UK Cybersecurity: Claims that a major cyber attack is due

national cyber security centre logoMinistry-Of-DefenceLogo

 

 

 

 

 

The head of the UK’s National Cyber Security Centre, Ciaran Martin has said that so far the UK has been lucky to avoid a ‘category one’ cyber attack targeting the UK’s infrastructure. This can range from UK defence systems, energy companies and financial institutions (both public and private). Martin’s warning follows on from the UK’s Chief of General Staff, General Sir Nick Carter who echoes similar concerns, in particular that posed by recent Russian activity, both militarily and in cyber space.

trident submarine

In January 2018 these concerns have been made public by a number of authorities including the Royal United Services Institute (RUSI) where in early January at RUSI Dr Beyza Unal and Dr Patricia Lewis presented a paper examining the threats and vulnerabilities of cyber security, especially in relation to nuclear weapons systems. They presented the consequences a cyber attack would have, including the problems it would pose to the UK’s Trident missile system. Essential in helping to prevent a cyber attack is in having constant risk assessments to monitor potential weak areas and to have analogue systems replaced by digital ones.

Key to protecting the UK’s cyber systems is the role GCHQ and the Ministry of Defence play and that includes adopting a cyber offensive approach. We all rely on cyber related equipment, none more so than the public sector and major private businesses and institutions. So it is essential that these concerns are acted upon (and financed properly), as going public with these concerns are not to be taken lightly.

BBC Radio Merseyside logo

Here is a link to my interview with BBC Radio Merseyside on this topic that is 39 minutes 27 seconds in

Is EU data protection law hampering terrorism and serious crime investigations?

Irish high court

In February 2018 the Irish High Court will assess if Irish legislation governing the retention and access to telecommunications data is compatible with EU law. This will not be the first time a  case regarding EU data protection law and the retention and access to telecommunications emanated from Ireland. The Irish campaign group Digital Rights Ireland brought a case to the Irish courts that ended up in the EU’s Court of Justice of the European Union (CJEU) where the compatibility of the EU’s Directive 2006/24/EC with EU law protecting privacy rights and protection of personal data was examined. Introduced following the terrorist attacks in Madrid 2004 and London 2005, the 2006 Directive laid down an obligation on publicly available electronic communications services or public communications networks to retain certain data generated or processed by them that would assist in investigating and prosecuting terrorism and serious crime cases.

CJEU

In the case of Digital Rights (2014) the CJEU found the 2006 Directive would  for a number of reasons (reasons underpinned by the 1995 Data Protection Directive 95/46/EC and articles 7, right to privacy, and 8, protection of personal data in the EU’s Charter of Fundamental Rights and Freedoms – CFRF) the 2006 Directive was invalid.  Among those reasons it included that the retention of the data was indiscriminate, the grounds for limiting the rights were too broad and not sufficiently specific, there was a lack of judicial authorisation or scrutiny and there were insufficient safeguards protecting those rights.

In December 2016 the CJEU was again requested in the Tele2 case to examine the compatibility of EU law protecting personal data, this time with the statutes in Sweden and the UK that were then covering the retention and access to telecommunications data linked to investigations into terrorism and serious crime. In Tele2 the CJEU also examined article 52 CFRF and the EU’s 2002 e-Privacy Directive 2002/58/EC.  Both Sweden and the UK’s statutes were found to be incompatible with EU law and therefore invalid. In Tele2 the CJEU did recognise that fighting terrorism and serious crime was important enough to be an objective of general interest to limit citizens’ rights to protection of personal data but added:

‘…however fundamental it may be, it cannot itself justify that national legislation providing for the general interest and indiscriminate retention of all traffic and location data should be considered to be necessary for the purposes of that fight.’

The CJEU held that for the retention and access to telecommunications data to meet EU law requirements:

1. The limitation of the exercise of rights and freedoms must be provided for by law; and
2. The limitations must be subject to the principles of proportionality; and
3. The limitations must be necessary; and
4. The limitations must meet the general interest recognised by the EU.

