WRITTEN EVIDENCE SUBMITTED BY REPRIEVE (TFP0034)

 

             

 

Reprieve is a legal action charity which seeks to uphold the rule of law and the rights of individuals around the world. Over the past 20 years Reprieve has provided legal and investigative support to hundreds of prisoners on death row; the families of innocents killed in drone strikes; victims of torture and extraordinary rendition; and scores of prisoners in Guantanamo Bay. Last year, we worked to secure justice for 388 people through our Extrajudicial Killings project, including taking legal action on behalf of 66 people who have been killed in covert US drone strikes. In June 2020 the UN Special Rapporteur on Extrajudicial, Summary or Arbitrary Killings cited our work in her annual report and a German court decision on behalf of a Yemeni family we represent a “watershed” with “critical findings” for accountability.

 

             

             

EXECUTIVE SUMMARY

 

  1. How emerging data and AI technology can have lethal consequences;
  2. How the UK’s cooperation with its foreign partners is leaving it complicit in the unlawful use of force;
  3. How existing UK policy is creating loopholes for outsourcing human rights abuses.

 

  1. HOW NEW DATA AND AI TECHNOLOGY CAN BE LETHAL

 

  1. The material in this section indicates the way the UK and US’s data harvesting can ultimately be used to kill people. While much of this refers to the practice of US intelligence agencies, the American experiment in targeted killings is relevant for UK policymakers. First, the UK is actively involved in the programme, as described in detail in section 2. Secondly, the US programme is the most advanced of its kind, and indicates the future of drone technology and technological warfare. The US’s experience holds vital lessons for Britain’s future use of technology and its impact on its foreign policy.

 

  1. The US’s drone programme – operated using a ‘Kill List’[2] of those designated for targeted assassination – is powered by data. The Kill List, or “Disposition Matrix”, is a database that identifies individuals for targeted assassination. The US and UK use bulk surveillance techniques, intercepting, collecting, and processing billions of mobile phone signals, calls and texts, and social media impressions to inform this database. For the UK, this includes the targeted, thematic and bulk surveillance of communications and personal datasets under the Investigatory Powers Act 2016. Algorithms then determine whether data from an individual fits into a particular profile. In the context of the US drone programme, this kind of algorithmic profiling may determine whether or not an individual is targeted for killing.

 

  1. In addition to its ‘Kill List’, the US also takes what are known as ‘signature’ strikes, based on patterns of behaviour rather than intelligence about specific people.  These patterns of behaviour are detected through signals intercepts, human sources and aerial surveillance and taken even when the US does not know the identity of the target.

 

  1. A former drone pilot, describing this method of targeting, stated: “It’s really like we’re targeting a cell phone. We’re not going after people – we’re going after their phones, in the hopes that the person on the other end of that missile is the bad guy.”[3] In April 2014, General Michael Hayden, former CIA Director, put it more bluntly when he told a John Hopkins University Symposium:We kill people based on metadata.[4]

 

  1. Signal Intelligence (‘SIGINT’), though, does not tell the whole story. It only indicates that communication between two devices (cell phones or computers) has taken place, along with limited other markers.  It does not indicate the nature of that communication, who is holding the device or is in close proximity, or whether they are engaged in fighting. As a former CIA officer said, SIGINT “doesn’t tell you anything about context or your target’s plans and intentions.” Expressing concern with its reliability, the CIA officer stated: “Do all these guys they point a finger at really need to be taken out? Even if they’re getting 90 percent right that still leaves room for a lot of mistakes…when those judgments are turned into actionable intelligence.”[5]

 

  1. The problem with SIGINT is exemplified by the case of prominent Al Jazeera journalist and former Reprieve client, Ahmed Zaidan. A PowerPoint presentation produced by the U.S. National Security Agency and shared with the UK Government shows that the former Pakistan Bureau chief had been identified as a terrorist courier based on analysis of his metadata.[6] A slide presentation titled “SKYNET: Applying Advanced Cloud-based Behavior Analytics” set out in detail how an algorithmic programme called SKYNET analysed metadata and cellphone tracking to determine that Mr Zaidan was a terrorist courier.[7] As a journalist, Mr Zaidan was open about his frequent interactions with so-called ‘militants’ as part of his work interviewing sources. This is a far cry from him being a terrorist courier yet his pattern of behaviour might look the same.

