INTERNATIONAL INTELLIGENCE REVIEW AGENCIES

advertisement
INTERNATIONAL INTELLIGENCE REVIEW AGENCIES CONFERENCE 2008
AUCKLAND, NEW ZEALAND
6th to the 8th of OCTOBER
PANEL 2
SELECTION OF CASES FOR INDEPTH REVIEW
HOW TO SELECT WHAT IS OF SIGNIFICANCE
AND
THE CHALLENGE OF ASSURANCE OF COMPLETENESS OF INFORMATION PROVIDED
IMTIAZ FAZEL
CHIEF OPERATING OFFICER
OFFICE OF THE INSPECTOR-GENERAL OF INTELLIGENCE
SOUTH AFRICA
1
PART 1: BACKGROUND
1. Introduction
Thank you for the opportunity to speak at this conference and this panel in
particular on the important topic of case selection and the integrity of information
in conducting oversight.
Any discussion in this regard must be approached in the context of the oversight
framework and history of the oversight entity in question. This paper will briefly
examine the control environment in which intelligence services operated in
Apartheid South Africa before exploring the transformation into the dispensation
for intelligence and intelligence oversight in present-day South Africa. The
discussion will then move on to the main subject of selecting significant cases for
in-depth review outside of routine oversight, and conclude by addressing the
challenge of assuring the integrity of information from the perspective of the
Inspector-General in South Africa.
We all agree that Intelligence Services are essential components of the security
architecture in democratic societies. Their effective functioning however is
dependent upon the imperative of secrecy and special intrusive powers to procure
information.
If not subject to safeguards, especially in an environment
characterized by secrecy, these powers may be abused; manipulated or
misdirected, having the possible effect of subverting the very purpose for which
Intelligence Services were established.
Case selection for in-depth review is therefore key to mitigating the risks
associated with the abuse of the intelligence apparatus while ensuring that
Intelligence Services properly serve their national security responsibilities. Poor
case selection, however, could make oversight ineffective and the oversight of
incomplete information may well dilute and even render oversight irrelevant.
2
2. South Africa: Historical Perspective, Oversight and Control
The control of Intelligence in apartheid South Africa was characterized by close
management of operational effectiveness in a war-time environment where
administrative controls were only nominal and formal oversight and operational
controls were largely absent1.
Governance as a whole was characterized by an absence of clearly defined
intelligence mandates and laws governing the use of intrusive powers, selective
executive control, lenient judicial control and a lack of proper coordination
mechanisms, bedevilling the Intelligence Community with fierce competition for
political influence and material resources. Control systems within the Services
evolved largely from practice and although many were documented, these were
vague and designed to secure performance effectiveness rather than the
responsible use of the invasive powers of the security apparatus.
Intelligence activities during this era were characterized by counter actions against
civil society, disinformation to promote party and sectarian political interests,
suppression of the liberation movements and the liberal use of intrusive powers
with consequent systematic gross human rights violations. Of importance to
Intelligence Oversight is that these unlawful activities and morally questionable
practices occurred in an environment beset by a lack of proper control and
oversight - where the means justified the end, leaving room for executive fallback
and use of ‘plausible denial’.
3. The New Dispensation for Intelligence and Oversight
Intelligence and Security Sector reform in South Africa was a consequence of
constitutional reform brought about by the new political dispensation that swept
the country during the mid-1990’s. The resultant transformation of the security
architecture was informed by a different strategic security environment and the
broader democratic transformation of the South African society.
Recognizing the important role of South Africa’s future security architecture, the
newly adopted Constitution of the Republic of South Africa in 1996 provided for the
3
establishment of Intelligence Services. It did this within the context of a series of
governing principles and safeguards designed to ensure that the Intelligence and
Security Services pursue National Security in compliance with the law and act in
accordance with the Constitution. The concept of National Security and national
security policy also assumed a broader developmental context in a move away from
the narrower regime oriented militarist approach it had superseded.
Furthermore, the Constitution provides that Intelligence Services may only be
established in terms of national legislation and formulates clear parameters for
intelligence operations by prescribing that such legislation must regulate the
objects, powers and functions of state Intelligence Services, including the
intelligence arms of the Police Services and Defence Force2. For proponents of the
democratic control of the intelligence services, the Constitution provides for the
executive control and parliamentary oversight of intelligence services, and finally
the appointment of a civilian Inspector-General to monitor their activities 3..