It can be argued that in their judgement the CJEU’s guidance to both Member State legislators and state investigatory bodies, the CJEU itself has lacked being specific as to essential criteria necessary and must be present to ensure when the objectives of fighting crime and terrorism meet the limitations as to the grounds of general interest that justifies the lawful retention of telecommunications data. The same can be said regarding providing guidance on what grounds would justify necessity. Throughout the judgement in Tele2 the CJEU repeat that to be compatible with the principle of proportionality conditions laid down in national legislation must not exceed the limits to what is strictly necessary. On what is regarded as strictly necessary the CJEU state national legislation must be based on objective criteria defining the circumstances and conditions under which competent authorities can access the telecommunications data. The Court added, presumably as a guidance, that access can only be granted:

‘…in relation to the objective of fighting crime, only to the data of individuals suspected of planning, committing or having committed a serious crime or of being implicated in one way or another in such a crime.’

Adding:

‘[In] particular situations, where for example vital national security, defence or public security interests are threatened by terrorist activities, access to the data of other persons might also be granted where there is objective evidence from which it can be deduced that that data might, in a specific case, make an effective contribution to combating such activities.’ ([2016] All ER (D) 107, paragraph 119)

To ensure these conditions are fully met the CJEU held that as a general rule an authorisation to access and disclosure of telecommunications data be reviewed by either a court or an independent administrative body with the court or body’s decision being made following a reason request by the authorities that the purposes are for the prevention, detection or prosecution of crime. This echoed the CJEU’s decision in Digital Rights.

While prima facie the guidance provided by the CJEU in Tele2,  seems clear and laudable, this guidance only applies to certain investigations into serious crime or terrorism, and would arguably be more pertinent to serious crime investigations rather than terrorism investigations. Understanding why the CJEU limits its guidance that at times seems at variance with national courts, especially those in Member States with a common law legal system like Ireland and the UK could be explained in the rules concerning statutory interpretation. In common law jurisdictions the courts apply one of three rules, the literal rule, the golden rule and the mischief rule. In essence the courts apply the literal rule where statutes are to be interpreted using the ordinary meaning of the language of the statute unless a statute explicitly defines some of its terms otherwise. In other words, the law is to read, word for word and should not divert from its true meaning. The golden rule applies where the courts see an application of the literal rule leading to an absurdity, then the courts may then apply a secondary meaning. The mischief rule should only be applied where there is ambiguity in the statute where under the mischief rule the court’s role is to suppress the mischief the Act is aimed at and advance the remedy.

However, these traditional statutory interpretation rules are not seen as applicable when interpreting national law with EU directives and considering the CJEU’s decision making. This could be due to virtually all of continental European states’ jurisdciaitons not having a common law legal system, with their courts’ role being solely statutory interpretation, which is what is seen with the CJEU. In these circumstances two methodological rules have been identified in CJEU case law, the interpretative priority rule and the presumption of compliance rule.

Regarding the interpretative priority rule, national courts must favour the interpretation of the national legislation which is the most consistent with the result sought by the directive. The aim here is to achieve an outcome compatible with the provisions of the directive that is consistent within all of the Member States. The presumption of compliance rule is a presumption that the national court intended to transpose the directive fully into national law with a court assuming that the national legislature intended to comply entirely with the requirements of the directive. The presumption of compliance rule can result in problematic consequences in the event the national legislation or the ruling by the national court contains inadvertent inconsistencies with EU law. This occurs where a specific objective of an enactment in national law contradicts the directive’s requirements as subsequently interpreted by the CJEU and there is no indication the national legislature realised the presence of the inconsistency.

Compared to national courts in common law jurisdictions who have traditionally been granted a much wider leverage in their statutory interpretation rules, the EU rules could be perceived as fettering the national court judges’ traditional decision making and limiting in relation to guidance provided in judgements regarding how EU law is applied. This is relevant not just to national legislatures, but also to agencies that particular EU law applies to. It is submitted that this is because common law jurisdictions are used to having both the ratio of the case and obitur dictum in their case reports where, in most cases, common law courts’ obitur is generally more extensive than that seen in case reports on European judgements. Accepting that obitur is not the decision only persuasive argument, a wider and more expansive obitur is also useful in guiding agencies’ actions when applying the law in circumstances that do not quite match those in the facts of a case report. As seen in both the CJEU’s decisions in Digital Rights and Tele2 the guidance provided is more limiting than that seen in Member States’ national courts with a common law legal system when interpreting non-EU national law. This may be due to the difficult task that in trying to harmonise EU law among 28 Member States and the variance of legal procedures among those states, the CJEU is trying not to be too prescriptive in its decision making that could result in either providing too wide or narrow an interpretation of EU law.

