It will be a welcome step if the current Independent Intelligence Review (IIR) recommends further empowering the Office of National Intelligence (ONI) to lead capability development and, by extension, to achieve a more collective approach by the many Australian agencies working in the field.

Terms of reference for the IIR encompass progress in the implementation of recommendations from previous reviews, including the establishment of the ONI and the creation of the national intelligence community (NIC). The review has been due to report to the government in mid-2024.

Australia’s traditionally federated intelligence community might seem unusual, given its moderate size; it’s more comparable to the notoriously decentralised US intelligence community than those of other Five Eyes countries. Australia typically separates assessment from collection (although not in the case of the Australian Security Intelligence Organisation, or ASIO) and has different agencies for different collection modes (signals, imagery and human intelligence-gathering) and for different intelligence purposes (foreign, defence, security, law enforcement, border and regulatory). The resulting myriad agencies, variously reporting to five ministers, work collaboratively towards common goals.

This is not accidental. As the 2017 IIR observed, ‘those delineations have broad enduring relevance. They capture, in particular, the essential requirements for a relationship of trust between government and the wider community in Australia about the legitimate uses of intelligence, and therefore the legal framework within which the agencies need to operate.’ However, the future would ‘demand greater levels of collaboration across traditional dividing lines and more cross-over points’.

So we got ONI, built up from the old Office of National Assessments (ONA) and responsible for the NIC’s enterprise-level management—‘leading the development and implementation of national intelligence priorities, undertaking systematic and rigorous evaluation of the performance of the agencies, implementing strategic workforce planning and facilitating joint capability planning,’ as the 2017 report said.

Seven years on, the NIC hasn’t quite developed as envisioned. As I’ve written previously, that’s due to levers that aren’t exercised as fully as the 2017 reviewers recommended (the Joint Capability Fund, or JCF, and the Intelligence Capability Investment Program, or ICIP); such unforeseen developments as establishment of the Department of Home Affairs and the Defence Intelligence Group; and natural structural features and incentives. The latter include enduring deficiencies in national security decision-making.

ONI’s role was defined cautiously, including legislatively, as ‘guidance’ and ‘coordination’. Within ONI, there remains gravitational pull upon attention and resources by its enduring role from when it was ONA as the principal all-source assessment agency.

It’s not quite the vision from the speech of the then attorney-general introducing ONI’s charter legislation: ‘ONI will lead the NIC with an “enterprise management” approach, creating … a “whole greater than the sum of its parts” which will leverage the strengths of each agency and enable government to consider the NIC’s efforts in their entirety.’ In short, a stronger centre.

Meanwhile, drivers identified earlier for a concerted community approach are now more pressing: the prospect of war, the persistence of transnational threats and the intensification of the international intelligence contest.

Portfolio-based approaches to operations and oversight still make sense, as confirmed by Dennis Richardson’s 2019 Comprehensive Review of national security legislation. For this outcome, an ONI that coordinates is sufficient, but capability development requires a more empowered ONI (one that leads) and a genuine community-first approach.

That’s not to say there haven’t been gains. In December 2021, ONI Director-General Andrew Shearer noted NIC agreement to capability-sharing principles, ‘so that we don’t have different agencies duplicating each other and inventing different solutions to the same problems’.

Nonetheless, we need not just the 2017 IIR vision for ONI but that model’s further enhancement. The tale of the Top Secret Cloud, foreshadowed in that review’s recommendation 13, illustrates this well.

In 2019, ASIO announced the pursuit of a new, cloud-based enterprise technology platform. This was superseded by ONI’s late 2020 request for expressions of interest for NIC-wide cloud computing services. A year later, Shearer acknowledged that agencies were cooperating on a top-secret cloud initiative. Then, in December 2023, he confirmed that the initiative was ongoing and it promised to ‘open up a shared collaborative space that will really reinforce this sense of working together as a genuine community and bringing all those different capabilities to bear on problems.’ On 4 July 2024, the government announced a strategic partnership between the Australian Signals Directorate (ASD) and Amazon Web Services to deliver the Top Secret Cloud at a cost of at least $2 billion.

