Big Data, Emerging Technologies and Intelligence: National Security Disrupted 1032485582, 9781032485584

Citation preview

“Drawing on substantial and exclusive access to the Australian Intelligence Community, this book provides a timely, detailed, and thorough analysis of the many ways in which big data is transforming intelligence and broader society. Dr Miah Hammond-Errey brings intelligence studies into the digital era with this original contribution to the scholarly field on intelligence and national security.” Kira Vrist Rønn, Associate Professor, University of Southern Denmark “With this book, Dr Hammond-Errey has produced a path-breaking empirical analysis of how Big Data is transforming intelligence and the challenges to which this transformation gives rise. Based on interviews with around 50 people working in and around the Australian National Intelli­ gence Community, this book offers an invaluable guide to understanding the impact of the Big Data landscape on intelligence practice in liberal democ­ racies and how this affects the intelligence-state-citizen relationship. It is essential reading for students of intelligence and for all those working in the field of intelligence, including its oversight.” Mark Phythian, University of Leicester, UK “This book is a timely account of the way big data and emerging technology have been disrupting intelligence and society. Dr Hammond-Errey develops an innovative framework of the landscape of big data that raises important questions about legitimacy and public trust in democratic institutions, the changing role of intelligence analysts, and the tendency to subject surveil­ lance capabilities to greater democratic accountability.” Christian Leuprecht, Royal Military College of Canada and Queen’s University, Canada

Big Data, Emerging Technologies and Intelligence

This book sets out the big data landscape, comprising data abundance, digi­ tal connectivity and ubiquitous technology, and shows how the big data landscape and the emerging technologies it fuels are impacting national security. This book illustrates that big data is transforming intelligence production as well as changing the national security environment broadly, including what is considered a part of national security as well as the relationships agencies have with the public. The book highlights the impact of big data on intelligence production and national security from the perspective of Aus­ tralian national security leaders and practitioners, and the research is based on empirical data collection, with insights from nearly 50 participants from within Australia’s National Intelligence Community. It argues that big data is transforming intelligence and national security and shows that the impacts of big data on the knowledge, activities and organisation of intelligence agencies is challenging some foundational intelligence principles, including the dis­ tinction between foreign and domestic intelligence collection. Furthermore, the book argues that big data has created emerging threats to national security; for example, it enables invasive targeting and surveillance, drives information warfare as well as social and political interference, and chal­ lenges the existing models of harm assessment used in national security. The book maps broad areas of change for intelligence agencies in the national security context and what they mean for intelligence communities, and explores how intelligence agencies look out to the rest of society, considering specific impacts relating to privacy, ethics and trust. This book will be of much interest to students of intelligence studies, technology studies, national security and International Relations. Miah Hammond-Errey is the Director of the Emerging Technology Program at the United States Studies Centre at the University of Sydney. She has a PhD from Deakin University, Australia.

Studies in Intelligence General Editors: Richard J. Aldrich, Claudia Hillebrand and Christopher Andrew Intelligence Oversight in the Twenty-First Century Accountability in a Changing World Edited by Ian Leigh and Njord Wegge Intelligence Leadership and Governance Building Effective Intelligence Communities in the 21st Century Patrick F. Walsh Intelligence Analysis in the Digital Age Edited by Stig Stenslie, Lars Haugom, and Brigt H. Vaage Conflict and Cooperation in Intelligence and Security Organisations An Institutional Costs Approach James Thomson National Security Intelligence and Ethics Edited by Seumas Miller, Mitt Regan, and Patrick F. Walsh Intelligence Agencies, Technology and Knowledge Production Data Processing and Information Transfer in Secret Services during the Cold War Edited by Rüdiger Bergien, Debora Gerstenberger and Constantin Goschler State-Private Networks and Intelligence Theory From Cold War Liberalism to Neoconservatism Tom Griffin India’s Intelligence Culture and Strategic Surprises Spying for South Block Dheeraj Paramesha Chaya Big Data, Emerging Technologies and Intelligence National Security Disrupted Miah Hammond-Errey For more information about this series, please visit: https://www.routledge. com/Studies-in-Intelligence/book-series/SE0788

Big Data, Emerging Technologies and Intelligence National Security Disrupted

Miah Hammond-Errey

First published 2024 by Routledge 4 Park Square, Milton Park, Abingdon, Oxon OX14 4RN and by Routledge 605 Third Avenue, New York, NY 10158 Routledge is an imprint of the Taylor & Francis Group, an informa business © 2024 Miah Hammond-Errey The right of Miah Hammond-Errey to be identified as author of this work has been asserted in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988. All rights reserved. No part of this book may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publishers. Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data A catalog record has been requested for this book ISBN: 978-1-032-48558-4 (hbk) ISBN: 978-1-032-48559-1 (pbk) ISBN: 978-1-003-38965-1 (ebk) DOI: 10.4324/9781003389651 Typeset in Times New Roman by Taylor & Francis Books

Contents

List of illustrations Acknowledgements List of Acronyms and Abbreviations Introduction

viii

ix

x

1

1

Big Data Landscape Fuels Emerging Technologies

22

2

Big Data Landscape Challenges Fundamental Intelligence

Principles and Practices

45

Big Data Landscape: New Social Harms and National Security

Threats

65

4

Big Data and Intelligence in Practice

83

5

Data and Privacy

114

6

Ethics and Bias

131

7

Trust, Transparency and Legitimacy

155

3

Conclusion Appendices Index

181

192

198

Illustrations

Figures 0.1 NIC Agencies (ONI 2017) 1.1 Features of the Big Data Landscape

8

24

Tables 0.1 Categories of Interviewees Appendix Table A: Australian NIC Agencies Appendix Table B: Types of Intelligence

11

192

195

Acknowledgements

This book is an adaptation of my PhD thesis. Thank you to my primary supervisor Chad Whelan and secondary supervisor Diarmaid Harkin for all your support, guidance and friendship throughout both processes. Thank you, Tom Barrett, for your research and referencing assistance. A huge thanks to colleagues, friends and family who have supported this research. I can’t name many of you by name, however, am incredibly grateful for your support–you made this research possible. I can’t thank you enough. I’m grateful to the individuals and agencies who participated in this research. I feel honoured to be privileged with your insights, experiences and time. Thank you for sharing of these so willingly. Thank you to the agencies for entrusting me with this research. This research draws on a variety of perspectives from within the NIC. I have tried to reflect these (sometimes contradictory!) views and common discourse faithfully. However, this book contains only a small part of the discussions and is not a comprehensive reflection of all the topics and issues covered. The research was supported by a National Security Big Data Scholarship from D2D CRC and a University Postgraduate Research Scholarship from Deakin University. Additional support was also provided by D2DCRC in the form of an Applied Research and Collaboration Award (2017) and an Applied Research Grant (2019). This book is a contribution towards greater understanding of national security and big data as well as the ways the big data landscape fuels emer­ ging technologies. I’d like to continue this conversation with you. You can also find out more by listening to my podcast, Technology and Security.

List of Acronyms and Abbreviations

ACIC AFP AGO AIC ASIO ASIS ASD AUSTRAC HA IGIS DIO NIC SDM ONI ODM TECH ISME

Australian Criminal Intelligence Commission Australian Federal Police Australian Geospatial-Intelligence Organisation Australian Intelligence Community Australian Security Intelligence Organisation Australian Secret Intelligence Service Australian Signals Directorate Australian Transaction Reports and Analysis Centre Department of Home Affairs Inspector-General of Intelligence and Security Defence Intelligence Organisation National Intelligence Community Senior Decision-Maker Office of National Intelligence Operational Decision-Maker Technologist Independent Subject Matter Expert

Introduction

This book examines the impact of the technological phenomenon ‘big data’ on national security intelligence and decision-making. Data is all around us. Big data has become a prevalent feature in commercial enterprise (Cukier 2010; Manyika et al. 2011; Reinsel, Gantz & Rydning 2017; Yiu 2012) from shopping to socials, travel to transport and communications to finance. It is also increasingly used in national security (Landon-Murray 2016; Van Puy­ velde, Coulthart & Hossain 2017). Big data and associated analytics are presented as offering significant potential for a safer and more secure nation (Akhgar et al. 2015; Manyika et al. 2011; Mayer-Schönberger & Cukier 2014) and are being adopted before their impacts are well understood. Despite the significant impacts of big data on intelligence activities, empirical research into its impacts is still in its infancy. The ‘information age’ continues to provide an ever-expanding quantity and variety of information (Degaut 2015, p. 511) that underpins many of the datadriven technologies impacting national security. In 2014, it was forecast that by 2020 there will be as many bits in the digital universe as stars in the physical universe (International Data Corporation 2014), and in 2019 this was revised to forty times the number of bytes than stars in the observable universe (DOMO 2019). According to the International Data Corporation (International Data Corporation 2022), by 2026 there will be more than 220 Zettabytes (220 billion Terabytes) of data added annually to the global datasphere – the summation of data we create, capture or replicate. This will be almost three times the 83 Zet­ tabytes produced in 2021 – growing at a rate of 21 per cent per year (Interna­ tional Data Corporation 2022). We are also more digitally connected than ever before. The increasing interconnectedness of our systems and our infra­ structure – including our reliance on them – is transformative and unprece­ dented. In January 2023, more than 5.4 billion people out of the eight billion global population (68 per cent) were using a mobile device, with the majority being smartphones (Kemp 2023). Estimates of the number of devices connected to the internet vary widely; however, there is consensus (Evans 2011; Gartner 2017) that this number has overtaken the global population – Ericsson (2022) estimated the number of connected devices in 2022 to be 23.6 billion and predict that by 2028 that number will reach 45.8 billion. DOI: 10.4324/9781003389651-1

2

Introduction

Increasingly vast amounts of data are captured from and about humans, machines and the natural environment, challenging political and economic models (Mayer-Schönberger & Ramge 2018; Sadowski 2020; Schwab 2017; Zuboff 2019). The abundance of data made possible by improvements in data storage and computational capabilities, combined with digital connectedness and ubiquity of technology, drive the big data phenomenon. The speed of technological change has impacted how we store, interpret, analyse and communicate information in society (boyd & Crawford 2012; Kitchin 2014a). Intelligence activities are funded by the nation-state, with the express pur­ pose of protecting national interests and keeping citizens safe; however, information about intelligence agencies and their activities is notoriously sparse (Andrew 2018; Van Puyvelde 2018, pp. 380–381). Lundy et al. (2019, p. 587) argue that ‘intelligence is essential to modern statecraft in times of war and peace… [and] its vital role deserves – and requires – better general comprehension’. Empirical research to date on intelligence activities, espe­ cially outside the United States, has been extremely limited (Hughes, Jackson & Scott 2008; Van Puyvelde 2018; Zegart 2022). There have been ‘very few, if any, reflections on how the Australian intelligence community works, its contributions, or of its importance to policy and decision-makers across government’ (Symon 2018). Whilst the scarcity of information is under­ standable, the growing role of intelligence in society presents a significant need for understanding of the public value of intelligence agencies and ensuring their accountability in liberal democracies. Gill and Phythian (2006) argue that citizens have been excluded from knowledge of intelligence policies and practices for too long. The book shows that big data is transforming what intelligence is, how it is practised, and the relationships intelligence organisations have with society. This includes both the collection of information and secret intelligence as well as the analytical processes used to create intelligence products and advice to inform decision-making. The book details how big data is trans­ forming aspects of intelligence production specifically and the national security environment more broadly. The book leverages semi-structured interviews with almost fifty senior and operational intelligence officers and decision-makers within the Australian National Intelligence Community (NIC).1 The NIC represents a unique group of interview participants, and this research is the first to access them as a community. The focus of the research is from the perspective of Australian national security professionals; however, these perspectives are applicable and relevant internationally to all states that invest significantly in intelligence collection technologies. The introductory chapter examines and defines the key concepts of the book, providing some background and context as well as offering insight into how this research contributes to our understanding. First, it looks at big data, followed by national security and intelligence. It is important to explain these terms here as they are often used in different ways. The inconsistent use of such concepts can lead to confusion and all three are essential to

Introduction

3

understanding the impact of big data on intelligence and national security. Furthermore, the book argues that the advent of big data is shaping these concepts, including what we see as intelligence and expanding the notion of national security to include new social harms. The book shows how big data is shaping the activities, knowledge and organisation of intelligence functions that are intended to support policy makers in developing responses to these new harms and vulnerabilities.

Big Data, National Security, and Intelligence Big Data Big data is an amorphous concept that is used to refer to large, diverse, growing and changing datasets (Bennett Moses & Chan 2014; Chan & Bennett Moses 2016, 2017; Malomo & Sena 2016). Big data arose from technical advances in storage capacity, speed and price points of data collection and analysis as well as by the move towards understanding data as ‘continuously collected, almostinfinitely networkable and highly flexible’ (Metcalf, Keller & boyd 2016, p. 2). Prior to big data, databases were constrained and unable to simultaneously deal with the original 3Vs of big data – volume, velocity and variety (Kitchin 2014b, p. 68; Laney 2001). However, increased computational power, new database design and distributed storage enabled the collection and analysis of big data (Kitchin 2014b, p. 68). The unprecedented volume and size of data sets that cannot be manually processed precipitated analytical solutions to analyse data and derive insights, expanding the term big data from referring solely to the storage of data (Mayer-Schönberger & Cukier 2014). The term has evolved from the original 3Vs to include value derived from understanding data sets as a whole and by drawing insights using new ana­ lytical techniques (boyd & Crawford 2012; Kitchin 2014a; Kitchin & Laur­ iault 2014). Kitchin (2014b) considers big data as fine-grained in resolution and uniquely indexical in identification; relational in nature, containing common fields that enable the conjoining of different data sets; and flexible, holding the traits of extensionality (new fields can be added easily) and sca­ leability (can be expanded in size rapidly). Importantly, big data ‘is less about data that is big than it is about a capacity to search, aggregate and crossreference large data sets’ (boyd & Crawford 2012, p. 663). It is this ability to use the data for some type of decision or action that defines big data. As others have aptly put, ‘big data are worthless in a vacuum. Its potential value is unlocked only when leveraged to drive decision-making’ (Gandomi & Haider 2015, p. 140). The requirement to consider the veracity of data and value led to the expansion of the 3Vs definition of big data – volume, velo­ city and variety (Kitchin 2014b, p. 68; Laney 2001) – to a 5V definition that includes veracity (certainty and consistency in data) and value (insights into and from data) (Akhgar et al. 2015; van der Sloot, Broeders & Schrijvers 2016).

4

Introduction

A range of terms are used, sometimes interchangeably, to describe analysis of big data. These include: big data analytics (Cloud Security Alliance 2013; Beer 2018; Minelli, Chambers & Dhiraj 2013; Power 2014; Pramanik et al. 2017; Shu 2016), advanced analytics (Babuta 2017; Chawda & Thakur 2016; Shahbazian 2016), big data computing (Chen, Mao & Liu 2014) and data mining (Pramanik et al. 2017). Additionally, the terms artificial intelligence, machine learning and algorithms are included in big data analytics for the purpose of this study. In the book, big data is viewed broadly and refers to all these components, including the technologies and analytics. Participants in this research highlighted three key features of big data for national secur­ ity which, the book argues in Chapter 1, come together to form a big data landscape. National Security National security – and our conceptualisations of it – evolves over time as it is situationally, culturally and temporally contextual (Katzenstein 1996). National security is a commonly used concept in international relations and the analysis of policy decisions; however, its essential meaning is more widely disputed than agreed upon (Baldwin 1997; Dupont 1990; Liotta 2002). Maintaining national security is usually posited as the reason for the appli­ cation of intelligence resources. In a foundational text, Arnold Wolfers characterised security as ‘the absence of threats to acquired values and sub­ jectively, the absence of fear that such values will be attacked’ (Wolfers 1962, p. 485). Baldwin (1997, p. 13) subsequently refined ‘the absence of threats’ as ‘a low probability of damage to acquired values’. Wolfers (1962, p. 150) notes that the demand for a policy of national security is primarily normative in character and security points to some degree of protection of values pre­ viously obtained: ‘Security is a value, then, of which a nation can have more or less and which it can aspire to have in greater or lesser measure’. Wolfers’ position has not gone unchallenged, as the field struggles to agree on ‘how much security’ is desirable. Zedner (2003, p. 155) posits that ‘security is both a state of being and a means to that end’. Whelan (2014, p. 310) explains that we can understand Zedner’s (2009) conceptualisation of security as an ‘objective state of being more or less “secure” and as a subjective condition based on how secure we “feel”’. Gyngell and Wesley (2007, p. 233) see security as a prudential value, conceived as a condition which must be maintained against others’ potential to degrade it. Buzan, Waever and de Wilde (1998) highlight that nation-state security requires a referent object to make sense. The objective state of security continues to imply a ‘referent object’ and an existential threat to that object and the special nature of security threats justifies the use of extra­ ordinary measures to handle them (Buzan, Waever & de Wilde 1998). Whelan (2014, p. 310) furthers this, noting the ‘referent objects and range of potential threats have considerably broadened’, including the special nature

Introduction

5

of national security threats, among others. Thus, the political context of national security is an important dimension (Dupont 1990). Wolfers (1952, p. 500) highlights the challenges for those who bear the responsibility for choices and decisions, that is, national security decision-makers: Decision-makers are faced then, with the moral problem of choosing first the values that deserve protection … the guarantee it may offer to values like liberty, justice and peace … They must decide which level of security to make their target … finally they must choose the means and thus by scrupulous computation of values compare the sacrifices. The book argues that big data has created new social harms which are – or need to be – considered by decision-makers as national security threats or vulnerabilities. In the book, national security is considered a state of trust on the part of the citizen that risks to everyday life, whether from threats with a human origin or impersonal hazards, are being adequately managed to the extent that there is confidence that normal life can continue (Omand 2010, p. 9). Omand (2010) sets out three propositions underpinning the modern approach to national security: psychological safety, citizen-centric view of threats and hazards, and informed decision-making. This last point is crucial in the use of big data: ‘the key to good risk management, maintaining that delicate balance, is to have better informed decision-making by government and thus place greater weight on the work of the intelligence community’ (Omand 2013, p. 21).2 Symon & Tarapore (2015, p. 9) add that ‘making sense of complex systems and phenomena – creating knowledge – is central to sound national security decision making.’ Understanding national security, what it broadly encompasses and how decisions are made to secure nations is critical to the way that big data impacts on it and in understanding how intelligence resources are focused. This research shows that participants see new technologies, like big data, as expanding notions of national security to include, for example, information warfare and aspects of how society functions online as infrastructure critical to national security. Participants perceive that big data impacts on how intelligence agencies can identify and respond to these increasing, diverse and diffuse national security threats. Intelligence Intelligence here is understood through a combination of definitions. Intelli­ gence is ‘information [that] is gathered and analysed, sometimes secretly, and then used to understand a particular situation and act with advantage in it’ (Rolington 2013, p. 17). Intelligence is ‘knowledge vital for national survival’ (Kent 1966, p. vii). It is information that has been collected, processed and narrowed to meet the needs of policy and decision-makers in relation to

6

Introduction

defence, foreign policy, national state affairs (such as diplomacy, trade and economics) and security (Lowenthal 2012). Intelligence in practice can be thought of in three ways, sometimes simul­ taneously (Lowenthal 2012, p. 9), as knowledge, as an organisation and as either an activity (Kent 1966) or product (Lowenthal 2012). Kent’s classic characterisation covers the ‘the three separate and distinct things that intel­ ligence devotees usually mean when they use the word’: knowledge, the type of organisation that produces that knowledge and the activities pursued by that organisation (Scott & Jackson 2004, p. 141). Omand (2020, p. 472) defines the purpose of intelligence to help ‘improve the quality of decision-making by reducing ignorance, including reducing the vulnerability of the decision-maker to uncertainty’. Intelligence production is one of the primary mechanisms for framing information and analysis to inform national security decision-making (George & Bruce 2014; Kent 1966; Lowenthal 2012; Omand 2010). The purpose of the intelligence community is to assist policy makers with national security issues (Gookins 2008). The relationship between intelligence, policy production and senior decision-makers is vital in the national security environment (Coyne 2014; Lowenthal 2012) as intelligence is intended to reduce uncertainty for decision-makers (Agrell 2012; Betts 2009; Davies, Gustafson & Rigden 2013; Dupont 2003; Fingar 2011; Kent 1966; Lowenthal 2012; Marrin 2009; Heuer & Pherson 2015; Spracher 2009). Without use by decision-makers – in order to achieve national security – intelligence would be redundant. The combination of these definitions acknowledges the changing informa­ tion environment, accounts for the impact of big data and open-source information on intelligence activity, while acknowledging the extant role of secret intelligence collection as well as decision-makers acting on the intelligence. Furthermore, as Omand (2020) highlights, it is significant that intelligence aims to reduce uncertainty and improve decision-making in matters of nation-state security. The relationship between national security and intelligence is noted by Agrell and Treverton (2015, pp. 32–5): ‘the essence of intelligence is hardly any longer the collection, analysis, and dissemination of secret information, but rather the management of uncertainty in areas critical for security goals for societies.’ Additionally, the ‘use of the term in circles outside of government – “commer­ cial intelligence”, for example – can dilute its meaning, rendering intelligence a synonym for information’ (Richardson 2020a, p. 154). The term intelligence is also used extensively in different government domains, such as law enforcement, criminal, security, domestic, foreign and counterintelligence. The book looks broadly across national security and intelligence activities undertaken within the context of the National Intelligence Community, rather than at a single academic discipline. It includes the intelligence appa­ ratus, but also the policy and political decision-making component essential to national security. Big data, national security and intelligence are complex concepts with a variety of meanings. Nevertheless, they can be loosely

Introduction

7

defined. The book argues that the relationship between intelligence producers and users of intelligence – those that make political calculations about national security – is critical and interconnected, especially in a big data era. Furthermore, the book demonstrates the need to take a holistic view of intelligence, defined by its purpose rather than field of application, and to include policy and decision-makers.

Australian National Intelligence Community This section provides an overview of the Australian national security archi­ tecture and background to the Australian National Intelligence Commu­ nity – including its composite agencies, oversight framework and legislative foundations for an international readership. It also outlines the methodology and analytical process of the research. It provides some context, especially for international readers, to engage with the perspectives that participants offered. Whilst this research is Australia specific, the themes surfaced here are expected to apply in many democratic countries. Ten agencies make up the Government’s intelligence enterprise – collec­ tively known as the National Intelligence Community (NIC) – working to collect, analyse and disseminate intelligence information and advice in accordance with Australia’s interests and national security priorities (ONI 2017). The NIC is a relatively new grouping of agencies, having expanded from the six agencies known as the Australian Intelligence Community (AIC): the Office of National Intelligence (ONI) – formerly the Office of National Assessments (ONA), the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO), the Australian Secret Intelligence Service (ASIS), the Australian Security Intelligence Organisation (ASIO) and the Defence Intelligence Organisation (DIO). To these six have been added the Australian Criminal Intelligence Commission (ACIC) and the intelligence functions of the Australian Federal Police (AFP), the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Department of Home Affairs (Home Affairs). This expansion followed the 2017 Independent Intelligence Review (IIR), which argued that the AIC’s collective tasks were growing more difficult, given the increasing complexity of Australia’s geostrategic environment, the rapid pace of technological change, and the broadening scope of security and intelligence challenges (Department of the Prime Minister and Cabinet 2017). The IIR found that, while individual agencies were performing very well, a higher level of collective performance could be achieved by strength­ ening integration across Australia’s national intelligence enterprise (Depart­ ment of the Prime Minister and Cabinet 2017). The IIR recommended expansion from the six agencies of the AIC to the current ten agencies, and the establishment of an Office of National Intelligence (ONI), incorpor­ ating the Office of National Assessments, to lead the community (Department of the Prime Minister and Cabinet 2017).

8

Introduction

The creation of the NIC has been matched by a substantial growth in budgets for Australian intelligence agencies. AIC budgets quadrupled from 2000 and 2010 to reach AUD$1.07 billion (Richardson 2020a, p. 100). In the three years between 2018–19 and 2021–22 the combined publicly available budget of NIC agencies has grown by AUD$1.5 billion to AUD$7.1 billion, and staffing grew by 1,000 positions to 25,000 – noting this budget is for the agencies as a whole not just their intelligence functions.3 The budget for the six AIC agencies alone (excluding the NIC additions) grew by AUD$400 million from 2018–19 to 2021–22, and 1,000 staff positions were added.4 NIC agencies also share a joint capability fund, which NIC member agencies pay into and can apply for larger funding to improve overall NIC capability, supporting gaps in technological innovation, training and other workforce developments (Walsh 2021). Figure 0.1 shows the agencies and their primary functions within the NIC.

Figure 0.1 NIC Agencies (ONI 2017)

Introduction

9

Intelligence Principles and Disciplines In Australia, each NIC agency has a critical, distinct and enduring function (Department of the Prime Minister and Cabinet 2017). More detail about each of the agencies and their intelligence disciplines – as well as similar agencies in the United Kingdom and United States of America – are listed in Appendix A. How emerging technologies impact their activities is specific to the legal framework, mission, purpose, and technological maturity of each agency, as well as the kinds of intelligence work they do. Despite these dif­ ferent perspectives, they have a shared interest in improving their capability to collect, analyse and disseminate information. Australia has made several deliberate, principled choices to manage the powers and activities of the NIC agencies (Richardson 2020a, p. 165). These principles have been considered over time and include, among others, the separations between security intelligence and law enforcement, and intelli­ gence collection and assessment; and the distinctions between foreign and security intelligence, onshore and offshore operations, and Australians and non-Australians (Richardson 2020a, p. 165). These distinctions have been long discussed and, arguably, blurred – with some exceptions and assistance between functions – but ultimately upheld. The three most significant distinctions in the context of emerging technologies are set out here. One of the most important distinctions concerns the jurisdiction in which intelligence collection or action takes place. Outside of exception by ministerial authorisation, the distinction between domestic and foreign intelligence collection is clear in the AIC agencies. This distinction is not as straightforward with the agencies added for the NIC, because a number have domestic and foreign missions, they are not intelligence collectors and their activities not jurisdictionally bound. The second distinction is how agencies are legislatively required to manage privacy. Three NIC agencies – Home Affairs, AFP and AUSTRAC – are bound to the Australian Privacy Principles of The Privacy Act 1988, which governs the way each agency collects, stores, uses and discloses personal information (Richardson 2020b, p. 22). The other seven agencies in the NIC are exempt from The Privacy Act 1988 completely (Richardson 2020b, p. 22). A third distinction is the ways information can be obtained and what it contains. Appendix B outlines the various disciplines, ‘types’ or means of intelligence collection (Lowenthal 2012). Collection can refer to collection agencies, or the activity of intelligence collection (Lowenthal 2012).5 Outside of one agency – ASIO – intelligence gathering (collection) and intelligence assessment functions take place in separate AIC agencies to compartmenta­ lise intelligence. For example, DIO relies on intelligence gathered by ASD and others to inform its assessments (Hope Royal Commission on Intelli­ gence and Security 1974–77). However, the four NIC agencies do not fit into this collection and assessment framework. As agencies are not directly named in interview data, types of intelligence, in Appendix B, are an important way to understand the activities of the NIC agencies.

10 Introduction

The Study This research advances our understanding of the impacts of big data on intelligence agencies and national security in Australia. The principal aim of the book is to explore the impacts of big data for intelligence production and decision-making in national security. In doing so it sets out the impacts of big data for knowledge (the information and data needed for intelligence), intelligence activities and the organisation of intelligence communities. It demonstrates that big data has pronounced impacts on many aspects of national security, and our conception of what it includes, but is especially significant for the knowledge, activities and organisation of intelligence agencies. The overall aim of the book is to map broad themes relating to transfor­ mations in intelligence agencies and the national security environment. First, it considers very broad impacts on the national security environment and the national security threats posed by big data. Second, it moves to examine more specific impacts for intelligence agencies and the production of intelli­ gence. Third, it explores large themes present in society but with specific impacts for intelligence, including privacy, ethics and trust. A thread running through the book is the change that big data brings and its potential to transform the intelligence community and national security environment. Interviews: Approach, Participant Selection and Considerations For an emerging technology trend like big data, where research is limited, semi-structured interviews provide the most appropriate data collection method to access primary source data from national security agencies and personnel. They are ideal when little is known about a phenomenon (Gray 2009; Saunders, Lewis & Thornhill 2007; Whelan & Molnar 2018; Yin 2013) and act as a means of developing an understanding of social phenomena in their natural setting. They have been successfully applied to the national security, intelligence and policing fields where it can be difficult to access primary source data.6 Forty-seven participants from across all NIC agencies – as well as five independent subject matter experts – participated in semi-structured inter­ views. Interview questions followed semi-structured interview protocols, such as including a list of questions that were posed to all interviewees. All parti­ cipants were asked to briefly outline their background and then answer a mixture of common questions, and additional questions that came up organically.7 Semi-structured interviews allow for a grounded theory approach which ‘aims to make patterns visible and understandable’ (Charmaz 2014, p. 89). Grounded theory begins with inductive data; it involves ‘going back and forth between data and analysis, uses comparative methods and keeps you interacting and involved with your data and emerging analysis’ (Charmaz

Introduction

11

2014, p. 1). Through coding, the researcher defines what is happening in the data and begins to grapple with what it means — developing an emergent theory to explain the data (Charmaz 2014, p. 113).8 Interviewee selection used a purposive sampling design, meaning the pri­ mary focus was to obtain a rich set of data rather than a representative sample (De Vaus 2014). Participants were identified using snowball sampling, where the researcher accesses interviewees suggested by other interviewees and informal networks (Noy 2008). This process varied by agency. In some cases, agency heads were interviewed first, and after approval, additional participants were approached separately. In other cases, agency heads dele­ gated the process to a suitable point of contact and suggested suitable inter­ view participants. In other agencies, informal networks of the researcher, or the D2DCRC9 were used. In practice, it essentially became an availability sample (De Vaus 2014) as subjects ‘self-selected’ or ‘opted-in’ to the research. Interviews were conducted within all ten National Intelligence Community agencies as well as the oversight body, IGIS. The research involved 47 inter­ viewees, comprising 40 individual interviews and two small groups (one of four and one of three), identifying as either independent subject matter experts (ISMEs) or within government agencies as senior decision-makers (SDMs), operational decision-makers (ODM) or technologists (TECH). The breakdown can be seen in Table 0.1. Prior to all interviews, organisational consent was received, and the inter­ viewees were provided with a plain language statement (PLS) and individual consent form to ensure involvement was voluntary. After the interviews, the audio was transcribed and provided to participants or agencies for their approval to ensure against the small possibility that classified or sensitive material may have been inadvertently disclosed. Minor amendments were Table 0.1 Categories of Interviewees Category

Number of interviewees

Senior decision-maker (SDM) Heads, deputy heads of agency and agency head delegates.10 Operational decision-maker (ODM) Typically, mid-management level employees responsible for leading operational decision-making and activities with small or large teams.11 Technologist (TECH) Those with a technology background. Independent subject matter expert (ISME) Those with decades of experience in intelligence, national security fields and academia.12

20

10

12 5

12 Introduction made in many of the transcripts, predominantly to improve the overall flow of the text, clarify ambiguous points or remove specific references to organi­ sational structure or proprietary technologies. These transcripts were then entered into QSR NVivo 12 for analysis.13 Ethics & limitations This study received ethics approval from Deakin University’s Faculty of Arts and Education Ethics Advisory Group and was assessed as ‘negligible risk’.14 As a researcher with experience in the field, it is possible this impacted the author’s access to participants. It is possible that being perceived as an insi­ der within the broader national security community contributed to this access. It certainly affected the author’s approach to the research and their perspective. However, author’s real or perceived ‘insider’ understanding and status enables them to articulate the impact of big data for intelligence agencies in a manner only possible with an emic understanding of a culture (Given 2008; Pike 2015). This research does face limitations. First, due to the purposive sampling design, the views of participants are not necessarily representative of the NIC community. Second, their understanding of key questions and terms, such as ‘big data’, could vary. However, the interview process mitigated this by asking participants how they understood the term and then providing a clear definition spelling out which technologies were included. Finally, the findings of this research may also not be generalisable to other countries – although, the key themes it explores are both relevant and present in other democratic nations, and it is highly likely that aspects of this research will be relevant and transferrable to similar democracies.