The impact these cases have had on EU Member States’ national law can be seen in the following. In response to the Digital Rights decision, the UK introduced the Data Retention and Investigatory Powers Act 2015 that required communications operators to retain telecommunications data up to a period not exceeding 12 months. It also allowed for authorisation of interception warrants to UK intelligence and policing agencies to access the communications data when necessary in the interests of national security, to prevent or detect serious crime or to safeguard the UK’s economic well-being. This was the UK statute that the CJEU in Tele2 found to be incompatible with EU law. In March 2015 a national Dutch court in The Hague followed the CJEU’s decision in Digital Rights and found Holland’s surveillance and data retention law fell under the EU law and the CFRF. As the Dutch law failed to conform adequately to articles 7 and 8 of the CFRF, along with the court also finding insufficient safeguards, the Court suspended the Dutch law.Applying the Digital Rights decision similar legal issues were found in the respective domestic statutory provisions regarding surveillance of communications post-Digital Rights by the respective judiciaries in Sweden, Romania and Belgium where their respective courts have held their legislation to be in breach of EU law. This raises the question of how can state bodies investigating terrorism and serious crime legally access telecommunications data?

FaceTimeskypewhatsapp

Especially since the introduction of the e-Privacy Directive in 2002  we have seen the growth in forms of communication and the ways in which people carry out transactions from banking online, shopping online (including booking travel), send messages and speak to each other in various messaging services including Skype and FaceTime where people can converse while seeing each other. There are also encrypted messaging services that have been used by criminals and terrorists from Telegram to WhatsApp. Recently the likes of WhatsApp has been the preferred form of communication by criminals and terrorists as it is encrypted and apart from sending written messages, with this App individuals can send recorded voice messages to each other as well as pictorial images. Once cannot compare the technological wizardry that was the Nokia mobile phone to the i-Phones we have now that are in essence pocket sized computers. As such it is time the EU looked to introduce legislation that allows for internet and communications service providers to retain their telecommunications data for at least up to 12 months and allow state investigative bodies investigating acts of terrorism and serious crime access to that data. Since 2007 there have bee too many examples of how effective access to this data has been in the arrest and subsequent conviction of terrorists and those committing serious crime.

No doubt some reading this will have concerns over the state conducting widespread surveillance on its citizens and cite the US’ NSA and the Snowden revelations. In the protestations of the potential for state surveillance of telecommunication data an anomaly exists as many mobile phone and internet users do not appear to be so hesitant in passing on personal data, including sensitive data to private companies, including communications and internet service providers. In his book ‘Dawn of the New Everything: A Journey Through Virtual Reality’  the former Facebook president, Jaron Lanier says that based on the information individuals provide who they become friends with, what they buy and the news they consume is based on these providers’ algorithms adding that internet companies monitor their users’ habits and interests, which they feed into those companies’ algorithms. Yet, once the state agencies say it wants communications and internet service providers to retain their data in order to gain access to that data when the circumstances exist in relation to serious crime and terrorism, many individuals express a deep concern that the state is turning into a big brother state monitoring their every movement. This is not the case as many senior security service and police officers regularly state, the resources in both staffing levels and equipment are limited and as such both the security services and the police literally cannot monitor the electronic communications of every citizen, they can only target those who pose a threat to state security or who are involved in criminality.

The interests of national security and personal rights are not exclusive issues, but are inclusive and in today’s society we must all accept that state bodies investigating terrorism and organised crime must be able to have access to telecommunications data to deal effectively with terrorists and criminals. As such it is time the EU stopped paying lip service to this notion and fully recognised this by introducing legislation that allows this while effectively balancing citizens’ rights.