An empowered ONI, leading a more collectively capable NIC, is critical to kicking on and making good on similar, future joint-capability developments. In fact, ASPI recommended this in relation to the Top Secret Cloud in its 2020 report National security agencies and the cloud: An urgent capability issue for Australia.

There is more than one way to skin the capability development cat. Community approaches needn’t be monolithic. Mini-lateralism can also be relevant. ONI can organise and direct community-benefiting developments through other NIC elements that are particularly capable of executing complex technical projects. In the case of information technologies, as we can see from the Top Secret Cloud announcement, that’s ASD.

What’s more, the Top Secret Cloud itself promises to drive other capability developments and operational effectiveness. Associated encouragement of more adaptive approaches to security can in the future open up other forms of efficiency and effectiveness (that is, the adoption of certain shared services).

Legislation shouldn’t be a barrier. Leaning forward on capability development, as distinct from agencies’ operations, shouldn’t fall foul of section 10 of the Office of National Intelligence Act 2018 (which details limits to ONI’s role).

Achieving a more collective NIC isn’t solely an agency problem. We also need ministers to buy in, providing incentive structures for agency leaders to prioritise community where appropriate. That includes more community-focused processes for decision-making. It also includes re-examining measures like JCF and ICIP, but funded as envisaged in 2017, and moving away from innovation-killers like the budgetary efficiency dividend.

ONI can also lead broader reforms, changing cultural and organisational incentives and disincentives for interagency service, encouraging more informed support to the NIC from the Department of Finance and others, and adaptive security approaches (that is, with focus on net result). The latter should be free of Monday morning experts appearing when future security problems are encountered, as they will—with or without adopting cloud computing.

A note of caution. The new assertion of leadership by ONI can’t be exclusionary. ONI can’t say ‘my way or the highway.’ In fact, it will be vital to avoid a potential pothole of cloud-related (operational) costs distorting existing budgets, especially for agencies that are already transforming business models through decade-long programs: ASIO ($1.3 billion), ASD’s Project REDSPICE ($9.9 billion) and the ‘modernisation’ of the Australian Secret Intelligence Service ($1.58 billion). That would be a surefire way of cruelling the case for future collective action.

Stealing other countries’ secrets is the form of intelligence gathering that gets most attention—and resources. But a mass of information is publicly available and just waiting to be collected, to produce what’s called open-source intelligence (OSINT). 

Governments, including Australia’s, are working on how better to collect it, and one idea is to set up a central agency for the task. If that’s a solution, however, it’s not the full solution. Potentially valuable public information and the ways it is used are so varied that individual parts of the government each need to collect it and turn it into OSINT. 

So, as an independent review into Australia’s intelligence agencies proceeds, a high priority should be strengthening OSINT capabilities dispersed through the government. Australia must have an ecosystem of OSINT capabilities that are fit-for-purpose, evolve with the information environment, embrace accessibility of PAI, and move forward in alignment with industry, academia, and the whole federal government—not just the national intelligence community (NIC). 

Ben Scott of the National Security College argues that setting up a dedicated OSINT agency would rebalance the NIC’s work, putting more focus on publicly available information (PAI). And so it would. The problem is that there can be no one-size-fits-all OSINT capability: sources and applications are just too diverse. 

OSINT centres that are fit for purpose must be tailored to deliver intelligence at the level and tempo required by each part of the government to consume and exploit. In practice, this means the demand for OSINT varies according to the operational demands of each agency. They will variously require specialised forms of collection and exploitation, sometimes sustained monitoring of enduring hazards, or unplanned or dynamic collection on emergent threats. 

The Richardson review of the legal framework of intelligence collection provides a glimpse of these operational demands. The Department of Home Affairs, for example, uses PAI to inform policymaking, identify research gaps, and reduce the volume and effectiveness of terrorist and violent extremist content online. The department has a sustained high tempo of OSINT operations with a strong focus on people both onshore and overseas. 