Book Outline The book shows that big data fuels emerging technologies and is transform­ ing intelligence production specifically as well as changing the national security environment broadly, including what is considered a part of national security and the relationships intelligence agencies have with the Australian people. The book highlights some of the current and future transformational changes associated with big data in society writ large that have implications for the intelligence community. Chapter 1 establishes the big data landscape and shows how it fuels emerging technologies. It shows that big data has created a new landscape comprising data abundance, digital connectivity and ubiquitous technology. This chapter argues that the features of big data need to be considered together as a landscape to fully understand the impacts on intelligence pro­ duction and national security. In examining each of these features, this chapter shows how they individually and collectively as a landscape impact intelligence activity, operations and the community. It then shows how this

Introduction

13

new big data landscape is concentrating information, computation and eco­ nomic power and that this has the potential to challenge ideas of nation-state security. Chapter 2 shows how big data challenges some of the longstanding and foundational principles and practices of intelligence. First, the changing practice of secrecy in intelligence work and activities. Second, the way the big data landscape impacts understandings of geographical jurisdiction, affecting the distinction of between operations that occur onshore and offshore, as well as what constitutes nationality in the context of data. Third, how emerging tech­ nologies are complicating intelligence as well as challenging the national security approach to innovation and the way in which intelligence agencies adopt tech­ nologies. Fourth, big data challenges fundamental principles of intelligence sto­ rage and compartmentalisation which agencies rely on to reduce security risks. This will be further challenged by new approaches to technology. Fifth, the big data landscape has created national decision-makers outside of government. Finally, it shows that the big data landscape has exponentially increased security vulnerabilities and directly challenges existing methods of assessing social harms and national security threats. Chapter 3 outlines new social harms and national security threats created by the big data landscape. First, this chapter charts the impacts of the rapid growth in data and analytics and shows how it is making these capabilities accessible to new actors. It shows that big data ‘democratises’ intelligence capabilities, making intrusive digital surveillance, profiling, influence, mon­ itoring, tracking and targeting capabilities available to a wider range of actors (state and non-state). Second, it shows how this is democratising sur­ veillance and creating new vulnerabilities for privacy intrusion. Third, it highlights the capability for asymmetrical information dominance, enabling a strategic advantage. It explores how disinformation and misinformation are challenging intelligence. Fourth, it reveals how big data drives disinformation and misinformation. Finally, it examines how the big data landscape enables information warfare as well as social and political harm. Chapter 4 examines the impact of the big data landscape on intelligence production. It outlines the impacts on the knowledge, activities and organi­ sation of intelligence agencies. This chapter shows how big data is changing intelligence as knowledge, including changes to the kinds of knowledge used for intelligence and gaps in knowledge used for intelligence, requiring a stronger focus on the purpose of intelligence. This section demonstrates how big data is changing where the knowledge and data used for intelligence come from and how knowledge for intelligence is received, digested and understood. This chapter then demonstrates the impact of big data on intel­ ligence as an activity, showing changes to the intelligence cycle broadly and specifically highlighting three areas that participants articulated as the most pressing or of the highest priority (collection and analysis as well as data sharing and communication of intelligence). Finally, it examines the impact

14 Introduction of big data on intelligence as an organisation, including digital transformation and a change to the traditional models of intelligence analysis. Chapter 5 analyses the impacts of big data on data privacy. The big data landscape has and continues to radically transform privacy across society. First, it builds on the extensive literature evidencing that big data is changing privacy norms globally and the perception that in Australia there is a need to rethink the privacy principles underpinning privacy laws. It looks at the way in which big data has changed social conceptions of privacy and challenges the Australian legislative framework for privacy and why this is important for intelligence agencies. This chapter argues the impact of big data on priv­ acy – and privacy regulation – in society at large has potential future impli­ cations for the intelligence community. Second, this chapter shows how privacy is temporal and the impact of ‘anonymisation’ and aggregation of data. Chiefly that an abundance of data and the capacity to identify, link and use data quickly have created the potential for privacy intrusion remote from the individual, in less visible ways and at any point in the future. The vast­ ness of data collectors, sellers and users has led to complex and confusing privacy landscape. Lastly, this chapter shows that intelligence agencies are differently affected by shifts in privacy. However, this research suggests that currently the direct impacts of big data on privacy in intelligence agencies are limited and predominately dependent on an agency’s role and legislative mandate, affecting some agencies more than others. Participants highlighted that the impact of big data on privacy is characterised by one significant distinction among the AIC collection agencies – that is, whether the agency has a foreign or domestic mandate. Big data is changing how some agencies collect, store and analyse data, particularly those subject to a legislative requirement to determine whether the data relates to an individual who is Australian. Chapter 6 examines how the big data landscape impacts ethics in intelli­ gence. It reveals how the big data landscape is changing established ethical boundaries of intelligence, including where big data will not improve intelli­ gence activities. According to participants, there are aspects of intelligence where big data and automation will not ever be useful and other situations where more testing and refinement is needed before such systems are intro­ duced. This chapter highlights ethical dilemmas of big data in intelligence that have not previously been studied. First, ‘ethics at scale’ – that some of the decisions around ethics are being automated and applied at scale in social contexts by private companies, which would represent a considerable ethical dilemma if applied to intelligence activities. Second, ethics in intelligence includes considering bias. This chapter indicates that intelligence practi­ tioners should be aware of the difference between cognitive bias and data bias as well as the intelligence challenges of incomplete data sets and the bias of intelligence collection itself. Chapter 7 shows how the big data landscape is changing public perception of trust, transparency, and the legitimacy of intelligence agency operations.

Introduction

15

Interviewees reflect on their relationships with the public and how big data has and will impact that relationship. Emerging strongly from the data was a sense that trust is significant in the role of national security agencies in Australia. Participants indicated that they saw big data and the information ecosystem it enables as changing the relationships between intelligence agencies and the public. Furthermore, this chapter argues that big data impacts trust in the entire system of government and public service agencies as it is reliant on trust in the way data is collected and used across all government agencies, not just the national security sector. This chapter proposes that big data is changing the public’s perceptions of the intelligence community around trust, transparency and the legitimacy of intelligence agency operations. It unpacks how participants understand trust and the key concepts of trust, legitimacy and the social contract, which each emerging from the interview data. This chapter shows that participants perceive that how trust is built and developed is impacted by big data, with participants suggesting intelligence agencies need to align big data use with agency values and purpose, transparency and public engagement. The Conclusion reflects on the findings throughout the book and highlights some of the implications for policy and limitations of as well as areas for future research. The book reveals how the big data landscape is transforming what intelligence is, how it is practised, and the relationships intelligence organisations have with society and with each other. It shows that big data has impacts on many aspects of national security, including our conception of what it constitutes. The impact of big data is especially significant for the knowledge, activities and organisation of intelligence agencies. The book highlights specific impacts for intelligence agencies and the production of intelligence, and then examines how intelligence agencies interact with each other and look out to the rest of society. The book details how big data is impacting the relationship between intelligence agencies and citizens, specifically in the areas of privacy, ethics and trust.

Notes 1 The NIC is comprised of the original Australian Intelligence Community (AIC) agencies plus four new ones. The agencies in the AIC are the Office of National Intelligence, Australian Security Intelligence Organisation, Australian Secret Intelligence Service, Defence Intelligence Organisation, Australian Signals Direc­ torate and Australian Geospatial-Intelligence Organisation. The Home Affairs Portfolio brings together Australia’s national and transport security, criminal jus­ tice, emergency management, multicultural affairs, and immigration and borderrelated functions and agencies. Agencies within the Department of Home Affairs include the Australian Criminal Intelligence Commission (ACIC) and the Aus­ tralian Transaction Reports and Analysis Centre (AUSTRAC). ACIC is included in the NIC in its entirety, whereas the other new agencies in Home Affairs (AUSTRAC and the Department of Home Affairs itself and the AFP) have only the intelligence functions of their organisations included. 2 While this is a UK-specific definition, a similar definition from the US defines national security as ‘the ability of national institutions to prevent adversaries from

16 Introduction

3

4 5 6

7 8

9 10 11 12 13 14

using force to harm Americans or their national interests and the confidence of Americans in this ability’, from both the physical and psychological dimensions (Sarkesian, Williams & Cimbala 2008, p. 4). Richardson 2020a, p. 267; ACIC 2022; AFP 2022; ASD 2022; ASIO 2022; AUSTRAC 2022; Department of the Prime Minister and Cabinet 2020; 2022; Department of Home Affairs 2019; 2022. Note: These the budget and staffing figures exclude ASIS, DIO and AGO, as their details are ‘not for publication’. Richardson 2020a, p. 267; ACIC 2022; AFP 2022; ASD 2022; ASIO 2022; AUS­ TRAC 2022; Department of the Prime Minister and Cabinet 2020; 2022; Department of Home Affairs 2019; 2022. For a thorough outline of collection and collection disciplines see Lowenthal (2012, pp. 71–118). Examples include examinations of data science use in the United States’ Defense Intelligence Agency (Knopp et al. 2016), the UK police’s use of data (Babuta 2017), and the impact of big data on the production of security in Australia (Chan & Bennett Moses 2017), which fell short of specifically exploring big data’s impact on intelligence production. Additional studies in intelligence, analysis and national security also utilised qualitative interview methods (Chan & Bennett Moses 2017; Chen et al. 2017; Coyne 2014; Ratcliffe 2012; Treverton & Gabbard 2008; Walsh 2011; Whelan 2014). Common questions included: (i) What is your understanding of big data? (ii) How does big data impact on your organisation? (iii) How would you describe the current and future challenges and opportunities of big data? Coding was conducted line by line (Charmaz 2014, pp. 124–127), followed by focused coding to draw out larger concepts (Glaser & Strauss 1967, pp. 101–117). The final stage of the analysis involved the in-built search and frequency query functionality of QSR NVivo 12 to ensure no categories or data were missed. Data 2 Decisions Cooperative Research Centre provided a scholarship to partially fund this research. SDMs were SES2 and above in the Australian Public Service context. ODMs were mainly EL1, EL2 and SES1 in the Australian Public Service context. The five ISMEs were Stephen Merchant PSM, Dennis Richardson AC, Clive Lines, Ian McKenzie PSM and Dr Lesley Seebeck. In the data their comments are de-identified as ISME. QSR NVivo is a software designed to help researchers to gain richer insights from qualitative and mixed-methods data. It stores and organises data as well as helping researchers to categorise, analyse and visualise their data. This involved submitting a ‘low risk’ application form, the PLS and consent form as well as sample interview questions. The two ethical considerations of this study were ensuring participant anonymity, and the security of the interview data – as a result, all participants are anonymised, and the recordings and transcripts are only accessible to the author.

References Agrell, W 2012, ‘The next 100 years? Reflections on the future of intelligence’, Intelligence and National Security, vol. 27, no. 1, pp. 118–132. Agrell, W & Treverton, GF 2015, National intelligence and science: beyond the great divide in analysis and policy, Oxford University Press, Oxford. Akhgar, B, Saathoff, GB, Arabnia, H, Hill, R, Staniforth, A & Bayerl, PS 2015, Application of big data for national security: a practitioner’s guide to emerging technologies, Waltham Elsevier, Amsterdam.

Introduction

17

Andrew, C 2018, The secret world: a history of intelligence, Penguin Books, London. ACIC 2022, Australian Criminal Intelligence Commission Annual Report 2021–22, Commonwealth of Australia, Canberra. AFP 2022, Australian Federal Police Annual Report 2021–22, Commonwealth of Australia, Canberra. ASIO 2022, Australian Security Intelligence Organisation Annual Report 2021–22, Commonwealth of Australia, Canberra. ASD 2022, Australian Signals Directorate Annual Report 2021–22, Commonwealth of Australia, Canberra. AUSTRAC 2022, AUSTRAC Annual Report 2021–22, Commonwealth of Australia, Canberra. Babuta, A 2017, Big data and policing an assessment of law enforcement requirements, expectations and priorities, RUSI Occasional Paper, RUSI, London. Baldwin, DA 1997, ‘The concept of security’, Review of International Studies, vol. 23, no. 1, pp. 5–26. Beer, D 2018, ‘Envisioning the power of data analytics’, Information, Communication & Society, vol. 21, no. 3, pp. 465–479. Bennett Moses, L & Chan, J 2014, ‘Using big data for legal and law enforcement decisions: testing the new tools’, University of New South Wales Law Journal, vol. 37, no. 2, pp. 643–678. Betts, R 2009, ‘Analysis, war, and decision’, in P Gill, S Marrin & M Phythian (eds), Intelligence theory: key questions and debates, Routledge, New York, pp. 87–111. boyd, d & Crawford, K 2012, ‘Critical questions for big data’, Information, Communication & Society, vol. 15, no. 5, pp. 662–679. Buzan, B, Waever, O & de Wilde, J 1998, Security: a new framework for analysis, Lynne Rienner, Boulder, CO. Chan, J & Bennett Moses, L 2016, ‘Is big data challenging criminology?', Theoretical Criminology, vol. 20, no. 1, pp. 21–39. Chan, J & Bennet Moses, L 2017, ‘Making Sense of Big Data for Security’, The British Journal of Criminology, vol. 57, no. 2, pp. 299–319. Charmaz, K 2014, Constructing grounded theory, Sage, London. Chawda, RK & Thakur, DG 2016, ‘Big data and advanced analytics tools’ [con­ ference presentation], Symposium on Colossal Data Analysis and Networking, Indore, India, 18–19 March. Chen, D, Fraiberger, SP, Moakler, R & Provost, F 2017, ‘Enhancing transparency and control when drawing data-driven inferences about individuals’, Big Data, vol. 5, no. 3, pp. 197–212. Chen, M, Mao, S & Liu, Y 2014, ‘Big data: a survey’, Mobile Networks and Applications, vol. 19, no. 2, pp. 171–209. Cloud Security Alliance 2013, Big data analytics for security intelligence, Cloud Security Alliance, Seattle, WA. Coyne, J 2014, ‘Strategic intelligence in law enforcement: anticipating transnational organised crime’, PhD thesis, Queensland University of Technology. Cukier, K 2010, ‘Data, data everywhere’, The Economist, 27 February, accessed 2 Decem­ ber 2021, https://www.economist.com/special-report/2010/02/27/data-data-everywhere. Davies, PHJ, Gustafson, K & Rigden, I 2013, ‘The intelligence cycle is dead, long live the intelligence cycle: rethinking intelligence fundamentals for a new intelligence doctrine’ in M Phythian (ed.), Understanding the intelligence cycle, Routledge, London, pp. 56–75.

18 Introduction De Vaus, DA 2014, Surveys in social research, 6th edn, Routledge, London. Degaut, M 2015, ‘Spies and policymakers: intelligence in the information age’, Intelligence and National Security, vol. 31, no. 4, pp. 509–531. Department of Home Affairs 2019, Department of Home Affairs 2018–19, Commonwealth of Australia, Canberra. Department of Home Affairs 2022, Department of Home Affairs 2021–22, Commonwealth of Australia, Canberra. Department of the Prime Minister and Cabinet 2017, 2017 Independent Intelligence Review, Commonwealth of Australia, Canberra. Department of the Prime Minister and Cabinet 2020, Portfolio Additional Estimates Statements 2019–20, Commonwealth of Australia, Canberra. Department of the Prime Minister and Cabinet 2022, Portfolio Budget Statements 2022–23: Budget Related Paper No. 1.11, Commonwealth of Australia, Canberra. DOMO 2019, Data never sleeps 7.0, DOMO, accessed 2 December 2021, https://www. domo.com/learn/infographic/data-never-sleeps-7. Dupont, A 1990, Australia and the concept of national security (Working paper no. 206), Strategic and Defence Studies Centre, Australian National University, Canberra. Dupont, A 2003, ‘Intelligence for the twenty-first century’, Intelligence and National Security, vol. 18, no. 4, pp. 15–39. Ericsson 2022, ‘Ericsson Mobility Visualizer’ Ericcson, November, accessed 17 April 2023, https://www.ericsson.com/en/reports-and-papers/mobility-report/mobility-visua lizer?f=1&ft=2&r=2,3,4,5,6,7,8,9&t=1,2,3,4,5,6,7&s=4&u=1&y=2022,2028&c=3. Evans, D 2011, The Internet of Things: How the Next Evolution of the Internet Is Changing Everything, Cisco, San Jose, accessed 26 May 2023, https://www.cisco. com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Fingar, T 2011, Reducing Uncertainty: Intelligence Analysis and National Security, Stanford University Press, Redwood City. Gandomi, A & Haider, M 2015, ‘Beyond the hype: big data concepts, methods, and analytics’, International Journal of Information Management, vol. 35, pp. 137–144. Gartner 2017, ‘Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016’, Gartner, 7 February, viewed 25 May 2023, https://www. gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connecte d-things-will-be-in-use-in-2017-up-31-percent-from-2016. George, RZ & Bruce, JB, eds., 2014, Analyzing intelligence: national security practitioners’ perspectives, 2nd edn, Georgetown University Press, Washington, DC. Gill, P & Phythian, M 2006, Intelligence in an insecure world, Wiley, Hoboken, NJ. Given, L (ed.) 2008, The Sage encyclopedia of qualitative research methods, Sage, Thousand Oaks, CA. Glaser, BG & Strauss, AL 1967, The discovery of grounded theory: strategies for qualitative research, Aldine, Chicago. Gookins, AJ 2008, ‘The role of intelligence in policy making’, SAIS Review, vol. 28, no. 1, pp. 65–73. Gray, DE 2009, Doing research in the real world, 3rd edn, Sage, Los Angeles. Gyngell, A & Wesley, M 2007, Making Australian foreign policy, 2nd edn, Cambridge University Press, Cambridge. Heuer, RJ & Pherson, R 2015, Structured analytic techniques for intelligence analysis, 2nd edn, CQ Press, Thousand Oaks, CA. Hughes, RG, Jackson, P & Scott, L (eds) 2008, Exploring intelligence archives: enquiries into the secret state, Routledge, London.

Introduction

19

International Data Corporation 2014, The digital universe, International Data Corporation, Needham, MA. International Data Corporation 2022, Worldwide IDC Global DataSphere Forecast, 2023–2027: It’s a Distributed, Diverse, and Dynamic (3D) DataSphere, International Data Corporation, Needham, MA. Katzenstein, Peter J 1996, The culture of national security: norms and identity in world politics, edited by Peter J. Katzenstein. Columbia University Press, New York. Kemp, S 2023, ‘Digital 2023’, We are social, 26 January, accessed 5 April 2023, http s://wearesocial.com/au/blog/2023/01/the-changing-world-of-digital-in-2023-2/. Kent, S 1966, Strategic intelligence for American world policy, Princeton University Press, Princeton, NJ. Kitchin, R 2014a, ‘Big data, new epistemologies and paradigm shifts’, Big Data & Society, vol. 1, no. 1. Kitchin, R 2014b, The data revolution: big data, open data, data infrastructures & their consequences, Sage, London. Kitchin, R & Lauriault, TP 2014, ‘Small data in the era of big data’, GeoJournal, vol. 80, no. 4, pp. 463–475. Knopp, BM, Beaghley, S, Frank, A, Orrie, R & Watson, M 2016, Defining the roles, responsibilities, and functions for data science within the defense intelligence agency, RAND Corporation, Santa Monica, CA. Landon-Murray, M 2016, ‘Big data and intelligence: applications, human capital, and education’, Journal of Strategic Security, vol. 9, no. 2, pp. 94–123. Laney, D 2001, ‘3D data management: controlling data volume velocity and variety’, META Delta, 6 February. Liotta, PH 2002, ‘Boomerang effect: the convergence of national and human security’, Security Dialogue, vol. 33, no. 4, pp. 473–488. Lowenthal, MM 2012, Intelligence: from secrets to policy, 5th edn, Sage/CQ Press, Los Angeles, CA. Lundy, L, O’Brien, A, Solis, C, Sowers, A & Turner, J 2019, ‘The ethics of applied intelligence in modern conflict’, International Journal of Intelligence and Counter Intelligence, vol. 32, no. 3, pp. 587–599. Malomo, F & Sena, V 2016, ‘Data intelligence for local government? Assessing the benefits and barriers to use of big data in the public sector’, Policy & Internet, vol. 9, no. 1, p. 7–27. Manyika, J, Chui, M, Brown, B, Bughin, J, Dobbs, R, Roxburgh, C & Byers, AH 2011, Big data: the next frontier for innovation, competition, and productivity, McKinsey Global Institute, New York. Marrin, S 2009, ‘Intelligence analysis and decision-making’, in P Gill, S Marrin & M Phythian (eds), Intelligence theory: key questions and debates, Routledge, New York, pp. 131–150. Mayer-Schönberger, V & Cukier, K 2014, Big data: a revolution that will transform how we live, work, and think, Mariner Books, Houghton Mifflin Harcourt, Boston, MA. Mayer-Schönberger, V & Ramge, T 2018, Reinventing capitalism in the age of big data, John Murray Press, London. Metcalf, J, Keller, EF & boyd, d 2016, Perspectives on big data, ethics, and society, Council for Big Data, Ethics, and Society. Minelli, M, Chambers, M & Dhiraj, A 2013, Big data, big analytics: emerging business intelligence and analytic trends for today’s businesses, Wiley CIO, Hoboken, NJ.

20 Introduction Noy, C 2008, ‘Sampling knowledge: the hermeneutics of snowball sampling in quali­ tative research’, International Journal of Social Research Methodology, vol. 11, no. 4, pp. 327–344. Omand, D 2010, Securing the state, Columbia University Press, New York. Omand, D 2013, ‘Securing the state: national security and secret intelligence’, Prism: A Journal of the Center for Complex Operations, vol. 4, no. 3, pp. 14–27. Omand, D 2020, ‘Reflections on intelligence analysts and policymakers’, International Journal of Intelligence and CounterIntelligence, vol. 33, no. 3, pp. 471–482. ONI 2017, The national intelligence community, accessed 7 July 2020, https://www.oni. gov.au/national-intelligence-community. Pike, KL 2015, Language in relation to a unified theory of the structure of human behavior, De Gruyter Mouton, The Hague. Power, DJ 2014, ‘Using “big data” for analytics and decision support’, Journal of Decision Systems, vol. 23, no. 2, pp. 222–228. Pramanik, MI, Lau, RYK, Yue, WT, Ye, Y & Li, C 2017, ‘Big data analytics for security and criminal investigations’, Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, vol. 7, no. 4, art. e1208. The Privacy Act 1988 (Cwlth), accessed 22 May 2023, https://www.legislation.gov.au/ Details/C2022C00361. Ratcliffe, J 2012, Intelligence-led policing, Taylor and Francis, Hoboken, NJ. Reinsel, D, Gantz, J & Rydning, J 2017, Data age 2025: the evolution of data to lifecritical, International Data Corporation, Needham, MA. Richardson, D 2020a, Comprehensive Review of the Legal Framework of the National Intelligence Community, vol. 1, Commonwealth of Australia, Canberra. Richardson, D 2020b, Comprehensive Review of the Legal Framework of the National Intelligence Community, vol. 4, Commonwealth of Australia, Canberra. Rolington, A 2013, Strategic intelligence for the 21st century: the mosaic method, Oxford University Press, Oxford. Royal Commission on Australia’s Intelligence and Security Agencies (Hope Royal Commission on Intelligence and Security) 1974–77, Royal Commission on Australia’s Intelligence and Security Agencies, Commonwealth of Australia, Canberra. Sadowski, J 2020, Too smart: how digital capitalism is extracting data, controlling our lives, and taking over the world, MIT Press, Cambridge, MA. Sarkesian, SC, Williams, JA & Cimbala, SJ 2008, US National Security: Policymakers, Processes, and Politics, Lynne Rienner Publishers. Saunders, M, Lewis, P & Thornhill, A 2007, Research methods for business students, Financial Times/Prentice Hall, Harlow, UK. Schwab, K 2017, The fourth industrial revolution, Penguin Books, London. Scott, L & Jackson, P 2004, ‘The study of intelligence in theory and practice’, Intelligence and National Security, vol. 19, no. 2, pp. 139–169. Shahbazian, E 2016, Intelligence analysis: needs and solutions, IOS Press, Amsterdam. Shu, H 2016, ‘Big data analytics: six techniques’, Geo-spatial Information Science, vol. 19, no. 2, pp. 119–128. Spracher, WC 2009, ‘National security intelligence professional education: a map of U.S. civilian university programs and competencies’, Doctor of Education thesis, George Washington University. Symon, P 2018, ASIS Director-General launches new book – ‘Intelligence and the Function of Government’, Australian National University, News and Events, 21

Introduction

21

March, accessed 2 December 2021, https://bellschool.anu.edu.au/news-events/stor ies/6028/asis-director-general-launches-new-book-intelligence-and-function. Symon, PB & Tarapore, A 2015, ‘Defense intelligence analysis in the age of big data’, Joint Force Quarterly, vol. 79, no. 4, pp. 4–11. Treverton, GF & Gabbard, CB 2008, Assessing the tradecraft of intelligence analysis, Intelligence Policy Center, RAND National Security Research Division, Santa Monica, CA. van der Sloot, B, Broeders, D & Schrijvers, E (eds) 2016, Exploring the boundaries of big data, Netherlands Scientific Council for Government Policy, The Hague. Van Puyvelde, D 2018, ‘Qualitative research interviews and the study of national security intelligence’, International Studies Perspectives, vol. 19, no. 4, pp. 375–391. Van Puyvelde, D, Coulthart, S & Hossain, MS 2017, ‘Beyond the buzzword: big data and national security decision-making’, International Affairs, vol. 93, no. 6, pp. 1397–1416. Walsh, PF 2011, Intelligence and intelligence analysis, Routledge, London. Walsh, PF 2021, ‘Transforming the Australian intelligence community: mapping change, impact and challenges’, Intelligence and National Security, vol. 36, no. 2, pp. 243–259. Whelan, C 2014, ‘Managing dynamic security networks: towards the strategic mana­ ging of cooperation, coordination and collaboration’, Security Journal, vol. 1, no. 18, pp. 310–327. Whelan, C & Molnar, A 2018, Securing mega-events: networks, strategies and tensions, Palgrave Macmillan UK, London. Wolfers, A 1952, '“National security” as an ambiguous symbol’, The Academy of Political Science, vol. 67, no. 4, pp. 481–502. Wolfers, A 1962, Discord and collaboration: essays on international politics, Johns Hopkins Press, Baltimore, MD. Yin, RK 2013, Case study research: design and methods, Sage, Thousand Oaks, CA. Yiu, C 2012, The big data opportunity: making government faster, smarter and more personal, Policy Exchange, London. Zedner, L 2003, ‘The concept of security: an agenda for comparative analysis’, Legal Studies, vol. 23, no. 1, pp. 153–175. Zedner, L 2009, Security, Routledge, London. Zegart, A 2022, Spies, Lies, and Algorithms: The History and Future of American Intelligence, Princeton University Press, Princeton. Zuboff, S 2019, The age of surveillance capitalism: the fight for a human future at the new frontier of power, Profile Books, London.