My terrorism book cover

You can read more detail on these issues in my forthcoming book ‘Terrorism: law & Policy‘ and I am currently writing an article on this issue and the Irish Dwyer appeal case that will be published after the appeal hearing.

David Anderson QC Report into Manchester Bombing and other Terrorist Incidents 2017: What have we learnt?

david anderson 1

On Tuesday 5th December the UK’s Home Secretary, Amber Rudd gave details from the report into the terrorist incidents the UK have suffered in 2017 conducted by the UK’s former independent reviewer for terrorism legislation, David Anderson QC. The report examined if the UK’s Security Service (MI5) and counter-terrorism police could have done more to prevent the attacks from happening and if any blame could laid at their door.
In essence David Anderson found no great culpability on the actions by either MI5 or the police. He did find the following:

westminster atatck 1

Khalid Masood (Westminster Bridge attack March 2017) – he was an MI5 subject of interest between Feb to Oct 2012and between 2012 – 2016 he was linked intermittently to Al Muhajiroun (a Salafist jihadist group linked to international terrorism that is proscribed in the UK). There was no intelligence indicating that he was planning an attack;

manchester arena attackabedi

Salmen Abedi (Manchester Arena bombing May 2017) – he had a criminal record limited to theft related offences. He became a subject of interest for one day in Oct 2015 due to contacts he had with an Islamic state figure in Libya. In May Abedi was identified a person who needed further consideration with a meeting to consider him planned for the 3st May, nine days after the bombing. When Abedi returned to the UK from a trip to Libya on the 18th May he had not been flagged so no port stop under Schedule 7 Terrorism Act 2000 was carried out on his return. This is led to David Anderson saying that with hindsight the intelligence MI5 had on Abedi could, ‘…have been highly relevant to the planned attack’ but at the time it was received the intelligence was not fully appreciated by MI5 with David Anderson adding that if the ‘cards had fallen differently’ the attack could have been avoided;

BRITAIN-ATTACKSKhareem Butt

Khuram Butt (London Bridge and Borough Market attack, June 2017) – he was known and was a principal subject in an MI5 investigation, Operation Hawthorn. He was known to be active in recruiting people to Islamic State (IS) and planning trips to IS’ self-proclaimed caliphate that existed in Syria. In mid-2015 intelligence was received that Butt aspired to carry out an attack in the UK but following risk assessments carried out, by Sept 2015 Butt was considered to have a strong intent but a weak capability to carry out the attack;

Finsbury Park attackDarren-Osborne4

Darren Osbourne (Finsbury Park attack July 2017) – there was no intelligence held by either MI5 or the police that he was going to commit the attack.

Could more have been done?

Certainly in relation Abedi, if there were a handful of investigations ongoing in the UK then maybe there could be a greater degree of culpability on the part of MI5 and the police but this is not the case, something that David Anderson recognised. Currently in the UK there are approximately 500 ongoing investigations into 3,000 individuals, with 20,000 individuals in the intelligence system graded of serious concern. This is not counting individuals who are on a system but who have been assessed as a low threat. These figures alone reveal the enormity of the task facing the UK’s security services and police in preventing terrorist attacks from happening. As there is only limited resources in both staffing levels and equipment priority has to be given to what the analysis of the vast intelligence/information received that reveals where the greatest risk lies.
Following the 2005 London attack the key lesson learned was that intelligence must be shared between the security services and the police and the UK has developed a model of intelligence analysis with the introduction of bodies like the Joint Terrorism Analysis Centre (JTAC) where the intelligence is forwarded onto the relevant agency with the greatest capability for dealing with specific issues. It is model that has served the UK well in recent years as between 2005 and 2017 the only other main attack we witnessed was the killing of Fusilier Lee Rigby in 2013 and is model other states have wanted to emulate.
Of course some will say why has the UK sustained five major attacks (the attack in Parsons Green in September 2017 does not appear to have been part of the remit in David Anderson’s investigation)? The Manchester bombing was the most sophisticated attack that involved more individuals that just Abedi. One could arguably say the same for Parsons Green in relation to the bomb that fortunately failed to detonate fully on the Tube train, but lack of knowledge and inexperience existed in that attack. The other three were low level attacks carried out by driving vehicles into people and stabbing victims with knives. These are relatively easy to prepare and carry out, something we have tragically witnessed in other European states. Since March 2017 the UK’s security services and police have prevented nine attacks from taking place, twenty-two since the killing of Lee Rigby. At the time Amber Rudd was informing the UK Parliament on the findings in the Anderson report news also broke related to terrorism arrests. Two men, Rahman from London and Imran from Birmingham were appearing in court on the 6th Dec for allegedly plotting to kill the UK Prime Minister, both men were arrested on the 29th November 2017. Rashid from Lancashire (northwest England) who was arrested on the 22nd November 2017 was charged with offences of preparing acts of terrorism, will be appearing at Westminster Magistrates Court in London today.
Preventing terrorist attacks is a difficult task, but in the current climate it is virtually impossible to prevent all attacks from occurring. One should focus on what the UK security services and the police have achieved. Lessons will be learnt and it maybe that intelligence form other police sources could be shared such as neighbourhood officers who may have that vital piece of intelligence on individuals who may have been downgraded as a low priority that would make those countering terrorism look at them again.