 

  1. SKYNET evidences the U.S. Government’s practice of identifying assassination targets using algorithms based on those individuals’ phone calls and travel patterns. Experts have called this approach “scientifically unsound” and “ridiculously optimistic”.[8] According to independent assessments, programmes such as SKYNET have an error rate such that they could lead to thousands of innocent people being killed.[9]

 

  1. Reprieve’s own investigations and research show just how dangerous data can be, and the tragic consequences that unfold when the wrong data is fed into the US’s drone programme. One Reprieve investigation found that in Yemen and Pakistan, US drone strikes killed as many as 1,147 people, including children, in failed attempts to kill just 41 named individuals.[10] These 41 men were reported to have been killed multiple times – sometimes as many as seven – leaving a trail of innocents, mistaken for the target, killed in their wake. It is known that during this time the UK assisted US operation in both countries. In Pakistan, the Sunday Times reported that GCHQ assisted the US in locating targets in Pakistan thanks to the agency’s “better intercept network”.[11] In Yemen, the UK has provided support to the US’s OVERHEAD programme, detailed below, in which UK intelligence is acknowledged to have played a role in strikes that injured children.[12]

 

  1. In 2015, in a piece about a ‘signature’ strike that unwittingly killed two western hostages, the New York Times reported: “every independent investigation of the strikes has found far more civilian casualties than administration officials admit. Gradually, it has become clear that when operators in Nevada fire missiles into remote tribal territories on the other side of the world, they often do not know who they are killing, but are making an imperfect best guess.”[13] The information the drone operators are fed often appears determinative, with little input from the human operators who pull the trigger.

 

  1. The US’s drone programme, which frequently breaches international law, is relevant to the Committee’s inquiry for two reasons. First, the UK is directly implicated in the issues identified here by virtue of the direct and active support it provides to the US drone programme (see section 2 below). Secondly, the US’s use of technology in warfare is the most advanced such programme and thus the most instructive example for the future of the UK’s use of technology in foreign policy.

2. UK’S USE OF TECHNOLOGY LEAVES IT COMPLICIT IN UNLAWFUL USES OF FORCE

 

  1. As part of the Five Eyes intelligence-sharing network, UK intelligence agencies routinely share intelligence material with their US counterparts. While this relationship remains opaque, investigations suggest that the UK provides critical support to US operations including the US’s use of lethal force outside of armed conflict zones. GCHQ reportedly helps locate targets for US drone strikes and several UK military bases housing UK and US personnel – including GCHQ and SIS – conduct joint work on operations.[14]

 

  1. For example, several military bases in the UK – RAF Menwith Hill, RAF Croughton, RAF Molesworth, and RAF Digby – are known to form a crucial link within the US’s drone programme. In 2016, an investigation by The Intercept showed that RAF Menwith Hill, a US base in Yorkshire, played a critical role in the targeting of individuals in Yemen.[15]

 

  1. RAF Molesworth, based in Cambridgeshire, houses a component of the US’s National Geo Spatial Intelligence Agency (“NGA”), which informs the US drone programme. The NGA is involved in analysing images gathered by Predators, Reapers and Global Hawk drones. These images, known as Full Motion Videos, are transmitted to the Joint Analysis Centre at Molesworth, where US and UK intelligence officers jointly analyse and retransmit the images to the Pentagon.[16]

 

  1. In September 2017, moreover, The Intercept profiled a UK base, RAF Digby, involved in the drone programme.[17] Located in Lincolnshire, it allows the UK to conduct extensive surveillance and geolocational tracking in a number of countries where the US conducts drone strikes, including Libya and Syria.[18]

 

  1. These bases form a crucial link to the US drone programme, with GCHQ personnel using mass surveillance techniques to collect data on individuals and identify those to target. In directly handling individuals’ data and passing it to the US Government for potential targeting, the UK’s intelligence services form a critical part of the drone programme’s ‘Kill Chain’.

 

  1. The US OVERHEAD Program is an example of the lethal consequences of the UK’s involvement in the Kill Chain. According to UK documents seen by The Guardian, the UK works closely with the US on OVERHEAD, which collects intelligence from satellites, radio and phone communications.  In an internal newsletter for GCHQ staff, OVERHEAD is credited with a strike that took place in Yemen on 30 March 2012, confirming the agency’s involvement in that country. According to The Bureau of Investigative Journalism, the strike injured six children.[19]

 

  1. Newly disclosed documents reveal that UK personnel can even fly US Reaper Drones in undertaking Intelligence, Surveillance and Reconnaissance (ISR) activities, which then feed directly into creating the data on which those drones will take strikes. Footnote 23 of the Chief of Defence Staff (CDS) Directive on Embedded Personnel 2/16 states that approval to operate RPAS (Remotely Piloted Air Systems) can be agreed as part of a specific MoU (or similar agreement) but consideration must be given to the role of the collected product in any strike activity.”[20]