1

Big Data Landscape Fuels Emerging Technologies

Big data has transformed the information environment we live in. The digital age is complex, challenging and transformative for intelligence agencies and intelligence communities globally. Big data, as well as the emerging technolo­ gies it fuels, such as artificial intelligence (AI), continue to change intelligence production and the national security environment. Big data ‘is less about data that is big than it is about a capacity to search, aggregate and cross-reference large data sets’ (boyd & Crawford 2012, p. 663). Whilst there are many defi­ nitions of big data, there are three foundational features relevant to national security: data abundance, digital connectivity and ubiquitous technology. Although seemingly obvious, data abundance, digital connectivity and ubiqui­ tous technology need to be considered together – as the big data landscape – to fully understand the current type and speed of change in intelligence pro­ duction and national security as well as potential effects of emerging technol­ ogies. The sheer abundance of data means that moments that were previously unrecorded are now captured, and it is possible to create comprehensive pro­ files about people, places and things from this data. Digital connectivity means this data can be collected and exchanged in real time. The ubiquity of tech­ nology shows how big data is core to many emerging technologies and has centralised information, computation and economic power. The features of the big data landscape examined in this section – data abundance, digital connectivity, and ubiquitous technology – individually and collectively transform aspects of intelligence production and national security. Because little is known about intelligence activities and agencies (Andrew 2018, Van Puyvelde 2018, Zegart 2022) it is necessary to define each of these features of big data and to understand them as a landscape. This helps to capture the nuanced impacts of big data on intelligence activities, within individual agencies and in the intelligence community as a whole – as well as on national security broadly. It also provides a framework to engage with new technologies. This chapter shows how the features of the big data land­ scape individually and collectively impact intelligence activities, operations and intelligence communities. Further, the book shows this new big data landscape is centralising information and computation power, and that this has the potential to change concepts of nation-state security. DOI: 10.4324/9781003389651-2

Big Data Fuels Emerging Technologies

23

The Big Data Landscape Big data is an amorphous and contested concept which refers to large, diverse, growing and changing datasets (Bennett Moses & Chan 2014; Chan & Bennett Moses 2016, 2017; Malomo & Sena 2016). Historical databases were con­ strained and unable to simultaneously deal with the original 3Vs – volume, velocity and variety (Kitchin 2014b, p. 68; Laney 2001) of big data. Increased computational power, new database design and distributed storage enabled collection and analysis of big data (Kitchin 2014b, p. 68). The 3V definition of big data (Kitchin 2014b, p. 68; Laney 2001) was expanded to a 5V definition that includes veracity (certainty and consistency in data) and value (insights into and from data) (Akhgar et al. 2015; van der Sloot, Broeders & Schrijvers 2016), which includes knowledge derived from understanding data sets as a whole and by drawing insights using new analytical techniques (boyd & Crawford 2012; Kitchin 2014a; Kitchin & Lauriault 2014) It is the ability to combine and use large data sets for some type of deci­ sion or action that defines big data (boyd & Crawford 2012). As others have aptly put, ‘big data are worthless in a vacuum. Its potential value is unlocked only when leveraged to drive decision-making’ (Gandomi & Haider 2015, p. 140). Big data, as one of the building blocks of AI, is essential for con­ tinued success in the emerging technology market. Whilst the 3V and 5V definitions of big data are very useful ways of categorising big data for computer science, they do not accurately reflect the complete impact of big data on national security, or how it is being used, constraining understanding about its impact on intelligence. This section shows that there are in fact three foundational features of big data for national security: data abundance, digital connectivity and ubiqui­ tous technology,1 and that these features combined have created a big data landscape. These three features emerged clearly in this study as foundational features through which to understand the impact of big data on intelligence and national security. This research offers empirical evidence to deepen understanding of these terms as well as to present them together as a land­ scape (see Figure 1.1). Data abundance, digital connectivity and ubiquitous technology can be observed in wider society. Whilst they do overlap and intersect, they are essential to understanding the impact of big data on intelligence and national security. Data abundance is the vast and growing volume of data in society. It includes digitisation, datafication and the global datasphere – the summation of data created and shared (Reinsel, Gantz and Rydning 2018).2 National security practitioners have published on data abundance (Corrigan 2019; Gordon 2017, 2019, 2020; Symon & Tarapore 2015), also calling it a digital revolution (Gerstell 2019) and the information age (Coyne, Neal & Bell 2014; Degaut 2015; Rovner 2013). Digital connectivity is the ability to connect people, places and ideas through digital networks (BBC 2018). Pandya (2019) explores how connected

24 Big Data Fuels Emerging Technologies

Figure 1.1 Features of the Big Data Landscape Source: Designed by Susan Beale.

computers, networks and cyberspace have become an integral part of all digital processes across society. Bell (2018) connects the number of internet users and the notion of digital connectedness. Schwab (2017) suggests that digital connectivity includes billions of sensors and devices around the world connected to the internet. Additionally, digital connectivity includes the relationship between things and people made possible by connected technol­ ogies and various platforms (Schwab 2017), enabling hitherto unconnected agents to connect (Australian Government Productivity Commission 2016). Technology is a part of everyday life for all members of the community; we are living, working and communicating in a digitally connected world (ASIO 2018). Ubiquitous technology is the pervasiveness of technology in our lives and the extent to which we interact with it, knowingly or unknowingly. Technol­ ogy including phones, sensors and algorithms is now so ubiquitous that

Big Data Fuels Emerging Technologies

25

living without it seems impossible as it is so deeply embedded in our lives (Unsworth 2016). Ubiquitous technology includes artificial intelligence and machine learning, whether visible or invisible. These features combined have created a big data landscape, or ‘infrastructural core’, which forms the heart of the information ecosystem upon which many other apps and platforms are built and for which a handful of companies con­ trol the information services (van Dijck, Poell & de Waal 2018). As one of the building blocks of artificial intelligence, big data is essential for success in most emerging technology markets and understanding where it is created, used, and resides, and who it adds value for, is important. Data underpins the use of artificial intelligence in society and in intelligence. The big data landscape is critical because many emerging technologies rely on this framework. Automa­ tion, machine learning and artificial intelligence are possible due to data and the software, hardware and infrastructure systems supporting their growth. New technologies from generative pre-trained transformers (GPT) to quantum com­ puting to biotechnologies are inextricably linked to the big data landscape. Without it our digital world would cease to operate seamlessly. The next part of this chapter outlines the features of the big data landscape in detail. Data Abundance The global evolution from data scarcity to data abundance (Gordon 2019, 2020) is a key area in which big data has affected intelligence. Information has gone from scarce to superabundant (Cukier 2010) and scholars and practitioners alike have considered the changing role of information in national security as: the ‘information age’ (Coyne, Neal & Bell 2014; Degaut 2015; Gordo 2017; Herman 2001; Tucker 2014), ‘information explosion’ (Press 2013), an ‘infoglut’ or data overload (Andrejevic 2013) and a ‘digital revolution’ (Gerstell 2019). Despite awareness of the volume of information, the implications of data abundance on intelligence activities and impacts on intelligence agencies and communities are only just beginning to emerge (Hershkovitz 2022; Zegart 2022) and have not been widely, or empirically, examined. This research shows that the Australian National Intelligence Community (NIC), like most intelligence communities, is struggling to manage the abundance of digital data, including digitisation and datafication. The sheer volume and accessibility of information and variety of formats of digital information now available in society have unique implications for intelligence agencies. A theme evident from the participant interviews is that national security practitioners and agencies are still trying to adjust to digital trans­ formation and the data abundance that big data has created. All participants described the abundance of data about individuals as a profound change for intelligence agencies because there is now a record of almost all human activities that can be identified to the individual level. This section demon­ strates the impact of digitisation and datafication, then outlines ways in which data abundance is perceived to be transforming intelligence.

26 Big Data Fuels Emerging Technologies Digitisation Digitisation is the process of turning analogue information into computer-read­ able formats (Mayer-Schönberger & Cukier 2014, p. 83). It is often combined with the creation of new information on digital platforms. Interview participants organically raised digital information and indicated that many of the impacts of digitisation for intelligence agencies are disruptive in ways that are consistent with the wider societal disruption. Almost all participants highlighted the transformative nature of digitisation and access to digital information, noting it is in fact a precursor to using and applying big data-enabled technologies for increasingly sophisticated analysis and interpretation. One participant high­ lighted that digitisation is disruptive and challenging for intelligence agencies because it requires technical capacity to manage data in a digitised format: It’s a well understood realisation that everything is digital, but still it is disruptive, in many respects. You know, you can’t really do what you might have otherwise done and get very far without the capability or capacity to deal with the digital environment. And that obviously means dealing with large volumes of data. I guess, then, it’s starting to appreciate ways that you can actually go through that process of not just getting to data that you may need but also being able to analyse it in such a way that you can then determine what’s of relevance and ulti­ mately build knowledge. So, I guess that’s a realisation that is obvious but can be quite complex in a lot of areas. (SDM) Emerging from the participant interviews was a sense that aspects of data abundance, digitisation and digital information are still having disruptive impacts on intelligence agencies. Responding to a question about the biggest impact of big data on intelligence, one participant noted the seemingly selfevident: ‘everything is being digitised, everything is readily available for a price or not even for a price … It is just inadvertently available’ (SDM). The impli­ cations of digital information are now widely discussed and understood in society; however, their impacts on intelligence production have been largely unexplored and underappreciated. This study shows that, while these impacts are largely not unique to national security – hence they are touched on only briefly here – they are nonetheless significant for agencies and practitioners. Datafication Datafication – transformation of social action into online quantified data that enables real-time tracking and analysis – is not new (Mayer-Schönberger & Cukier 2014, pp. 73–97) but is increasingly sophisticated and nuanced (Mayer-Schönberger & Ramge 2018). The volume of data that is now recor­ ded about the world and our individual activities within it is almost

Big Data Fuels Emerging Technologies

27

inconceivably large and data collection is largely inescapable (McQueen 2018, p. 8). ‘Internet companies have come to know much more about us and our personal habits and tastes than any intelligence agency ever could (or should)’ (Omand & Phythian 2018, p. 145). Comprehensive profiles about individuals can be created from commer­ cially available data, which includes being able to aggregate data and identify individuals from data sets to a granular level – increasingly to a specific individual (Kitchin 2014b). Inferences are made about individuals, often without their knowledge, by the aggregation of data collected from seemingly mundane activities, including beliefs, values, preferences, psychological states, and intimate details. One of the paradoxes of big data is that, while it implies vast and impersonal data stores, data is often collected at such a granular level that it can be used to identify individuals (Richards & King 2013). Some data is individualised and some of it is collected in so-called ‘anon­ ymised’ data sets, although almost all of it can be re-identified to small groups or individual level (Culnane, Rubinstein, & Teague 2016; El Emam et al. 2009; Rocher, Hendrickx, & de Montjoye 2019; Sweeney 2015; Sweeney, Abu, & Winn 2013; Office of the Director of National Intelligence 2022; Wondracek et al. 2010). Big data has exploded the scope of personal and personally identifiable information (Crawford & Schultz 2014; Australian Government 2017) and this has major implications for intelligence agencies. Much of the existing research on data abundance in society has focused on companies monitoring, tracking and selling data about our social habits (Kitchin 2014b; Sadowski 2019; Zuboff 2019), due to their capacity in creating, storing and sharing this kind of behavioural data and in connecting individuals to each other, places and things. Commercial data sets are bought and sold by third-party data brokers, acquired by purchase from private companies and trawling public information generated by states, such as property records, voter and motor vehicle registrations, court records, and census data (Crain 2016). To provide a sense of perspective to the size of this market, just one of the thousands of data-aggregating companies that collect and sell personal data, Acxiom, processed more than 50 trillion data trans­ actions in 2014 (Neef 2014). As one of the largest data brokers, they claim to have 2.5 billion addressable people across the globe, including one database that has 1,500 entries on all marketable American households (Acxiom 2018). Meanwhile another large broker, LexisNexis (2023) adds more than 1.2 million documents a day to their database. The Office of the Director of National Intelligence (2022, p. 4) noted LexisNexis had 84 billion records and Exactis held over 3.5 billion records that are updated monthly, and emphasised the ‘large’ and ‘dynamic’ nature of the commercially available information market. The very fact that volumes of data about individuals exist and it is possible to build a comprehensive profile about people and things remotely – from data alone – is in fact a transformational shift for the intelligence community, as clearly explained by Omand and Phythian (2018, p. 145):

28 Big Data Fuels Emerging Technologies It is thus now very hard to live without leaving a digital trace as the private sector can widely capture personal data through, for example, our debit and credit card purchases, loyalty cards, and airline and hotel bookings, as well as the records kept by the government through border controls, vehicle licensing, and passports. Intelligence agencies realized that by mining data and overlaying data sets, it would be possible to answer questions – for example, about the patterns of life, the identities, and the locations of suspects – that would have been infeasible using analogue (shoe leather) methods of detective investigation. In this study, participants consistently stated that datafication and the volume of personally identifying information is transformative for intelli­ gence. Participants described the capability that big data heralds; the current ability to access and link pieces information is unprecedented and has pro­ found implications for intelligence activities, agencies and the community. One technologist explained the seemingly self-evident reality that our move­ ments are constantly recorded but also that whoever owns or can access the data can build a comprehensive profile of individuals from this volume of data: [Historically] if there was a taxi journey that a surveillance team picked up you would see the start and the end of it and you might map the route if it was important. However, if there was nothing suspicious on the route you wouldn’t bother mapping it, you’re only interested in the start and end point. However now, you get this huge volume of noise … You know, your taxi app now records your phone number, your credit card, where you went from, to, via, when you booked it, your other trips and it’s just phenomenal, all that detail. (TECH) Almost all participants highlighted the volume of data about our movements that is captured, collected and stored, resulting in complete (or near-complete) data coverage of our lives. Datafication and the ability to derive insights from data affects agencies throughout every stage of the intelligence cycle;3 it is evol­ ving the way that national security agencies operate. A participant commented: We live in a digital age and everything is captured in a digital format or can be analysed in a digital format, hoovered up in a way that gives you the ability to be able to forensically drill in on patterns, on activities, on relationships, on everything that humans do. (SDM) Another SDM elaborated that datafication has increased the significance of analytics for intelligence, including knowing what analytics and algorithms are required and what data you need:

Big Data Fuels Emerging Technologies

29

The fact that people’s lives are so integrated with technology and that creates various data sets and the ability for us to potentially exploit those for good – not for evil, although of course the potential exists for that as well – is really a huge advantage for intelligence. Whether it is a big or a small data set, the amount of information you can develop about a person without ever being in contact with that person is different now to what it was twenty years ago when I started when we relied most heavily on human intelligence. Now, we can build up a profile of an individual to a fairly detailed level, provided we have the right data and the right analytics to run over it. Data Abundance and Intelligence The volume of personal or personally identifying information available and the degree of datafication means comprehensive profiles of individuals can be quickly and remotely created. Participants indicated this is true for indivi­ duals, interest groups, institutions, political groups and even nation-states by using shipping, procurement and other data to understand nation-state sci­ ence and technology programs like nuclear or facial recognition capabilities. According to participants, the capability to create comprehensive profiles remains difficult to achieve in real time in practice for those who are not the original data collectors, including intelligence agencies. Participants described that this is because the data is collected and held in diffused and dispersed data sets for different purposes by a range of different entities and owners. Participants noted that, in some cases, it is possible to anchor personal information and biometrics to a person – especially where data sets are con­ nected to confirmed government identity documents (such as passports and driver’s licences) rather than from private data sets alone. Many participants raised datafication and the sheer volume of personal information as an enabler in detection, monitoring and tracking. There are counter trends to this extensive data collection, with participants highlighting that some groups take action to avoid digital surveillance such as using encrypted communications and the dark web. A number of participants acknowledged that this detection, monitoring and tracking can include intelligence officers (whether they be Australian or foreign officials) but did not discuss this in further detail. One participant asked: If we can do it, who else can do it? Hostile intelligence services but also commercial entities. Just the amount of information they collect for marketing purposes or for advertising purposes. When we are operating operationally and using technology we are subject to all of that collect as well and it could compromise the operational activity we are doing. We are almost at a stage where in certain, potentially sensitive operations we are having to disengage from technology and fall back on old, traditional methods to try and eliminate the electronic footprint. The same way that

30 Big Data Fuels Emerging Technologies the data provides an advantage for us, it could cause a disadvantage to us. (ODM) Another ODM described some of the practical challenges in relation to ter­ rorism offences, highlighting what it means to ‘know’ something in a big data environment: Once upon a time, someone may have done something with a knife [ter­ rorist attack] and we may or may not have known about them. These days we know about them. Somewhere within our information holdings, or on the internet, we probably have an aggregate of data about this person. Which, if we could reverse engineer and collect with other data and analyse in the right way, might have shown indicators and all that sort of stuff. It’s an interesting trade-off in terms of the opportunity that new data brings in terms of the analytic insights you can derive from it but also in terms of the new risks we have to understand and mitigate as part of our work. (ODM) Participants articulated the notion that the volume of data coverage means that activity may be ‘knowable’, or ‘predictable’, with access to the right data in advance. How big data is changing what it means to know something, and the knowledge used for intelligence, is discussed in Chapter 4. For agencies with a domestic security function, the ability to identify potential offences in order to prevent major harm is clearly critical. Participants from agencies with a domes­ tic security focus expressed that they felt that if information exists (for example about individuals, activities or beliefs) – or can be inferred – and agencies fail to obtain and consider that information, they would be unable to act decisively to prevent harm and would be failing in their mission. The data collection for this research occurred over a time period including the Christchurch Mosque attacks in March 2019, with interviews occurring at the time of the attack. It is natural that interviewees referred to the intelligence challenges inherent in preventing domestic terrorist attacks in that time and context. Some intelligence agencies have access to information and indicators related to potential terrorist attacks already – while other participants commu­ nicated they are cognisant of potential access – and some participants described the challenges inherent for intelligence agencies in complete data collection about our lives existing in the world. Many participants also raised the challenges of accessing this kind of data, given the vast majority is in the private sector, as well as questioning their ability to do so in an ethical and proportionate manner. Digital Connectivity Digital connectivity is ‘most visible in the myriad forms people employ to send, receive, broadcast, disseminate, and share information’ (Murphy &

Big Data Fuels Emerging Technologies

31

Kuehl 2015, p. 72), but includes a far more extensive, less visible network including billions of sensors in business, manufacturing, health care, retail, security, transportation and ‘smart home’ devices (Intel 2020). The pro­ liferation of digital devices that are constantly connected is driven by tech­ nical advances in big data collection and analysis, storage capacity and transmission speeds. This is a trend towards ‘continuously collected, almostinfinitely networkable, and highly flexible’ data (Metcalf, Keller & boyd 2016, p. 2). The increased computational power, new database design and dis­ tributed storage capacity of big data (Kitchin 2014b, p. 68), alongside increased connection capabilities, have enabled the expansion of digital connectivity. The number of devices connected to the internet has increased exponen­ tially over the past 20 years although estimates for both current and pro­ jected connections vary greatly. Intel (2014) projected that by 2020 there would be 200 billion devices connected, meanwhile a McKinsey report (Dahlqvist et al. 2019) expected numbers to reach 43 billion by 2023 – far higher than Ericsson’s (2022) more recent estimate of 26.3 billion in 2023, who predict that by 2028 that number will reach 45.8 billion. Regardless of which number you choose, all predict continued rapid growth, meaning connected technology is now increasingly a part of everyday life for Australians. The fact that the number of digital devices in the world is growing and connectivity between devices is increasing seems obvious enough; however, the implications are just beginning to be explored in the context of national security. The book contributes empirical research on the implications of digital connectivity at scale for the intelligence community and supports the public discussion, emerging from largely US practitioners and researchers (Hershkovitz 2022; Zegart 2022). Participants in this study also raised that digital connectivity provides the potential for real-time situational awareness, such as the extensive antivirus networks that are deployed globally. Gerstell (2019, n.p.) points out that ‘the larger antivirus vendors, with their sensors connected to their global corporate clients, already know more at any given moment about the state of networks around the world than does any gov­ ernment agency’. One participant offered insight into how that works in practice: If you think about the appliances that are deployed inside networks, they rely on big data and machine learning. So, if I get a Palo Alto box, attached to a smart firewall, it is getting pushed stuff from Palo Alto and their sensor network of hundreds of millions of devices that they correlate and push their smarts back into that box. (SDM) Another participant, whose agency has a cyber-security function, suggested that there were opportunities yet to be taken up:

32 Big Data Fuels Emerging Technologies If you’re asking how big data impacts our data lives here, way less than it should. We should have big arrays of sensors out there, dropped in net­ works of other things, at end points, host-based type sensors that are gen­ erating just incredible amounts of data that we look to find oddness and we are not doing it at a scale that is sufficient for an economy such as this. (SDM) Participants in this research organically raised digital connectivity as an aspect of big data with global transformational potential, including for the NIC. Every interview included some discussion about digital connectivity, although participants used a range of terms such as digitally connected, connectivity, networked and internet-enabled mobile devices to discuss the concept. Most participants were knowledgeable about the role of digital con­ nectivity in providing real-time data. One ISME participant clearly articulated a frequently presented perspective: It is the internet and the hyper-connectivity of the internet that has created unbelievable volumes of data. This is the big data based on just the fact that everything’s connected and it’s generating lots of information constantly. Another noted: ‘we now carry a device around with us that enables us to communicate whenever we want to and it collects information about where we are all of the time’ (TECH). Participants explained that digital con­ nectivity has made the process of connecting pieces of personal information or personally identifying information much easier, for a wide variety of actors, because of metadata, the common denominator of an IP address, phone number or advertising identifier. Participants universally discussed the combination of data abundance and digital connectivity as transformational for the NIC. ‘Information genera­ tion, sharing, and consumption is unprecedented in its diversity, extent, fragmentation, and reach’ (Mazarr et al. 2019, p. 13). Indeed, the very nature of constant digital connectivity is that it is global and omnipresent. As one participant put it: In the old days you could lift a telephone and talk to one person or there was the radio broadcast, but with the internet you can post and persist something globally … and of course, interact in real time globally. So, in fact, you could talk to a billion people and communicate two-way to a billion people in real time. (TECH) Ubiquitous Technology The exponential speed of growth and adoption of technology means that much is yet to be understood (Schwab 2017, p. 1). The ubiquity of technol­ ogy and the type and speed of its growth has specific and significant

Big Data Fuels Emerging Technologies

33

implications for the NIC. Many participants described instances where they felt the pace of technological change exceeded human ability (individually or as a community) to fully comprehend the complexity of systems, available and emerging technologies as well as challenges in evaluating technology and capability needs. One participant noted: Given the ubiquity of the technology, the cheapness of the technology and the level of transformation around the technology, my view is that its impact will be vastly more fundamental [to society and national security] than most people believe. (SDM) Pandya (2019) outlines how connected computers, networks and cyberspace have become ubiquitous technologies, becoming an integral part of all digital processes across society. Many activities and processes are now controlled or go through cyberspace and this fundamentally changes the security land­ scape for humanity, creating unprecedented interconnectivity – and vulner­ ability (Pandya 2019). One participant articulated the complexity of technology ubiquity for understanding impacts: Broadly speaking I have to say it [big data] is going to impact on national security, intelligence agencies and the public sector in ways that people in it don’t yet comprehend. Or probably can barely imagine – I include myself in that. If it doesn’t then we are not doing our job properly. (TECH) Another technologist participant explained that our understanding of technology is nascent: The purposes to which big data as a phenomenon and a thing can be put have nowhere near been fully explored. The positives to our collective mission – the security and safety of Australia – are yet to be fully understood but have all the potential in the world. (TECH) The type and speed of adoption of transformative technologies is often con­ sidered in isolation from the maturity and sophistication of systems. Indeed, as they are ‘so deeply embedded in our lives and have so much power in society that it is easy to forget many are barely older than teenagers’ (Hammond-Errey 2022). This was clearly articulated by an NSA official and is representative of the views of the research participants: We all sense that we are on the cusp of unimaginable technological changes. Cell-phones and the internet seem of such manifest utility that

34 Big Data Fuels Emerging Technologies we take them for granted, but that is only because they have become so central to our daily lives, not because they have been around forever … Google started in 1998. YouTube is only 14 years old, and the iPhone is merely 12 years old. The digital revolution thus far is distinguished by its ability to become ubiquitous in our daily personal and commercial lives in an astonishingly rapid time. (Gerstell 2019, n.p.) Concentrated Data and Computational Capacity Shifts Economic and Geopolitical Power Digital infrastructure is the backbone of our societies. The big data land­ scape has concentrated unprecedented information, computational and eco­ nomic power within a small number of private companies, which is causing shifts in geopolitical power. This is transforming the relationships they have with nation-states and arguably challenging conceptions of national security. The technology sector has become increasingly dominated by a small number of companies, concentrating information flows, critical data sets and techni­ cal capabilities (Andrejevic 2013; Cohen 2017; Edward 2020; Moore 2016; van Dijck, Poell & de Waal 2018), including computing power essential for functioning democracies (Richmond 2019; Watts 2020). The dominance of these companies has handed them scale and influence akin to nation-states (Lehdonvirta 2022, p. 3). The ‘epicenter of the information ecosystem that dominates North Amer­ ican and European online space is owned and operated by five high-tech companies, Alphabet-Google, Facebook, Apple, Amazon, and Microsoft’ (van Dijck, Poell & de Waal 2018, p. 6). These companies have monopolised aspects of the big data landscape of data abundance, digital connectivity and ubiquitous technology. These five companies are therefore able to control what van Dijck, Poell and de Waal (2018) call the node of global information services, in a way that participants in this study suggested was previously limited to telecommunications companies – assets that were historically gov­ ernment owned (Howell & Potgieter 2020). In an interview on the author’s podcast series, Technology and Security (2023), Sue Gordon argued that there are number of companies who are ‘the biggest non-state actors globally, and they do shape organisations, and they do shape activities.’ One partici­ pant in this study outlined this view that was frequently expressed by participants: Yes. We’re moving to an era where the nation-state is challenged by companies, or groups, or data providers essentially that own more data – like Amazon – who have far more knowledge and power over citizens than the government … That’s a concern and something needs to be done about it, although perhaps we’ve missed that opportunity to take some of the power from those companies … But the essential services

Big Data Fuels Emerging Technologies

35

you can’t opt out of … Once all your essential services run on that system you can’t opt out. (ISME) Immense volumes of data – and computational capacity – are what Alpha­ bet-Google, Apple, Meta, Amazon and Microsoft all have in common (Mazarr et al. 2019; Neef 2014; Zuboff 2019), despite offering a variety of different services (Lotz 2018). They are described as ‘data behemoths’ (Zegart 2022) and the ‘infrastructural core’ (van Dijck, Poell & de Waal 2018) because they form the heart of an information ecosystem upon which other platforms and applications are built. Most internet users – government agencies included – are dependent on these companies at some level for their infrastructural information services (Cohen 2017; Moore 2016; van Dijck, Poell & de Waal 2018) including for computing power (Lehdonvirta 2023). Of significance is that not only do these companies have a concentration of data, they also largely own the most data storage centres and have advanced analytics and computational capabilities. China has a similar set of compa­ nies in AliBaba, Baidu, Tencent, Bytedance, and Meituan, whose reach through platforms like AliExpress (AliBaba’s platform for cross-border audiences) and Bytedance’s TikTok – having reached one billion monthly active users globally in September 2021 – has grown rapidly (Guoli & Li 2022; Kemp 2023, TikTok 2021). According to participants in this study, contemporary power is in and through information and computing power which is centralised within com­ panies that have monopolised the big data landscape of data abundance, digi­ tal connectivity and ubiquitous technology. The changing big data landscape has and will continue to alter national security by changing power in society: My view is that it [big data and AI] will become the new arms race … The balance of power is shifting away from the nation-state towards companies that hold the most power, Google, Facebook, AWS [Amazon Web Services] … They can start talking about how they could break up Facebook, but good luck with that. (SDM) Participants described how concentrated data and computational capacity has contributed to practical changes for the intelligence community with an increase in decisions impacting national security being made in the private sector, explored in Chapter 2 of this book. Additionally, many participants described this shift as portending significant new social harms – and exacer­ bating existing ones – outlined in Chapter 3 as well as requiring changes to the existing methods of assessing national security harm and threat, outlined in Chapter 2. Santesteban and Longpre (2020) demonstrate how data and the ability to analyse it endows substantial market power to only the largest online

36 Big Data Fuels Emerging Technologies platforms. Moreover, as noted in the UK Government’s Independent Review of The Future of Compute (Ghahramani 2023), the compute these platforms rely on is geographically concentrated. Australia has reportedly 0.88% of the world’s compute capacity as of November 2022, and the United Kingdom only 1.3% – while the top five countries (the United States, Japan, China, Finland, and Italy) have 79.1% (Top500 2022). Past efforts to change this balance, such as France’s publicly funded sovereign cloud project that began in 2009, have been unsuccessful, with France’s newly announced effort involving partnerships with large US companies (Lehdonvirta 2023). Partici­ pants in this study suggested that such dominance impacted the national security conception and challenged the status quo: The largescale data owners, Facebook, Google, Amazon, have chal­ lenged the nation-state for quite a while … It’s not without reason that people like Elon Musk are concerned with the advent of AI that it’s going to be the destruction of a number of nation-states. (TECH) Companies that have monopolised data abundance, digital connectivity and ubiquitous technology control global information flows and services. Addi­ tionally, they have massive and unprecedented economic power (Lee 2021; Moore 2016; Fernandez et al. 2021; Santesteban & Longpre 2020). The top five American technology companies (Alphabet-Google, Apple, Meta, Amazon and Microsoft) had cumulative revenues of US$1.1 trillion in 2022, although their market capitalisation has dropped from a high of US$9.5 trillion in 2021 to US$7.7 trillion in April 2023 (Lee 2021; Wall Street Jour­ nal 2023a, 2023b, 2023c, 2023d, 2023e). Their combined market capitalisa­ tion in 2021 was more than six times the size of Australia’s gross domestic product (US$1.55 trillion), while their revenues were almost twice the total revenue of the Australian governments (US$586 billion) in the same year (Australian Bureau of Statistics 2023; World Bank 2023). Participants spoke of the challenges they saw in this commercial power: I am pointing out is that an individual has more capacity in space now than nation-states. He [Elon Musk] has put up sixty satellites, the first of a couple of thousand, to provide global internet. A government could do that! (SDM) The pandemic further accelerated digitalisation in society and contributed to widening power asymmetries between users, government and large technol­ ogy companies (Véliz 2021). The value of goods that passed through Amazon in 2022 (US$514 billion) exceeded the gross domestic product (GDP) of many countries – it’s 2021 revenue figure would place it in the top 30 countries for GDP (Amazon 2023, p. 23; World Bank 2023). Amazon’s

Big Data Fuels Emerging Technologies

37

fees for merchants in 2022 brought in more revenue (US$117 billion) than most states do through taxation (Lehdonvirta 2022, p. 3). Moreover, these companies have taken on key functions akin to the judicial systems of nation-states – eBay rules on more financial disputes (60 million) per year than any court outside of the United States hears on an annual basis (Lehdonvirta 2022, p. 3). Speaking to the power and capabilities of companies that have con­ centrated data and computational capacity, participants raised the global nature of technology and highlighted challenges in mitigating threats and regulating activities. We can’t regulate big data that’s managed overseas. We can’t manage something that someone from a covert area or someone from another country can come on and write something or do something that’s going to influence our people. We can’t regulate that. You can try but you really are running behind a very fast-moving train. (TECH) Several participants highlighted that one of the key challenges of the big data landscape is regulating the global nature of data, information and computational power and that this complicates their ability to understand and manage national security threats: I suppose one of the big challenges with big data is that it operates globally and so our nation-states have a problem dealing with it … It’s a bit like putting security on the internet. It’s an afterthought. They’re trying to put nation-state regulation on big data and the internet, and it is actually hard. (ISME) Big data has transformed the information environment we live in. The type and speed of technological transformation in society has radical implications for intelligence communities globally. The first section of this chapter showed how the big data landscape of data abundance, digital connectivity and ubi­ quitous technology impact on intelligence and how these features have cen­ tralised power. Although seemingly obvious, data abundance, digital connectivity and ubiquitous technology form a landscape through which to unpack how big data impacts intelligence. Data abundance means there are now records of moments that were previously unrecorded and it is now pos­ sible to create profiles about people, places and things from this data. Digital connectivity means that this data is collected in real time, altering intelligence processes. The ubiquity of technology shows how big data is involved in many emerging technologies and has centralised information, computation and commercial power. The features of the big data landscape examined in this section – data abundance, digital connectivity, and ubiquitous

38 Big Data Fuels Emerging Technologies technology – show that it transforms aspects of intelligence production and national security.

Notes 1 I first heard this coalescence of terms used by former US intelligence practitioner and leader Sue Gordon. In subsequent communications, she confirmed that to the best of her knowledge this grouping was her own construction. 2 According to Reinsel, Gantz and Rydning (2018) there are three primary locations where digitisation is happening and where digital content is created: the core (tra­ ditional and cloud data centres), the edge (enterprise-hardened infrastructure like cell towers and branch offices), and the endpoints (PCs, smart phones and IoT devices). The summation of all this data, whether it is created, captured or repli­ cated, is called the global datasphere, and it is experiencing tremendous growth. IDC predicts that the global datasphere will grow from 33 zettabytes (ZB) in 2018 to 175 ZB by 2025. 3 The term ‘intelligence cycle’ (Coyne 2014; Hulnick 2006; Lowenthal 2012; Marrin 2009, 2014) is shorthand for the process undertaken by intelligence agencies and is structured model of producing advice for decision-makers. It is also sometimes referred to generally as intelligence analysis (Lowenthal 2012; Odom 2008). The stages of the intelligence cycle vary (depending on jurisdiction, agency, task and even analyst) but generally include, in some form, direction, collection and col­ lation, analysis, production, dissemination and evaluation (Agrell 2012; Betts 2009; Australian Criminal Intelligence Commission 2012; Davies, Gustafson & Rigden 2013; Davies 2004, 2010; Dupont 2003; Gill 2009; Hulnick 2006; Johnson 2005; Kahn 2009; Lahneman 2010; Lowenthal 2012; Marrin 2014, 2017; Ratcliffe 2012; Heuer & Pherson 2015; Rolington 2013; Thomas 1988; Treverton & Gabbard 2008; Vandepeer 2011).

References Acxiom 2018, ‘Acxiom Data Overview’, Acxiom, September 2018, access 17 April 2023, https://www.acxiom.com/wp-content/uploads/2018/11/Acxiom_Data_Overview_2018_ 11.pdf. Agrell, W 2012, ‘The next 100 years? Reflections on the future of intelligence’, Intel­ ligence and National Security, vol. 27, no. 1, pp. 118–132. Akhgar, B, Saathoff, GB, Arabnia, H., Hill, R., Staniforth, A. & Bayerl, P.S. 2015, Application of big data for national security: a practitioner’s guide to emerging technologies, Waltham Elsevier, Amsterdam. Amazon 2023, ‘2022 Amazon Annual Report’, Amazon.com Inc., 25 January, acces­ sed 20 April 2023, https://ir.aboutamazon.com/annual-reports-proxies-and-sha reholder-letters/default.aspx. Andrejevic, M 2013, Infoglut: how too much information is changing the way we think and know, Routledge, New York. Andrew, C 2018, The secret world: a history of intelligence, Penguin Books, London. ASIO (Australian Security Intelligence Organisation) 2018, Corporate plan 2018– 2019, Commonwealth of Australia, Canberra. Australian Bureau of Statistics 2023, Government Finance Statistics, Australia, ABS, 28 February, accessed 6 April 2023, https://www.abs.gov.au/statistics/economy/gov ernment/government-finance-statistics-australia/latest-release.