I discuss this in more details in my interview with BBC Radio Wales (1 hour 10 minutes 33 seconds in) and on BBC North West Tonight (TV)

Panic at Oxford Circus Tube Station: What can we learn?

Oxford Circus

On Friday 24th November 2017 there was a terrorist alert at London’s Oxford Circus Tube station just after 4.30pm. Oxford Circus is one of London Underground’s busiest stations as it is located at the junction of Oxford Street and Bond Street. the heart of London’s shopping area. Added to this Friday the 24th November was also what is known as ‘Black Friday’ where many retailers have sales with many items massively reduced in price and would attract even more shoppers than would be expected in the build up to Christmas.

Oxford Circus 1

Oxford Circus Station on a normal day

At the initial stages it was reported there was gunshots heard in the Tube station and the police, rightly, treated it as a terrorist incident where Metropolitan Police armed officers attended the scene. Those in buildings were requested to remain while others in the street were requested to leave the scene immediately. As a result there was a mass panic and as people were leaving the station and the immediate area some were injured in the panic, with the injuries caused by some people pushing others down onto the floor.

As it tuned out, it was not a terrorist incident, it was two men having a fight in the tube station. There is no criticism of the police action, with the reports coming it was right they dealt with it as a terrorist incident as it is easier to scale an operation down rather having to scale on up. With the attacks that have occurred in London in 2017, it is understandable why we will see this type of police response to an incident.

Twitter logo 2facebook logo

Two issues are worth considering in relation to this incident. One is the false rumours spread via social media. Social media is not always a reliable source of information, it is better to receive news from traditional news agencies.

The second issues is how to prevent injuries in an evacuation from an area especially where there is a high number of people to be evacuated. This has to be carried out with maximum safety. At the Parson Green Tube incident in September 2017 were a bomb failed to detonate on a train as people were running to leave the station there was another panic where people suffered crush injuries as a result of being pushed to the ground. The advice to  people in the vicinity of a terrorist incident is to ‘Run, Hide, Tell’. In relation ‘Run’ this is where you can do so safely without causing injury to others also evacuating a scene and in more open spaces this is possible. I have a concern where the incident is in confined spaces such as underground train stations, sports arenas, theatres etc. It is time to re-think and consider the advice to give people when caught up in an incident in confined areas. This will require staff at such venues to assist with the evacuation that must be in a calm and efficient manner that allows for the quickest evacuation possible without causing panic or, importantly, injury to others.

It is understandable when we have witnessed terrorist attacks, where amongst many others, like that seen in Nice July 2016, Berlin Christmas market, December 2016, Borough Market, London in June 2017 individuals do want to literally get away as quickly as possible to save their own life. These are literally terrifying events to be in. As well as the authorities and staff at certain venues having a responsibility to keep people safe, so do we all. I suggest measures re put in lace where there is a large volume of people in confined spaces to ensure an evacuation is carried out as quickly and efficiently as possible to minimise any injury.