4. Scope and Span of Oversight of the Inspector-General in South Africa
The contemporary dispensation for civilian oversight of intelligence in South
African was given expression by the Intelligence Services Oversight Act (Act 40 of
1994, as amended). The model for oversight is not intelligence service-centric and
the Inspector-General is responsible for the oversight of the entire South African
intelligence community. This community includes the domestic intelligence
gathering arm, the National Intelligence Agency (NIA), the foreign intelligence
gathering arm, the South African Secret Service (SASS), the Intelligence Division of
the South African Defence Force (DI), and the Crime Intelligence Division of the
South African Police Service (SAPS-CI)4.
Within the confines of the intelligence community, the Inspector-General is
compelled to perform a broad range of oversight activities although these exclude
the oversight of human resources and financial administration.
Although other important complimentary Oversight functions such as the evaluation
of Intelligence Failures are relevant, core oversight is generally approached in
three broad themes. These are the monitoring of the Lawful Conduct of
4
Intelligence Activities; the review of the Effective Performance of intelligence
work and serving the Role of Ombudsman in investigating the complaints of
members of the Services and the Public as regards the conduct of intelligence.
Finally, these three core functions and others culminate in the production of the
Annual Certificate of the Inspector-General in which he/she provides Assurance on
the Operational Conduct of the Services to the Executive and the Legislature.
Given this broad focus, both compliance with relevant laws and the proper
performance of intelligence activities are relevant to case selection for oversight.
Within this framework, the scope of oversight work is broadened further to include
civilian intelligence – both domestic and foreign and crime intelligence, as well as
defence intelligence.
PART 2: THE FUNDAMENTAL PRINCIPLES AND CRITERIA THAT INFORM THE
SELECTION OF CASES FOR INDEPTH REVIEW
1. Case selection: Securing compliance with the Rule of Law - The Intelligence
Business as a Regulated Industry
Essential to the understanding of the control and oversight of intelligence is an
appreciation of the principle that the Intelligence Business is a ‘Regulated
Industry’. This implies that intelligence activities are conducted within a regulated
framework of controls, checks and balances. This framework encompasses the
Constitution, primary legislation and executive instruction at the one end and
detailed Polices and Standard Operating Procedures at the other. The evaluation of
this framework is the basis for intelligence oversight and case selection for indepth review and its execution sets the parameters for professional, legitimate and
lawful intelligence conduct and provides intelligence officers with certainty and
confidence in their actions.
A sound regulatory framework is essential to good governance and securing its four
interrelated pillars within intelligence practice. These are respect for human rights
and the rule of law; promoting transparency and accountability in public
administration; enhancing administrative capacity and strengthening democratic
5
governance. In order to claim the benefit of exceptions to human rights standards
on the grounds of national security, it is necessary that the security sector derive
its authority from a sound regulatory framework.
The challenge is to ensure that the regulatory framework is carefully designed and
developed so that intelligence objectives are realized in an effective manner and
within the framework of the law and due process. Mechanisms of control over
intelligence activities should assist in guarding against the misuse of the state
security system for personal or group interest.
The system of checks and balances requires proper procedures for authorization
and administration; limitations on the use of and period of use of special powers;
limitations on the use and disposal of material obtained; procedures for control and
accountability; clear delegation of responsibility and associated accountability and
the maintenance of proper records and audit trails. Regulation implies careful
operational planning together with internal and external regulatory compliance as
essential prerequisites to operational activity.
Case selection for intelligence oversight in our young democracy is heavily driven
by the overriding objective of securing the parameters for professional, legitimate
and lawful intelligence conduct. This means that in-depth reviews continuously
strive to unravel the dynamics of intelligence activities, contribute to their proper
regulation, and finally, monitor compliance with this resultant regulatory
framework.
Whilst the development of formal checks and balances is essential in ensuring
intelligence conduct within the rule of law, it is recognized that these are
dependent on sound personal, ethical and professional conduct and value systems
within the Intelligence Services.
Although strong views have emerged against the case for regulation on the basis of
its impeding effects on operational effectiveness, we maintain and have promoted
a culture where regulation is seen as being about ensuring that the Intelligence
Services operate effectively and within the framework of the law, rather than
being perceived as stifling operational effectiveness.
6
2. Human rights imperatives and case selection
In South Africa, the Constitution and Bill of Rights ensure that never again shall
human rights be violated by institutions of state, in particular by the intelligence
and security services under the pretext of national security. Intelligence actions
and activities which have the potential to intrude on the individual rights of all
persons are therefore significant in determining cases for in-depth review. The
more intrusive to individual human rights an intelligence activity or operation is,
the more significant it is for selection for in-depth review.