Big Data Fuels Emerging Technologies

39

Australian Criminal Intelligence Commission 2012, Australian Criminal Intelligence Management Strategy 2012–15, Commonwealth of Australia, Canberra. Australian Government 2017, What is personal information?, Office of the Australian Information Commissioner, Canberra, Australia. Australian Government Productivity Commission 2016, Digital disruption: what do governments need to do?, Australian Government Productivity Commission, Canberra. Babuta, A 2017, Big data and policing an assessment of law enforcement requirements, expectations and priorities, RUSI Occasional Paper, RUSI, London. BBC (British Broadcasting Corporation) 2018, Bridging the world through digital connectivity, BBC StoryWorks, accessed 2 December 2021, https://www.bbc.com/ storyworks/specials/digital-connectivity/. Beer, D 2018, ‘Envisioning the power of data analytics’, Information, Communication & Society, vol. 21, no. 3, pp. 465–479. Bell, G 2018, ‘The character of future Indo-Pacific land forces’, Australian Army Journal, vol. 14, no. 3, pp. 171–184. Bennett Moses, L & Chan, J 2014, ‘Using big data for legal and law enforcement decisions: testing the new tools’, University of New South Wales Law Journal, vol. 37, no. 2, pp. 643–678. Betts, R 2009, ‘Analysis, war, and decision’, in P Gill, S Marrin & M Phythian (eds), Intelligence theory: key questions and debates, Routledge, New York, pp. 87–111. boyd, d & Crawford, K 2012, ‘Critical questions for big data’, Information, Communication & Society, vol. 15, no. 5, pp. 662–679. Chan, J & Bennett Moses, L 2016, ‘Is big data challenging criminology?', Theoretical Criminology, vol. 20, no. 1, pp. 21–39. Chan, J & Bennet Moses, L 2017, ‘Making Sense of Big Data for Security’, The British Journal of Criminology, vol. 57, no. 2, pp. 299–319. Chawda, RK & Thakur, DG 2016, ‘Big data and advanced analytics tools’ [con­ ference presentation], Symposium on Colossal Data Analysis and Networking, Indore, India, 18–19 March. Chen, M, Mao, S & Liu, Y 2014, ‘Big data: a survey’, Mobile Networks and Applications, vol. 19, no. 2, pp. 171–209. Cloud Security Alliance 2013, Big data analytics for security intelligence, Cloud Security Alliance, Seattle, WA. Cohen, JE 2017, ‘Law for the platform economy’, University of California, Davis Law Review vol. 51, pp. 133–204. Corrigan, J 2019, ‘Spy agencies turn to AI to stay ahead of adversaries’, NextGov, 27 June, accessed 2 December 2021, https://www.nextgov.com/emerging-tech/2019/06/ spy-agencies-turn-ai-stay-ahead-adversaries/158081/. Coyne, J 2014, ‘Strategic intelligence in law enforcement: anticipating transnational organised crime’, PhD thesis, Queensland University of Technology. Coyne, J, Neal, S & Bell, P 2014, ‘Reframing intelligence: challenging the cold war intelligence doctrine in the information age’, International Journal of Business and Commerce, vol. 3, no. 5, pp. 53–68. Crain, M 2016, ‘The limits of transparency: data brokers and commodification’, New Media & Society, vol. 20, no. 1, pp. 88–104. Crawford, K & Schultz, J 2014, ‘Big data and due process: toward a framework to redress predictive privacy harms’, Boston College Law Review, vol. 55, no. 1, pp. 93–128.

40 Big Data Fuels Emerging Technologies Cukier, K 2010, ‘Data, data everywhere’, The Economist, 27 February, accessed 2 December 2021, https://www.economist.com/special-report/2010/02/27/data-data -everywhere. Culnane, C, Rubinstein, B & Teague, V 2016, ‘Crime and Privacy in Open Data: Testing the strength of methods used for protecting privacy in open data shouldn’t be a crime’, Pursuit, accessed 17 April 2023, https://pursuit.unimelb.edu.au/articles/ crime-and-privacy-in-open-data. Dahlqvist, F, Patel, M, Rajko, A & Shulman, J 2019, ‘Growing opportunities in the Internet of Things’, McKinsey & Company, 22 July, accessed 17 April 2023, https:// www.mckinsey.com/industries/private-equity-and-principal-investors/our-insights/gr owing-opportunities-in-the-internet-of-things. Davies, PHJ 2004, ‘Intelligence culture and intelligence failure in Britain and the United States’, Cambridge Review of International Affairs, vol. 17, no. 3, pp. 495–520. Davies, PHJ 2010, ‘Intelligence and the machinery of government: conceptualizing the intelligence community’, Public Policy and Administration, vol. 25, no. 1, pp. 29–46. Davies, PHJ, Gustafson, K & Rigden, I 2013, ‘The intelligence cycle is dead, long live the intelligence cycle: rethinking intelligence fundamentals for a new intelligence doctrine’ in M Phythian (ed.), Understanding the intelligence cycle, Routledge, London, pp. 56–75. Degaut, M 2015, ‘Spies and policymakers: intelligence in the information age’, Intelligence and National Security, vol. 31, no. 4, pp. 509–531. Dupont, A 2003, ‘Intelligence for the twenty-first century’, Intelligence and National Security, vol. 18, no. 4, pp. 15–39. Edward, W 2020, ‘The Uberisation of work: the challenge of regulating platform capitalism. A commentary’, International Review of Applied Economics, vol. 34, no. 4, pp. 512–521. El Emam, K, Dankar, FK, Vaillancourt, R, Roffey, T & Lysyk, M 2009, ‘Evaluating the risk of re-identification of patients from hospital prescription records’, Canadian Journal of Hospital Pharmacy, vol. 62, no. 4, pp. 307–319. Ericsson 2022, ‘Ericsson Mobility Visualizer’ Ericcson, November, accessed 17 April 2023, https://www.ericsson.com/en/reports-and-papers/mobility-report/mobility-visua lizer?f=1&ft=2&r=2,3,4,5,6,7,8,9&t=1,2,3,4,5,6,7&s=4&u=1&y=2022,2028&c=3. Fernandez, R, Klinge, TJ, Hendrikse, R & Adriaans, I 2021, ‘How big tech is becoming the government’, Tribune, 5 February, accessed 22 March 2022, https:// tribunemag.co.uk/2021/02/how-big-tech-became-the-government. Gandomi, A & Haider, M 2015, ‘Beyond the hype: big data concepts, methods, and analytics’, International Journal of Information Management, vol. 35, pp. 137–144. Gerstell, GS 2019, ‘I work for N.S.A. We cannot afford to lose the digital revolution’, New York Times, 10 September, accessed 20 March 2023, https://www.nytimes. com/2019/09/10/opinion/nsa-privacy.html. Ghahramani, Z 2023, ‘Independent Review of The Future of Compute: Final report and recommendations’, Department for Science, Innovation & Technology, United Kingdom. Gill, P 2009, ‘Theories of intelligence’, in P Gill, S Marrin & M Phythian (eds), Intelligence theory: Key questions and debates, Routledge, New York, pp. 208–226. Gordo, B 2017, ‘“Big data” in the information age’, City & Community, vol. 16, no. 1, pp. 16–19. Gordon, S 2017, A conversation with Sue Gordon Principal Deputy Director of National Intelligence, Walter E. Washington Convention Center, Washington, D.C., 7 September.

Big Data Fuels Emerging Technologies

41

Gordon, S 2019, Sue Gordon and Michael Morrell in conversation, CBS, Intelligence Matters Podcast, https://www.cbsnews.com/news/former-top-dni-official-sue­ gordon-discusses-circumstances-of-her-departure-from-odni-transcript/. Gordon, S 2020, ‘Former top DNI official Sue Gordon discusses circumstances of her departure from ODNI’, CBS News, 14 February, https://www.cbsnews.com/news/form er-top-dni-official-sue-gordon-discusses-circumstances-of-her-departure-from-odni-tran script/. Guoli, C & Li, J 2022, Seeing the Unseen: Behind Chinese Tech Giants’ Global Venturing, Wiley, Newark, Hammond-Errey, M 2022, ‘You’re being watched: How Big Data is changing our lives’, The Sydney Morning Herald, 2 February, accessed 20 May 2023, https:// www.smh.com.au/national/you-re-being-watched-how-big-data-is-changing-our-live s-20220201-p59st0.html. Herman, M 2001, Intelligence services in the information age: theory and practice, Frank Cass, London. Hershkovitz, S 2022, The future of national intelligence: how emerging technologies reshape intelligence communities, Rowman & Littlefield, Lanham. Heuer, RJ & Pherson, R 2015, Structured analytic techniques for intelligence analysis, 2nd edn, CQ Press, Thousand Oaks, CA. Howell, BE & Potgieter, PH 2020, ‘Politics, policy and fixed-line telecommunications provision: Insights from Australia’, Telecommunications Policy, vol. 44, no. 7, pp. 1–19. Hulnick, AS 2006, ‘What’s wrong with the intelligence cycle’, Intelligence and National Security, vol. 21, no. 6, pp. 959–979. Intel 2020, ‘A guide to the Internet of Things’, Intel, accessed 29 June 2020, https:// www.intel.com/content/www/us/en/internet-of-things/infographics/guide-to-iot.html. Intel 2014, ‘Intel® Gateway Solutions for the Internet of Things’, Intel, accessed 19 April 2023, https://www.intel.com.tw/content/dam/www/public/us/en/documents/p roduct-briefs/sb-intel-gateway-iot.pdf. Johnson, R 2005, Analytic culture in the US intelligence community: an ethonographic study, Center for the Study of Intelligence, CIA, Washington, DC. Kahn, D 2009, ‘An historical theory of intelligence’, in P Gill, S Marrin & M Phy­ thian (eds), Intelligence theory: key questions and debates, Routledge, New York, pp. 4–15. Kemp, S 2023, ‘Digital 2023’, We are social, 26 January, accessed 5 April 2023, http s://wearesocial.com/au/blog/2023/01/the-changing-world-of-digital-in-2023-2/. Kitchin, R 2014a, ‘Big data, new epistemologies and paradigm shifts’, Big Data & Society, vol. 1, no. 1. Kitchin, R 2014b, The data revolution: big data, open data, data infrastructures & their consequences, Sage, London. Kitchin, R & Lauriault, TP 2014, ‘Small data in the era of big data’, GeoJournal, vol. 80, no. 4, pp. 463–475. Lahneman, WJ 2010, ‘The need for a new intelligence paradigm’, International Journal of Intelligence and CounterIntelligence, vol. 23, no. 2, pp. 201–225. Laney, D 2001, ‘3D data management: controlling data volume velocity and variety’, META Delta, 6 February. Lee, J 2021, ‘Big data for liberal democracy’, The Australian, 5 March, accessed 12 March 2022, https://www.theaustralian.com.au/inquirer/big-data-for-liberal-dem ocracy/news-story/10ed6d4d8b01677955fc468d3751a4b7.

42 Big Data Fuels Emerging Technologies Lehdonvirta, V 2022, Cloud Empires: How Digital Platforms Are Overtaking the State and How We Can Regain Control, MIT Press, Cambridge, MA. Lehdonvirta, V 2023, ‘Behind AI, a massive infrastructure is changing geopolitics’, Oxford Internet Institute, 17 March, access 10 April 2023, https://www.oii.ox.ac.uk/ news-events/news/behind-ai-a-massive-infrastructure-is-changing-geopolitics/. LexisNexis 2023, ‘About’, LexisNexis, accessed 17 April 2023, https://www.lexisnexis. com/en-us/about-us/about-us.page. Lotz, A 2018, ‘“Big tech” isn’t one big monopoly – it’s 5 companies all in different businesses’, The Conversation, 24 March. Lowenthal, MM 2012, Intelligence: from secrets to policy, 5th edn, Sage/CQ Press, Los Angeles, CA. Malomo, F & Sena, V 2016, ‘Data intelligence for local government? Assessing the benefits and barriers to use of big data in the public sector’, Policy & Internet, vol. 9, no. 1, p. 7–27. Marrin, S 2009, ‘Intelligence analysis and decision-making’, in P Gill, S Marrin & M Phythian (eds), Intelligence theory: key questions and debates, Routledge, New York, pp. 131–150. Marrin, S 2014, ‘Improving intelligence studies as an academic discipline’, Intelligence and National Security, vol. 31, no. 2, pp. 266–279. Marrin, S 2017, ‘Understanding and improving intelligence analysis by learning from other disciplines’, Intelligence and National Security, vol. 32, no. 5, pp. 539–547. Mayer-Schönberger, V & Cukier, K 2014, Big data: a revolution that will transform how we live, work, and think, Mariner Books, Houghton Mifflin Harcourt, Boston, MA. Mayer-Schönberger, V & Ramge, T 2018, Reinventing capitalism in the age of big data, John Murray Press, London. Mazarr, MJ, Bauer, RM, Casey, A, Heintz, S & Matthews, LJ 2019, The emerging risk of virtual societal warfare: social manipulation in a changing information environment, RAND Corporation, Santa Monica, CA. McQueen, M 2018, How to prepare now for what’s next: a guide to thriving in an age of disruption, Wiley, Milton, Qld. Metcalf, J, Keller, EF & boyd, d 2016, Perspectives on big data, ethics, and society, Council for Big Data, Ethics, and Society, https://bdes.datasociety.net/council-outp ut/perspectives-on-big-data-ethics-and-society/. Minelli, M, Chambers, M & Dhiraj, A 2013, Big data, big analytics: emerging business intelligence and analytic trends for today’s businesses, Wiley CIO, Hoboken, NJ. Moore, M 2016, Tech giants and civic power, King’s College London Policy Institute, London. Murphy, D & Kuehl, D 2015, ‘The case for a national information strategy’, Military Review, September-October, pp. 70–83. Neef, D 2014, Digital exhaust: what everyone should know about big data, digitization and digitally driven innovation, Dale Neef, Upper Saddle River, NJ. Odom, WE 2008, ‘Intelligence analysis’, Intelligence and National Security, vol. 23, no. 3, pp. 316–332. Office of the Director of National Intelligence 2022, Senior Advisory Group Panel on Commercially Available Information, Office of the Director of National Intelligence, Washington, DC. Omand, D & Phythian, M 2018, Principled spying: the ethics of secret intelligence, Oxford University Press, Oxford.

Big Data Fuels Emerging Technologies

43

Pandya, J 2019, ‘The dual-use dilemma of artificial intelligence’, Forbes, 28 January, accessed 20 March 2023, https://www.forbes.com/sites/cognitiveworld/2019/01/07/ the-dual-use-dilemma-of-artificial-intelligence/?sh=5854d6306cf0. Power, DJ 2014, ‘Using “big data” for analytics and decision support’, Journal of Decision Systems, vol. 23, no. 2, pp. 222–228. Pramanik, MI, Lau, RYK, Yue, WT, Ye, Y & Li, C 2017, ‘Big data analytics for security and criminal investigations’, Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, vol. 7, no. 4, art. e1208. Press, G 2013, ‘A very short history of big data’, Forbes, 9 May, accessed 2 December 2021, https://www.forbes.com/sites/gilpress/2013/05/09/a-very-short-history-of-big-data/ ?sh=51c7904065a1. Ratcliffe, J 2012, Intelligence-led policing, Taylor and Francis, Hoboken, NJ. Reinsel, D, Gantz, J & Rydning, J 2018, The digitization of the world from edge to core (IDC White Paper), IDC, Needham, MA. Richards, NM & King, JH 2013, ‘Three paradoxes of big data’, Stanford Law Review Online, vol. 41, no. 3, pp. 41–46. Richmond, B 2019, A day in the life of data, Consumer Policy Research Centre, Melbourne. Rocher, L, Hendrickx, JM & de Montjoye, YA 2019, ‘Estimating the success of reidentifications in incomplete datasets using generative models’, Nature Communications, vol. 10, no. 1, art. 3069. Rolington, A 2013, Strategic intelligence for the 21st century: the mosaic method, Oxford University Press, Oxford. Rovner, J 2013, ‘Intelligence in the Twitter age’, International Journal of Intelligence and CounterIntelligence, vol. 26, no. 2, pp. 260–271. Sadowski, J 2019, ‘When data is capital: datafication, accumulation, and extraction’, Big Data & Society, vol. 6, no. 1. Santesteban, C & Longpre, S 2020, ‘How big data confers market power to big tech: leveraging the perspective of data science’, Antitrust Bulletin, vol. 65, no. 3, pp. 459–485. Schwab, K 2017, The fourth industrial revolution, Penguin Books, London. Shahbazian, E 2016, Intelligence analysis: needs and solutions, IOS Press, Amsterdam. Shu, H 2016, ‘Big data analytics: six techniques’, Geo-spatial Information Science, vol. 19, no. 2, pp. 119–128. Sweeney, L 2015, ‘Only You, Your Doctor, and Many Others May Know’, Technol­ ogy Science, 28 September, accessed 17 April 2023, https://techscience.org/a/ 2015092903/. Sweeney, L, Abu, A, & Winn, J 2013, ‘Identifying Participants in the Personal Genome Project by Name’, Data Privacy Lab, White Paper, Harvard University. Symon, PB & Tarapore, A 2015, ‘Defense intelligence analysis in the age of big data’, Joint Force Quarterly, vol. 79, no. 4, pp. 4–11. Technology and Security 2023, Audio podcast, United States Studies Centre, 24 May, http s://www.ussc.edu.au/analysis/technology-and-security-ts-podcast-intelligence-ai-and-au kus-with-former-us-principal-deputy-director-of-national-intelligence-susan-gordon. Thomas, ST 1988, ‘Assessing current intelligence studies’, International Journal of Intelligence and CounterIntelligence, vol. 2, no. 2, pp. 217–244. TikTok 2021, ‘Thanks a billion!’, TikTok News, 28 September, accessed 10 May 2023, https://newsroom.tiktok.com/en-us/1-billion-people-on-tiktok. Top500 2022, ‘Development over Time’, Top500, 1 November, accessed 20 April 2023, https://www.top500.org/statistics/overtime/.

44 Big Data Fuels Emerging Technologies Treverton, GF & Gabbard, CB 2008, Assessing the tradecraft of intelligence analysis, Intelligence Policy Center, RAND National Security Research Division, Santa Monica, CA. Tucker, D 2014, The end of intelligence: espionage and state power in the information age, Stanford University Press, Stanford, CA. Unsworth, K 2016, ‘The social contract and big data’, Journal of Information Ethics, vol. 25, pp. 83–97. van der Sloot, B, Broeders, D & Schrijvers, E (eds) 2016, Exploring the boundaries of big data, Netherlands Scientific Council for Government Policy, The Hague. van Dijck, J, Poell, T & de Waal, M 2018, The platform society: public values in a connective world, Oxford University Press, New York. Van Puyvelde, D 2018, ‘Qualitative research interviews and the study of national security intelligence’, International Studies Perspectives, vol. 19, no. 4, pp. 375–391. Vandepeer, C 2011, ‘Rethinking threat: intelligence analysis, intentions, capabilities, and the challenge of non-state actors’, PhD thesis, University of Adelaide. Véliz, C 2021, ‘Privacy and digital ethics after the pandemic’, Nature Electronics, vol. 4, no. 1, pp. 10–11. Wall Street Journal 2023a, ‘Alphabet Inc. Cl C’, Wall Street Journal, 6 April, accessed 6 April 2023, https://www.wsj.com/market-data/quotes/GOOG. Wall Street Journal 2023b, ‘Microsoft Corp.’, Wall Street Journal, 6 April, accessed 6 April 2023, https://www.wsj.com/market-data/quotes/MSFT. Wall Street Journal 2023c, ‘Apple Inc.’, Wall Street Journal, 6 April, accessed 6 April 2023, https://www.wsj.com/market-data/quotes/AAPL. Wall Street Journal 2023d, ‘Meta Platforms Inc.’, Wall Street Journal, 6 April, accessed 6 April 2023, https://www.wsj.com/market-data/quotes/META. Wall Street Journal 2023e, ‘Amazon.com Inc.’, Wall Street Journal, 6 April, accessed 6 April 2023, https://www.wsj.com/market-data/quotes/amzn. Watts, T 2020, Democracy and the authoritarian challenge, Lowy Institute, Canberra, https://myaccount.lowyinstitute.org/events/2020-npc-tim-watts. Wondracek, G, Holz, T, Kirda, E, & Kruegel, C 2010, ‘A Practical Attack to De­ anonymize Social Network Users’, in 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 223–238. World Bank 2023, ‘GDP (current US$)’, The World Bank, accessed 12 April 2023, https://data.worldbank.org/indicator/NY.GDP.MKTP.CD. Zegart, A 2022, Spies, Lies, and Algorithms: The History and Future of American Intelligence, Princeton University Press, Princeton. Zuboff, S 2019, The age of surveillance capitalism: the fight for a human future at the new frontier of power, Profile Books, London.

2

Big Data Landscape Challenges Fundamental Intelligence Principles and Practices

The big data landscape challenges some of the foundational principles and practices of intelligence. Whilst this research was conducted in Australia, many of the themes that surface here are expected to apply in other demo­ cratic countries. This chapter details how the big data landscape challenges principles and practices fundamental to intelligence. First, how digitisation and the big data landscape are changing the practice of secrecy in intelligence work and national security. Second, how the big data landscape impacts understandings of geographical jurisdiction, affecting the long-standing principle that distinguishes between intelligence collection and operations that occur onshore and offshore, as well as what constitutes nationality in the context of data. Third, emerging technologies are complicating intelligence, as well as challenging the national security approach to innovation and the way in which intelligence agencies adopt technologies. Fourth, big data challenges fundamental principles of intelligence storage and compartmen­ talisation which agencies rely on to reduce security risks and will be further complicated by new technologies. Fifth, the big data landscape has expo­ nentially increased security vulnerabilities and created national decisionmakers outside of government. Lastly, the big data landscape directly chal­ lenges existing methods of assessing social harms and national security threats. While participants in this research had varying views about the timeline and the extent of change, almost all participants saw data abundance, digital connectivity and ubiquitous technology combined as the harbinger of trans­ formational change. In many cases, big data and technologies like AI are exacerbating challenges associated with digitisation and digital transforma­ tion that are yet to be fully embraced within many agencies. In at least a third of the interview participants used the term ‘paradigm shift’ or ‘para­ digm change’ to describe what they saw as an inconceivably large transfor­ mation of the activities of intelligence. They used this term to describe their assessment of the culmination of the impact of the big data landscape demonstrated in this chapter. Many others did not use this exact term but referenced transformational change in the fundamentals, activities and goals of intelligence agencies. An example of this is: DOI: 10.4324/9781003389651-3

46 Challenges to Intelligence Principles and Practices given the ubiquity of the technology, the cheapness of the technology and the level of transformation around the technology… The impact [of big data] is vastly more fundamental to intelligence agencies and their activities than most people believe. (SDM) The way that intelligence as an activity is being and likely will be impacted by big data was expressed by the participants as a shift for the intelligence community, certainly in the future, but increasingly in the present. According to participants, the combination of data abundance and digital connectivity have ignited a rethink of how aspects of intelligence are practised, as well as challenging some of its fundamental principles. Whilst participants had varying views about the timeline and the extent of change, the fact that the NIC must now embrace big data for at least some, if not all, aspects of intelligence activity was universally accepted. As one SDM said: ‘If we don’t work out machine learning, it is game over. The key takeaway is that it is the future of all intelligence business because you can’t do this manually.’

Changing Role of Secrecy as a Practice of Intelligence Secrecy is a defining characteristic of intelligence and has long been con­ sidered one of the most integral components of intelligence activities and organisational culture (Lowenthal 2012, Richardson 2020). A key impact of the big data landscape is that very little is likely to remain secret forever (Hammond-Errey 2023). There is extensive coverage of the impact of an abundance of data and open-source intelligence (OSINT) on intelligence agencies (See Horlings 2023; Janjeva, Harris & Byrne 2022; Omand, Bartlett & Miller 2012; Zegart 2023). However, significant nuance that is vital to this discussion too often is lost in the public debate, including that the everchanging balancing of secrecy and transparency are disrupted by the big data landscape and that increasing declassification is changing the practice of secrecy in intelligence and national security decision-making. The requirements for secrecy vary by activity and agency in intelligence but are largely focused on protecting the sources and methods of intelligence (Agrell 2012, Landon-Murray 2016, Lefebvre 2018, Scott 2007). The type and temporality of secrecy required in Australian intelligence agencies varies depending on the kind of intelligence activity (Hammond-Errey 2023). Intelligence secrecy requirements also depend on the situation as well as dif­ ferent objectives, legislative frameworks and agency cultures. The valuable role of open-source intelligence does not render secret intelligence less valu­ able or significant. In fact, an argument can be made that it increases the premium on secret collection because so much else is knowable in the public domain. Irrespective, this debate should not be framed as mutually exclusive. The key benefits come from combining covert intelligence with open-source information, discussed in more detail in Chapter 4. As Shoebridge, Coyne

Challenges to Intelligence Principles and Practices 47 and Shah (2021, p21) note, ‘prioritisation of open sources doesn’t mean an end to specialist covert data collection.’ The big data landscape makes it more difficult for some activities to remain secret and is impacting the fundamental practices of ‘secrecy’ within intelligence agencies and their activities. ‘Secret’, ‘clandestine’ or sometimes ‘covert’ collection (Kent 1966; Lowenthal 2012; Scott 2007) can refer to the fact that the collection itself is happening (in the case of a delayed notifica­ tion search warrant), that the capability to collect something which is itself secret (such as the precise capabilities of signals, technical and satellite intel­ ligence collection), or both (that precise capabilities are directed at a specific target) (Hammond-Errey 2023). The impact of the big data landscape on the practice of intelligence is explored in more depth in Chapter 4. Preserving secrecy is a challenge in an environment of increased declassi­ fication of intelligence to share with a broader range of non-traditional sta­ keholders – as discussed in Chapter 3. In an interview on the author’s podcast series, Technology and Security (2023a) Jessica Hunter, from ASD, highlighted the role and frequency of disclosures from modern intelligence agencies with stakeholders; In the Russia–Ukraine crisis… a significant amount of intelligence is being declassified. What I think is probably not as commonly known is that occurs on a regular basis… On a daily basis, we are declassifying information in order to protect a victim, for instance, of a cyber incident or protecting a nation state. If we’re seeing that there’s an intelligence risk or challenge there. Intelligence will always inform foreign diplomacy and policy… The intent to declassify information to support another is often around what is the alliance and the relationship and the impact that we’re trying to achieve. It is incredibly nuanced and at times of conflict will be very, very different to time of contestability or in peace time. That’s where I think it’ll be interesting over the next five or 10 years to see how that sharing of intelligence shapes diplomacy based on the type of environment in which we’re operating in. (Technology and Security 2023a) Declassification and release of intelligence is an increasing phenomenon. Examples can be seen by the declassification of intelligence from the US in the days before the Russian invasion of Ukraine in 2022, and the declassifi­ cation of an intelligence community assessment of Russia’s activities in the 2016 US presidential election (US Senate Select Committee on Intelligence 2017, Zegart 2023). The role of the Australian intelligence community in assessing Huawei’s involvement in the National Broadband Network (LuYueYang 2012) was made public (Hartcher 2021) although the contents of its assessment were not declassified in the same way. In an interview on the author’s podcast series, Technology and Security (2023b) Sue Gordon outlined why this was valuable:

48 Challenges to Intelligence Principles and Practices I think the disclosures by Edward Snowden were really significant [as they] broke open this idea that there were intelligence activities going on broadly about which the American people and our allies and partners had opinion. And we had a hard time explaining what we were doing because we were so used to never talking about it… Move forward in time. You [have] the Ebola crisis in 2014, where the National Geospatial Intelligence Agency figures out that if it releases some of its imagery and mapping data that it can positively affect the treatment and containment of that… taking a national security resource and making it openly available… Then you have the Skripal incident where the intelligence community figures out that it needs to reveal that Russia used a fourth­ gen nerve agent to try and assassinate somebody because otherwise we couldn’t stop the counter narrative coming forward. Then you have 2016, the Russian interference in our election, and we have to reveal that because it’s the American people that are being affected … I think it’s just this movement of recognition that you have to be able to share some of the information to the people that are being affected in order to engender trust… Participants in this research indicated that secrecy and transparency must continuously be rebalanced in a democratic state. Additionally, as outlined in Chapter 7 on trust, participants indicated that for the first time in history, members of the intelligence community believe that an increased public pro­ file and public engagement were important. Indeed, the gap between com­ munity expectation and intelligence capabilities must not be a gulf so far that it cannot be bridged (Hammond-Errey 2023). Participants indicated that policymaker awareness about secrecy trade-offs need to appreciate these dis­ tinctions and consider what is and needs to be designated as secret. This tension has long existed, however the big data landscape means that the tensions between secrecy and transparency are – or will likely become – more public.