BBC 3 CountiesSputnik logo

I discuss this in more detail in my interview with the BBC (24th November 2017 2hours 33 minutes 2 seconds in) and Sputnik News (27t November 2017).

 

President Trump’s Response to New York Terror Attack Reveals Naivety, Inaccuracy and Contradiction

donald trumpSaipov

At a US Cabinet meeting press conference following the New York terror attack, answering journalists’ question, US President Donald Trump gave answers that, if not resulting in further disbelief, to those getting used to Trump’s style of responses will at least raise an eyebrow.

Trump Tweet

One issue was President Trump’s tweet on the 2nd November 2017 that the terrorist Saipov should get the death penalty. Firstly the issue is still sub judice and due process still has to take its course as it is currently alleged that Saipov has committed these offences, he has not pleaded or been found guiltily of murdering the eight victims. Also it will be difficult for Saipov to receive the death penalty as New York state no longer have the death penalty. This is an important extradition issue especially with European countries as it allows for easier extradition as seen with the example of Abu Hamza from the UK.

GTMO

Apart from showing his lack of knowledge of NY state law, President Trump also showed his lack of legal knowledge and understanding of why prisoners have been detained at Guantanamo Bay (GTMO). When asked, President Trump replied that he would consider sending Saipov to GTMO. Legally this may be difficult as GTMO detetnion centre was created to detain suspected Islamists linked to Al Qaeda who were arrested in Afghanistan. In essence, GTMO was created as a military detention centre so prisoners could be detained under US military law. If GTMO detainees were transported to the US then US criminal law would apply, something President GW Bush wanted to avoid when establishing the camp. Amnesty International has considered GTMO as a major breach of human rights. President Obama promised to close GTMO. Although he did not achieve this during his presidency, GTMO detainees were reduced from 245 to 41. The issue President Trump has overlooked regarding Saipov is he killed and injured the victims on US soil and as such he will face trial for murder and attempt murder under US criminal law where no doubt terrorism will be a sentencing factor. As such, if Saipov pleads or is found guilty it is likely he will receive a long prison sentence.

US-America-Diversity-Visa-Lottery-2017

President Trump also said the Diversity Immigrant Visa Programme that was introduced via a Bill passed in 1990 with the Immigration Act (also referred to as the diversity lottery programme) as ineffective. The programme is run by the US State Department where individuals who are determined to have a low enough level of immigration requirements to the US can apply. Under the Act countries that have more than 50,000 of their citizens immigrate to the US in the previous five years are ineligible. This could explain why Saipov was allowed to enter the US in 2010 from Uzbekistan. To be successful, individual applicants must have at least a high school education or equivalent and two years of experience working a job that requires at least two years of training or experience within five years of the application. The programme has not been without its political detractors. President Trump wants to end this programme and replace it with a merit based immigration programme as he wants to keep the US safe, something he does not see the current programme doing, He made it clear, ‘…we do not want lotteries’. Adding to this he was clear that also does not want chain immigration where someone entering the US on the current programme can bring in members of their family. On a final question President Trump said members of Saipov’s family could also be a threat to US security.

There s no doubting that to date President Trump’s tenure in the post has been different to his predecessors. He is quick to offer his opinion, especially via the 140 character limiting Twitter. While many may see his as a refreshing change, he does speak first without considering the consequences his comments have both in the US and aboard.

I am no apologist for any group and I understand and agree with the issues he raised regarding the Diversity Immigration Visa Programme. As with other states like Canada and Australia for example, a merit based immigration system is more effective in relation to vetting procedures and is preferable to a lottery based system as that in the Diversity Programme. It is understandable why states would want potential immigrants to be educated to a high standard with skills and knowledge that would enhance their state alongside an ability to speak the main language of that state.