 

  1. UK POLICY ON TARGETING AND EMBEDDED FORCES CREATES LOOPHOLES FOR OUTSOURCING HUMAN RIGHTS ABUSES

 

  1. The activities of GCHQ and other UK intelligence personnel at US bases in the UK is governed by the United Kingdom’s Targeting Policy, the Joint Service Publication 900 (JSP900). After seven years of denying parliament access to the document, the MoD recently released a heavily redacted copy in response to a Freedom of Information request, as well as a copy of the related CDS Directive on Embedded Personnel 2/16. Both documents raise serious concerns that loopholes exist which allow UK personnel – including GCHQ and other intelligence personnel – to become complicit in unlawful uses of lethal force carried out using algorithmic targeting. Through the use of policies such as this, both the UK’s intelligence agencies, such as GCHQ, and other departments such as the MoD risk pushing UK foreign policy and UK policy on emerging technology towards those of its partners in ways that harm British values and interests.

 

  1. The policy on embedding allows and envisages the UK entangling itself in the US drone program, in a manner contrary to UK law and its own interpretation of international law. The Chief of Defence Staff (CDS) Directive on Embedded Personnel 2/16 acknowledges that US soldiers and intelligence officers embedded within UK units may, in some circumstances, disregard the UK’s rules of engagement and interpretation of international law, and instead opt to follow the looser standards of the US’s interpretation and leave UK personnel involved in strikes targeted by algorithm.[21]

 

  1. The policy also allows UK personnel, in certain circumstances, to operate drones in theatres where the UK is not operational. Paragraph 16(b) of the guidance states that “where the Host State, international organisation or coalition forces are involved in the planned offensive use of force in the course of military operations that UK forces (other than embedded personnel) are not engaged in…UK personnel may be authorised to participate in such actions subject to Ops Dir and potentially Ministerial scrutiny.”[22]

 

  1. This creates the very real possibility that the UK has been involved in scores of drone attacks in Yemen, where innocent civilians have been routinely killed. Potential victims include the three children of the Al Ameri family killed in March 2017 by a Trump Administration drone strike.[23] The Al Ameri family are now pursuing the US in the Inter-American Commission on Human Rights, challenging the legality of the US drone program.[24] It is possible the UK supplied logistical support and data for this strike: public documents reveal that the UK has provided extensive and systematic intelligence-gathering assistance to the US’s operations in Yemen, including tasking targets,[25] which may then have been fed into the US’s process by which individuals are algorithmically targeted.

 

  1. Loopholes that allow UK involvement in strikes in places like Yemen risk skewing UK foreign policy in ways that help proliferate the unlawful use of force, rather than restrain it. They put the UK and UK personnel, including intelligence officers, at risk of being held liable for complicity in these unlawful uses of force. Moreover, given the role of GCHQ and the UK intelligence services in the US Kill Chain, the loopholes in the MoD’s targeting policy raise worrying concerns that similar loopholes may exist in FCDO guidance provided to those same intelligence bodies.

 

  1. Drones and other new technologies also blur the lines between intelligence gathering and military operations, making it unclear where responsibility lies and inhibiting Parliament from properly overseeing such activity. In its 2017 report on the killing of a British citizen via drone strike in Syria, the Intelligence and Security Committee (ISC) highlighted this “wider policy issue” and said it was of “significant public interest”.[26]

 

RECOMMENDATION: PLACE REAL SAFEGUARDS ON NEW DATA TECHNOLOGY

 

  1. The UK’s continued involvement in unlawful US drone strikes shows that core lessons on the UK’s involvement in the US’s War on Terror have not been learned. As the Intelligence and Security Committee found with respect to the UK’s role in US torture and rendition, the UK’s intelligence agencies engaged in “outsourcing of action they knew they were not allowed to undertake themselves.”[27] The UK risks doing the same here. The lack of proper scrutiny and safeguards in the UK’s policy on embedding continues to risk UK personnel becoming involved in human rights abuses through their use of drones and other new technologies, such as computer programmes like SKYNET.

 

  1. Reprieve supports the timely and efficient sharing of data with foreign agencies to prevent and detect serious crime. However, as in other areas of intelligence agency activity, these processes require safeguards in order to be effective and not counterproductive. Despite this, UK law contains no effective safeguards to ensure the UK’s involvement in lethal drone-data technology does not risk complicity in human rights abuses.