Nationality Matters: Understanding Geographical Jurisdiction In the intelligence business, nationality matters. Geographical jurisdiction and nationality are critical for intelligence activities. In democracies, foreign intelligence collection agencies are largely prohibited from collecting on their own citizens. In Australia, the legislative framework is based on fundamental intelligence principles that make a distinction between Australians and nonAustralians and between operations that occur onshore and those that take place offshore. Australian intelligence agencies with a foreign collection mis­ sion are generally prohibited from collecting in Australia or on Australian citizens unless they have Ministerial approval1. To comply with their legisla­ tive framework, foreign intelligence agencies must distinguish between ‘nonAustralian’ and ‘Australian’ data and entities within the stratospheric data

Challenges to Intelligence Principles and Practices 49 sphere. This requirement places significant importance on the distinction between what is Australian and non-Australian, whether that be people, locations or data. The features of the big data landscape challenge the prac­ tical reality of this distinction as they can obfuscate the geographical origin, transit and destination of communication or data, as well as the nationality of the user – intentionally and unintentionally. The need to distinguish nationality is simply not always possible with contemporary digital commu­ nications, and new emerging technologies such as artificial intelligence will exacerbate this challenge. How does the intelligence community understand and provide assurance that the data it collects is done in way that it meets legislative requirements and maintains the trust of government and therefore the public? The pace, volume and breath of data sources used by the community, unclassified and classified, is making this increasingly challenging. Nevertheless, nationality remains a critical distinction in intelligence collection and the desire to pro­ tect the privacy of Australians is closely connected to ideas of democracy and sovereignty. Participants from agencies with a legislatively defined foreign focus discussed the challenges of the big data landscape on their remit and bounds of operation; one participant explained that ‘in order to avoid col­ lection in Australia and on Australians, data must be considered in context and the challenge is that identifying if someone – or data about someone – is Australian is very difficult’ (SDM). Some participants outlined how digital connectivity and technical realities have reduced their ability to determine if the person communicating, or the data of the communication is from – or transiting through – a specific geo­ graphical jurisdiction: ‘The traditional SIGINT role relating to tele­ communications has changed … it presumes point to point identification, which has changed and data can come from all over’ (SDM). One partici­ pant provided an example of the complexity of telecommunications in a digitally connected world: As a foreign intelligence agency, we need to know where people are … The way modern communications work, because phones are not attached to the wall anymore, that connection is really hard to make … So, to give you a use case of what that looks like, if I am talking to you right now on my phone, because Australia is not the centre of the world when it comes to the internet, our communications are almost certainly traversing a server offshore, especially if you are using an app. (ODM) Participants also highlighted the challenges stemming from connectivity that obscures the originating jurisdiction of data, both intentionally and unin­ tentionally. In this way, abundant data and digital connectivity are challen­ ging compliance with existing national legislation. Participants from technical collection agencies highlighted aspects of legislation that have not

50 Challenges to Intelligence Principles and Practices kept pace with jurisdictional shifts in technological development. For exam­ ple, one participant explained that, legislatively, ASD is required to distin­ guish between Australian and non-Australian people and communications to remain compliant, even if they are unable to make that assessment on single pieces of information: If I see this thing for a fleeting second, can I be sure I can lawfully collect this in terms of ASD’s functions and being legislatively compliant, or do I need to analyse it in the context of other information to be able to then make an accurate assessment that yes indeed I am able to look at this information? (SDM) Another participant explained the potential role of big data in improving their ability to understand the jurisdiction of data collected, or the nationality of the user behind the data: Australia’s current legislative framework is set up around the premise that you can make those judgements by a single intercept at a point in time and that you can make them with certainty. I guess what we are saying is that you can make those judgements with a lot more certainty if you are making them across data sets, rather than in isolation which is not reflected in the law at the moment. (SDM) One participant described a similar challenge in a different intelligence col­ lection discipline, explaining image collection that may inadvertently record Australians (in foreign cities): ‘The whole concept of incidental collect is a tricky one, so if you are imaging [referring to satellite imagery] a particular target in a particular city; you end up collecting a quarter to a half of a city’ (SDM). In this case, you are collecting data that is incidental to the target you are focused on, simply because imaging captures are very large. Partici­ pants described the many hours of work that go into removing data that agencies identify as possibly including Australians, whether that be foreign intercepts of communication or imagery. One participant noted: Australians are all over the world now so there’s always incidental col­ lection. You’re always stumbling across Australian data and have to get rid of it. You deal with it, but it is increasingly hard to know whether it is Australian data. (ISME) Some participants described that, when they are unable to assess whether there is data pertaining to an Australian citizen amongst this data, their collection and analytical remit and capabilities are reduced:

Challenges to Intelligence Principles and Practices 51 So, we are collecting an offshore communication, because that’s what we do and we can’t have absolute confidence that you are a foreign person and you are outside Australia then that restricts what we can do. So, our activities are restricted by the fact that location is now vague and identifying specific people is now vague. (ODM) Almost all the participants from technical collection agencies suggested that big data, automation and machine learning algorithms could one day be used to ensure compliance with the legislative framework in the context of establishing jurisdiction (over a person or data). Participants described the need for larger aggregation of data to be able to improve assessments about location or citizenship of individuals and their data. As one participant noted: ‘one of the reasons we need big data is to compliantly collect the needle in the haystack you need a bigger haystack’ (SDM). Another asserted that ‘the more data you have, the more compliantly you can identify the fact that the specific piece of data holds something of intelligence value’ (SDM). Whilst more data has the capacity to increase compliance, it also introduces tensions between potential privacy intrusion and large-scale data collection for the purposes of identifying nationality, jurisdiction or compliance. The impacts of data collection on intelligence practices are unpacked in more detail in Chapter 4, on privacy in Chapter 5 and on ethics in Chapter 6. Whilst data makes the source jurisdiction of some modern intelligence collection more difficult to identify, its abundance also offers the potential to more clearly infer the exact jurisdiction and value of intelligence. However, this conflicts with both existing legislative compliance, and principled dis­ tinctions of intelligence (Richardson 2020). More data can help improve the certainty of compliance by providing additional context, however, each additional data point further complicates the compliance burden by its con­ sideration. The big data landscape increases the existing tensions between compliance, transparency and respecting the continued distinction of jurisdiction necessary in data collection by intelligence agencies.

Technology Convergence Complicates Intelligence and Challenges Innovation Many argue technology has created a more complex world – with the ‘mul­ tiplicity, interdependence, and diversity’ of our environment moving beyond the cognitive threshold of individual comprehension (Sargut & McGrath 2011, p. 70). Participants described how they saw the convergence of data and emerging technologies in different fields and industries as complicating intelligence analysis relating to technologies and challenging the national security approach to technology innovation and adoption. The complexity and ubiquity of technology and the type and speed of its change was refer­ enced universally by the participants, who explained the impact on their

52 Challenges to Intelligence Principles and Practices specific intelligence disciplines. One participant revealed the challenges of understanding what they saw as increased complexity: When I was doing my PhD, I would read Scientific American. Today, you need a PhD in the specific topic to understand any of it. As much as I try to keep up you just can’t. The problem today is that you are not just talking about a single technology but twenty technologies that can be combined. Big data, synthetic biology, artificial intelligence, they are completely changing medicine. Rapid change is happening everywhere in every field. (SDM) Another participant outlined how the speed and ubiquity of technology has impacted communications and thus signals intelligence using a model of communications: The complexity of the communications environment has changed incredibly fast … If you go back twenty years, you had a lot of variation in the bottom half of the OSI [open systems interconnection] commu­ nications model,2 where you have your transmission layer and transport layer and various things like that, but not much change in the top. The top would have been carrying telex or fax or something – the content itself – but there was a limited a number of things it was carrying. Today, there is a new application released on the app store every 15 to 30 sec­ onds, so at the bottom of the OSI model where we used to see a lot of variability, we now just see IP [internet protocol]. And at the top of the model in the content layer we have, not quite infinite diversity, but incredible diversity and we need to be able to deal with that … It means for us in practice that every 15 to 30 seconds what used to be a source of something useful to us may just be something we have never seen before. So, the impact of big data is complexity, rate of change and the dynamic nature of change. (SDM) Collection and analysis of electronic communications are integral to signals intelligence and relied on by many intelligence agencies (including all-source assessment agencies) as well as in varying contexts, law enforcement and criminal intelligence. A participant from another agency highlighted a similar notion about the changed nature of intelligence collection to focus more clearly on IP and customer profiles: The volumes are incredibly large now, the diversity is so much greater … We’re finding that traditionally the linkages we need or the profiles we need to build cannot be achieved all from that financial dataset, so the days of a beneficiary and an ordering customer being pretty good data is

Challenges to Intelligence Principles and Practices 53 gone, so it’s more about things like the IP or the profile or customer type that links in together now. (SDM) The exponential growth and widespread adoption of technologies has been so rapid, that, according to participants, it is outstripping the NIC commu­ nity’s ability to understand the long-term implications and impacts on national security and intelligence. Several participants highlighted the speed from the time of development of cutting-edge research to application in the real world, with a few suggesting this timeframe was within hours and days. After discussing a range of technologies, one participant used the example of the speed at which facial recognition capabilities were moving and their potential to be deployed on a mass scale: Five years ago, facial recognition was a niche capability that was still in its embryonic stages of development. I see where it is now … It has gone a million miles an hour. We are going to be the same with smart analy­ tics around big data utilisation. In the next five years it is going to be ready to use on a mass scale … The speed of change is huge. (SDM) Participants from agencies and areas with an assessment focus indicated that technology is moving so fast – and in very particular niche scientific disciplines – that they were not always able to make sense of, assess and communicate the challenges and implications. In short, participants indicated that the speed and scale of change is outstripping their ability to fully understand it, consistent with much of the public commentary on big data: I think across the whole community, the [tech] capability development needs support to deal with how rapidly the world is changing. Things are changing so quickly and it is becoming harder and harder to keep up so I think we need a better understanding and it is really a whole of government problem to be honest. (TECH) Many interviewees expressed that, notwithstanding the existing technological changes, they felt society remains on the cusp of as yet incomprehensible transformation. Participants highlighted a range of potential changes on the horizon, positing that many will have radical shifts for society and the NIC. Some articulated the type and speed of change as an existential threat or challenge, while others talked about the practicality of this. Emerging from the research was the notion that the type and speed of change are rapid and complex and that they challenge the existing model of intelligence collection, connection and analysis.

54 Challenges to Intelligence Principles and Practices I guess a big one for me is that it is all changing really quickly, is about scope and scale – what does that actually look like in five or 10 years and what do the analytics look like in five or 10 years? If you believe respectable people about machine learning and AI, there are some pretty huge changes coming down the track. We are starting to see that in terms of facial recognition and that has got a huge impact in terms of our collection posture, but also in terms of our legislative framework and social licence to operate. We aren’t there yet because we don’t have that capability but if things develop along that trajectory, that would happen quickly and I think there is an opportunity to be ahead of some of those questions. (SDM) The kinds of emergent technologies that participants described as being of greatest national security interest include advanced materials, artificial intel­ ligence and machine learning, telecommunications infrastructure (especially IoT and 5G), quantum computers, semiconductors and biotechnologies. Whilst not all participants raised all of these technologies, these were the most frequently discussed. One SDM highlighted that their agency’s role includes providing advice to the government about technologies, and that they are challenged by the need to comprehend the breadth and depth of existing and future capabilities: ‘Understanding what transformational technology we should invest in is a key question for government – not unreasonably … The list is extremely long and they are all critically important’ (SDM). One ISME explained the thinking behind the 2017 Independent Intelligence Review (Department of the Prime Minister and Cabinet 2017), which recommended a Joint Capability Fund (JCF),3 established in 2019: All of these agencies I think need to shift their mindset into thinking about the technologies and capabilities that will be of benefit to the whole community. That was a big part of our thinking in recommending the Joint Capability Fund for ONI to manage. Not only did it give it a bit more bureaucratic weight as an organisation; it would be a program and funds they actually control. Also, it would be reserved for proposals that were of benefit for intelligence integration across the intelligence community, not primarily for any single agency. One SDM outlined how the Joint Capability Fund is intended to operate, saying: it is not an insignificant amount of money to allow ONI to do precisely this. We have built a framework around the JCF and that allows us to progress projects on behalf of the community that the community would not have otherwise done for itself.

Challenges to Intelligence Principles and Practices 55 When asked to list ONI’s priorities for the JCF, one participant responded with: ‘artificial intelligence, machine learning, big data sets, synthetic biology, robotics, nanotechnologies, advanced materials, microwave space systems’ (SDM). Participants described how government access to technology has not kept pace with the type and speed of technology, outlining in particular the bureaucratic, often lengthy processes to gain access to technology and cap­ abilities. A large number of participants discussed funding challenges for individual agencies and long timeframes for purchasing technology, which mean that timeframes for approval exceed timeframes for creation of technology, ensuring outdated acquisitions. One SDM explained: The intelligence agencies are in a public sector bureaucracy, while the timeframe from advanced analytics to their real-world application is six hours. If I want to go and buy a new computer system, an artificial intelligence system, I have to go through the whole ICT procurement framework. It is a bureaucratic reality. The Joint Capability Fund. Fast, adaptable, quick, agile, all that … It’s got to go Department of Finance, whole-of-government stakeholders and signed by Prime Minister. All rightfully so. You talk about innovation funds, but innovation funds don’t work if there isn’t a willingness to piss 40–50 per cent of the money against wall. Fast, fail, move on. You can’t go out and get three different quotes for the cheapest innovation. I’m not being flippant, but this hap­ pens and it’s the reality we live in. The JCF funding model is six months to a year ahead. It’s too long, vastly too long so we are trying to find ways of cutting that down. Governments just can’t operate in these timeframes anymore. Particularly when adversaries have access to this in real time. (SDM) In this context, the participant used the term adversaries to refer to author­ itarian, non-democratic states that usually do not experience the same con­ straints when it comes to accessing private-sector technologies and data. Many technologist participants provided concrete examples of challenges posed by specific technologies and the issues they faced in accessing big data technolo­ gies based in or owned by foreign jurisdictions. In this vein, Coyne, Shoebridge and Zhang (2020, p. 23) offer a detailed analysis of cloud infrastructure. They identified the cloud as a critical national security capability and included an overview of ASIO’s enterprise technology platform. Commercial cloud cap­ abilities – and the challenges inherent in obtaining access to them within NIC agencies due to security restrictions and offshore cloud data centres – were extensively discussed by participants, as this comment highlights: All of the leading-edge technologies are offshore. They have massive server farms in California and those areas that are able to crunch

56 Challenges to Intelligence Principles and Practices through these things and do amazing things with the data but we can’t access them, as aspects of legislation won’t allow our data offshore … I think it is going to become a big problem for the sector because we will never be able to build server farms that size. I don’t think we will ever have that amount of funding which means we will never be able to get to that optimised processing that the private sector has access to. (TECH)

Big Data Challenges Intelligence Security Big data has increased the risks and consequences of security breaches (Department of the Prime Minister and Cabinet 2017, p. 28) and this chal­ lenges the fundamental practice of intelligence storage and security, which is to silo and compartmentalise. Security clearances and compartmentalising information are two primary mechanisms of protecting intelligence collection and information accessed through intelligence activity. These safeguards are intended to lessen the risk and impact of espionage or security breaches by restricting access across information sets. The big data landscape challenges how information and data are collected and held by intelligence agencies. Intelligence agencies have traditionally compartmented information into silos to reduce the risk of large breaches (or ‘unauthorised disclosures’) (Vogel, et al. 2021, p. 830). This is traditionally done by segmenting – called ‘compartmenting’ – whole intelligence dis­ ciplines such as signals or human intelligence, conducted by different agen­ cies (Richardson 2020, p. 36) as well as putting a specific compartment around small ‘briefed’ groups who are actively working on an issue (Attorney General’s Department 2023, p. 11). Big data directly challenges this approach to information collection, storage and analysis because the insights are derived by analytics across data sets that are as large as possible. As the 2017 Independent Intelligence Review noted, the very nature of holding and con­ necting large digital data sets directly challenges the practice of compart­ mentalising information and increases the risks and consequences of security breaches (Department of the Prime Minister and Cabinet 2017). The risk associated with digital information holdings (especially when combined with insufficient access controls and protections) is that greater volumes of sensitive intelligence can be broadcast at speed. This risk has been highlighted in cases such as Edward Snowden and WikiLeaks (Lyon 2015; Vladeck 2014). Volumes of classified intelligence have been broadcast to the world in a manner simply not possible prior to digitisation. While intelligence historians will note many examples of unauthorised disclosure, the technology of the day predominately saw single or small batches of transmissions to a limited audience, not entire data sets to a global audience. The impact of big data on safeguarding information gathered through intel­ ligence activity or intelligence collection methodologies was an area of concern raised by most participants.

Challenges to Intelligence Principles and Practices 57 There are a variety of opinions about how intelligence communities glob­ ally should manage the risks that have emerged as a result of digitisation. Lim (2015, p. 635) argues the case in the USA for a shift away from ‘the secretive, highly compartmentalized and rigidly hierarchical mould typifying the realm of intelligence and national security, and towards relatively more open modes of intelligence management’. One participant described this process in Australia: What big data does first and foremost is that it challenges the notion of a national security community … You can’t do this [intelligence work] in the siloes that the national security has always worked in, where there is this kind of INT [intelligence], that kind of INT and it is all held separately. (SDM) This participant’s view reflected that of many participants within this study, that the way data is compartmentalised and held separately challenges the effective use of big data. In the UK an argument has been made that there is a need to develop a new operating environment ‘that incentivises data shar­ ing for the greater good as well as more sophisticated risk-assessment models and techniques around that sharing’ (Couch & Robins 2013 p. 32. See also, Waters 2014, p. 43) to mitigate the risks of large-scale intelligence breaches associated with digitisation. One participant suggested the use of analytics to mitigate the risk of information breaches, by automating aspects of the ongoing security clearance process: Big data analytics that watches me. I sign a piece of paper that allows the government, the intelligence and security services to have access to my TFN [tax file number], my bank accounts, my everything and the ana­ lytics just run over it and no need for a human to look at it and go he is okay. Why don’t we do that? (SDM)

National Security Decision-Making Outside Government Decision-making about national security matters and decisions that impact national security occurs within government and increasingly, in part because of the big data landscape, outside of government. How the big data landscape has concentrated critical digital infrastructure in the form of unprecedented infor­ mation, computational and economic power within a small number of compa­ nies was detailed in Chapter 1. This section highlights the effects that these concentrated information flows, data sets and technical capabilities, including data storage and computing power have for national security decision-making. Technology companies are increasingly central to national security chal­ lenges. The immense power of technology companies can be seen in the geopolitical implications of their choices. Simultaneously, a wide range of

58 Challenges to Intelligence Principles and Practices companies are on the forefront of many national security threats, from data security and cyber security to telecommunications and critical infrastructure. Decision-making about national security continues in government, however, it also increasingly occurs in the private sector and especially within tech­ nology companies. Many of these decisions are consequential. This creates new dynamics between commercial and national security decisions within companies as well as between government agencies, policymakers and pri­ vate-sector companies. These dynamics – and the competing tensions and complexities – were raised by participants in a range of interviews. Cyberspace raises questions about who counts as a national security deci­ sion maker and how intelligence communities should interact with them (Zegart 2022, p. 274). The increased role or significance of private-sector actors in both societies, and in national security, comes with a heightened emphasis on security and vulnerabilities. Cyber vulnerabilities are weaknesses in system security procedures, design, implementation, or internal controls that could be exploited or triggered by a threat (Australian Cyber Security Centre 2023; National Institute of Standards and Technology 2018). These are sometimes referred to collectively as an ‘attack surface’ and the larger the attack surface the greater the chances of an adversary finding an exploitable security vulnerability (Manadhata & Wing 2011, p. 375, Dahj 2022, p. 171). An attack surface in this context includes data and data security, cyber security, computational capabilities and information flows, as ‘the set of entry points and exit points, the set of channels, and the set of untrusted data items are the relevant subset of resources that are part of the attack surface’ (Manadhata & Wing 2011, p. 375). This broad attack surface has many more vectors, in diffuse organisations and jurisdictions making it more complex. Furthermore, companies create, use and control vast troves of personal data (Birch & Bronson 2022), data storage and computational capabilities (Lehdon­ virta 2023) and information flows (Santesteban & Longpre 2020) as well as bil­ lions of users (Kemp 2023), from whom they collect data but also have varying degrees of influence over (Davidson 2017; Griffin 2019; Zuboff 2019). Societal reliance on digital infrastructure and providers of digital services means many companies are also a potential attack surface for national security threats. In an interview on the author’s podcast, Technology and Security (2023b), Sue Gordon built on the participants views to outline the challenges of national security decisions in commercial enterprises. The threat surface extends beyond governmental control and national security decision makers are outside the government. I think we need to get the companies to recognise that they are actually making national security decisions… whether that is the telecommunications industry that decided that they wanted to walk away from the low-profit baseband communications and so you see China take that over. They did that from an efficiency perspective, but had they thought about what they were doing from a national security perspective, would they have made the

Challenges to Intelligence Principles and Practices 59 same decision? They’ve got to recognise that they’re playing a role in national global security. Large technology companies have been impacting national security deci­ sions for some time. The use of SpaceX’s ‘Starlink’ satellite system in Ukraine provides a specific example of this during conflict. Throughout Russia’s invasion of Ukraine, Starlink has provided vital online connections for civilian and military coordination (Lerman & Zakrzewski 2022). The system – initially co-funded by Western governments (predominantly for the service’s terminals) and SpaceX (for the connection) (Lerman & Zakrzewski 2022; Metz 2022) – was delivered at the start of the war and continued throughout the conflict. The system has been described as essential by US military officials (Capaccio 2023) and Ukrainian President Volodymyr Zelenskiy commented that ‘life was maintained’ thanks to Starlink. Ukrai­ nians have benefited from Starlink’s initial rollout of terminals, ongoing connection and its response to Russian jamming efforts (Capaccio 2023; Lerman & Zakrzewski 2022). The high-profile and public reliance of the Ukrainian military and civilian infrastructure on a single private company’s services has exposed new vulner­ abilities. SpaceX CEO Elon Musk has publicly suggested that SpaceX might defund (Metz 2022) or restrict access to specific services, such as prohibiting its use for long-range drone strikes – with SpaceX’s COO noting the system was ‘never meant to be weaponized’ (Satariano 2023). Musk publicly proposed peace plans that include ceding Ukrainian land to Russia, a prospect directly counter to the national security interests of the Ukrainian military and the public who currently use Starlink technology (Metz 2022). It was revealed in June 2023 that SpaceX signed an ongoing contract with the Pentagon to supply Starlink in Ukraine (Capaccio 2023), formalising the arrangement in a more traditional manner. The prominent public role of Musk and Starlink technology has provided insight into the significant ability of individuals and companies to impact and make national security decisions outside of the traditional national security apparatus of government. The big data landscape has created a very broad attack surface across many diffuse industries and commercial entities, and each of these has the capacity to impact national security decision-making. This has created a new ‘operating environment’ for national security agencies and requires a deeper understanding of the way whole-of-government efforts operate and the kind of capabilities available in agencies and industry.

Big Data Challenges Existing Methods of National Security Harm and Threat Assessment The big data landscape is challenging existing ways of assessing national security harms and threats, which have historically been focused on direct physical harm, and to a lesser extent economic harm, to the nation-state and

60 Challenges to Intelligence Principles and Practices its citizens. Assessing harms to society is usually referred to in intelligence as threat assessment (Vandepeer 2011). According to participants in this study, the focus on physical harm is now disproportionate to the threats presented by big data and emerging technologies and the national security community alone is not equipped to make harms assessments. Participants indicated that the big data landscape is challenging what we think national security is and how that might be assessed. Some participants indicated the changes heralded by big data mean society needs to ask new questions about what it sees as important to protect: We kind of do move to a world where you need to say these are the things that really matter to us. The things that make our society function matter to us. The thing that matters to our people is their way of life. The defence department, the national security community role is to protect the way of life the government has established … Not just territorial integrity. (SDM) The big data landscape has created more diffuse vulnerabilities and the existing methods of harm and threat assessment are disproportionally focused on physical harms. One example of this is that many participants explained that, whereas traditionally threats would come to the nation-state or civilians at or through a physical border, they can now also come through any device from any jurisdiction. Participants described this in the context that there are now myriad ways to threaten national security – some available only to nation-states (such as traditional nuclear power) but many more are available to a wider range of entities. One group discussion provided an example of a stock exchange or banking institution impairment, which would have real-world ramifications. Either can be impacted by physical damage or destruction, cyber-attack, natural or human-instigated disasters such as flooding or power failure, or fear of the institutions’ ability to function or lack of trust in the integrity of its people, such as through real or perceived insider trading. One participant explained that it is ‘increasingly complex to understand actions that result in the loss of human life and an action that doesn’t’ (SDM) and drew on an analogy with state-based threats to explain: So, the example for me is would you retaliate if an adversary put a cruise missile in Wall Street and knocked off the stock exchange? You would, right, you’d fire a missile back. But would you retaliate if someone closed down the stock exchange by cyber-attack and maimed it so badly it could not get set up? (SDM) According to participants, the big data landscape has significantly changed how agencies might assess threats across each of those vectors and access to

Challenges to Intelligence Principles and Practices 61 the data needed to make those assessments, as well as how options for response are identified: A key challenge here is around proportionate responses and equivalency. So, if we look at the traditional defence model you have war and peace on each end of a spectrum with quite clearly defined behaviour. In the middle though is a whole grey zone of activity ranging from state-sponsored influence to malware, to election interference. We don’t really have the mechanisms or decision-making frameworks to respond in equivalency and in proportion­ ality but on a different medium. You know, if someone blows up something of ours, can we irreversibly corrupt one of their national databases? (SDM) Participants described the way that big data itself may be considered a national security asset and one participant noted this in relation to data sets on Australians that could be deemed as national security assets or infra­ structure irrespective of the ownership of data: ‘So, if information about my population is something I want to protect … then I need to protect that, wherever the data sits’ (SDM). Participants indicated that an impact of big data is a need to re-evaluate our understanding of what harm to society is: I think this goes to the heart of the need for a debate around national security which we just have not had with the public since the Cold War. And a detailed one where we almost agree as a nation what matters to us and what doesn’t and when does it matter? (SDM)

Notes 1 The constraint on foreign intelligence collection is set out in the Intelligence Ser­ vices Act 2001 (Cth) and the communication or dissemination of intelligence col­ lected on Australians by foreign intelligence agencies is governed by Privacy Rules, which ASIS, ASD and AGO make available on their websites. It is possible to obtain Ministerial authorisation for some specific circumstances which are set out in the Intelligence Services Act 2001 (Cth) and Privacy Rules. Additionally, some agencies such as ASD have additional functions, such as cyber security collection in Australia. The blurring of boundaries between foreign and domestic intelligence functions and agencies is a complex and ongoing debate. 2 The open systems interconnection, or OSI, model is a layered model of how communications are put together. 3 The Joint Capability Fund is managed by ONI, as outlined in Chapter 2.

References Agrell, W 2012, ‘The next 100 years? Reflections on the future of intelligence’, Intelligence and National Security, vol. 27, no. 1, pp. 118–132.

62 Challenges to Intelligence Principles and Practices Attorney General’s Department 2023, ‘Policy 8: Sensitive and classified information’, Protective Security Policy Framework, 23 March, accessed 17 May 2023, https:// www.protectivesecurity.gov.au/system/files/2023-01/pspf-policy-08-sensitive-and-cla ssified-information.pdf. Australian Cyber Security Centre 2023, Information Security Manual (ISM), Australian Signals Directorate, Canberra, Australia. Birch, K & Bronson, K 2022, ‘Big Tech’, Science as Culture, vol. 31, no. 1, pp. 1–14. Capaccio, A 2023, ‘Elon Musk’s SpaceX Wins Pentagon Deal for Starlink in Ukraine’, Bloomberg, 2 June, accessed 13 June 2023, https://www.bloomberg.com/ news/articles/2023-06-01/musk-s-spacex-wins-pentagon-deal-for-its-starlink-in-ukra ine#xj4y7vzkg. Couch, N & Robins, B 2013, Big data for defence and security, Royal United Services Institute (RUSI), London. Coyne, J, Shoebridge, M & Zhang, A 2020, National security agencies and the cloud: an urgent capability issue for Australia, ASPI, Barton ACT. Dahj, JNM 2022, Mastering cyber intelligence: gain comprehensive knowledge and skills to conduct threat intelligence for effective system defense, Packt Publishing, Birmingham. Davidson, D 2017, ‘Facebook targets ‘insecure’ young people’, The Australian, 1 May, accessed 12 May 2023, https://www.theaustralian.com.au/business/media/fa cebook-targets-insecure-young-people-to-sell-ads/news-story/a89949ad016eee7d7a6 1c3c30c909fa6. Department of the Prime Minister and Cabinet 2017, 2017 Independent Intelligence Review, Commonwealth of Australia, Canberra. Duffy, K, 2022, ‘A top Pentagon official said SpaceX Starlink rapidly fought off a Russian jamming attack in Ukraine’, Business Insider, 22 April, accessed 20 May 2023, https://www.businessinsider.com/spacex-starlink-pentagon-russian-jamming-a ttack-elon-musk-dave-tremper-2022-4. Griffin, P 2019, ‘Facebook won’t give up its insidious practices without a fight’, Noted, 22 March. Hammond-Errey, M 2023, Secrecy, sovereignty and sharing: How data and emerging technologies are transforming intelligence, United States Studies Centre at the University of Sydney, Sydney. Hartcher, P 2021, ‘Huawei? No way! Why Australia banned the world’s biggest tele­ coms firm’, Sydney Morning Herald, 21 May, accessed 10 May 2023, https://www. smh.com.au/national/huawei-no-way-why-australia-banned-the-world-s-biggest-tele coms-firm-20210503-p57oc9.html. Horlings, T 2023, ‘Dealing with Data: Coming to Grips with the Information Age in Intelligence Studies Journals’, Intelligence and National Security, vol. 38, no. 3, pp. 447–469. Janjeva, A, Harris, A & Byrne, J 2022, ‘The Future of Open Source Intelligence for UK National Security’, Royal United Services Institute for Defence and Security Studies, London. Kemp, S 2023, ‘Digital 2023’, We are social, 26 January, accessed 5 April 2023, http s://wearesocial.com/au/blog/2023/01/the-changing-world-of-digital-in-2023-2/. Kent, S 1966, Strategic intelligence for American world policy, Princeton University Press, Princeton, NJ. Landon-Murray, M 2016, ‘Big data and intelligence: applications, human capital, and education’, Journal of Strategic Security, vol. 9, no. 2, pp. 94–123.

Challenges to Intelligence Principles and Practices 63 Lefebvre, S 2018, ‘Why Are State Secrets Protected from Disclosure? The Discourse of Secret Keepers’, The International Journal of Intelligence, Security, and Public Affairs, vol. 20, no. 3, pp. 204–229. Lehdonvirta, V 2023, ‘Behind AI, a massive infrastructure is changing geopolitics’, Oxford Internet Institute, 17 March, accessed 10 April 2023, https://www.oii.ox.ac. uk/news-events/news/behind-ai-a-massive-infrastructure-is-changing-geopolitics/. Lerman, R & Zakrzewski, C 2022, ‘Elon Musk’s Starlink is keeping Ukrainians online when traditional Internet fails’, Washington Post, 19 March, accessed 20 April 2023, https://www.washingtonpost.com/technology/2022/03/19/elon-musk-ukraine-starlink/. Lim, K 2015, ‘Big data and strategic intelligence’, Intelligence and National Security, vol. 31, no. 4, pp. 619–635. Lowenthal, MM 2012, Intelligence: from secrets to policy, 5th edn, Sage/CQ Press, Los Angeles, CA. Lu-YueYang, M 2012, ‘Australia blocks China’s Huawei from broadband tender’, Reuters, 26 March, accessed 18 May 2023, https://www.reuters.com/article/us-a ustralia-huawei-nbn-idUSBRE82P0GA20120326. Lyon, D 2015, ‘The Snowden stakes: challenges for understanding surveillance today’, Surveillance & Society, vol. 13, no. 2, pp. 139–152. Manadhata, PK & Wing, JM 2011, ‘An Attack Surface Metric’, IEEE Transactions on Software Engineering, vol. 37, no. 3, pp. 371–386. Metz, C 2022, ‘Elon Musk backtracks, saying his company will continue to fund internet service in Ukraine’, The New York Times, 10 October, accessed 19 April 2023, https:// www.nytimes.com/live/2022/10/15/world/russia-ukraine-war-news#musk-ukraine-intern et-starlink. National Institute of Standards and Technology 2018, ‘vulnerability’, Computer Security Resource Centre, accessed 17 May 2023, https://csrc.nist.gov/glossary/ term/vulnerability. Omand, D, Bartlett, J & Miller, C 2012, #Intelligence, Demos, London. Richardson, D 2020, Comprehensive Review of the Legal Framework of the National Intelligence Community, Commonwealth of Australia, Canberra. Santesteban, C & Longpre, S 2020, ‘How big data confers market power to big tech: leveraging the perspective of data science’, Antitrust Bulletin, vol. 65, no. 3, pp. 459–485. Sargut, G & McGrath, RG 2011, ‘Learning to live with complexity’, Harvard Business Review, vol. 89, no. 9, pp. 68–136. Satariano, A 2023, ‘Elon Musk doesn’t want his satellites to run Ukraine’s drones’, The New York Times, 9 February, accessed 19 April 2023, https://www.nytimes. com/2023/02/09/world/europe/elon-musk-spacex-starlink-satellite-ukraine.html. Scott, L 2007, ‘Sources and methods in the study of intelligence: a British view’, Intelligence and National Security, vol. 22, no. 2, pp. 185–205. Shoebridge, M, Coyne, J & Shah, R 2021, Collaborative and Agile. Intelligence Com­ munity Collaboration Insights from the United Kingdom and the United States Australian Strategic Policy Institute, Canberra. Technology And Security 2023a, Audio podcast, United States Studies Centre, Sydney, 28 February, accessed 12 May 2023, https://www.ussc.edu.au/analysis/emerging­ technologies-and-signals-intelligence-with-the-jessica-hunter. Technology And Security 2023b, Audio podcast, United States Studies Centre, 24 May, https://www.ussc.edu.au/analysis/technology-and-security-ts-podcast-intelligence-a i-and-aukus-with-former-us-principal-deputy-director-of-national-intelligence-susa n-gordon.