This particular press conference once more provided groups like Islamic Sate with further ammunition to feed its propaganda machine that is influencing individuals as well as having the potential to alienate certain communities that make up the US population, along with states outside the US. For me President Trump could clothe his open, forthright opinions in more acceptable political/diplomatic style of rhetoric. Regarding the possible sentencing, he could have said that he has faith in the due process of the US criminal justice system to deal appropriately with Saipov. In relation to the Diversity Immigration Visa Programme, he could have said that it will be reviewed, adding it is important that a merit system be encouraged. Regarding Saipov’s family being a threat, the answer should have been that presently there is nothing to suggest that. One cannot and should not judge a whole family based on the actions of one of its members.

prevent logo

One problem the US appears to have in dealing with individuals influenced by extremist narrative who end up carrying out terrorist attacks is the inability of the federal government to introduce a Prevent strategy that is uniform across the 50 states like that in the UK or the federal state of Australia. One of the difficulties in achieving this is the historical and political issues where the 50 states resent increasing  interference from a Washington DC based federal government. These issues have been present for many years in the US where one could argue it was one of the issues behind the 1860’s civil war. Another example was a century later in the 1960’s with southern states and the civil rights movement exemplified by Alabama governor George Wallace’s stance by trying to prohibit a black student from enrolling at Alabama State University in 1963 resulting in the Kennedy administration to take action against Governor Wallace. If the US could reach an agreement to develop and introduce a Prevent strategy it would help those who are vulnerable to being drawn towards terrorism, especially through the influence of extremists’ narrative. I accept that the UK’s Prevent strategy has some flaws, but overall it is a successful policy that has helped many individuals at a pre-criminal stage. Perhaps the US should consider introducing such a strategy as it is far more effective than simply having nothing concrete in place. Rather than making wide sweeping statements regarding certain faiths, communities and complaining of narratives that influence people to commit acts of terror, in addition to investigating terrorism action having a Prevent strategy in place would assist some individuals before hey become too imbued with an ideology that leads the to carry out terrorist acts.

 

 

New York Terrorist Attack: What measures can be taken to prevent vehicle attacks?

new-york-terror-truck attackSaipov

In the late afternoon on Tuesday 31st October 2017, Sayfullo Saipov, an Uzbek citizen who arrived in the US in2010 and became a legal US resident, drove a truck down a cycleway in lower Manhattan, New York, killing 8 people and injuring 11 more. After crashing the truck, Saipov emerged from the vehicle wielding a pellet gun and paintball gun. NYPD officers shot Saipov who received serious but non-fatal injuries and was arrested. The cosmopolitan make-up of New York was seen in the victims where five of those killed were Argentinian and another victim who died was Belgian. Within an hour of the attack New York authorities declared this was a terrorist incident. Saipov left a note in the truck claiming he committed the attack on behalf of the group Islamic state (IS), adding ‘ISIS lives forever’. At the time of writing IS have yet to claim responsibility for the attack, but as I have said in previous blogs, IS do claim responsibility for many attacks where they do not give direct orders or have any direct contact with the attacker.

Möglicher Anschlag mit Lastwagen auf Weihnachtsmarkt

Once more we have witnessed an attack where a vehicle has been driven into people. We have seen a number of attacks of this nature in the last 18 months from Nice, July 2016, the Berlin Christmas Market, December 2016, three attacks in the UK in 2017, Stockholm, April 2017, Barcelona, August 2017 and now New York. In total these attacks have killed 136 people with many more injured.

This raises a number of questions, including if we should expect more of these type of attacks and, importantly, what can be done to prevent these attacks? To the first question it appears the answer is yes, we should expect more of these attacks to occur in the near future. It is an easy form of low-level attack to carry out that can have the maximum, impact in terms of casualties. In IS’ online magazine, Rumiyah, issue 3 contained an article detailing the best methods to use in preparing and carrying out a vehicle attack. Other issues have published articles on how to carry out the most effective knife attacks and in kidnapping western hostages. Even though IS has lost control of a lot of geographical territory, its propaganda media is still effective, especially in influencing individuals to follow IS’ narrative and carry out attacks in the group’s name. So, unfortunately it is highly likely that we will see more attacks of this nature.
In relation to whether anything can be done to prevent these types of attack we are approaching seasonal time of year in western states with events ranging from Thanksgiving celebrations in Canada and the US, Christmas Markets and other open air public events through to New Year’s Eve celebrations. It is of paramount importance that we all play our part in preventing attacks, not in leaving it solely to the security services and the policing agencies. Local governments and business should regularly review there contingency plans and where events are planned to ensure sufficient resilience has been built in to prevent terrorist attacks. This can range from ensuring sufficient and effective physical barriers as in place to having effective evacuation facilities.