Against this background, the statutory requirement for the Inspector-General of
South Africa to express an opinion whether anything done by an Intelligence Service
during the course of its activities is unlawful, or constitutes an unreasonable or
unnecessary exercise by that Service of any of its powers requires that any activity
that is of an intrusive nature or may exceed the lawful mandate of a Service be a
candidate for selection for in-depth review.
The primary objective of these reviews is to determine whether or not proper
criteria have been satisfied in the process of target identification and in the
utilization of intrusive measures that impede on the human rights or civil liberties
of individuals. Equally important is the inquiry as to whether or not an intelligence
activity is within the mandate and is in pursuance of the priorities of the Service
concerned.
Intrusive measures or ‘special powers’ refer to the enhanced powers to security
and intelligence services for the collection of intelligence information and which
allow for the limitation of human rights, especially the right to privacy. Given that
the South African Intelligence Services are required to act only within their powers
in law, only lawful or regulated action can be justified by way of violation of
human rights.
In this regard the principle of proportionality is essential and implies a relationship
between the level of intrusiveness of a method used and the magnitude of a
particular threat under investigation, weighed against the adverse impact on
7
human rights. On the other hand, necessity implies that the powers of agencies can
only be used where absolutely ‘necessary’ and alternative methods that are less
restrictive of human rights have been given prior consideration. The principles of
proportionality and necessity constitute the reasonable use of intrusive methods
and underpin intelligence practice and consequently detailed oversight reviews.
These reviews assure the protection of privacy from the use of intrusive methods
through a determination of their lawful and reasonable application. The use of
intrusive measures requires layered authorization in support of only genuine
security threats.
3. Case Selection and the Review of Performance Effectiveness
Within the confines of their statutory mandates, in South Africa, the operational
Priorities of the Intelligence Community are largely driven by the Annual National
Intelligence Estimate and resultant National Intelligence Priorities, approved by
Cabinet, together with Business Plans approved by the Minister. Case selection for
in-depth performance review at the operational and strategic levels of intelligence
practice is therefore informed primarily by government priorities.
Given the importance of their proper performance, these selected cases and
associated in-depth reviews are directed at inquiring whether the Services are
fulfilling their statutory mandates and delivering on identified priorities, are
responding to the needs of their varied clientele, have the required operational
capacity and resources and are performing their activities in an effective manner.
At the operational level, performance review mirrors the intelligence process and
seeks to assess the quality of and strategies for intelligence collection, quality and
sophistication of intelligence analysis and finally the timeliness of dissemination of
sound policy advice, warning or other intelligence process outcome, largely on a
sample approach. These initiatives are conducted at both the macro-organizational
level and in relation to specific operations or priority areas within an Intelligence
Service.
At the strategic level, performance evaluation includes an assessment of the
manner in which the Services interpret and operationalize their respective
8
statutory mandates or priorities and consequently develop focus areas, operational
priorities and plans. Oversight assessments at this level are also directed at
reporting systems and product flow, the coordination and sharing of intelligence
within the intelligence community, highlighting performance weakness that may
give rise to performance gaps or intelligence failures and the effectiveness of the
intelligence landscape as a whole.
The selection of cases for in-depth review and determining what is significant is
further informed by the priority level associated by government with a particular
operation or intelligence focus area. These are generally prioritized in three bands
of importance and also reflect the level of significance for oversight case selection.
4. The Primary Determinant: Oversight Risk and Case Selection
A risk management system, which rates the risk associated with an intelligence
operation, priority or method has recently evolved as a key driver in the selection
of cases for in-depth review and for determining the intelligence operations,
priorities or methods qualifying for selection as areas of significance.
From a performance perspective, intelligence priorities or operations are evaluated
as being of high risk where the risk of their poor performance or non-performance
is rated as high or where their proper performance is seen as essential from a band
rating perspective. From a compliance or regulatory perspective, intelligence
methods are evaluated as being of high risk where non-compliance with
appropriate rules and laws is rated as high or where the practice of the method
may have an adverse impact on the human rights or civil liberties of intelligence
targets.
Risk rating serves as the overall driver in the selection of cases for in-depth
monitoring and review where high risk operations, priorities and methods enjoy
more oversight effort in relation to those with lower levels of assessed risk.