64 Challenges to Intelligence Principles and Practices US Senate Select Committee on Intelligence 2017, ‘ODNI Statement on Declassified Intelligence Community Assessment of Russian Activities and Intentions in Recent U. S. Elections’, accessed 20 February 2023, https://www.intelligence.senate.gov/hearings/ open-hearing-intelligence-communitys-assessment-russian-activities-and-intentions-201 6-us. Vandepeer, C 2011, ‘Intelligence analysis and threat assessment: towards a more comprehensive model of threat’ [conference presentation], 4th Australian Security and Intelligence Conference, Perth, 5–7 December. Vladeck, SI 2014, ‘Big data before and after Snowden’, Journal of National Security Law and Policy, vol. 7, pp. 333–339. Vogel, KM, Reid, G, Kampe, C, & Jones, P 2021, ‘The impact of AI on intelligence analysis: tackling issues of collaboration, algorithmic transparency, accountability, and management’, Intelligence and National Security, vol. 36, no. 6, pp. 827–848. Waters, G 2014, Getting it right: integrating the intelligence, surveillance and reconnaissance enterprise (Kokoda Papers no. 18), Kokoda Foundation, Ashmore, Qld. Zegart, A 2022, Spies, Lies, and Algorithms: The History and Future of American Intelligence, Princeton University Press, Princeton. Zegart, A 2023, ‘Open Secrets: Ukraine and the Next Intelligence Revolution’, For­ eign Affairs, January, accessed 20 February 2023, https://www.foreignaffairs.com/ world/open-secrets-ukraine-intelligence-revolution-amy-zegart. Zuboff, S 2019, The age of surveillance capitalism: the fight for a human future at the new frontier of power, Profile Books, London.

3

Big Data Landscape New Social Harms and National

Security Threats

The big data landscape has created new social harms and exacerbated existing ones. The implications of complete, or near-complete, data coverage of our lives combined with the most advanced analytical capability and storage residing in commercial enterprise was raised by almost all participants in this study as an area of continuous change that creates new social harms and national security threats. The way data is created, owned and used, and the infrastructure it is transmitted and analysed on, is creating new social harms and exacerbating existing ones. The big data landscape ‘democratises’ intru­ sive digital surveillance, profiling, influence, monitoring, tracking and target­ ing capabilities, making them available to a wider range of state and non-state actors. As Macnish (2016, p. 417) argues, ‘control of another’s information may be more harmful than actually violating their privacy’ and this section reveals new potential social harms and threats associated with big data. This chapter charts the impacts of the rapid growth in data and analytics and shows how it is making these capabilities accessible to new actors. It then shows how this is democratising surveillance and creating new vulnerabilities for privacy intrusion. The chapter then reveals how big data can facilitate disinformation and misinformation before examining how the big data landscape enables information warfare as well as social and political harm.

Data and Analytical Capability in Private Sector One of the most significant shifts of the big data landscape for national security is the vast amount of data created and held by a broad range of commercial entities who also have much of the computing power to make sense of the data. In Australia – and in this study – private industry or commercial enterprise is often referred to by public-sector officials as the ‘private sector’. The private sector, and specifically a handful of US and Chinese companies and data brokers, collect and own an unprecedented volume of information–and therefore have the capacity to know and understand a lot – about Australians. The companies that dominate the consumer-driven big data economy in the West and own the most data are named by scholars as Alphabet DOI: 10.4324/9781003389651-4

66 Social Harms and National Security Threats (Google), Facebook, Amazon (Mazarr et al. 2019a; McDonald 2022; Moore & Tambini 2021; Neef 2014; Sadowski 2020; Zuboff 2019), Microsoft (Mazarr et al. 2019a; Moore & Tambini 2021; Neef 2014; Zuboff 2019), Apple, Alibaba (Verdegem 2022a), Twitter (Mazarr et al. 2019a; Neef 2014), Uber (Mazarr et al. 2019a; Neef 2014; Sadowski 2020), TikTok (McDonald 2022) and Tencent (McDonald 2022; Verdegem 2022b). The vast majority of digital data collection is sold and resold for profit (Kitchin 2014a; Sadowski 2020; Zuboff 2019). As one former US official noted: the private sector will have many more times the quantity of data about individuals and commercial activity than governments could ever obtain. The private sector will be the collector and repository of key information about our locations, our consumption patterns, our communications – in short, about everything. (Gerstell 2019) The infrastructure of the big data landscape is predominately owned by commercial entities, meaning that the data – and the ability to derive insights from it – largely resides in the private sector. Much of it is commercially available for purchase and the analytical capabilities of big data have largely been built by – and reside in – industry (Crain 2016; Kitchin 2014b). Parti­ cipants in this study commented that the big data landscape has heralded rapid growth of new data and analytical capabilities that are created and owned by commercial enterprise. One participant provided background to the changes in the last twenty years, giving some context in the Australian environment: Take Google – twenty years ago we didn’t have an organisation in the world that held the amount of data that Google does today. So, the amount of information that is held within the cyber-sphere is exponen­ tially greater than what it was twenty years ago. To some extent the information that is there, was there before but because of the way it is now collected and kept electronically, you can put more of it together, so you can hold data of a complexity and size infinitely greater than what it has been previously. The accessibility of the data was so much more dif­ ficult. When you have to go to multiple, if not tens, if not hundreds of locations to manually access data that is very different to being able to sit on a screen and access it. (ISME) Participants made comments about the depth and breadth of data collection, such as: ‘The amount of data that is being collected by commercial organi­ sations, or any [smartphone] app that you haven’t got properly configured is just astounding’ (SDM). Other participants compared commercial data col­ lection to collection by the intelligence community: ‘big companies possess

Social Harms and National Security Threats 67 far more data than we ever will’ (ODM). ‘Government will fail in this space if it can’t harness the innovation and power out there in industry … They have the data, the storage capacity and the analytical capability’ (TECH). Most participants raised the ability of private entities to match and trade large data sets, suggesting that who was collecting and using the data was not often made clear: It is not governments who are collecting this data. It is people who are consenting to all their private data being collected by commercial orga­ nisations. People seem to have a conspiratorial fear that governments are collecting their data but all their apps are broadcasting their location and getting a note from Google saying traffic is blocked three streets away. (SDM) Participants raised the fact that data obtained and used by the private sector is used to draw inferences about intimate details which can be deciphered from the data, as well as an absence of data. Because a small handful of commercial entities have the vast majority of the world’s data, information flows (Mazarr et al. 2019a; Moore & Tambini 2021; McDonald 2022; Neef 2014; Omand & Phythian 2018, p. 145; Zuboff 2019) and computing capacity (Lehdonvirta 2023; Verdegem 2022b). As one SDM put it: ‘Facebook and Google have more information on any of us than [intelligence agencies] all put together.’ Participants mentioned that this social phenomenon has an impact on the intelligence community: ‘It is the big commercial organisations who have worked out that data and the aggregation of data and trends is fundamental to their operating model … They worked that out years ago’ (SDM). As discussed in the context of aggregation in Chapter 1, information col­ lected and shared about individuals, sometimes in an anonymised fashion, can be correlated with other data and (inadvertently or purposefully) can be used to identify you (Omand & Phythian 2018; Solove 2011; Zuboff 2019). Participants further explained that an entity (such as a person, place or thing) is easily connected to activity and data points. Individuals are not only identified by name, address and birthdate, but also behaviour, locations, interactions and inferences. According to participants in this study, humans are increasingly identified by their ‘electronic’ or ‘digital signature’ – or the combination of characteristics of each person’s digital footprint. One of the appeals of big data for commercial enterprise is the ability to identify con­ sumers to a granular, often individual level (Kitchin 2014b). That granularity includes the unique trajectories of our individual movements, vast data sets about our activities and inferences about our desires, relationships and activities which mean that individuals can be easily identified. Zuboff (2019) demonstrates the extent of collection, analysis and profiting from behavioural data or ‘digital exhaust’ by commercial entities. Digital systems and services require data to operate: they use existing stores of data,

68 Social Harms and National Security Threats and they collect new streams of data (Sadowski 2019). It is important to note here that in a digital era, almost all companies are data collectors, although companies have varying levels of data and technology sophistication and lit­ eracy. ‘Technology giants, bolstered by weak regulatory oversight, have expanded capacities for personal data collection and analysis’ (Aho & Duf­ field 2020, p. 187). Macnish (2016) shows how harms related to the collection of information can extend beyond the violation of privacy and suggests interesting ways to think about new social harms and information access that include consideration of broader harms. Participants in this study expressed concern about the extent of data col­ lection in society. As one SDM stated: ‘You can try not to collect but that’s simply not the way the world works anymore’. Most participants expressed concern around what this extent of data collection enables a wide range of actors to do. Whilst some of these types of information streams have long existed, big data has changed the ability to identify, link and use data very quickly – in some cases in real time.1 Participants frequently highlighted concerns that the techniques and tools traditionally available to intelligence, who work under the purview, authority and oversight of the nation-state, were are increasingly available to new actors, including big technology com­ panies and data brokers. According to many participants, these new actors often have not only greater access to data and superior analytics, but also different approaches to intelligence capabilities. Participants explained that big tech companies who collect the data and the many buyers and sellers of the data can use it to identify, link, prioritise and target individuals. Who creates and can access data is relevant in this context because it means that some of the most intrusive aspects of intelligence collection (digital surveillance, profiling, influence, monitoring, tracking and targeting) are now available much more broadly to a wider range of actors, ranging from large technology companies, software and application developers, mar­ keting companies to anyone who can purchase or steal data. Big data has changed access to analytical capability (i.e., data storage, computational power and often cloud-based analytics to derive insights from the data). The big data landscape enables a range of actors to link data sets as well as enabling aspects of targeting, monitoring and surveillance. One of the key security threats for individuals and nation-states is the potential for these actors to use data to target, prioritise and identify individuals. The partici­ pating intelligence community practitioners and leaders indicated that they are concerned about these capabilities being available to a wider group of actors due to the potential harms for Australians, which are set out in the following sections of this chapter.

‘Democratised’ Surveillance: New Vulnerabilities for Privacy Intrusions The rapid growth of big data and analytics capabilities in the private sector outlined in the previous section, as well as within government, combined

Social Harms and National Security Threats 69 with lagging regulation, changes the nature of privacy for individuals and creates the potential – if not the reality – for privacy intrusions, intelligencelike targeting and surveillance by actors perceived to be unregulated. The ability to aggregate very large sets of commercially available data to construct comprehensive profiles about individuals exists already and is the foundation of corporations’ ability to surveil individuals (Kitchin 2014b, pp. 42–45; Mazarr et al. 2019a; Sadowski 2020; Zuboff 2019). The extent of datafication has increased to a point where scholars such as Gray (2020), Moore (2016), Cohen (2017) and van Dijck, Poell & de Waal (2018) question whether internet users really can ‘opt out’. As an example, Google’s trackers are present on over 80 per cent of 1000 popular websites in Australia (ACCC 2020, p. 56). The national security implications of complete (or nearcomplete) data coverage of human lives – who has access to this and what can be done with aggregate data – are underappreciated in policy and public commentary. Datafication can serve purposes other than commercial surveillance and capital accumulation (Gray 2020). Clearly, this kind of mass surveillance could also be used as a tool of state power (Gray 2020), something that is already occurring in some countries, such as China (Bernot 2022; Jiang 2021; Khalil 2020; Qiang 2019). The ability to produce a more complete picture of individual and group behaviour than was possible before can enable the creation of a society that is more invasive and repressive of individual autonomy than any that has existed in the past (Gray 2020). As Aho and Duffield (2020, p. 192) write, ‘in the field of surveillance studies, scholars often highlight how asymmetrical data accumulation dispossesses subjects of agency over their personal information, laying the foundation for unjust data practices, including social sorting and discrimination’. Gray (2020) argues that in the future as it is unfolding, no one – except possibly a tiny elite – can escape surveillance. Many tend to consider surveillance as an activity of the nation-state; however, Zuboff (2019) and Jeffreys-Jones (2017) argue that the vast majority of ‘surveillance’ is occurring in the private sector. The data collection necessary for digital surveillance is now predominantly collected by private companies – which many intelligence agencies can access, under certain circumstances. Rubinstein, Nojeim, and Lee’s (2017, p. 6) survey of 13 countries across the world, including 12 democracies, found all had exceptions to their data regulation laws that provided intelligence agen­ cies with access on national security grounds. Lemieux (2018, p. 196) and Newman (2018 p. 5), emphasise the prominent role of private-sector compa­ nies in modern digital surveillance practices in intelligence agencies. Addi­ tionally, US agencies have purchased commercial data they may not have been able to collect using legislated powers (Hecht-Felella 2021; Office of the Director of National Intelligence 2022). However, most of the literature in relation to privacy and national security lacks specificity around the differences between public sector and commercial entity data collection, analysis and use. As one participant noted:

70 Social Harms and National Security Threats People worry about the phone towers near intelligence agencies. Well, no, it’s much more granular than that. They can see you move around the building or not move around … So data brokers provide very granular location data where they can locate the phone to the phone locker in intelligence agency because there’s leaky apps on the phone via your visitors, so they know who’s visiting. (TECH) Van Buuren (2017) asserts that it seems odd to challenge the concept of privacy in the light of intelligence surveillance when people voluntarily give away all their personal information for communication services free of charge, discounts and online convenience. Furthermore, van Buuren (2017, p. 233) argues that privacy ‘does not cover what is at stake when it comes to dataveillance’.2 The real problem, he argues, is the shift of power from spe­ cific categories of civilians to a ‘state–corporate complex’ that composes risk categories based on ‘algorithms covered in black boxes of socio-technical assemblages’ (van Buuren 2017, p. 234). This view is consistent with those of a range of scholars outside the intelligence and national security field, such as Lyon’s (2001) assertions about loss of control over personal information resulting in political and economic consequences; Zuboff’s (2019) con­ ceptualisation of surveillance capitalism and instrumentarianism; and Aradau and Blanke’s (2015) conceptualisation of power assemblages. Tene and Polonetsky (2013, p. 251) argue: Big data poses big privacy risks. The harvesting of large sets of personal data and the use of state-of-the-art analytics implicate growing privacy concerns. Protecting privacy will become harder as information is multi­ plied and shared ever more widely among multiple parties around the world. As more information regarding individuals’ health, financials, location, electricity use, and online activity percolates, concerns arise regarding profiling, tracking, discrimination, exclusion, government surveillance, and loss of control. According to participants in this research, big data enables broader privacy intrusion, targeting and surveillance of humans by a range of actors, his­ torically accessible only by nation-state intelligence functions. It enables invasive identification of and sometimes complete access to physical and online activity, locations and movement. It enables inferences about an indi­ vidual’s physical or mental state as well as other private information like religion, sexual orientation, political beliefs and values (Crawford & Schultz 2014; Hammond-Errey 2022; Kitchin 2014b; Newman 2018). The volume of personal or personally identifying information available and the degree of datafication and connectivity means comprehensive profiles of individuals’ interest groups, institutions, political groups and nation-states can be quickly and remotely created. The implications of complete, or near-complete, data

Social Harms and National Security Threats 71 coverage of human lives – who has access to this and can analyse the data – are underappreciated and little discussed in the national security context. The scope for causing individual and societal harm from privacy and surveillance is vast and significant. Many participants articulated challenges for Western democracies they saw as not present in authoritarian states; however, they clearly – and unam­ biguously – reflected a desire for Australian government and commercial use of technology to reflect our liberal democratic values. Many participants referenced the so-called Chinese ‘Social Credit System’ (Zeng 2016): One of the reasons we talk about China having the leap ahead is because they have basically wired up their population using commercial applica­ tions because they don’t make the distinction between commercial, public, military, etcetera that we do. They suck it all up. This is one of the reasons people often say – and China itself says – it will win this [AI] race because they have better, real-time access to what people are actu­ ally doing and can use that for algorithms. The problem that we’ve got is that we don’t believe in doing that. (ISME) Many participants referenced the Chinese Social Credit System specifically as inimical to their perception of democratic approaches to data collection and analysis. Whilst the Social Credit System was established with a stated goal of increasing ‘trust’ and ‘moral values’ (Yang 2022) at an individual and societal level, assessments of the system have varied greatly. This include as ‘surveillance infrastructure’ (Liang et al. 2018, p. 415) and an ‘Orwellian system’ (Pence 2018) ‘designed to reach into every corner of existence both online and off’ (Greenfield 2018) to a complicated set of experimental, dis­ jointed trials that align with Chinese interpretations of the law (Reilly, Lyu & Robertson 2021) and an extension of China’s zhengxin financial credit score system (Yang 2022). Commentators note many challenges (Yang 2022), including standardisations and integration at various stages (data collection, aggregation and analytics) (see Liang et al. 2018 for details). Another exam­ ple cited by participants was the documented extensive surveillance and detainment of Uyghurs in Xinjiang, using a combination of big data collec­ tion and data fusion, among other forms of surveillance and oppression (ASPI 2021). Where once states exercised surveillance with external authorisation and oversight, big data systems enable tracking, monitoring and analysis and make these capabilities accessible to many more actors. According to parti­ cipants in this research, this sets the preconditions for adversaries to pur­ chase or acquire data and access to undermine national interests and hinder states’ ability to achieve national security objectives, as well as to harm indi­ viduals. It is already possible to surveil and oppress individuals and groups in obtrusive ways. Examples include workplace monitoring (West 2021), private

72 Social Harms and National Security Threats and public space monitoring, and crowdsourcing evidence of crimes (Omand, Bartlett & Miller 2012), but there is also evidence that the three features of big data, primarily the digital connectivity of smartphones, are being used to facilitate domestic and family violence (Douglas, Harris & Dragiewicz 2019) and malicious spyware practices targeting journalists, politicians and activists (Kirchgaessner et al. 2021). Journalists were also targeted by TikTok employees, who accessed their personal user data to investigate their loca­ tions (Shephardson 2022). Left unchecked, participants proposed this trajectory will escalate in frequency and severity.

Big Data Landscape Enables Disinformation and Misinformation Disinformation includes ‘all forms of false, inaccurate, or misleading infor­ mation’ (European Commission HLEG 2018, p. 5) designed and promoted with the intent to cause harm (Wardle 2018, p. 954). Disinformation ‘is not simply fake information’ (Rid 2020 p. 10) as it includes an intent to deceive or dis-inform (US Joint Chiefs of Staff 2014), which distinguishes it from misinformation, understood as ‘unintended misleadingness’ (Søe 2021 p. 5947). Russian Professor Igor Panarin defines disinformation as the ‘spreading [of] manipulated or fabricated information (or a combination thereof)’ as translated by Darczewska (2014 p. 15). Misinformation can include innocuous actions, such as sharing a news article about a celebrity death an individual believes to be true (Søe 2021 p. 5947). Disinformation, by contrast, includes Russian media outlets intentionally discounting evi­ dence of war crimes, torture of civilians and mass graves in Izium in 2022 (Ljunggren 2022; Søe 2021 p. 5947), Chinese media using bots to promote a fabricated image of Australian soldiers committing war crimes on Twitter (Aaronson 2021), or later-disproven statements in Russian press conferences about the downing of MH17 (Hammond-Errey 2016). The big data landscape amplifies and automates disinformation and mis­ information (Hammond-Errey 2019). It has fundamentally altered disin­ formation, forms of social control like active measures, and information influence and interference (Hammond-Errey 2019). As Thomas Rid (2020 p. 12) argues, ‘the internet didn’t just make active measures cheaper, quicker, more reactive and less risky; it also, to put it simply made active measures more active and less measured.’ Because of its global and continuous nature, disinformation transcends nations and generations (Aaronson 2021). Mis­ and dis-information can be used by nation states as a tool of information warfare, or part of strategy-driven information activities designed to influ­ ence or interfere in another nation-state (Hammond-Errey 2019). There are significant challenges of mis and disinformation for intelligence agencies and activities, including as noise – irrelevant information (Menkveld 2021) – to complicate intelligence analysis. One ODM articulated the similarities in traditional intelligence domains and larger datasets;

Social Harms and National Security Threats 73 Then you have reliability of intelligence. It’s not totally dissimilar to intelli­ gence from our HUMINT collection, we always assessed that in terms of reliability and credibility. That comes from the source of the information and then whether or not the actual information is plausible. The same applies to data; who is it obtained from? Can you rely on it, is it accurate? (ODM) Disinformation also presents a challenge of determining the accuracy and verifiability of information, at scale. Participants highlighted the challenges of this process for intelligence agencies of information generally, outlined in more detail in Chapter 4, and then specifically in relation to disinformation. I have a fear that intelligence will become synonymous with information management and quality assurance of that information, because they will want to know, do I have the most accurate information available at my fingertips at any given time. The only people who are equipped to validate certain data is us. That is a massive challenge and we will never have the capacity to go through and check every piece of data that goes into systems and say that is safe enough to act against or use for a certain purpose. (SDM) Another participant outlined that they saw as a shift in the perception of accuracy and truth and the challenge that poses for intelligence communities dealing with disinformation; What substitutes now for the truth as opposed to before. You know used to be you know it was in print that it was you know it was true. But now you know print has been replaced by what’s online right now. It’s about speed. Intuitively you’ve got to take it with a grain of salt… I think that too many people trust online sources as sources of truth, including some of our political masters… I think there’s unreal expectations too around the amount of data that’s out there too and I suppose people’s perception of what’s real has changed over time. (SDM) Mis and disinformation enabled by the big data landscape are challenging intelligence and this will continue to be a vexing problem in the years to come. This includes through the use of AI and machine learning, enabled by the big data landscape, which can aid both in the creation and dissemination of disinformation, and in intelligence agency efforts to counter it. One participant described this possibility; Particularly in this increasing world of misinformation, there is nothing stopping people from using sophisticated machine learning systems to

74 Social Harms and National Security Threats put out information that is wrong, and even highly classified information that is wrong. We are going to be increasingly challenged in that space. (SDM) In an interview on the author’s podcast series, Technology and Security (2023), Sue Gordon outlined different facets of disinformation; Right now, disinformation tends to be single modal. I can create a deepfake, but I’m not nearly as good at making a deepfake be correct at the right time in the right place. I can’t make all the signals align, all the metadata align. In other words, truth is actually really hard [to replicate] if you have the ability to look at a lot of different dimensions. And I think right now the intelligence community still looks at the world in a lot of different directions from a lot of different layers, and those differ­ ent layers provide some protection against single-threaded manipulation. But that said, the more there is, the more it happens, the better it gets. The slower we are to develop the counter technologies. In insurance technologies, it gets harder and harder and harder. And to do that at speed before society is manipulated. And then you have to deal with the fact that the government isn’t as trusted as it was a minute ago. And so, if something is manipulated, it becomes present in society’s mind. If the government is slow, then how do you counter that? If it’s not obvious, the government is trusted?… I think it is just the right trend of the intelligence community to try and share before the false image is created, rather than try and counter a false image that has been disseminated. (Technology and Security 2023)

Big Data Landscape Enables Information Warfare as well as Social and Political Influence and Interference The big data landscape can accelerate the reach and effectiveness of information warfare – the ‘conflict or struggle between two or more groups in the information environment’ (Porche et al. 2013, p. xv). The big data landscape can also be used, by state and non-state actors, to influence and interfere in political and civic dis­ course including disinformation and misinformation discussed above. Data-driven targeting, also known as microtargeting, tries to reach categories or groups and subgroups of individuals to a granular level (including individuals). This section examines key aspects of big data and targeting, influence and interference. Whilst there may be many legitimate uses of data-driven targeting, the capability can be used or exploited in ways that are either not legal or are arguably unethical. Whereas comprehensive profiling uses personal information to identify individuals, microtargeting works backwards from very large ‘categories’ created from datafication. Microtargeting defined by Mazarr et al. (2019b) as using data to target small groups or even individuals by views, likes and desires, is the basis for influencing individuals and shaping the information

Social Harms and National Security Threats 75 environment, or infosphere (Mazarr et al. 2019b). The ability to microtarget (Mazarr et al. 2019b) is known loosely by a number of other terms such as profile and target3 (Sadowski 2020, p. 32), customer-targeted advertising (Neef 2014) and precision targeting4 (Mazarr et al. 2019a). The desire to target specific customers with tailored messages is not new, but the technical ability underpinning contemporary microtargeting is driven by big data cap­ abilities. The technical ability and intent behind microtargeting stem from its advertising origins in a commercial context (ACCC 2020) and to understand them we must build on our understanding of datafication from Chapter 1. Datafication differs from digitisation and simply an abundance of data because it involves turning data into value (one of the 5Vs of big data). Datafication is closely connected to commodification and capitalist econo­ mies, and both are relevant to microtargeting and the potential to influence. Microtargeting is well established in the electoral and commercial realms (IDEA 2018; Mazarr et al. 2019b) and it has laid the groundwork for the kind of election influence and interference campaigns seen in the political civic context over the past couple of years (Mazarr et al. 2019a; Mazarr et al. 2019b). This includes in the 2016 US presidential election, where Cambridge Analytica used personal information on Facebook users to support political campaigns with ‘psychographic’ advertising (Carroll 2021, p. 42; Trish 2018). The same election saw attempted Russian interference operations to influence election outcomes (Mazarr et al. 2019a; US Senate Select Committee on Intelligence 2017). Such targeting is now also legally used by both major US political parties, who work with data companies to build voter databases from commercially and publicly available sources to help target and influence voters (Culliford 2020). Targeting is also integrated into the broader practices of private compa­ nies, who have harnessed big data and an array of techniques to influence elections and shape public opinion. There are countless examples, of services ‘offering to covertly meddle in elections without a trace’ through botmanagement software that builds detailed, realistic profiles across social media platforms and propagates fabricated stories (Kirchgaessner et al. 2023). One example, Team Jorge, claim to have worked on ‘33 presidentiallevel campaigns, 27 of which were successful’ (Kirchgaessner et al. 2023). Participants explored the implications of targeting for national security writ large as well as for intelligence agencies, often expressing this in terms of harm to the community. Some participants provided examples: We’ve seen that with the Russian attempts to influence the US 2016 pre­ sidential election. If you look at threats and consequences, the consequences of a hostile state being able to get inside your democratic processes and significantly influence them, that is a much greater threat than a terrorist group. Even a terrorist group kills fifty people, that is a much lesser threat than getting inside a liberal democracy democratic process. (SDM)

76 Social Harms and National Security Threats One participant summarised the challenges of understanding national secur­ ity threats across a range of vectors, how agencies might consider harms assessment that come from big data and the possible implications for intelligence collection: Take electoral interference for example. If we came under concerted cyber efforts to interfere in our elections by a foreign actor. How would we establish that? We’d need social media coverage to discern legiti­ macy – how would we establish what’s interference and what’s not. How would we manage the public confidence in our ability – how would we decide what’s ‘legitimate Twitter’ or not? The future, decisions relating to domestic interference are complex … If you excise data from [intelli­ gence] collection how can you access and use it with confidence later if you assess the threat has changed. If you do collect initially, how do you maintain the relevant community confidence and apply security protocols? (SDM) While microtargeting has largely been focused on developing new revenue streams and election influence to date, it has the capacity to shape an individual’s information environment, including what they see, their options, the choices they have, what they think others believe and ultimately how they view the world (ACCC 2020; Hammond-Errey 2019; Mazarr et al. 2019a; Mazarr et al. 2019b; Richmond 2019). Fragmented media landscapes and precise targeting lead to an increase in political and social polarisation (Prummer 2020). Microtargeting therefore presents significant national security threats especially in the context of mis and disinformation. These include mass influence and interference, such as the ability to target specific users, to influence individuals, the ability to identify and exploit psychologi­ cal weaknesses and the ability to interfere in political and civil processes such as elections. Big data has exponentially accelerated this process, enabling it to occur on a large scale and at speed as well as enabling it to occur with ambiguity about intent or who is behind the activity. Given the opacity of microtargeting processes – and their broad availability – they are an ideal mechanism for grey zone information warfare. To describe this influence in broader society, Zuboff (2019, p. 352) coins the term instrumentarianism, and defines it as the ‘instrumentation and instrumentalization of behaviour for the purposes of modification, predica­ tion, monetization and control’. Similarly, Greene, Martens & Shmueli (2022, p. 323, p. 324) label ‘any algorithmic action, manipulation or intervention on digital platforms that is intended to impact user behaviour’ as ‘algorithmic behaviour modification’. This can include actions considered as innocuous as predictive text prompts (Greene, Martens & Shmueli (2022, p. 324). The potential of this to influence individuals can be seen in a document leaked from Facebook’s Australian office in 2017 which showed analysis of internal

Social Harms and National Security Threats 77 (non-public) Facebook data that attempted to identify emotionally vulner­ able and insecure young people (Davidson 2017; Griffin 2019). The docu­ ment was to be shared with advertisers under a non-disclosure agreement and noted that Facebook had the power to target over 6.4 million Australian and New Zealander high schoolers, tertiary students and young people in the workforce (Davidson 2017; Griffin 2019). Using its algorithms to monitor newsfeed posts and photos as well as a young user’s interaction with content through comments, likes and shares, Facebook detailed in the report how it was able to ascertain a person’s emotional state – categorising them with tags such as ‘anxious’, ‘nervous’, ‘defeated’, ‘stressed’ and ‘useless’ (Davidson 2017; Griffin 2019). Participants in this study indicated concern about influ­ ence relating to emotional states: I know that certain text analytics can pick up on certain psychological states for example. It can detect if someone is bipolar from the way they are writing. We don’t really know how that is done but we know the algorithm can be very good at predicating that. So, if I set up an algo­ rithm that is trying to sell someone flights to Los Vegas, I could read their tweets and identify that they are in a mania state of bipolar posi­ tion and much more likely to purchase risky material. So, the algorithm is doing the thing in the way I have set it but it’d not doing it in a way many of us would be comfortable with. It’s not an ethical use of that data. (SDM) Closely related to comprehensive profiling, microtargeting and datafication is the ability to exploit psychological states, personal weaknesses and mental health vulnerabilities, such as anxiety. This can manifest as a national secur­ ity threat in a number of ways, such as being directed at leaders and decisionmakers, exploiting or harming Australians, and being used as tools for foreign interference. More research is desperately needed into this nascent field. This chapter showed the potential for big data to cause harm to Aus­ tralians, with a national security dimension, examining the relationships between big data, privacy and surveillance. First, it established the impacts of the rapid growth in data and analytics being owned by private actors and highlighted the lack of regulation on data collection and analytics in Aus­ tralia. Second, it showed that big data has made data available to a much broader – and ever changing – range of entities. According to participants, this has already transformed, and continues to transform, targeting and sur­ veillance – functions previously undertaken almost exclusively by intelligence agencies for nation-states creating new vulnerabilities for privacy intrusion. This chapter highlighted how the big data landscape drives disinformation and enables information warfare as well as social and political influence, interference and harm.