UK-Security-expo-2017

In the UK this comes under the Protect strand of the CONTEST counter-terrorism policy. With colleagues, I will be advocating this at the UK Security Expo 2017 exhibition that is being held at London’s Olympia exhibition centre 29th and 30th November 2017.

radio sheffield logo

I discuss the New York attacks and issues above in more details in my interview with BBC Radio Sheffield. The interview is 1 hour 9 minutes 10 seconds in

Should Persons Possessing Items Like the Anarchist’s Cookbook be Prosecuted in a Criminal Court?

Joshua walker

On his return to the UK after fighting with Kurdish forces against Islamic State, Joshua Walker was detained at Gatwick Airport and after being found to be in possession of the Anarchist’s Cookbook Walker was prosecuted for section 58 Terrorism Act 2000, even though a person can purchase the item form Amazon. On Thursday 26th October 2017 the jury at Birmingham Crown Court took three hours to deliberate on their verdict, where they found Walker to be not guilty of the offence. Section 58 has raised a degree of controversy.

anarchists cookbook

 
Section 58 Terrorism Act 2000 provides investigators with a wide power. It is wide because a person merely has to collect or make a record of information that is likely to be useful to a person involved in terrorist activity. What has to be ascertained is the type of article section 58 is referring to. The question is if it includes what would be considered innocuous items such as a train timetable or a map of a city centre with certain locations highlighted or items downloaded from the internet for personal interest. It is worth noting that under section 58 investigators do not require reasonable suspicion the article is for a purpose connected to terrorist activity. In effect, under section 58 the burden of proof is not placed on the prosecution but on potential defendants who have to prove they had a reasonable excuse for their possession of the article.
As a result there have been a number of legal challenges as to what amounts to an article for the purposes of section 58. In R v K (2008) the Court of Appeal held that section 58 was never intended to criminalise the possession of theological or propagandist material adding that:
‘A document or record will only fall within section 58 if it is of the kind that is likely to provide practical assistance to a person committing or preparing an act of terrorism. A document that simply encourages the commission of acts of terrorism does not fall within section 58’.
In R v G, R v J (2009) the House of Lords examined section 58 and, building on the K judgement, the House held that for a conviction under section 58 it is a requirement that the defendant not only possessed the document that may be of use to a terrorist, but they must also be aware of the nature of the information contained therein. The House stressed that this did not mean the prosecution had to show that the defendant knew all the details contained in the document, only that the defendant knew of the nature of the material it contained. The Court held for a person to be convicted under section 58 the prosecution must prove the defendant:
1. Had control of the record which contained information that was likely to provide practical assistance to a terrorist;
2. Knew that he had the record; and
3. Knew the kind of information which it contained.

J challenged this decision and the case went to the European Court of Human Rights (ECtHR) where the case was Jobe v UK (2011) J claimed that section 58 violated article 7 European Convention on Human Rights (ECHR) where there can be no punishment without law. The premise of J’s claim was that section 58 was so vague it was not law and if the court agreed with this argument, his article 10 ECHR rights (freedom of expression) was also violated because section 58 would not be deemed to be an act prescribed by law. The ECtHR held there was no violation of article 7 and stated the House of Lords decision was fully and clearly reasoned. Key to the ECtHR reaching this decision was the guidance the House of Lords gave in their decision regarding the three points cited above that have to be proved for a conviction under section 58 to stand. Likewise the ECtHR found there to be no violation of article 10 saying it was justified under the legitimate aims of the interests of national security and that it did not criminalise in a blanket manner the collection or possession of material likely to be useful to a terrorist.

radio scotland logo

I cover this and other statutory preventative measures in the UK, US, Australia and Canada in my forthcoming book ‘Terrorism: Law and Policy’ that will be published by Routledge in March 2018. For a more in-depth analysis of Walker’s case you can listen to my interview with BBC Radio Scotland from Friday 27th October 2017 that is 55 minutes 28 seconds in.