 

  1. The lack of safeguards risks UK involvement in unlawful strikes and extra-judicial killing. When GCHQ gathers data, and that data is shared with the US, it may then be used to target and kill an individual The data gathered by UK intelligence services is fed into the drone programme, potentially leaving the UK complicit in unlawful strikes which it would not take itself. As indicated above, the drone operators in Nevada often do not know the identity of those they are killing[28], and are instead are likely relying upon data- supplied by the UK, which then leads to lethal strikes which may be unlawful.

 

  1. Neither the Investigatory Powers Act 2016 nor the Data Protection Act 2018 contain safeguards to stop the sharing of data where this may lead to UK complicity in unlawful strikes. Section 109 of the 2018 Act requires only that data-sharing to foreign partners be “necessary and proportionate” for the statutory functions of the intelligence services.[29]

 

  1. As the Act passed through Parliament, MPs sought at Committee stage to introduce an amendment that would place stricter limits on the uses to which data could be put when transferred overseas,[30] but the amendment was narrowly defeated with 9 in favour and 10 against.[31] As a result, there is nothing in the Act to ensure data transfers do not fall foul of the UK’s international obligations or domestic criminal law requirements.

 

  1. The Government has sought to claim that the Investigatory Powers Act 2016 provides “rigorous” and “powerful safeguards” on the transfer of data overseas.[32] But the 2016 Act provides only minimal procedural safeguards, requiring only that the Secretary of State be satisfied that access to transferred data will be minimised within the foreign receiving agency and the bar on intercept admissibility in domestic criminal proceedings is maintained.[33]

 

  1. These existing safeguards do little to ensure UK involvement in these new technologies is not leaving the UK complicit in unlawful US policy. As a result, we believe the UK needs to introduce a clear legal ban on the sharing of data and intelligence-sharing where there is a real risk that it will be lead to the unlawful use of force overseas. The lack of leadership in this area puts the very rules that govern international peace and stability at grave risk. The UK, with its close and influential relationship with the US, could and should step in to fill this gap. By ensuring safeguards are in place that prevent GCHQ and other intelligence agencies from becoming complicit in unlawful drone use, the FCDO can then take the lead in driving forward international standards and safeguards on the use of drones and these related technologies.

 

  1. In light of these serious concerns, Reprieve recommends that the Foreign Affairs Committee urge the Government to:

 

  1. Ensure that where UK intelligence agencies co-operate with the US, as envisaged by the JSP900 and through such activities as UK personnel embedded within US units, and US personnel embedded within UK units, the UK is not left at risk of becoming involved in grave human rights abuses or breaches of international law.
  2. To do this, introduce an amendment to the Data Protection Act 2018 legislation that places a clear prohibition on the transfer of personal data outside the UK where (a) the transferring controller knows, or should know, that the data will be used in an operation or activity that may involve the use of lethal force, and (b) there is a real risk that the transfer would amount to a breach of domestic or international law.

 

 

 

 

 

 

June 2021

 

 

REFERENCES

[1] https://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/

[2] https://www.theatlantic.com/ideas/archive/2021/01/americas-shadow-death-row/617757/ ; https://www.theguardian.com/news/2019/nov/18/killer-drones-how-many-uav-predator-reaper

[3] https://theintercept.com/2014/02/10/the-nsas-secret-role/

[4] See remarks at The Johns Hopkins Foreign Affairs Symposium Presents: The Price of Privacy: Re-Evaluating the NSA, available at: https://www.youtube.com/watch?v=kV2HDM86XgI.

[5] https://observer.com/2015/09/us-reliance-on-too-much-sigint-and-too-little-spycraft-is-dangerous-and-expensive/

[6] The Intercept, U.S. Government Designated Prominent al-Jazeera Journalist as Al-Qaeda Member, 8 May 2015 https://theintercept.com/2015/05/08/u-s-government-designated-prominent-al-jazeera-journalist-al-qaeda-member-put-watch-list/

[7] Ibid.

[8] https://arstechnica.com/information-technology/2016/02/the-nsas-skynet-program-may-be-killing-thousands-of-innocent-people/

[9] Ibid.

[10] Reprieve, You Only Die Twice: Multiple Kills in the US Drone Program, available at: https://reprieve.org/wp-content/uploads/2014_11_24_PUB-You-Never-Die-Twice-Multiple-Kills-in-the-US-Drone-Program-1.pdf.

[11] The Sunday Times, ‘GCHQ finds AL Qaeda for American strikes’, 25 July 2010, available at: http://www.thesundaytimes.co.uk/sto/news/uk_news/Defence/article353492.ece.