The Department of Defence, by contrast, requires the capacity to quickly scale OSINT gathering in support of war fighters during crisis and conflict. 

Fit-for-purpose integration also depends on the intelligence maturity of the consumer. Some have access to exquisite intelligence, surveillance, and reconnaissance (ISR) assets. For them, OSINT will be geared for sharing with people at lower classifications, collecting against otherwise inaccessible targets, collecting faster and more cheaply and cueing other intelligence-gathering methods. 

But operators at the tactical edge or organisations not traditionally served with intelligence may have limited or no access to exquisite ISR capabilities. For them, OSINT is the solution. Many parts of the federal government outside the NIC find themselves in this situation, and their organic capabilities should be empowered. 

Moreover, OSINT centres must tailor and continuously adapt the inputs of their capability to the target information environment. As Scott outlines, we are amid an ongoing information revolution, where the potential of OSINT lies in capitalising on the growing volume, variety and velocity of PAI. The challenge of operating in this information environment lies in keeping pace with a landscape that varies by region and language and features unique and diverse platforms. This complexity extends to the diverse types of data generated on these platforms, including social media, news articles, satellite imagery, ship telemetry and more.  

But the difficulty doesn’t end there. How you access, use, protect, and share this information can be governed by whether it is personally identifiable, copyrighted, or access-controlled. While a central OSINT agency can play a significant enabling role, diverse agencies in the government can excel at keeping pace with and exploiting their respective target environments. 

Accessibility of PAI is the strongest argument for strengthening agency capabilities alongside a central body. Given the online nature of the information environment, if you have an internet connection, you have access to PAI. This accessibility is part of what makes OSINT so attractive to intelligence missions of all shapes and sizes—not just inside the NIC. 

However, the seemingly low barrier to entry is deceptive. Operating legally, safely, and effectively over sustained periods demands more than just connectivity; it requires tailored governance, policies, training, and technology, and operating without that backing carries risks. Those include risks that may compromise the integrity of collection and analytical products, harm analyst mental wellbeing, expose sensitive information, break laws, or conflict with other missions. 

Fortunately, agencies can already engage with these risks by leveraging the Government’s centre of expertise for open source within the Office of National Intelligence. 

Accessibility is also the reason why, as Scott acknowledges, OSINT thrives beyond government. Industry, academia, NGOs and private citizens are all delivering innovative intelligence products, services, and research. 

Australia is fortunate to have established vendors of OSINT training and managed services that already support, augment and complement a government workforce under strain. In the technology space, vendors build tailored OSINT tools and infrastructure that manage attribution and enhance all elements of the intelligence cycle. The challenge for all capability managers is in navigating a burgeoning marketplace, mapping their needs to the right mix of tools and services, and then optimally integrating them. 

Everyone has secrets. You don’t like Nana’s fruitcake but don’t want to tell her. That’s a secret, but it’s not classified SECRET (well, unless the fruitcake has illicit ingredients, not just dried fruit).

Yet from social media to pop culture, terms like ‘classified’, ‘secret’ and ‘top secret’ are thrown around with abandon. Often uninformed commentators, lobbyists and ideologues with little experience working in these environments purport to speak on these terms with authority. That’s unhelpful because information security, and clearances for information access, underpin the effective conduct of statecraft—especially when it involves intelligence matters.

In Australia, security classifications are applied to information based on the amount of damage it could cause if it was unlawfully disclosed.

What classifications mean and what security clearances are in an Australian government context is detailed in the foundational and constantly updated Protective Security Policy Framework (PSPF).

Compromise of information classified TOP SECRET would be expected to cause ‘exceptionally grave damage to the national interest, organisations or individuals’. (The leaking of Harry and Meghan’s plans for a TV project or new IOC rules for Olympic athletes? Not so much.)

National security agencies and the government haven’t always done enough to explain this to Australians. Proper use of these systems ensures national security. It’s important that the public understand the relative seriousness.

