Home Office security minister Dan Jarvis is the sort of man who begins a speech by telling a joke. Even if it’s not of professional stand-up quality, you can appreciate his good intent. He was not cracking any jokes when he commented about ‘security professionals’ and what the National Security Act 2023, in force since last month, means for them.
Foreign states, ‘malign actors’ in the official jargon, are using security consultants, investigators, even close protection operatives who, near their principals, may pick up conversation of value.
Mr Jarvis said: “I urge security professionals to take caution to protect the UK and themselves by fully checking and understanding who they are working for. If they don’t, they seriously risk breaking the law and aiding states who seek nothing more than to harm this country and who have no concern for the individuals they employ.”
Stalinism
This Act is the latest piece of pure Stalinism by the British law-making state; that it’s a crime to not turn yourself in to the authorities, whether you have had a data breach, or (to take a proposed example only from earlier this month from a Home Office consultation document) a ‘mandatory reporting requirement for suspected victims of ransomware’; or, your teenage son isn’t coming out of his room and his talk has become disturbingly misogynist and hateful – if you don’t report him to the Prevent programme as possibly radicalised and he does something violent, you too are a criminal. This Stalinism, then, did not begin with Mr Jarvis and will not end with him.
Guidance document
The Home Office has provided a guidance document to ‘security professionals’, amounting to eight pages and 2400 words, including three ‘example scenarios’ so less than full that it’s less than candid. To be brief, the guidance splits the possible scenarios into three: you’re asked, by ‘state actors’, to gather information on pattern of life and locations of a dissident; someone is after ‘protected or sensitive information’ (in a word, used in the document, espionage); and states seeking ‘potential vulnerabilities’ in UK ‘critical infrastructure’ or supply chains (and we can add that just about everything is critical, from farms to petrol stations).
The three scenarios, so sketchily set out that they amount to 311 words, end handily with the outcome that you ought to report to the authorities. Regrettably, the real world is not so simple. For one thing, clients of security consultants from hostile states or with hostile intent are no more obliging enough to say so than burglars go around carrying bags marked ‘SWAG’. As the guidance acknowledges; those giving the business to a security person may be ‘intermediaries’. Here’s another scenario. A private investigator is tasked with locating someone with an African-sounding name. Doing due diligence, the PI asks for the client for background; the reply is that the man worked for the central bank of a country, stole money and fled. The PI does research (in other words, does an internet search). The man may have reached the public domain or not; if he has, he may be criticising the regime he’s left; maybe, he’s only become a critic since he got caught stealing. Perhaps both are true – the brief to the PI, that the missing man is a fraudster; and that the client is representing the intelligence service of a ‘foreign power’ that has a nasty habit of threatening or even harming dissidents?
Espionage
As for espionage, for an ‘advantage’ – the guidance defines it broadly, as diplomatic, technological or military – it would be folly to believe that only the UK’s enemies do it, as the guidance appears to accept (‘you should consider how your work complies with the law whichever country you believe a task might be coming from’). The UK or any country has secrets from even its friends and neighbours, such as the Republic of Ireland and France, unless when Mr Jarvis meets his counterparts from those countries he hands them the briefing notes his aides prepared for him. While the guidance quotes the secret and security services that the threat ‘predominantly’ comes from Russia, Iran and China (leaving out North Korea there), the truth is that other countries in terms of the threat they pose to the UK are on a spectrum – at the most trustworthy end, the ‘Five Eyes’ English-speaking countries, at the least trustworthy end, those three quoted. What’s awkward is that the UK has chosen to link itself so fully, economically, with China, including in the use of Chinese surveillance cameras and security kit generally (with some exceptions; not bollards and CCTV poles, which presumably it’s not worth China’s while to ship halfway around the world). When you can see Chinese CCTV cameras are installed at police stations and airports, and the Chancellor of the Exchequer Rachel Reeves (presumably a busy lady who only travels if she feels she absolutely ought to) visits China, the UK is uncomfortably over-connected to a threat.
Angola and Zimbabwe?
The guidance says nothing about such geopolitics. Indeed, because the Act is (in the jargon of the guidance) ‘actor agnostic’, it requires security professionals to have an encyclopaedic knowledge of world politics – to take only countries A to Z, who can say whether Angola and Zimbabwe gather intelligence so as to harass exiled dissidents?
Patriotic
Before the 2023 Act, you would hope that patriotic UK security people would report suspicions to the authorities (except would you know where to report?). The Act has raised the stakes; required security people to report suspicions to Counter Terror Policing (online for example at the ACT – Action Counters Terrorism – website. When such senior policemen speak in public, as Commander Dennis Murphy to the Counter Terror Expo in London in June, as featured in the August edition of Professional Security Magazine, they make plain their work takes in threats from foreign states besides domestic terrorism.).
Foreigners have long suspected British visitors, such as businessmen or diplomats, as connected to the British secret state. Sir Alex Younger, the former head of MI6, referred to this in his talk to Anticipate London (the former IFSEC show) last month, as featured in the January edition of Professional Security. In Iran (to paraphrase him), it’s feared that a British spy is behind every tree. This Act will add to that perception abroad, and no matter how unfair that is, security consultants who work overseas will have to factor that in.