[12] The Guardian, ‘GCHQ documents raise fresh questions over UK complicity in US drone strikes’, 24 June 2015, available at: https://www.theguardian.com/uk-news/2015/jun/24/gchq-documents-raise-fresh-questions-over-uk-complicity-in-us-drone-strikes.

[13] The New York Times, ‘Drone Strikes Reveal Uncomfortable Truth: U.S. is Often Unsure About Who Will Die’, 23 April 2015., available at: https://www.nytimes.com/2015/04/24/world/asia/drone-strikes-reveal-uncomfortable-truth-us-is-often-unsure-about-who-will-die.html

[14] For references and further detail, see Reprieve, ‘Submissions to the APPG Inquiry into the Use of Armed Drones: Working with Partners’, available at: http://appgdrones.org.uk/wp-content/uploads/2014/08/Submission-from-Reprieve.pdf, and ‘Additional Submission by Reprieve’, available at: http://appgdrones.org.uk/wp-content/uploads/2014/08/2.-2017_11_27_INT-Reprieve-Additional-Submission-to-the-APPG-Inquiry-Final-as-submitted.pdf.

[15] The Intercept, Inside Menwith Hill, 6 September 2016, available at: https://theintercept.com/2016/09/06/nsa-menwith-hill-targeted-killing-surveillance/

[16] Global Hawk – UAV, available at: http://www.theuav.com/global_hawk.html;. Geographical Imaginations, ‘Predatory Networks’, 27 January 2014, available at: http://geographicalimaginations.com/2014/01/27/predatory-networks/.

[17] The Intercept, NSA’s Quiet Presence at a Base in England’s Countryside Revealed in Snowden Documents, 13 September 2017, available at: https://theintercept.com/2017/09/13/digby-uk-nsa-gchq-surveillance/

[18] Ibid.

[19] The Guardian, ‘GCHQ documents raise fresh questions over UK complicity in US drone strikes’, 24 June 2015, available at: https://www.theguardian.com/uk-news/2015/jun/24/gchq-documents-raise-fresh-questions-over-uk-complicity-in-us-drone-strikes.

[20] Chief of Defence Staff (CDS) Directive on Embedded Personnel 2/16.

[21] Chief of Defence Staff (CDS) Directive on Embedded Personnel 2/16, Annex B, para. 5(a).

[22] Chief of Defence Staff (CDS) Directive on Embedded Personnel 2/16, Paragraph 16(b).

[23] Vice News, A yemeni family was repeatedly attacked by US Drones: Now they’re seeking justice, 26 January 2021https://www.vice.com/en/article/3anj33/a-yemeni-family-was-repeatedly-attacked-by-us-drones-now-theyre-seeking-justice

[24] https://www.doughtystreet.co.uk/news/yemeni-drone-strike-victims-seek-end-strikes-and-redress-historic-case-against-usa

[25] (S//SI//REL) ‘APPARITION Becomes a Reality: New Corporate VSAT-Geolocation Capability Sees Its First Deployment’, 12 November, 2008, available at:              https://assets.documentcloud.org/documents/3089509/APPARITION-becomes-a-reality-new-corporate-VSAT.pdf

[26] https://isc.independent.gov.uk/wp-content/uploads/2021/01/20170426_UK_Lethal_Drone_Strikes_in_Syria_Report.pdf

[27] https://isc.independent.gov.uk/wp-content/uploads/2021/01/20180628-HC1113-Report-Detainee-Mistreatment-and-Rendition-2001-10.pdf, 3.

[28] The New York Times, ‘Drone Strikes Reveal Uncomfortable Truth: U.S. is Often Unsure About Who Will Die’, 23 April 2015., available at: https://www.nytimes.com/2015/04/24/world/asia/drone-strikes-reveal-uncomfortable-truth-us-is-often-unsure-about-who-will-die.html

[29] https://www.legislation.gov.uk/ukpga/2018/12/section/109/enacted

[30] https://hansard.parliament.uk/commons/2018-03-20/debates/1c2cf90d-f85b-4724-af4b-bf05bb7be630/DataProtectionBill(Lords)(FifthSitting)

[31] Ibid.

[32] https://hansard.parliament.uk/commons/2018-03-20/debates/1c2cf90d-f85b-4724-af4b-bf05bb7be630/DataProtectionBill(Lords)(FifthSitting). Columns 175 and 176

[33] https://www.legislation.gov.uk/ukpga/2016/25/section/54/enacted; https://www.legislation.gov.uk/ukpga/2016/25/section/130/enacted; https://www.legislation.gov.uk/ukpga/2016/25/section/151/enacted; https://www.legislation.gov.uk/ukpga/2016/25/section/192/enacted