There are three levels of security classification used in Australia: PROTECTED, SECRET and TOP SECRET.

Protected information can be accessed with a minimum ‘baseline’ clearance. But such information does require some restrictions on how it’s stored, communicated and used. Formally, it is information the compromise of which would be expected to cause ‘damage to the national interest, organisations or individuals’. Compromising secret information could cause ‘serious damage’, and top secret ‘exceptionally grave damage’. Similar language is used by other governments in their definitions of classification levels.

The ‘exceptionally grave damage’ threshold is a high bar and should give pause. Examples in the PSPF include ‘significantly affecting the operational effectiveness, security or intelligence operations of Australian or allied forces’, ‘directly provoking international conflict or causing exceptionally grave damage to relations with friendly countries’ and ‘widespread loss of life’.

Some classifications, such as RESTRICTED, HIGHLY PROTECTED and CONFIDENTIAL, are no longer used and are now found only in historical documents. In addition, there’s OFFICIAL, a protective marking used for government documents but not strictly a security classification since it doesn’t require a clearance for access.

Agencies determining classifications are obliged to set them at the ‘lowest reasonable level’, and the PSPF outlines potential downsides of overclassification.

To access material classified as PROTECTED and above requires a security clearance, of which there are four types: baseline; NV1 (negative vetting 1), aka a secret clearance; NV2 (negative vetting 2), top secret; and PV (positive vetting), the highest clearance.

The Australian Government Security Vetting Authority (AGSVA) in the Department of Defence undertakes the bulk of security clearance work.  However, important changes are happening with the creation of a new vetting authority within the Australian Security Intelligence Organisation responsible for all PV clearances—rebadged as TOP SECRET—Privileged Access.

That change reflects Australia’s heightened security and counterintelligence concerns and is being implemented through legislation recently reviewed by the Parliamentary Joint Committee on Intelligence and Security. The new arrangements also reflect the difference between NV2 and PV clearances, which both provide access to top secret information. A crude but useful analogy: an NV2 lets you eat sausages, but a PV also lets you see how sausages are made (be involved in discussions about sausage-making techniques, have access to a sausage warehouse, and so on).

Before this, PV clearances were issued by a small number of ‘authorised agencies’ and AGSVA. AGSVA, and those authorised agencies, will continue to be responsible for non-PV clearances.

ASIO’s new responsibility is not unusual—security agencies in Canada and New Zealand, for example, perform comprehensive vetting roles for their countries’ public services.

Centralised vetting has significant potential benefits, particularly for increasing efficiency and effectiveness, but a principal challenge is effectively integrating clearance management by a central agency with ongoing personnel security management by individual employers.

Clearances are important because they govern access. To read (or just to have access to) a classified report requires a commensurate minimum level of clearance. But information is not always in the form of a report. Access might involve a whole system or a particular store of information. It might involve being part of sensitive discussions and planning. Or it might mean physical access to a particular kind of classified space. Therefore, the type of access and the type of information might have practical implications for employment in a specific role or even by a particular agency.

Obtaining a clearance involves escalating levels of intrusiveness and obligations on the candidate, which can last a lifetime. The vetting process necessarily involves significant personal imposts, especially on an individual’s privacy. It involves multiple steps, noting that in this context a police check is a step, not a clearance. This is also why specific accountability and whistleblowing mechanisms are instituted for clearance holders, such as the role played by the Office of the Inspector-General of Intelligence and Security in relation to intelligence officials. Furthermore, access to privileged information, per a PV clearance flips the burden of proof from ‘why shouldn’t this person have a clearance’ to (as it says, positively) ‘why should this person have a clearance’.

Clearances have time limits and need to be periodically reviewed and re-adjudicated—in the lingo, ‘revalidated’. PV clearances, for example, are reviewed at least every seven years.

For all their necessity, security clearances are also a significant challenge for organisations. They can complicate engagement of staff, particularly when organisations are trying to develop capabilities quickly.

