> If the ex-ante regulator (ie, my board) ruled a permission to do something was unlawful, it would indeed not happen. I think it is important to affirm this in public.
I have no knowledge on the subject so this isn't suggesting a conspiracy theory, but hypothetically if there were a conspiracy of the security services wanting to illegally do things that this board rejected, wouldn't they just... do it, without telling this board "oh, fyi we're ignoring that ruling you made yesterday and proceeding to hack away because we really want that info!"
They'd probably even be clever enough to do stuff like continue to submit less-invasive requests (if we can't do X can we do 1/2th of X) or whatever other responses they would have if they were indeed respecting the ruling, despite the fact that actually these follow-up requests were wasting everyone's time to obscure that they'd already done what they were initially banned from doing, and now just needed a smoke screen and maybe some parallel construction to give a legal way to prosecute.
In such a hypothetical (a security service wanting people to believe they're following the rulings while actually not caring about the rules at all), would it actually be discoverable short of them screwing up or having a whistleblower? Are there audits in place by other government departments that would even have a chance of finding out if it were happening? (Even before then wondering whether such an unethical hypothetical security service wouldn't also stoop to other unethical practices such as blackmailing those who are meant to audit them, etc...)
I don't know what any of the answers are to this line of thinking, I'm sure plenty of people smarter and more knowledgeable in this area than me have put plenty of thought into it, but I've never heard of any magic solutions to enable transparent accountability while maintaining the secrecy needed. Maybe I'm just uninformed?
To give you an idea of how plausible this is, I recommend reading the facts that came to light thanks to the work of Privacy International taking the UK government to court. Here are some quotes from an article[0] written in 2018:
> The Investigatory Powers Tribunal has reruled that GCHQ, MI5 and MI6 engaged in indiscriminate and illegal bulk cable-tapping surveillance for 15 years – and has once again refused to do anything about it.
> By law the Foreign Sec cannot delegate that power and let, for example, the head of GCHQ decide what kind of data to grab or how much of it they wish to browse through. However, in practice, what was happening, the IPT ruled, was that the Foreign Sec rubber-stamped a "general direction" prepared by the spy agencies themselves that included a very broad form of words authorising them to do whatever they liked.
> Sir Michael went as far as to say he was "disappointed that inaccurate information was given to the tribunal" about the number of contractors with admin privileges working at GCHQ. The agencies also had to amend their witness statements several times after it became obvious that their original contents, claiming they and the Foreign Secretary obeyed the law in full, were simply not true
> Parameters for the model are estimated from literature examples of known scandals, and the factors influencing conspiracy success and failure are explored.
I've only read the abstract so far, so it might be they try to account for this - but I think they are at risk of being hit by some version of the "WW2 aircraft" problem if they only use historical data.
Basically, if you say, "all historical conspiracies eventually were exposed" than that's sort of a truism - if they weren't exposed, we wouldn't know about them.
In the same sense, if you make a statistical model about conspiracies and only base it on the conspiracies that became historically known, you're sort of biasing your data towards failed conspiracies. That might lead you to underestimate what kind of conspiracies are possible that just successfully managed to keep secrecy.
Of course the other extreme is just as bad. You can always say "well that's what they want you to think / well they are just that good at hiding..." at which point your actual conspiracy theory becomes unfalsifiable.
Generally speaking intelligence services tend to be accountable to democratically elected officials and (at least in the us) typically staffed by a bunch of educated, reasonably pro-establishment people who tend to know what the rules are and want them followed. But then if you look at the FBI under Hoover, it seems possible that those things are not always enough.
They're accountable to elected officials, but those officials are surely never personally involved in auditing actual behaviour, do they hire people to do that or do they just rely on heads of security services telling them the truth? (I appreciate that question probably doesn't have a simple answer in any one country, yet alone as a vague thought about security services around the world.)
> wouldn't they just... do it, without telling this board
That comes with the risk of getting caught. Especially when there is a board of actually empowered, not toothless people, tasked with stopping you from doing that. This guy's resignation shows that there actually was some real oversight, that they probably couldn't get away with just ignoring it (as they have in some other states I could mention)
The applicable cliche here is "the perfect is the enemy of the good." I may be misreading your point, but the way this reads to me, it's kinda a reductio ad absurdum of the concept of law in general, no?
Of course anyone can choose to go rogue and disobey or subvert the rules. This doesn't mean that all regulations are equally pointless. Oversight policies can be judged by how effectively they can detect, deter, and sometimes even (albeit imperfectly) prevent abuses of power. There is likely no way to 100% guarantee perfect democratic accountability in any system in which a motivated conspiracy of people in power is possible, which is as far as I can tell all the systems in which anyone has power. The link explains the author's view of the systemic consequences of this change in policy fairly well, and it's definitely cause for concern, despite the fact that there's no magic bullet for this sort of thing
> The applicable cliche here is "the perfect is the enemy of the good." I may be misreading your point, but the way this reads to me, it's kinda a reductio ad absurdum of the concept of law in general, no?
I'm asking questions about how it is and how it could be, not arguing that short of perfection we should ban it all.
Considering that the security services are made up of people trained to work illegally and in secret - this seems not only plausible, but probable.
Based on what we've seen from room 641a, through Binney and later, Snowden - along with various national "scandals" - it seems security services will commit crimes and conspiracies, undetected for years - and when revealed suffer no meaningful concequences.
Sure, they could probably run operations without authorization, or with larger scope than the given authorization. But it would need to be quite a large conspiracy requiring quite a bit of lying and hiding. I think generally speaking these kinds of conspiracies fail to (disgruntled) whistleblowers.
There is a committee in parliament that gets to see secret information, perhaps they could demand to see authorization and activities of a given operation.
I have no knowledge on the subject so this isn't suggesting a conspiracy theory, but hypothetically if there were a conspiracy of the security services wanting to illegally do things that this board rejected, wouldn't they just... do it, without telling this board "oh, fyi we're ignoring that ruling you made yesterday and proceeding to hack away because we really want that info!"
They'd probably even be clever enough to do stuff like continue to submit less-invasive requests (if we can't do X can we do 1/2th of X) or whatever other responses they would have if they were indeed respecting the ruling, despite the fact that actually these follow-up requests were wasting everyone's time to obscure that they'd already done what they were initially banned from doing, and now just needed a smoke screen and maybe some parallel construction to give a legal way to prosecute.
In such a hypothetical (a security service wanting people to believe they're following the rulings while actually not caring about the rules at all), would it actually be discoverable short of them screwing up or having a whistleblower? Are there audits in place by other government departments that would even have a chance of finding out if it were happening? (Even before then wondering whether such an unethical hypothetical security service wouldn't also stoop to other unethical practices such as blackmailing those who are meant to audit them, etc...)
I don't know what any of the answers are to this line of thinking, I'm sure plenty of people smarter and more knowledgeable in this area than me have put plenty of thought into it, but I've never heard of any magic solutions to enable transparent accountability while maintaining the secrecy needed. Maybe I'm just uninformed?