78 Social Harms and National Security Threats

Notes 1 Detailed accounts of how aspects of this work can be seen in Big data and national security: A guide for Australian policymakers (Hammond-Errey 2022), the 2020 Digital Advertising Services Inquiry – Interim report (ACCC 2020) as well as the Consumer Policy Research Centre’s A day in the life of data report (Richmond 2019). 2 Dataveillance is a term used to describe data surveillance. It was first defined by Clarke (1988, p. 498) as the systematic use of personal data systems in the investi­ gation or monitoring of the actions or communications of one or more persons. 3 Sadowski (2020, p. 32) highlights some of the ways profiling and targeting man­ ifests, such as serving personalised advertisements, charging different prices based on personal characteristics, and assessments of susceptibility to certain kinds of messaging and influence. 4 Mazarr et al. (2019a, pp. 66–68) define precision targeting as techniques of target­ ing messages, often but not always through social media platforms, to very specific subgroups or, increasingly, even to individuals.

References Aaronson, SA 2021, Could Trade Agreements Help Address the Wicked Problem of CrossBorder Disinformation?, Centre for International Governance Innovation, Ontario. ACCC (Australian Competition and Consumer Commission) 2020, Digital Advertising Services Inquiry – interim report, ACCC, Canberra. Aho, B & Duffield, R 2020, ‘Beyond surveillance capitalism: privacy, regulation and big data in Europe and China’, Economy and Society, vol. 49, no. 2, pp. 187–212. Aradau, C & Blanke, T 2015, ‘The (big) data-security assemblage: knowledge and critique’, Big Data & Society, vol. 2, no. 2, pp. 1–12. ASPI (Australian Strategic Policy Institute) 2021, The Xinjiang Data Project, ASPI, Canberra, https://xjdp.aspi.org.au. Bernot, A 2022, ‘Transnational state-corporate symbiosis of public security: China’s exports of surveillance technologies’, International Journal for Crime, Justice and Social Democracy, vol. 11, no. 2, pp. 159–173. Carroll, DR 2021, ‘Chapter 3: Cambridge Analytica’, in GD Rawnsley, Y Ma & K Pothong (eds.), Research Handbook on Political Propoganda, Edward Elgar Publishing, Cheltenham, Gloucestershire. Clarke, R 1988, ‘Information technology and dataveillance’, Communications of the ACM, vol. 31, no. 5, pp. 498–512. Cohen, JE 2017, ‘Law for the platform economy’, University of California, Davis Law Review vol. 51, pp. 133–204. Crain, M 2016, ‘The limits of transparency: data brokers and commodification’, New Media & Society, vol. 20, no. 1, pp. 88–104. Crawford, K & Schultz, J 2014, ‘Big data and due process: toward a framework to redress predictive privacy harms’, Boston College Law Review, vol. 55, no. 1, pp. 93–128. Culliford, E 2020, ‘How political campaigns use your data’, Reuters, 12 October, accessed 20 May 2023, https://www.reuters.com/graphics/USA-ELECTION/ DATA-VISUAL/yxmvjjgojvr/. Darczewska, J 2014, ‘The anatomy of Russian information warfare: the Crimean operation, a case study’, Os´rodek Studiów Wschodnich, Warsaw.

Social Harms and National Security Threats 79 Davidson, D 2017, ‘Facebook targets ‘insecure’ young people’, The Australian, 1 May, accessed 12 May 2023, https://www.theaustralian.com.au/business/media/facebook-ta rgets-insecure-young-people-to-sell-ads/news-story/a89949ad016eee7d7a61c3c30c909fa6. Douglas, H, Harris, BA & Dragiewicz, M 2019, ‘Technology-facilitated domestic and family violence: women’s experiences’, British Journal of Criminology, vol. 59, no. 3, pp. 551–570. European Commission High-level expert group (HLEG) 2018, ‘A multi-dimensional approach to disinformation: Report of the independent High level Group on fake news and online disinformation’, Directorate-General for Communications Networks, Content and Technology, European Commission, Luxemburg. Gerstell, GS 2019, ‘I work for N.S.A. We cannot afford to lose the digital revolution’, New York Times, 10 September, accessed 20 March 2023, https://www.nytimes. com/2019/09/10/opinion/nsa-privacy.html. Gray, J 2020, ‘Surveillance capitalism vs. the surveillance state’, Noema, 17 June, accessed 2 December 2021, https://www.noemamag.com/surveillance-capitalism -vs-the-surveillance-state/. Greene, T, Martens, D & Shmueli, G 2022, ‘Barriers to academic data science research in the new realm of algorithmic behaviour modification by digital plat­ forms’, Nature Machine Intelligence, vol. 4, no. 4, pp. 323–330. Griffin, P 2019, ‘Facebook won’t give up its insidious practices without a fight’, Noted, 22 March. Hammond-Errey, M 2016, ‘Information Influence in an Era of Global Insecurity and Digital Connectivity (Russian Disinformation Strategies and Hybrid War: Impli­ cations for Government and National Security Operations)’, Masters Thesis, Australian National University. Hammond-Errey, M 2019, ‘Understanding and assessing information influence and foreign interference’, Journal of Information Warfare, vol. 18, pp. 1–22. Hammond-Errey, M 2022, Big data and national security: A guide for Australian policymakers, Lowy Institute, Sydney. Hecht-Felella, L 2021, Federal agencies are secretly buying consumer data, Brennan Center for Justice, New York. IDEA 2018, Digital microtargeting political party innovation primer 1, International Institute for Democracy and Electoral Assistance, Stockholm. Jeffreys-Jones, R 2017, We Know All about You: The Story of Surveillance in Britain and America, Oxford University Press, Oxford. Jiang, J, 2021 ‘The Eyes and Ears of the Authoritarian Regime: Mass Reporting in China’, Journal of Contemporary Asia, vol. 51, no. 5, pp. 828–847. Khalil, L 2020, Digital authoritarianism, China and Covid, Lowy Institute, Sydney. Kirchgaessner, S, Ganguly, M, Pegg, D, Cadwalladr, C & Burke, J 2023, ‘Revealed: the hacking and disinformation team meddling in elections’, The Guardian, 15 February, accessed 20 May 2023, https://www.theguardian.com/world/2023/feb/15/ revealed-disinformation-team-jorge-claim-meddling-elections-tal-hanan. Kirchgaessner, S, Lewis, P, Pegg, D, Cutler, S, Lakhani, N & Safi, M 2021, ‘Revealed: leak uncovers global abuse of cyber-surveillance weapon’, The Guardian, 19 July, accessed 20 May 2023, https://www.theguardian.com/world/2021/jul/18/revealed-lea k-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus. Kitchin, R 2014a, ‘Big data, new epistemologies and paradigm shifts’, Big Data & Society, vol. 1, no. 1. Kitchin, R 2014b, The data revolution: big data, open data, data infrastructures & their consequences, Sage, London.

80 Social Harms and National Security Threats Liang, F, Das, V, Kostyuk, N, & Hussain, MM 2018, ‘Constructing a Data-Driven Society: China’s Social Credit System as a State Surveillance Infrastructure – China’s Social Credit System as State Surveillance’, Policy and Internet, vol. 10, no. 4, pp. 415–453. Lehdonvirta, V 2023, ‘Behind AI, a massive infrastructure is changing geopolitics’, Oxford Internet Institute, 17 March, access 10 April 2023, https://www.oii.ox.ac.uk/ news-events/news/behind-ai-a-massive-infrastructure-is-changing-geopolitics/. Lemieux, F 2018, Intelligence and state surveillance in modern societies: an international perspective, Emerald Publishing Limited, Bingley, UK. Ljunggren, D 2022, ‘Ukraine finds a mass grave in recaptured city of Izium’, The Syndey Morning Herald, 16 September, accessed 15 April 2023, https://www.smh. com.au/world/europe/ukraine-finds-a-mass-grave-in-recaptured-city-of-izium-zelens ky-20220916-p5bijm.html. Lyon, D 2001, Surveillance society: monitoring everyday life, Open University Press, Buckingham. Macnish, K 2016, ‘Government Surveillance and Why Defining Privacy Matters in a Post-Snowden World’ Journal of Applied Philosophy, Vol. 35, No. 2. Mazarr, MJ, Bauer, RM, Casey, A, Heintz, S & Matthews, LJ 2019a, The emerging risk of virtual societal warfare: social manipulation in a changing information environment, RAND Corporation, Santa Monica, CA. Mazarr, MJ, Casey, A, Demus, A, Harold, SW, Matthews, LJ, Beauchamp-Mustafaga, N & Sladden, J 2019b, Hostile social manipulation: present realities and emerging trends, RAND Corporation, Santa Monica, CA. McDonald, P (ed.) 2022, The Routledge Companion to Media Industries, Routledge, New York. Menkveld, C 2021, ‘Understanding the complexity of intelligence problems’, Intelligence and National Security, vol. 36, no. 5, pp. 621–641. Moore, M 2016, Tech giants and civic power, King’s College London Policy Institute, London. Moore, M & Tambini, D 2021, Regulating Big Tech: policy responses to digital dominance, Oxford University Press, New York, NY. Neef, D 2014, Digital exhaust: what everyone should know about big data, digitization and digitally driven innovation, Dale Neef, Upper Saddle River, NJ. Newman, AL 2018, Protectors of Privacy: Regulating Personal Data in the Global Economy, Cornell University Press, Ithaca, NY. Office of the Director of National Intelligence 2022, Senior Advisory Group Panel on Commercially Available Information, Office of the Director of National Intelligence, Washington, DC. Omand, D & Phythian, M 2018, Principled spying: the ethics of secret intelligence, Oxford University Press, Oxford. Omand, D, Bartlett, J & Miller, C 2012, ‘Introducing social media intelligence (SOCMINT)', Intelligence & National Security, vol. 27, no. 6, pp. 801–823. Pence, M 2018, ‘Remarks by Vice President Pence on the Administration’s Policy Toward China’, Speech at the Hudson Institute, Washington, DC, 4 October. Porche, I, Paul, C, York, M, Serena, CC & Sollinger, JM 2013, Redefining information warfare boundaries for an army in a wireless world, RAND Corporation, Santa Monica, CA. Prummer, A 2020, ‘Micro-targeting and polarization’, Journal of Public Economics, vol. 188, art. 104210.

Social Harms and National Security Threats 81 Qiang, X 2019, ‘The Road to Digital Unfreedom: President Xi’s Surveillance State’, Journal of Democracy, vol. 30, no. 1, pp. 53–67. Reilly, J, Muyao, L & Robertson, M 2021, ‘China’s Social Credit System: Speculation vs. Reality’, The Diplomat, March 30, https://thediplomat.com/2021/03/chinas-socia l-credit-system-speculation-vs-reality. Richmond, B 2019, A day in the life of data, Consumer Policy Research Centre, Melbourne. Rid, T 2020, Active measures: the secret history of disinformation and political warfare, Farrar, Straus and Giroux, New York. Rubinstein, IS, Nojeim, GT & Lee, RD 2017, ‘Systematic Government Access to Private-Sector Data: A Comparative Analysis’, in FH Cate & JX Dempsey (eds.), Bulk Collection: Systematic Government Access to Private-Sector Data, Oxford University Press, New York. Sadowski, J 2019, ‘When data is capital: datafication, accumulation, and extraction’, Big Data & Society, vol. 6, no. 1. Sadowski, J 2020, Too smart: how digital capitalism is extracting data, controlling our lives, and taking over the world, MIT Press, Cambridge, MA. Shephardson, D. 2022, ‘ByteDance finds employees obtained TikTok user data of two journalists’, Reuters, 22 December, accessed 21 May 2023, https://www.reuters.com/ technology/bytedance-finds-employees-obtained-tiktok-user-data-two-us-journalist s-2022-12-22/. Søe, SO 2021, ‘A unified account of information, misinformation, and disinforma­ tion’, Synthese (Dordrecht), vol. 198, no. 6, pp. 5929–5949. Solove, DJ 2011, Nothing to hide: the false tradeoff between privacy and security, Yale University Press, New Haven, CT. Technology and Security 2023, Audio podcast, United States Studies Centre, 24 May, https://www.ussc.edu.au/analysis/technology-and-security-ts-podcast-intelligence-ai -and-aukus-with-former-us-principal-deputy-director-of-national-intelligence-susan -gordon. Tene, O & Polonetsky, J 2013, ‘Big data for all: privacy and user control in the age of analytics’, Northwestern Journal of Technology and Intellectual Property, vol. 11, no. 5, pp. 239–273. Trish, B 2018, ‘Big data under Obama and Trump: the data-fueled U.S. presidency’, Politics and Governance, vol. 6, no. 4, pp. 29–38. US Joint Chiefs of Staff 2014, Joint Publication 3–13 Information Operations, Joint Chiefs of Staff, United States Department of Defense. US Senate Select Committee on Intelligence 2017, ‘ODNI Statement on Declassified Intelligence Community Assessment of Russian Activities and Intentions in Recent U.S. Elections’, accessed 20 February 2023, https://www.intelligence.senate.gov/hea rings/open-hearing-intelligence-communitys-assessment-russian-activities-and-inten tions-2016-us. van Buuren, J 2017, Ethical challenges of data surveillance, Boom, Amsterdam. van Dijck, J, Poell, T & de Waal, M 2018, The platform society: public values in a connective world, Oxford University Press, New York. Verdegem P 2022a, ‘Social media industries and the rise of the platform’, in: P McDonald (ed), The Routledge companion to media industries. Routledge, New York. Verdegem, P 2022b, ‘Dismantling AI capitalism: the commons as an alternative to the power concentration of Big Tech’, AI & Society, pp. 1–11.

82 Social Harms and National Security Threats Yang, Z 2022, ‘China just announced a new social credit law: here’s what it means’, MIT Technology Review, 22 November, accessed 22 May 2023, https://www.tech nologyreview.com/2022/11/22/1063605/china-announced-a-new-social-credit-law-w hat-does-it-mean. Wardle, C 2018, ‘The Need for Smarter Definitions and Practical, Timely Empirical Research on Information Disorder’, Digital Journalism, vol. 6, no. 8, pp. 951–963. West, DM 2021, How employers use technology to surveil employees, Brookings, 5 January, accessed 2 December 2021, https://www.brookings.edu/blog/techtank/ 2021/01/05/how-employers-use-technology-to-surveil-employees/. Zeng, J 2016, ‘China’s date with big data: will it strengthen or threaten authoritarian rule?’, International Affairs, vol. 92, pp. 1443–1462. Zuboff, S 2019, The age of surveillance capitalism: the fight for a human future at the new frontier of power, Profile Books, London.

4

Big Data and Intelligence in Practice

This chapter outlines the impact of big data on intelligence as knowledge, activities and organisations in Australia. Intelligence in practice can be thought of in three ways, sometimes simultaneously (Lowenthal 2012, p. 9), as knowledge, as an organisation and as either an activity (Kent 1966) or product (Lowenthal 2012). These rough categories also emerged within the data. This chapter examines how big data is changing intelligence as knowl­ edge, including changes to the kinds of knowledge used for intelligence and gaps in knowledge used for intelligence, requiring a stronger focus on the purpose of intelligence. It goes on to demonstrate how big data is changing where knowledge and data used for intelligence come from and how knowl­ edge for intelligence is received, digested and understood. This chapter then shows the impact of big data on intelligence as an activity, showing changes to the intelligence cycle broadly. In particular, it highlights three areas that participants articulated as the most pressing or of the highest priority: col­ lection, analysis and the data sharing and communication of intelligence. Finally, it examines the impact of big data on intelligence as an organisation, including digital transformation and a change to the traditional models of intelligence. Some elements discussed in this chapter are well-known challenges that are being exacerbated by the big data landscape.

Impact of Big Data on Intelligence as Knowledge What constitutes knowledge in intelligence is undergoing change in a big data-enabled world. The big data landscape means that much more is knowable or inferable about the world (Hammond-Errey 2022; 2023).1 This abundance of data is changing what it means to ‘know’ something and therefore changing the data and knowledge needed for intelligence, as well as gaps in knowledge. This necessitates intelligence activity being more purpo­ seful – an already important intelligence requirement. The big data landscape has also increased uncertainty in individual data points, which can flow on to increased uncertainty in intelligence assessments. Finally, the big data land­ scape is changing how intelligence is received, digested and understood by decision-makers. The impacts on knowledge might not seem significant, but DOI: 10.4324/9781003389651-5

84 Big Data and Intelligence in Practice in fact have profound shifts for the processes of the intelligence community and the use of intelligence by decision-makers, a foundational part of the process. Knowledge and information are inextricably linked to the definition of intelligence (Vrist Rønn & Høffding 2013). The knowledge necessary to pro­ duce intelligence (Herman 2001; Kent 1966; Scott & Jackson 2004) and what distinguishes it from other kinds of knowledge or information is constantly evolving (Vrist Rønn & Høffding 2013). Kent (1966, p. 3) specifies that ‘intelligence means knowledge’, but not all knowledge, and bounds the defi­ nition. Kent (1966, p. 5) outlines what must be known to arm leaders with the necessary knowledge: ‘They need knowledge which is complete, which is accurate, which is delivered on time, and which is capable of serving as a basis for action’. Omand (2020) describes the knowledge that is needed as that which responds to the questions the decision-makers need answering and fills the gaps in knowledge needed to make rational decisions, and does so in accordance with the timescales set by events. Gordon (2017) asserts that the fundamental premise of intelligence is ‘knowing the truth, seeing beyond the horizon, and allowing our policymakers to act before events dictate’. Omand (2020) and Gordon (2017) highlight the requirements of knowledge within these contexts broadly, but do not specify in greater detail what is needed. What constitutes the knowledge to be used in the creation of intelligence therefore obviously depends on the purpose, or desired outcome, of that intelligence and the particular event or issue at hand. Intelligence is con­ textual. This study reaffirms that strategic, operational and tactical intelli­ gence all have different knowledge requirements, as do various activities in the security, law enforcement and foreign intelligence realms. However, this research suggests that context is even more significant when using big data. What is needed from intelligence is different from domain to domain, and indeed case to case, as it is based on what is already known, which in turn determines what needs to be provided by intelligence activity. Big data changes what is already known. The interview participants highlighted a range of examples showing how big data has changed the knowledge required to produce intelligence for a variety of purposes, such as preventing terrorist attacks, advising on trade negotiations, protecting defence assets, identifying a criminal offender or attributing a cyber-attack. Hershkovitz (2019) posits that technological transformation is challenging the accepted truths that have historically shaped the intelligence community’s ‘raison d’etre as they lose their primacy over collecting, processing and dis­ seminating data’. For Zegart (2022) it is an ‘enormous paradigm shift’. Bur­ nett, Wooding and Prekop (2005) concur and argue that the ‘edge over an adversary is now more in the analytical, predictive and cognitive abilities that can be brought to bear on the mass of information than on the collection of the information per se’. They go on to argue that this has significant impli­ cations for developing a balance between sensing – capacity to observe – and

Big Data and Intelligence in Practice 85 sense making, which they describe as the capacity to orientate (Burnett, Wooding & Prekop 2005). Chesterman (2011) argues that the increasing transparency of many aspects of modern life is reducing the number of secrets it is possible to keep from anyone and the potential impact on the role of intelligence agencies in the acquisition of secrets and the resolution of mysteries. According to participants in this study, one of the big data transforma­ tions in intelligence is the shift from being predominately focused on secret collection to sense making and being able to integrate open-source intelli­ gence. There was a universal view that agencies at least understand – if not fully integrate – and situate their assessments within the relevant broader context open-source intelligence provides. Furthermore, participants indi­ cated that big data and emerging technologies are an essential means of achieving this. One independent subject matter expert (ISME) addressed this in relation to strategic intelligence: Open source [a subset of intelligence collection] is the area I really see big data and technology helping with intelligence analysis. It’s very clear that ministers also expect the assessments coming out the intelligence community to be cognisant at least of what’s available on open source … Including on some pretty key issues for Australia, such as future direc­ tions in the Chinese economy. I think one of the downfalls, or short­ comings, in terms of performance of the community was ministers knowing that there was a better-quality source of assessment available in open source than there was in the intelligence community. So, the intel­ ligence community can say ‘this isn’t our traditional area of expertise’ and you can go to various think tanks to get that, but in a way, I saw it as a bit of a cop out and lost opportunity.

Kinds of Knowledge Needed for Intelligence Require a Clearer Purpose The kinds of knowledge required for intelligence work and the intelligence gaps agencies need to fill are changing, increasing the importance of a clearly established purpose. ‘Big data yields not simply a quantitative increase in information, but a qualitative change in how we create new knowledge and understand the world’ (Symon and Tarapore 2015, p. 4). Participants across all agencies in this research indicated that aspects of the intelligence com­ munity’s understanding of what constitutes knowledge for intelligence are evolving. They characterised this as a change in the kinds of knowledge required for certain intelligence tasks as a result of big data, especially data abundance and datafication. The intelligence advice or product that ends up being delivered by intelli­ gence agencies is produced in myriad different ways, but the first step is always to establish purpose. This step is defined in academic literature as: the

86 Big Data and Intelligence in Practice appearance or formulation of the problem (Kent 1966, pp. 157–158), defining an intelligence problem (Agrell & Treverton 2015, p. 35), an intelligence question to be answered (Vandepeer 2016) or more broadly as intelligence ‘requirements’ (Lowenthal 2012, pp. 58–62). These initial questions asked of intelligence ‘are critical as they shape and frame the analytic endeavour and provide the basis for knowledge development’ (Vandepeer 2018, p. 785). This is the first part of the intelligence activity (i.e., scoping the question, intelli­ gence collection and analysis) that informs the final product for delivery to decision-makers. Participants indicated that a clear purpose is even more important in relation to big data; for example, one ISME commented: I think there is a lot of wishful thinking that if we get big data that magic will happen. In a world of infinite information, it’s the questions that matter. This comes back to the analytical part of intelligence. What sort of questions are we trying to answer? This perspective highlights what many participants expressed as the impor­ tance of considering what will be assessed and bounding the scope of the knowledge required, starting with its purpose. The purpose of undertaking intelligence activity was expressed as vital to understanding what knowledge is required, particularly with an abundance of data, where more information and presentation options are available as one participant described: Purpose is the most important thing. There is no point to do intel for Jesus. SIGINT for Jesus is a well-known term, but all agencies actually do it. You go along and they brief you and you think this is really clever but what’s the point? Who is going to use that? It’s really clever but if you can’t apply it … Most of the conversations I see about big data are missing focus and purpose and outcome. They are about big data because it’s exciting, it’s really interesting and the tools are really cool and you can do all scattered displays, and collect all sorts of amazing stuff and smash data around and get pictures together … You actually have to understand what is the purpose you are doing it for? Who is the customer that is going to use that information? The analysis can be really brilliant and the tools can be really fancy and do amazing things but actually if there is no outcome at the end of it, what is the point? (ISME) Participants in this study indicated that big data is changing the scope of the knowledge required by altering what agencies need to collect to answer their intelligence questions. Emerging from the data is a sense that, if data is already collected on almost every component of the world, then the need for intelligence collection by intelligence agencies has changed. As the discussion on data abundance and datafication revealed, much information about human activity, which was previously unrecorded and once only ‘knowable’

Big Data and Intelligence in Practice 87 through intelligence collection, is now recorded or inferable as digital foot­ prints (Blazquez & Domenech 2018; Chesterman 2011; Westerlund, Isabelle & Leminen 2021). The abundance of data is changing the scope and kind of knowledge needed for intelligence work, but according to participants it is also creating unrealistic expectations about what big data can deliver and, as some parti­ cipants put it, ‘overlooking the significance of small data’ (SDM). Some interviewees indicated that the insights of human intelligence (HUMINT) were often overlooked in favour of big data, with participants explaining that human intelligence is about specific pieces of information that are often ‘unknowable’ from data alone. One ISME noted: ‘when you look at HUMINT it’s often those critical insights that matter – not big data’. Many participants highlighted that there seems to be an assumption that big data will improve intelligence collection, but they explained that the secret, difficult-to-obtain and unique ‘small’ data will still play a crucial role. Participants indicated that the abundance of data exceeds the ability of the intelligence community to contextualise intelligence effectively within the global datasphere. Useful intelligence is contextual, meaning it has depth of situational awareness and a deep understanding of the roots of what is going on (Omand 2013). As one ISME put it: ‘in the intelligence business, context is everything’. Participants in this research indicated that there is limited utility to producing intelligence in a vacuum and so it is essential that allsource intelligence includes – and engages with – publicly available informa­ tion. The volume of digital information in society exceeds the human ability to discern its meaning (Zuboff 2019) and estimates suggest that open-source intelligence has become the lifeblood of intelligence (Goldman 2018),2 com­ prising 70 to 80 per cent of the United States’ intelligence holdings (Gold­ man 2018; Hulnick 2010). This research confirms that increases in information volume in society are overwhelming national security agencies (Omand, Bartlett & Miller 2012) and intelligence analysts (Cruickshank 2019; Lim 2015). This SDM’s comment is reflective of many interviewees: the challenge is we are overwhelmed with data so it is a matter of trying to find what is relevant, looking often for the needle in the haystack, and that comes from both classified and unclassified sources, so it is trying to merge those two worlds together. Van Puyvelde, Coulthart and Hossain (2017, p. 1409) assert that ‘big data does not alter the nature of intelligence but reinforces some of its traditional challenges, such as identifying what to collect and what to discard.’ However, this perspective narrowly sees collection as a continuation of efforts to fill the kinds of knowledge gaps that have been seen previously, rather than seeing intelligence collection as constantly evolving to answer questions that may have not previously been ‘knowable’. As Symon and Tarapore (2015, p. 9) note, complex phenomena are not so easily conquered by data.

88 Big Data and Intelligence in Practice Finally, a number of participants suggested that big data is challenging what it means to ‘know’ information and questioned whether there are different levels and kinds of knowledge. Participants from agencies charged with ensur­ ing Australian domestic security raised the challenges of knowing what they actually know and understanding what it means. Many of the technical cap­ abilities being pursued by agencies, at the time of interviews, fall into the categories of collection, collation and storage, to enable finding and under­ standing information quickly and more easily. Indeed, most participants high­ lighted that their agency’s efforts were focused on federated searches and the ability to search and analyse across numerous, disparate data holdings and systems. Repeatedly, participants in agencies responsible for domestic security characterised the biggest threat of the information environment and data abundance as knowing what they hold and understanding the significance of it. As one SDM put it, ‘I guess an obvious and significant risk is the unknown knowns. So, having information within your remit, within your purview, but not knowing it’s there, not being able to draw the appropriate knowledge from it.’ This comment highlights that there are different levels of ‘knowing’. As another SDM noted: ‘There’s a risk that we are unable to appreciate some­ thing important that is already in our hands.’ This is likely a long-held fear; however, one participant described their perception of how the big data challenges of disparate, diffuse and unconnected data can increase this: The big data aspect means that our holdings often contain data points that indicate activity, but there is not an understanding that that data point isn’t immediately accessible. So, retrospective reviews are very, very different under big data than compared to say fifteen years ago where you actually had to have a piece of information that said Person Y is going to that shop and in that shop, they are going to do X. Now we might hold big data that shows that person goes to that shop all the time or could show that [with specific analytics or data matching]. So, there is information that is hidden or that we are not able to pull out. (ODM) Participants expressed that there are challenges in understanding the real and potential insights of individual pieces of data in the big data infrastructure, given that data is often ‘anonymised’, distributed and might be a part of a digital exhaust or datafication process. Participants described the challenges of using big data to understand individual movements and establish a pattern of life, as it is not always clear whether information is directly relevant until it is matched with other pieces of data. One SDM participant called this ‘unknown knowns’. What this means in practice is that, somewhere in a big data set, a relationship or connection could be made, but that may not be easy, obvious or legal, or may be only accessible once other information comes to light – that is, retrospectively. An ODM spoke to the challenges in understanding the significance of individual pieces of information when they

Big Data and Intelligence in Practice 89 said that at their agency ‘we probably know what we hold but we don’t know what it means’. Big Data Increases Uncertainty in Assessments of Data Notwithstanding the stratospheric rise in the volume of data in the last decade, intelligence analysis remains ultimately an assessment of the unknown and uncertain. This research found that big data increases uncer­ tainty in individual pieces of data and can increase uncertainty in intelligence assessments. Uncertainty is central to intelligence, given its primary purpose is to reduce it (Omand 2020, p. 472). Uncertainty is ‘where we know that there is something we have incomplete or inaccurate knowledge of ’ (Agrell & Treverton 2015, p. 186). Most intelligence organisations use words of esti­ mative probability (e.g., unlikely, likely, almost certain) to communicate uncertainties in intelligence products (Mandel 2015). Uncertainty reflects the inadequacy of data and, while the assumption is this is usually due to a lack of information, the ambiguity that contributes to uncertainty can be aggra­ vated by an excess of data too (Betts 2007, pp. 30–31). Drawing on the above consideration of how an excess of data impacts knowledge, the focus in this section on how the lack of veracity or ability to verify big data, and the associated volume, can increase uncertainty in assessments. Many partici­ pants strongly expressed that intelligence is an assessment of the unknown and that an increase in data, especially fragmented data, does not equate to better intelligence or increased certainty. As one SDM put it: It is called intelligence for a reason. It’s not knowledge; it is an imperfect view of the world. It’s always going to be an imperfect view of the world and this idea that the more data you collect that you’ll end up with a perfect view of the world: it doesn’t work that way. Participants in this study indicated that one of the transformative changes resulting from big data is an increase in unknown unknowns. The boundless unknown unknowns are characterised as ignorance: ‘the fact of not knowing what we don’t know’ (Agrell & Treverton 2015, p. 186). Many participants gave examples of the kinds of unknown unknowns they were facing in their work, such as the level of scientific knowledge and awareness needed to understand emerging technologies and scientific breakthroughs and how they are applicable to national security threats. Others described the increased number of potential threat actors and threat vectors stemming from digital connectivity, while others still described challenges in understanding secondand third-order effects – or longer-term implications – of potential activities, policy choices and decisions due to the complexity of data abundance, digital connectivity and ubiquitous technology. Some participants described an increase in uncertainty in the data needed to form assessments, as this comment reflects:

90 Big Data and Intelligence in Practice That is the impact of big data in a practical sense: there is a lot more of it, we are much less certain on a single piece of data on whether it is what we want to see so we need to collect a lot more of it to make sure. (SDM) Participants raised concerns about the certainty, verifiability and accuracy of knowledge in the form of data or pieces of information in the big data environ­ ment. This includes bias, bias at scale, quality assurance in intelligence, as well as truth and accuracy of data. For example, user-generated content on social media and fitness applications, machine-to-machine communications about human activities and fragmentary data points cannot be made sense of in isolation. Participants talked about fragmented data in a way that is reflective of the 3V (volume, variety, velocity) (Kitchin 2014, p. 68; Laney 2001) and 5V (adding veracity and value) (Akhgar et al. 2015; van der Sloot, Broeders & Schrijvers 2016) definitions of big data and highlighted the implications of this for intelligence communities: So much of the data out there in the real world, changing every fifteen seconds, is no longer human communications for one thing, so machineto-machine communications and because of the churn in the amount and type of apps, harder for us to understand. (ODM) Additional examples provided by participants include data from mobile applications, streaming, IoT devices, and financial and business transactions, as well as user-generated data. The growth in data is not simply more whole pieces of information which are easily understood; rather much of the data is now machine to machine and small fragments of data with higher levels of uncertainty, and/or low quality (a hallmark of big data) that make little sense on their own, requiring data-matching to understand the context. There was an overwhelming sense amongst participants that managing data uncer­ tainty – and understanding what that means for assessment uncertainty – has become a much greater challenge with the advent of big data. Information Is Digested Differently by Decision-Makers How information is presented to and received by decision-makers forms a crucial component of how knowledge is used by intelligence and national security decision-makers. The people who use intelligence are referred to in the literature variously as decision-makers (Bearne et al. 2005; Friedman & Zeckhauser 2018; Marrin 2009; Van Puyvelde, Coulthart & Hossain 2017), consumers (Kent 1966; Laqueur 1993) and policy makers (Degaut 2015; Gookins 2008; Lowenthal 2012; Omand 2020). This section cannot possibly consider all the implications for decision-making resulting from big data in intelligence, but rather the focus is on the key impacts that, according to