Access to information isn’t limited only by classification and clearance level. Code words are added to classifications as caveats to further limit access to those who have also been briefed into (and retain) a particular compartment of knowledge—‘sensitive compartmented information’ in US parlance—because they need to know (NTK) that information to perform their duties. As such, a clearance is just the first step in the process of accessing information. Simply having a requisite clearance doesn’t give someone a right to access, or ownership over, classified information. In addition, there are ‘special handling instructions’ (most notably for cabinet materials) and ‘information management markers’ (such as for legally privileged information).

Finally, there is ‘releasability’. Nationality in the 21st century might be a contested concept in op-ed pages or on Twitter, but in the national security arena nationality via citizenship remains inviolable. Releasability controls which nationals can access what information.

This kind of limitation is universal to all governments. It just happens that certain intelligence communities have mature intelligence-sharing regimens, such as the Five Eyes intelligence alliance or NATO, but also bilaterally, that make releasability relevant. Perhaps ironically, releasability markings are an indicator of the regularisation of sharing.

AUSTEO (Australian eyes only) material is limited only to Australian citizens. The lesser used AGAO (Australian government agencies only) extends access to seconded allied personnel. The US government has its own equivalent to AUSTEO—NOFORN (not releasable to foreign nationals).

In addition, there’s the concept of the need-to-know principle itself, which has been challenged in the post-9/11 era and even more recently by rival concepts like ‘responsibility to share’.

There is an important carveout. Security clearances aren’t required for certain officeholders, including members of parliament, ministers, judges, royal commissioners and the governor-general. This reflects their authority, derived from election or appointment. Nonetheless, similar forms of briefings are typically used, not for the purpose of formal access but to inform about sensitivities, appropriate handling or other matters.

So, when a news story identifies something as ‘top secret’, ask whether it’s actually referring to material classified TOP SECRET, which can be accessed only by people with an NV2 or PV security clearance. Or is it just some hitherto unknown piece of juicy gossip or a peccadillo someone is trying to hide?

Accuracy matters, and secrets still matter. Even in a global village, everyone wants to know everyone else’s business.

A policy options paper from the National Security College at the Australian National University, titled ‘Improving national security governance’, proposes reforms to hold Australia’s security and intelligence agencies more accountable as we move into an era of heightened strategic complexity and risk.

The paper is a welcome contribution to public discourse at a time when the powers and resourcing vested in Australia’s national intelligence community are greater than ever. It makes astute observations about problematic limitations to the scrutiny and guidance of Australia’s security and intelligence agencies.

One key recommendation is the appointment of an assistant or junior minister for intelligence to work across national security portfolios and support senior ministers and the prime minister ‘on matters relating to national security strategy, managing investment in intelligence capability and reforms to enabling legislation’.

While that idea is commendable at face value, adding yet another layer of executive oversight within the machinery of government to an already immensely complex and crowded oversight structure is problematic. Indeed, if some of the security and intelligence legislation has been described as a ‘dog’s breakfast’, then the current haphazard oversight structure can only be described as a ‘dog’s dinner’. Last year, John Blaxland made a valiant effort to outline the complicated oversight and accountability mechanisms for Australia’s intelligence agencies.

In fact, there’s a real inherent danger that the creation of such a portfolio would raise the risk of politicising oversight. It is by no means clear that collecting all the intelligence agencies under a single minister as proposed would be sufficient to prevent the politicisation of intelligence. Moreover, the political interests of such a minister could inhibit impartial oversight and even increase the risk of sensitive information being leaked. In the Australian case, a one-size-fits-all approach is easier said than done for effective oversight.

What is required is an integrated approach for more exacting standards of objectivity and rigour to bolster the powers and resourcing of the key existing oversight bodies, including the Parliamentary Joint Standing Committee on Intelligence and Security (PJCIS) and the Inspector-General of Intelligence and Security (IGIS). As well, reintroducing the role of a national security adviser, previously performed by Duncan Lewis and Margot McCarthy, could be considered to enhance whole-of-government coordination.