Accordingly, the process of selecting cases for in-depth review must also be
informed by a scientific and objective evaluation of a multiplicity of factors
9
informed by various sources of information available to a review agency with
regard to the activities of the intelligence community. Above all, staying informed
about the challenges, priorities, deficiencies and developments in the intelligence
community is all important in determining what is of importance to oversee and
the level of effort necessary for such oversight!
PART 3: THE CHALLENGE OF ASSURANCE OF COMPLETENESS OF INFORMATION
PROVIDED
1. Introduction
Intelligence Oversight contributes towards the democratic accountability of the
Intelligence Community and the safeguarding of the fundamental rights and
freedoms of people within the borders of South Africa. Its execution however can
only be realized through unlimited access to information held both within the
Intelligence Services and by members of the Public.
While effective intelligence services are vital for national security, they necessarily
have to conduct most of their activities under conditions of secrecy. This poses
limitations for oversight and accountability. The need for accountability and proper
disclosure on the other hand, is paramount to enable and facilitate proper
oversight of intelligence activities and operations. Against this background, the
very nature of intelligence work therefore tends to heighten the risk of incomplete
information received for inspection or inaccurate representations obtained from
management about operational activities.
Given these possible risks, the integrity of data or information obtained from a
Service must be high to enable a Review Agency to provide an acceptable level of
assurance that an intelligence Agency acts within the framework of the rule of law
and with respect for human rights. A single exclusion or misrepresentation of
significance is sufficient to dilute the oversight effort as a whole or even render
parts of it meaningless.
10
The basic challenge of making Intelligence Services accountable and compelling
them to make full disclosures of their activities to Review Agencies is one that is
common to all intelligence oversight mechanisms.
2. Statutory Powers of Access to Information
Review Agencies being creatures of statute are generally provided with the power
of access to information and premises of intelligence agencies over which they
have an oversight responsibility. In South African law, no information may be
withheld from the Inspector-General on any ground and members of the
Intelligence Services as well as members of the public are compelled to provide
information and documents required for oversight.
Although denial of access is a punishable offence for both members of the Services
and of the public, our experience has demonstrated that while legal sanction is a
valuable deterrence, securing the cooperation of the intelligence Services and their
members requires a finer approach than recourse to the courts.
3. Cooperation or Prosecution: Approach to Oversight and Value system
Building confidence and relationships of trust are crucial ingredients in the
relationship between Oversight and Intelligence Services. Our approach is to
contribute constructively and add value to the proper performance of the activities
of the Services. This is mainly expressed in the exchange of information,
developing solutions and providing sound advice and reports on intelligence service
activities. A fault finding approach to Intelligence Oversight, save as regards
observance with the rule of law, has been widely viewed as ineffective.
‘Plaudits’ - commendations for good work, used sparingly in conjunction with
‘Audits’ build confidence as do initiatives (justifiably launched) that protect the
integrity of the Services in the public eye where it is unjustifiably questioned.
These confidence building measures build trust and facilitate candour and openness
in the oversight process. The principle of ‘no surprise’, secured through the
advance notification of the heads of Services of planned oversight engagements is
11
equally important in the intelligence environment and is now a statutory
requirement in our oversight framework.
However, pursuing the correct approach toward constructive engagement with the
intelligence services would require a careful balance between independence and
partnership. Securing the ability to monitor free from any influence and restriction
whatsoever while remaining internal to government but external to and
independent from the Intelligence Services must remain predominant in the
management of the key relationship with these Services.
4. Corroboration and Mechanisms of Assuring Data Integrity
Internal systems within the Office of the Inspector-General have continued to
evolve in developing our ability to evaluate the integrity of data and information
received from our Intelligence Agencies. These evaluation methods rely on a
knowledge management system that collates information obtained during various
review activities and evaluates trends and patterns in information provided against
previous periods to highlight possible gaps in them. In determining the
completeness and accuracy of information provided by the Agencies for oversight
purposes, Agency reports and representations are also corroborated with data held
by third parties such as centralized interception offices.
Crucially, operational procedures and internal policies within the Agencies compel
the use of indexing and sequencing of operational activities as well as centralized
databases with detailed audit trails in support of complete and accurate recording
of intelligence activities. Initiatives have also recently commenced to facilitate
direct electronic access to operational databases and to reports of the Services to
reduce the risk of incomplete disclosure.
