to Oversight and Value system Building confidence and relationships of trust are crucial ingredients in the relationship between Oversight and Intelligence Services. Our approach is to contribute constructively and add value to the proper performance of the activities of the Services. This is mainly expressed in the exchange of information, developing solutions and providing sound advice and reports on intelligence service activities. A fault finding approach to Intelligence Oversight, save as regards observance with the rule of law, has been widely viewed as ineffective. ‘Plaudits’ - commendations for good work, used sparingly in conjunction with ‘Audits’ build confidence as do initiatives (justifiably launched) that protect the integrity of the Services in the public eye where it is unjustifiably questioned. These confidence building measures build trust and facilitate candour and openness in the oversight process. The principle of ‘no surprise’, secured through the advance notification of the heads of Services of planned oversight engagements is 11 equally important in the intelligence environment and is now a statutory requirement in our oversight framework. However, pursuing the correct approach toward constructive engagement with the intelligence services would require a careful balance between independence and partnership. Securing the ability to monitor free from any influence and restriction whatsoever while remaining internal to government but external to and independent from the Intelligence Services must remain predominant in the management of the key relationship with these Services. 4. Corroboration and Mechanisms of Assuring Data Integrity Internal systems within the Office of the Inspector-General have continued to evolve in developing our ability to evaluate the integrity of data and information received from our Intelligence Agencies. These evaluation methods rely on a knowledge management system that collates information obtained during various review activities and evaluates trends and patterns in information provided against previous periods to highlight possible gaps in them. In determining the completeness and accuracy of information provided by the Agencies for oversight purposes, Agency reports and representations are also corroborated with data held by third parties such as centralized interception offices. Crucially, operational procedures and internal policies within the Agencies compel the use of indexing and sequencing of operational activities as well as centralized databases with detailed audit trails in support of complete and accurate recording of intelligence activities. Initiatives have also recently commenced to facilitate direct electronic access to operational databases and to reports of the Services to reduce the risk of incomplete disclosure. While they improve accountability and increase assurance that complete disclosure is made for oversight purposes, these initiatives are seen by Agency management as constituting a significant security risk. It may be argued that all audit trails, records and disclosures may constitute a similar risk, emphasizing the importance of subordinating secrecy in favor of accountability for oversight purposes in a democracy. 12 5. The Agency’s Obligation to Make Truthful Representations One other important aspect worth noting is that it is a serious offence for a public official to mislead a competent authority or knowingly misrepresent facts. In this regard, a novel intervention, the concept of a ‘letter of representation’, made by the Head of an Intelligence Service to the Inspector-General has made its way into Intelligence Oversight practice in South Africa. These letters compel the Head of Service to confirm that the information provided by an intelligence agency for oversight purposes is accurate and complete. Without detracting from oversight responsibilities in this regard, these letters of representation serve as valuable evidentiary material of data integrity in the absence of other sources of evidence and affirm the responsibility of the Head of Service to submit information for oversight purposes which is accurate, complete and free of material misstatement. 6. Good Communication and Sharing of Oversight Expectations Sharing the details of work plans with the Heads of the Services prior to the commencement of oversight work has enabled the Services to better appreciate oversight objectives and requirements. Given this greater appreciation, this sharing of information has resulted in greater cooperation and more efficient access to information in the Services. To support better communication, recently the concept of Oversight Committees has been established in the South African intelligence community. Oversight Principals at a senior level within the Intelligence Services co-chair a committee with the Office of the Inspector-General wherein oversight priorities and outcomes are deliberated. These Oversight Committees have improved access to and sharing of information, secured the availability of key staff for oversight purposes when required and enhanced logistical arrangements for planned oversight engagements. These committees, which have become operational over the past year in each of the Services, have contributed significantly to our own productivity and improved the integrity and availability of information for oversight purposes. The committees – led by Agency management, have also had the spin-off of championing the 13 importance of oversight within the Services, and are increasingly characterized by Agency willingness to cooperate with oversight requirements and dynamic exchanges of information. CONCLUDING REMARKS In the final analysis, case selection for in-depth review and monitoring of intelligence activities is a permanently evolving challenge and is informed by our overriding objectives of promoting accountability and operational effectiveness within the intelligence services while providing assurance to the people of South Africa on the lawful and effective conduct of intelligence. Regulating the intelligence community is the foundation upon which these objectives are built and has driven our formative initiatives over five short years. Ours is still work in progress under intense development. Given our history, the emerging culture in the intelligence community is framed within the principle of the rule of law together with the message that spying is only permissible within strictly defined parameters, with Intelligence Oversight the bridging activity that connects the seemingly divergent worlds of secrecy and transparency. Ultimately, however, Review Agencies all grapple with potential information gaps and may be unable to provide guarantees on the proper conduct of the Intelligence Agencies they oversee. They are only able to provide reasonable, as opposed to absolute assurance in this regard. In the view of some, this level of assurance is even lower, owing to an environment characterized by secrecy, and dare I say, possible deception! Thank you. 1 The Intelligence Community prior to the new dispensation included the intelligence division of the South African Police Services, the Security Branch (SB); the Intelligence Division of the South African Defence Force, Military Intelligence (MI) and the civilian Intelligence arm, the National Intelligence Service (NIS) which replaced the Bureau of State Security (BOSS) in 1979. Other line departments at a national level are also known to have engaged in secret operations/intelligence gathering in support of their line functions or for providing intelligence to the State Security Council. 2 The former requirement excludes the intelligence divisions of the South African Police Services and South African National Defence Force while the latter constitutional provisions are given expression by primary legislation that include the Defence Act, South African Police Service Act, National Strategic Intelligence Act and Intelligence Services Act that regulate the objects, powers and 14 functions of the Security Services together with interceptions and other legislation that specifically regulate and establish the parameters for intelligence and law enforcement operations within the security sector. 5 The Inspector General is appointed by the President after a process of nomination by the parliamentary Joint Standing Committee on Intelligence (JSCI) and approval thereof by at least two-thirds of the members of Parliament. 4 The NIA and the SASS are referred to as civilian intelligence Services and are accountable to the Minister for Intelligence Services. DI and SAPS-CI fall under the executive control of the Minister of Defence and the Minister for Safety and Security respectively. 15