As Australia’s national intelligence community has grown and expanded in size and powers in the past two decades, key oversight and accountability mechanisms have remained comparatively unchanged and legislatively constrained. That necessitates enhanced oversight.

Over the years, current and former parliamentarians—John Faulkner, Russell Trood, Penny Wong, Jenny McAllister and Rex Patrick—have called for the bolstering of the PJCIS’s powers and resourcing. Anthony Bergin and I have also written extensively on the vexed issues pertaining to its effective oversight.

In a recent article, PJCIS chair James Paterson acknowledged that the committee had already recommended it conduct an inquiry after the next election into the provisions of the Intelligence Services Act 2001 that govern its work. According to Paterson: ‘It has not been examined since it was legislated in 2001, and an inquiry would ensure the committee is functioning as efficiently and securely as possible.’

However, the 2019 review of the legal framework of the national intelligence community by Dennis Richardson did examine the Intelligence Services Act 2001. Disappointingly, it concluded that the remit of the PJCIS should not be expanded to include direct oversight of operational activities, past or current. Nor did it recommend any amendment to the composition of the PJCIS for a more flexible membership.

However, the review did endorse the 2017 intelligence review’s recommendation to expand the remit of the PJCIS to request the IGIS to conduct an operational inquiry and report to the PJCIS, the prime minister and the responsible minister. Unfortunately, this was one of the few recommendations of the review dismissed by the government, which asserted that the existing arrangements were appropriately balanced and further PJCIS oversight wasn’t necessary.

The 2017 review also recommended that the resources of the office of the IGIS be increased to ensure that it could effectively oversee the national intelligence community. The government accepted this recommendation and in the 2018–19 budget allocated funds for the IGIS to sustain a full-time office of 55.

However, in its submission to the PJCIS review of agencies’ administration and expenditure for 2019–20, the IGIS noted that ‘delays in the processing of positive vetting security clearances continue to impact on the ability of some agencies, including IGIS, to recruit staff’. As at 30 June 2020, IGIS had 33 staff, well below the recommended 55.

The under-resourcing of an office that plays such a vital role in providing independent, rigorous oversight of, and public assurance about, the intelligence community is unacceptable and further reforms to the vetting process are essential.

The Richardson review noted that ‘the oversight system for the NIC is strong, effective and working well. There is no need for substantial reform of the system.’

It is clear that the ambit of oversight of Australia’s security and intelligence agencies is a complicated and vexed issue and there’s still considerable room for reform, especially to the PJCIS and IGIS.

Bolstering the scrutiny of Australia’s national intelligence community is essential so that the public can trust the oversight. It is in the national interest to ensure more profound rethinking of such oversight measures. Here the policy options paper makes a positive contribution to an important ongoing debate.

‘Grim’ is Duncan Lewis’s terse assessment of the geopolitical outlook and potential for major conflict in the region. But not hopeless, he hastens to add, even though Australia will have to work much harder—diplomatically, economically and strategically—to emerge safely from this period of turbulence.

In conversation with journalist Stan Grant as part of ASPI’s ‘Strategic Vision 2020’ conference series, Sir John Scarlett, a former head of MI6, and Lewis, former head of ASIO, ran through the critical issues facing allied intelligence agencies.

Scarlett agrees with Lewis’s bleak assessment of the likelihood of major conflict, as well as with an observation by Grant that this is not the whole sum of futures challenges for intelligence. As well as the deteriorating geopolitical outlook, agencies are having to grapple with the implications of global economic uncertainty, the ongoing threat of terrorism, the rise of authoritarianism and the impact of climate change.

While the Covid-19 pandemic has often been described as an accelerant of these trends, it could also transform them in ways which are completely opaque to us now, says Lewis.

For example, both former intel chiefs worry about the coronavirus-generated economic crisis stymieing the ability of governments to fund critical climate change measures. Similarly, if governments handle the pandemic poorly, winning public trust for other big and necessary reforms becomes more difficult. ‘My overwhelming worry is the degree to which confidence in government may be undermined when we look back on this’, says Scarlett.