While they improve accountability and increase assurance that complete disclosure
is made for oversight purposes, these initiatives are seen by Agency management as
constituting a significant security risk. It may be argued that all audit trails,
records and disclosures may constitute a similar risk, emphasizing the importance
of subordinating secrecy in favor of accountability for oversight purposes in a
democracy.
12
5. The Agency’s Obligation to Make Truthful Representations
One other important aspect worth noting is that it is a serious offence for a public
official to mislead a competent authority or knowingly misrepresent facts. In this
regard, a novel intervention, the concept of a ‘letter of representation’, made by
the Head of an Intelligence Service to the Inspector-General has made its way into
Intelligence Oversight practice in South Africa.
These letters compel the Head of Service to confirm that the information provided
by an intelligence agency for oversight purposes is accurate and complete. Without
detracting from oversight responsibilities in this regard, these letters of
representation serve as valuable evidentiary material of data integrity in the
absence of other sources of evidence and affirm the responsibility of the Head of
Service to submit information for oversight purposes which is accurate, complete
and free of material misstatement.
6. Good Communication and Sharing of Oversight Expectations
Sharing the details of work plans with the Heads of the Services prior to the
commencement of oversight work has enabled the Services to better appreciate
oversight objectives and requirements. Given this greater appreciation, this sharing
of information has resulted in greater cooperation and more efficient access to
information in the Services.
To support better communication, recently the concept of Oversight Committees
has been established in the South African intelligence community. Oversight
Principals at a senior level within the Intelligence Services co-chair a committee
with the Office of the Inspector-General wherein oversight priorities and outcomes
are deliberated. These Oversight Committees have improved access to and sharing
of information, secured the availability of key staff for oversight purposes when
required and enhanced logistical arrangements for planned oversight engagements.
These committees, which have become operational over the past year in each of
the Services, have contributed significantly to our own productivity and improved
the integrity and availability of information for oversight purposes. The committees
– led by Agency management, have also had the spin-off of championing the
13
importance of oversight within the Services, and are increasingly characterized by
Agency willingness to cooperate with oversight requirements and dynamic
exchanges of information.
CONCLUDING REMARKS
In the final analysis, case selection for in-depth review and monitoring of
intelligence activities is a permanently evolving challenge and is informed by our
overriding objectives of promoting accountability and operational effectiveness
within the intelligence services while providing assurance to the people of South
Africa on the lawful and effective conduct of intelligence.
Regulating the intelligence community is the foundation upon which these
objectives are built and has driven our formative initiatives over five short years.
Ours is still work in progress under intense development. Given our history, the
emerging culture in the intelligence community is framed within the principle of
the rule of law together with the message that spying is only permissible within
strictly defined parameters, with Intelligence Oversight the bridging activity that
connects the seemingly divergent worlds of secrecy and transparency.
Ultimately, however, Review Agencies all grapple with potential information gaps
and may be unable to provide guarantees on the proper conduct of the Intelligence
Agencies they oversee. They are only able to provide reasonable, as opposed to
absolute assurance in this regard. In the view of some, this level of assurance is
even lower, owing to an environment characterized by secrecy, and dare I say,
possible deception!
Thank you.
1
The Intelligence Community prior to the new dispensation included the intelligence division of the South African Police Services, the
Security Branch (SB); the Intelligence Division of the South African Defence Force, Military Intelligence (MI) and the civilian
Intelligence arm, the National Intelligence Service (NIS) which replaced the Bureau of State Security (BOSS) in 1979. Other line
departments at a national level are also known to have engaged in secret operations/intelligence gathering in support of their line
functions or for providing intelligence to the State Security Council.
2
The former requirement excludes the intelligence divisions of the South African Police Services and South African National Defence
Force while the latter constitutional provisions are given expression by primary legislation that include the Defence Act, South
African Police Service Act, National Strategic Intelligence Act and Intelligence Services Act that regulate the objects, powers and
14
functions of the Security Services together with interceptions and other legislation that specifically regulate and establish the
parameters for intelligence and law enforcement operations within the security sector.
5
The Inspector General is appointed by the President after a process of nomination by the parliamentary Joint Standing Committee
on Intelligence (JSCI) and approval thereof by at least two-thirds of the members of Parliament.
4
The NIA and the SASS are referred to as civilian intelligence Services and are accountable to the Minister for Intelligence Services.
DI and SAPS-CI fall under the executive control of the Minister of Defence and the Minister for Safety and Security respectively.
15