Terrorism, long a preoccupation of intelligence agencies, has been pushed off the front page by Covid and climate change. But it will come roaring back, warns Scarlett. Even though the Islamic State group has been defeated territorially, roughly 18,000 foreign fighters are still active, and the power of IS ideology remains, spreading across Africa and beyond. ‘The idea is infectious’, adds Lewis. ‘It’s a bit like Covid.’

Terror groups of all kinds, including those on the far right, have been quick to take advantage of the fact that more people are online and socially isolated due to the pandemic. Combined with economic uncertainty, these conditions create a perfect climate for online recruitment and radicalisation. ‘The seeds for those things to prosper are in the ground now in our communities and we need to be very, very careful of it’, says Lewis.

This is but one example of the way in which digital technologies create new headaches for intelligence agencies. Another is the surge of foreign interference in liberal democracies, which, for Lewis, is driven by what social media and fake news can do.

On the plus side, the public use of digital technologies and advances in machine learning have vastly increased the datasets intelligence agencies can exploit. Even so, ‘old fashioned human intelligence sources are not going away’, says Scarlett.

Foreign interference looms large for both Australia and the UK, but in different ways. Scarlett says that he’s been impressed with the scope of the Australian response, but, for the UK, the issue of Chinese influence in politics is less well understood. Decisions like banning Huawei from its 5G network were difficult to make because the UK system had been slow to adapt to the new reality of China under Xi Jinping. ‘Just a few years ago we had leaders talking about a golden era in relations [with China].’

The main focus of ‘heated political debate’ is Moscow, says Scarlett, referencing the recent report to the House of Commons on Russian interference in the UK. He notes that the report is ‘very critical of the readiness and capability, and just general awareness, of the government and the intelligence and security community to Russian interference in our economy, decision-making and politics’.

On the issue of the ever-increasing powers of intelligence agencies, Grant asked whether greater surveillance of everyday life and increasing encroachment on human rights and civil liberties is the new normal, citing police raids on Australian journalists last year.

Lewis says he hopes ‘desperately, personally, that it’s not the new normal’ but suspects that technology is in the driver’s seat here. He notes that citizens are more willing to share their data with private corporations than with governments, but concedes it’s an issue of trust as well as a huge legislative challenge.

‘How do you legislate in such a way that intelligence agencies have got the necessary oversight to protect citizens? Because you don’t want to be preying on your citizens. The citizenry has to be protected from its government.’

In the UK, ‘a clear majority across public opinion is supportive of trusting the security and intelligence community’, says Scarlett. He cites legislation like the 2016 Investigatory Powers Act which introduced judicial oversight to the intelligence system as being important in instilling trust, as well an ‘instinct within society—and I may be a bit optimistic here—to be trusting and that we don’t, as a country, have a history of state abuse and dictatorship’.

But it can be a mistake for governments and citizens to overstate links between surveillance and coercive powers, according to Scarlett. Pointing to the limitations placed on people’s movement in response to Covid-19, he says ‘the national response and the people’s response was a voluntary one. There was no capability on the part of the authorities to really enforce it.’

On the future of the Five Eyes intelligence relationship, both men are confident that it can withstand current stresses. ‘After three-plus years of the “America first” administration, there is a degree of disorientation amongst America’s allies, within alliances and more generally around the world’, says Scarlett. But at the same time, he adds, ‘I’ve worked very closely with a whole range of US colleagues and senior people in the administration, politics and the security intelligence community, and they’re absolutely rock solid in their commitment to the alliances, to NATO and to the Five Eyes, and to liberal democracy and American leadership internationally’.

All intelligence agencies, stresses Scarlett, ‘have to be, first of all, absolutely clear about what it is that we’re defending. We’re defending our countries as liberal democracies, based on the rule of law. It’s not often explained exactly what a liberal democracy is and what it stands for. But making sure that you’re doing that is essential.’