Big Data and Intelligence in Practice 91 participants, affect the majority of agencies. Participants emphasised the sig­ nificance of how information is triaged and presented to decision-makers at all levels, and almost all participants indicated decision-makers, at all levels, are overwhelmed by the volume of information. The participants elaborated on the challenges facing current and future leaders in decision-making who must use large volumes of data to under­ stand the environment. One ISME described the kind of decision-making process they saw for policy makers: If you are in a decision-making position, you want information and opinions flowing from a variety of sources. And by and large, govern­ ments get that. If you take our system, a prime minister and ministers in our system, they have a flow of information to them from intelligence agencies, they have a flow of strategic assessment from the intelligence apparatus, they have a flow of information from policy departments and they have access to outside experts and most of them are intelligent enough to read newspapers and other things. Most participants posited a view that decision-makers at all levels and in all areas, including policy makers, and senior and operational decision-makers, are overloaded by information from a variety of feeds – even if they do not see the raw intelligence. This view is reflected by this SDM’s comment: ‘we’ve already hit the amount of information that a human can deal with and manage [in a decision-making and analytical context] and so we’ll be depen­ dent on machines just based on sheer volume’. Another participant noted they see the impact as ‘not only the speed to decision-making but also how informed the decisions are. I don’t think human beings can piece together, through sheer force of effort, all the data sets, and derive the insights that require massive processing’ (TECH). This challenge of information intake explained by an SDM provides insight into how information and intelligence will be understood quickly enough to make decisions in a time-critical military setting: The 5th generation military systems all hoover up data. The sheer volume of those practical communications considerations are now over­ whelming … There are so many physical data issues – especially if you have a number of assets in the field. The capacity of those physical pipes themselves is a challenge but it renders human analysis (at that speed) near impossible. So, then you have a problem of how do you present that volume of information to a human in a form they can digest to make a timely decision? Digesting the information and then making a decision quickly is going to be a huge challenge. Participants talked about different types of decisions that decision-makers would need to make, from strategic and often slower issues to immediate

92 Big Data and Intelligence in Practice tactical threats. Participants highlighted that many tactical decisions are time critical and characterised by ubiquitous technology, such as a plethora of battlefield sensors as well as digital connectivity – fusing together data from the environment – resulting in a more complex information ecosystem. Par­ ticipants from law enforcement indicated challenges in relation to making sense of data from financial and criminal intelligence. Another participant described a similar challenge – in relation to battle­ field data – arguing that both operators and machines need to have a very clear understanding of their rules of engagement, which they described as ‘their left and right of arc’ (TECH). ‘The machines around them [the opera­ tor – or human decision-maker] have to understand the rules of engagement, make sense of all the data and present a picture, a simple picture so they [the decision-maker] can make that decision’ (TECH). This participant raised launching air-to-air missiles or air-to-ground missiles as examples, but a number of participants raised the need for decision supports that can be understood by the person making a decision – ranging from tactical to stra­ tegic decisions: ‘We need the machine to come up with something that can be digested and understood by a human decision maker in a suitable timeframe’ (SDM). Participants also described what they saw as changing expectations of what constitutes knowledge for intelligence and how it is digested by highlevel users, such as government ministers. One participant described the changes caused by big data for these senior decision-makers from their perspective: I am running an organisation that is furnishing intelligence to policy makers … What I am experiencing is that certain leaders – either poli­ tical or policy leaders – it is quite an individual matter as to how they use intelligence, how they like to be fed intelligence, whether they have a conscious or unconscious bias towards what if you like what I call tra­ ditional HUMINT product versus intelligence product that has actually been derived using big data. Reflexively I would have a conscious bias towards data-derived insight, you know. Either in what it is pushing us towards or the area it is driving us towards or the individual, or the synthesis of say movement patterns of an individual to help us vector in on a particular person. I think that is always going to be of greater utility and value than non-data-derived information and intelligence. (SDM) A number of participants discussed the need to develop ‘placemats’, ‘dash­ boards’, ‘timelines’ and other visual methods of communicating big data and big data analytics for decision-makers, at all levels, but especially political decision-makers. One participant suggested improving intelligence products to reduce the overload on decision-makers and their integration ability, through multi-agency, all-source and academic or industry liaison:

Big Data and Intelligence in Practice 93 I think there’s a movement away from text. There’s that old discussion about who reads anything but the key judgements, the reality is one good infographic posted on a noticeboard in ten workplaces probably does better than a classified ten-page summary that goes to an over­ loaded decision-maker. If you’re trying to affect behaviours and deci­ sions, I think people are automatically looking for product that’s now fused, they don’t want to have to do it so they’re expecting you to consult with partners and produce something they can understand quickly. (SDM) This need to improve data fusion and continue developing visual methods of communication was raised by most participants. Whilst it was seen as a longstanding issue, many participants highlighted the ways that big data has exacerbated this challenge, including an increase in big data vendor visuali­ sations as well as decision-maker expectations about receiving fused and visually presented data.

Impact of Big Data on Intelligence as an Activity In order to understand how big data impacts intelligence activities, this sec­ tion first considers what constitutes intelligence activities. It then elucidates changes to the intelligence cycle that participants articulated as the most pressing or of the highest priority: collection, analysis, communicating intel­ ligence and sharing data. Kent’s (1966) classic definition of intelligence as an activity, somewhat tautologically, included the activities pursued by intelli­ gence organisations. Stout and Warner (2018, p. 517) explore the wide variety of activities contemporary intelligence agencies are involved in, concluding with a similar notion to Kent’s, that ‘intelligence’ is what intelligence agencies do. Scott and Jackson (2004, p. 141) argue that intelligence is understood as the process of gathering, analysing and making use of information. For the purposes of this book, intelligence activities are considered to be the activ­ ities undertaken by intelligence agencies, inclusive of the processes to achieve these activities. Notwithstanding the ongoing debate about the utility of the intelligence cycle (Agrell & Treverton 2015; Davies, Gustafson & Rigden 2013; Hulnick 2006; Phythian 2013; Stout & Warner 2018), it remains the primary tool for guiding intelligence activities performed by government agencies and is indispensable for practitioners (Davies, Gustafson & Rigden 2013; Phythian 2013; Stout & Warner 2018). Hence, it was referenced by interviewees and therefore in this book. The intelligence cycle includes a range of activities and stages which vary depending on jurisdiction, agency and task. It gen­ erally includes in some form: direction, collection and collation, analysis, production, dissemination and evaluation (Agrell & Treverton 2015; Aus­ tralian Army 2018; Coyne 2014; Davies, Gustafson & Rigden 2013; Evans

94 Big Data and Intelligence in Practice 2009; Hulnick 2006; Phythian 2013) although these do not necessarily occur in a linear fashion. All participants indicated that they and their agencies use publicly avail­ able big data platforms. The most often referenced were the obvious and omnipresent Google Search and Google Earth platforms, but participants discussed a wide range of analytical capabilities, including commercial offthe-shelf analytics platforms and bespoke niche data capabilities. This study has not been approved to name specific vendors or applications being used inside agencies. Many participants stated that they are not yet personally using intelligence-specific big data analytics – but that their agency had or was developing some niche or bespoke big data capability. Participants from just three of the eleven agencies indicated they and their agencies were not yet using big data at all; however, they acknowledged that they received product from intelligence agencies that use big data analytics. Participants provided examples of current and forthcoming changes as a result of big data in every area of the intelligence cycle. As one participant suggested: It’s hard to think … of any intelligence business that is not in some way touched by big data. If we do it right we can benefit from big data but even our most basic legacy systems weren’t built for it. (SDM) One SDM reflected many comments when discussing the increasingly large role of big data-enabled machine analytics: So, you are still engineering an intelligence cycle. I think just the machine is going to play some bigger part in that intelligence cycle than it had before. Rethinking what those steps are is going to be important, I think. Emerging from the interviews was a sense that big data has had an impact in three key activities of intelligence: collection, analysis, and communication or data sharing. Other activities were raised by participants but according to interviewees it is these three that are already impacted by big data. Intelligence Collection Participants from the vast majority of agencies indicated that data and information collection, including storing, collation and organisation of the data that is used to produce intelligence, is an area of intelligence activity already heavily impacted by big data. An abundance of data and datafication in society impacts bulk data collection, the role of secrecy in intelligence and the capacity to target human intelligence collection more effectively. There have not yet been any empirical analyses of the impact of big data on

Big Data and Intelligence in Practice 95 intelligence collection and this chapter explores the aspects of intelligence collection that are most affected by big data. Van Puyvelde, Coulthart and Hossain (2017) suggest that the volume of data would not significantly impact intelligence collection; however, participants in this study indicated that, in their intelligence work, both the volume and variety of big data has impacted collection significantly. Participants from some agencies raised the physical requirements for intelligence collection – largely data storage – as challenging and transformative. One outlined the practical issues many raised in the context of collection: The sheer volume of those practical communications considerations are now overwhelming. Take a Joint Strike Fighter for example. The data it collects needs to be piped – physically – elsewhere. There are so many physical data issues – especially if you have a number of assets in the field. (SDM) Brantly (2018, p. 562) asserts that different forms of intelligence will be challenged by the volume and velocity of the data being collected and analysed in different ways. This research supports this view empirically, but also highlights how different forms of intelligence are impacted. As highlighted in Chapter 3, the interview participants suggested that big data is impacting every aspect of agency intelligence collection, storage and analysis – in vary­ ing degrees in each agency. Participants talked about the challenges they face in collection from an intelligence discipline perspective,3 depending on the agency they work in. Participants with criminal intelligence, domestic secur­ ity and open-source experience highlighted volume as their primary collec­ tion challenge. Participants with human intelligence experience tended to raise collection challenges in relation to both volume and identifying the right data to answer an intelligence question or target their human intelli­ gence efforts more precisely. Participants with signals and geospatial intelli­ gence experience indicated that the vast majority of data collection has long occurred on digital platforms. Big data has still disrupted the work of signals and geospatial intelligence agencies; however, according to many of the interviewees, they were already at the ‘cusp of automation’. Participants in this study indicated, for example, that for intelligence collection, other than signals intelligence, the 5Vs of big data4 are an extant collection challenge. Participants with signals and geospatial intelligence experience acknowl­ edged a high level of automation and comfort with digital data collection, largely because they already collected digitally created information. One participant explained: ‘SIGINT has always been about big data. From the early days of radio waves to the current environment. At the heart of ASD’s mission is managing data and data sets’ (SDM). Whilst this means that the volume component of big data was not a paradigm shift for signals intelli­ gence, participants indicated that the jurisdictional component outlined in

96 Big Data and Intelligence in Practice Chapter 2 is transformational for signals intelligence agencies. A number of participants contrasted what they perceived to be high levels of data literacy within signals intelligence with where they perceived other agencies in the NIC to be still focused on managing digitisation and digital information. There was a variety of levels of exposure to big data among participants from the NIC agencies – interviewees with SIGINT experience expressed the most nuanced and comprehensive technical understanding. Intelligence agencies with both foreign and domestic foci expressed the need for greater data collection; however, the purpose and extent of collec­ tion were described differently. The importance of jurisdiction for intelligence agencies was explored in some detail in Chapter 2. This discussion showed that participants from foreign collection agencies expressed concern about compliant intelligence collection – that is, ensuring data collection occurred offshore and was about foreign individuals, their primary legislative mandate. In contrast, agencies with a domestic focus expressed that more data is often required to assess individual pieces of information and make sense of existing holdings. Participants with experience in domestic security expressed their concerns about gathering sufficient data to meet the thresholds to assess whether someone poses a security threat. As one participant explained: All of ASIO’s powers are premised on only interesting ourselves in things that are relevant to security, but there is a need to collect an awful lot of information to assess whether something is relevant to security, which is a well-established legal precept. (ODM) Another participant noted: ‘national security advice is what we do for our particular organisation, and it is around threats to security. So, everything we do is about transforming data into producing that national security advice’ (SDM). Another ODM outlined that the impact of big data on intelligence collection is primarily about the volume, velocity and lack of veracity in open-source data: So, in terms of what is available now versus when I started doing this job and the levels of classification is really important. Much of what is available isn’t classified or isn’t highly classified and that makes a big difference to us. So, the area I work in we spend a lot of time on identifying people and working out who they are and that is largely done on unclassified data, which you’d call big data. In my area of coun­ ter-terrorism work, we deal with incoming information that is unattributed. Gill and Phythian (2006) argue that the growing variety of data now col­ lected in bulk – sometimes referred to as bulk collection – which includes numbers, words, audio, video, GPS locators and digital trails – seems to

Big Data and Intelligence in Practice 97 subvert one of the principles traditionally held to govern intelligence collec­ tion: that the more secret methods will only be used once the less secret have been tried and failed. Further they argue that this ‘bulk collection’ is now routine and, in a reversal of the ‘normal’ process, precedes targeting (Gill & Phythian 2006). In contrast to this assertion, many participants indicated that bulk data collection is no longer ‘a secret method’ of intelligence col­ lection; instead, data is collected in bulk by private companies directly from individuals. Participants in this study agreed that the growing variety was a key change brought about by big data – and a challenge. As one participant noted: ‘The thing that big data has changed in this organisation in my opi­ nion is the diversity and range of data we collect’ (ODM). Throughout the discussion this participant noted that the diversity and range of data include ‘warranted collect’,5 and includes video, text, audio and information from and about people themselves. Participants in this study indicated that the type and extent of collection was very agency and mission dependent. Some participants indicated they undertake no bulk data collection, while others indicated that they collect large volumes of data, as explained by this participant: The space that we are in now is just collecting masses of information to then apply filters about what is a profile of a person who is engaging in activity that is prejudicial to security – what does that look like, and so sucking them out of the data. So, the original collect is much bigger than it used to be. (ODM) In contrast to the growing volumes of digital collection, human intelligence collection remains relatively static in aggregate volume over time; although there are increases and decreases in the number and quality of human assets, they do not experience linear or even exponential growth patterns (Brantly 2018, p. 562). The same is not true for virtually all other forms of digitised intelligence collection (Brantly 2018, p. 562). Participants from agencies that collect human intelligence indicated that, while human collection might not have grown exponentially, the way data collection has, big data is being used to improve the focus and success of human source intelligence. It is used to increase the richness and insight of ‘small data’. One participant described that ‘we are seeking to manage what has been a fundamentally human pur­ suit and complementing that with data’ (SDM). An example of this is using big data analytics to identify people working in governments overseas who are best placed to provide human source intelligence on specific issues. One participant described how big data can helping to target the best human intelligence: If you turn the clock back decades I think that human intelligence organisations used relationships and cultivated relationships to obtain

98 Big Data and Intelligence in Practice information and, without sounding overly critical, it was a bit hit and miss. Clearly the nature of what we do now is very forensic. It needs to be very specific and data can assist us [to] vector into answering the sort of questions that people are asking us to obtain answers for by over­ laying the fusion of data, interrogating the data to bring our people either in a virtual or real way together. It’s all of that. It’s an incredibly important component to make us effective and efficient as an organisation. (SDM) Big data impacts collection of all types of intelligence, albeit in different ways. Participants highlighted intelligence collection challenges from an intelligence discipline perspective, explaining the differences in the impact of big data on human source, geospatial, signals, criminal and security intelli­ gence. In participants’ views the abundance of data and datafication in society impacts bulk data collection, the role of secrecy in intelligence and the capacity to target human intelligence collection more effectively. Intelligence Analysis Big data is modernising analysis, in society and in intelligence agencies. Analysis is the application of knowledge, reasoning and methods to transform raw data and information collected from multiple sources into informational outputs (assessments, forecasts and explanations) that are useful for decision-making (Van Puyvelde, Coulthart & Hossain 2017). Big data has created new technologies and capabilities and expanded the capacity to analyse raw data. Analysis – the process used to turn information into intelligence assessment or advice – is considered fundamental to intelligence (Lowenthal 2012) and the cognitively challenging aspect of the intelligence process (George & Bruce 2014, p. 3). The type of analysis conducted and the analytical tools chosen in the intelligence profession to complete the task vary significantly, depending on the topic of analysis, domain (such as domestic, foreign or law enforcement intelligence), type of agency (collection, coordination, assessment and law enforcement), intelligence question being answered, type of delivery (i.e., briefing, written assessment, raw data check) and timeframe to complete, as well as the collection resources and available data (Heuer 1999; Joint Chiefs of Staff 2017). This section cannot possibly consider all the implications of big data for intelligence analysis but rather focuses on a few that, according to participants, affect the majority of agencies. Participants indicated that analysis is an area of intelligence production that big data is in the process of transforming – but in ways that are not widespread in practice yet, due to the current heavy reliance on manual analysis. Big data has the potential to change intelligence agencies’ use of indicators and data for purposes vastly different to the purpose of collection.

Big Data and Intelligence in Practice 99 Manual analysis Participants repeatedly raised how manual their analytical work is and the potential of big data to modernise and improve this process. An ISME, who has contemporary and comprehensive knowledge of all agencies in the NIC, outlined a view reflective of the participants’ comments: ‘I think all agencies struggle with the really high-level analytics skill … Particularly agencies who up to now haven’t really needed to work with data and information technol­ ogy and analytics – they have had a more old-fashioned paper approach!’ Participants highlighted that much of their analytical work is manual: ‘We work in a fairly manual environment, while we wish it wasn’t!’ (ODM). Many participants indicated that manual analysis includes individually running checks on entities, integrating data from a range of platforms and working simultaneously on different systems, due to classification restrictions. In response to a question about the contemporary challenges of big data for intelligence analysis, one participant noted: It’s got to be the IT infrastructure that underpins it, or the issue that I talked about before where we still have to run things manually. It is the connection of all the systems. At the moment there is just so much handrolic [sic] processing … We just don’t have a modern IT infrastructure. (SDM) The vast majority of participants highlighted that the priority for their work and agencies includes bringing data sets together for analysis. Participants described the challenges they experience in integrating data, such as: For me and my team it is primarily about identifying people, so we get a lot of reporting on people who are at best partially identified and some­ times very little identifying information … Some of it is open source but also law enforcement and government data, integrating stuff is what we are talking about. So, a lot of that is done at the big end of data and then the assessing the threat is done with more traditional intelligence reporting. So that’s how it works for my area. (ODM) When asked about the use of big data technologies to synthesise data sets, the participant replied: We’ve struggled with not very large-scale data … We get kind of big lists of people, in the thousands, and we need to assess the threat those people pose, get them watch listed to manage the threat. So, we are now managing but it’s harder than it should be. So, that’s kind of my experi­ ence, it’s a niche part of it. That’s not as easy as it should be. Say thirty

100 Big Data and Intelligence in Practice thousand entities isn’t such a big data set but getting it user friendly and able to do something with it is much harder. (ODM) Automation of data ingestion was generally described by participants as the first aspect of technical and analytical improvement required. A number of agencies who already have a high level of organisational data literacy and sophistication already automate data ingestion. However, participants indi­ cated that, in order to achieve big data analytics capabilities, agencies need to invest in the foundational components of data and information management. This participant’s comments reflect the majority of views from non-technical collection agencies: ‘Where I would say we have put most of our efforts so far is around how to order, structure and collate data in ways we haven’t been able to before. That is at this point the priority’ (SDM). Analysis using indicators Big data has created such an abundance of data (Reinsel, Gantz & Rydning 2018) that intelligence agencies are not able to ‘collect’ all the information that may be used to make intelligence assessments relating to national security (Omand & Phythian 2018). Omand, Bartlett and Miller (2012) refer to this as ‘access’ to indicate a very different process from traditional intelli­ gence collection. The question of how to access, collect or analyse data which you are unable to hold in totality, while appearing to be solely about collec­ tion, stems from the need to analyse the data. Despite being seeming self evident, participantsDespite being seeming self evident, participants indi­ cated that intelligence agencies cannot hope to acquire all the information they need internally. This which prompted discussion about whether and how to create indicators for analysis of accessible and possibly existing data, rather than solely collected intelligence. Use of indicators is common intelligence analysis practice which provides ‘an objective baseline for tracking events or targets, indicators instil rigor into the analytic process and enhance the credibility of analytic judgments’ (US Government 2009, p. 12). Indicators – or signposts – ‘are a list of observable events that one would expect to see if a postulated situation is developing’ (US Government 2009, p. 12) and are often used to understand intelligence pro­ blems such as economic reform, military modernisation, political instability, crime trends, illicit drug importations, weapons of mass destruction capabilities such as nuclear reactor development, and extremist radicalisation. Nearly 40 per cent of participants in this research discussed the need to use indicators in a big data context. Some agencies have long used industrybased indicators, such as AUSTRAC for financial intelligence analysis, how­ ever for some intelligence agencies it is relatively a new approach to intelli­ gence (Hammond-Errey 2023). According to several participants, the use of indicators is for their organisation a new approach to intelligence. They

Big Data and Intelligence in Practice 101 stated that big data accelerates the need for indicators, requiring a clear understanding of the objectives of collection and directing it specifically, as one participant suggested: In terms of collection or acquisition of data … The model to this point [in time] has been all about acquisition [of data – traditional intelligence collection] and I think there are other models we could look to, so basi­ cally putting our indicators out into the world and having subsets of data of interest coming back to us, rather than having to deal with great big firehoses of data coming in. (SDM) One participant defined what they thought using indicators for analysis would look like from a conceptual perspective: The ideal would be having the right information at the right time avail­ able in the right programs. It doesn’t necessarily mean we hold it all here, but rather that we know what’s available out there, that we know how to access and we are able to access it when we need to access it – and that that whole process becomes simpler [and streamlined]. It might mean a change in mindset from we own [or collect] it to we can access it; we know where it is, we have the authorisation to access it under certain conditions that we’re comfortable we can meet. (ODM) Another participant described how indicators might work in practice: You have the concept of using edge analytics, so pushing out the things we are interested in to partners. There is a choice here about whether you do that, push indicators out, or bring in all the data and analyse it internally and running analytics across it. There is a lot of inherent risk in taking on someone else’s data and looking at it for a very specific purpose but there is also an obligation to conduct a fulsome analysis of all that data to ensure there are no other threats there and so that’s a big risk to take on from that perspective. The more data you get the more risk you have as well. (ODM) Big data has increased the premium of indicators for intelligence analysis. Additionally, big data is significantly impacting who is collecting the data which may be related to those indicators. Participants discussed this with examples that show how the use of indicatros in intelligence is currently expanding from traditionally regulated industries such as finance and tele­ communications companies to include a much larger group of private-sector entities. One participant discussed this with a specific retailer as an example:

102 Big Data and Intelligence in Practice ‘Rather than going to Bunnings and asking for all customer data, can you [have a relationship with] Bunnings and say I want to know in real time if someone buys this chemical or that weapon?’ (SDM). Another participant outlined what this actually looks like for intelligence practitioners: If you talk about the CT [counter-terrorism] context … We know a lot about terrorism and terrorists, and we know what kind of activities they engage in. So, if we look at our historical holdings, previous incidents from here and overseas and then we identify various indicators, the indicators that people exhibit whether that’s behavioural or activity … We are taking an evidence-based approach. We have seen these things in the past and you work on the principle of past activity is the best indi­ cator of future activity. So, we identify indicators, behavioural and activity based, that we think a terrorist would display and then we look for and think if we were to detect those in data sets, what data sets would they sit in? We look to obtain those data sets and run the analy­ tics. It sounds very simple but that’s a bit of a bifurcated view … Some indicators are more meaningful than others, so we weight them and then you’ve got to aggregate them. Then you look for a picture where an individual displays a number of the indicators – and we then focus on that individual to move to other techniques of intelligence collection. (ODM) The big data landscape offers the possibility of large-scale data analysis to inform indicators. Since intelligence agencies increasingly need to mix internally held data with external data, participants suggested they need to increase engagement with stakeholders. Participants indicated that big data has changed the kinds of companies intelligence agencies need to liaise with, based on who holds the data that might match indicators for analysis. Examples include developing indicators of activities such as radicalisation and engaging with industry to identify activities or individuals involved. For example, large-scale data sets, such as purchase lists for weapons or chemicals, could be matched with intelligence holdings, ideally in real time (Hammond-Errey 2023). Several participants touched on the challenges of engaging with data owners and creators for indicators, such as technology companies and application developers. In this way, participants saw using indicators for intelligence analysis – including the engagement to set up this process – as a significant change from the old ways of collecting intelligence. Communicating Intelligence and Sharing Data with Decision-Makers Big data impacts the communication of intelligence and requires improved digital methods of communicating intelligence to decision-makers. A large number of participants, representing all agencies, talked about a variety of

Big Data and Intelligence in Practice 103 challenges in sharing digital information with their key stakeholders includ­ ing ministers, internal decision-makers and other government agencies. Bar­ riers to sharing information digitally emerged from the participant data as one of the primary challenges of big data for intelligence operations. Participants highlighted their (in)ability to acquire and share digital infor­ mation effectively within intelligence agencies, discussed in the next section, but also with various arms of government and more broadly between nations. The challenge of sharing digitised information and intelligence emerged as a theme throughout the interviews: ‘We also have the difficulty of sharing – a huge practical challenge to share with even our intelligence partners and across whole of government’ (SDM). Another participant highlighted what this might look like practically: Some of the things we are talking about at the moment is the way in which we acquire data. So, we literally acquire data on a disk, walking it from one department to another, when the data itself is not top secret; it might be maximum protected level. With things like that can we work out a way to exchange data. Seriously can we do that! (SDM) Participants outlined the continuing use of manual processes for engaging and sharing, which often including printed paper copies, sharing information on disks, or manual emailing to group inboxes. What participants raised as key to data sharing across the NIC were the challenges of the requirement to operate multiple computer systems at different security classifications. Whilst this is a challenge that predates big data, participants explained that what has changed is that the technical ability to analyse across platforms exists and is now needed to leverage the technology. According to interviewees, the contemporary infrastructure of the NIC – digital and physical – is challenged by the features of big data. A large number of participants, representing all agencies, talked about a variety of challenges still present in sharing digital information with each other and key stakeholders such as ministers and whole of government (note that the interviews were undertaken prior to COVID-19): I think part of the challenge [of new technologies] will be the speed and ubiquity with which we get intelligence to government is going to be brought forward. You know pushing a cart around the corridor with pieces of paper in it. That is ludicrous. It is not what a Prime Minister would expect when they consume everything else on an iPad. (SDM) A number of participants indicated the challenges in developing and imple­ menting sharing policies internationally and domestically: ‘It is also difficult to achieve whole-of-government and Five Eye policy on this’ (SDM). One

104 Big Data and Intelligence in Practice participant explained what this means in practice and the obstacles to working as a community: We are not really set up to move information around and tap into each other’s systems as well. Not being able to do that is part of that risk picture as well. I don’t want to be a part of the national security community that had access to information as part of my work over here that wasn’t made available over there that would have been able to mitigate a risk or to identify and disrupt a threat. So, we are not exactly fit for purpose in terms of being able to operate as a community in the data environment. (SDM) Communication forms the link between collection, analysis and decisionmaking, and is therefore a critical, but often under-considered, component of intelligence. In the intelligence cycle it is usually referred to as dissemination. Communication of intelligence is often considered the ‘end’ of the intelli­ gence cycle, when a completed analytical product or assessment is delivered to a decision-maker. Often, in the case tactical decision-making, the connec­ tions are relatively simple, such as identities, relationships, connections with other entities (such as people, places and things). In the case of strategic assessments these might be significantly complex issues that require insight. An example might be how COVID-19 works and why certain vaccines might be better investments than others, the types of military capabilities an adversary is believed to have, or what crime trends Australia might face in the future. The requirement to communicate effectively remains extant in a big data world, which is, as this ISME pointed out, important in leadership: I think the responsibility of leaders in intelligence agencies is to ensure that the presentation of their information to decision-makers is properly balanced in articulating what is definitively known, what is an opinion and what is not known. I don’t think that always happens … (ISME) The big data landscape has created more decision-makers in sectors not previously associated with the intelligence community, such as the technology industry, universities, media, non-government organisations and state and territory governments. There is a need for increased engagement with non­ traditional stakeholders on specific threats such as cyber-attacks and espio­ nage as well as seeking information from industry to help understand the threat landscape and identify offenders.

Impact of Big Data Landscape on Intelligence as an Organisation This section explores the impact of big data on intelligence as an organisa­ tion. Lowenthal (2012) argues that we should think of intelligence as

Big Data and Intelligence in Practice 105 organisation, as the agencies and departments that form the intelligence community and Omand (2010) refers to building intelligence communities. Kent (1966, p. 69) defined intelligence organisation as: ‘Intelligence is an institution; it is a physical organization of living people which pursues the special kind of knowledge at issue’. Included in Kent’s definition of intelli­ gence as an organisation are the organisations themselves, recruitment of staff, essential qualities of intelligence officers, training, characteristics of teams and the organisational ability to produce intelligence of a certain standard (Kent 1966, pp. 69–77). Intelligence as an organisation here is intended to cover the individual agencies as well as the NIC. Participants expressed the view that big data heralds unprecedented chan­ ges to and across the NIC, some specific to individual organisations and others affecting the NIC as a community. Many participants identified issues, such as automation, skills and availability of workforces, technology access and data science frameworks, which are felt more widely across society and as such will not be discussed in depth in this book. This section examines whole-of-community impacts of big data on intelligence as an organisation that emerged from the data, and argues that big data has exacerbated exist­ ing challenges and created new ones for data sharing across the NIC. Big data is having, and will continue to have, a significant impact on the role of the analyst in intelligence production, with three models discussed. This section shows that big data is impacting individual agencies, but also the way the NIC is organised and operates as a community. Data sharing within the National Intelligence Community Participants described that the existing infrastructure is not set up to share or collaborate effectively between the AIC and the broader NIC, and they characterised many ICT systems as not fit for purpose across the whole community. Examples included the inability to communicate digitally across all agencies, including data sharing, email and video conferencing facilities. This challenge was exacerbated between different classifications, systems and agencies. Many participants talked about the challenges of the AIC and NIC having different operating systems. This SDM’s comment captures the diffi­ culty: ‘the six agencies that used to be the AIC all largely operate at top secret. The other four primarily operate at the protected level.’ The SDM went on to explain: that’s a big challenge for us because most of the data here is useful for them and most of the data there is useful to us. So, there is a big chal­ lenge about how you match that up and enable us to leverage all the data together. By design, it is difficult to transfer information between IT systems at each of the electronic classification tiers. Each have different requirements in terms of

106 Big Data and Intelligence in Practice access, IT robustness measures, storage length and protection measures, level of isolation from the internet and analytical capabilities. This means that different work needs to occur on different systems and is largely manually moved. Some of the elements of this were described by an ODM: I think the first impact [of big data] on the Australian national security community is the ability to store all of it in a concise and shareable fashion because all of the tools and infrastructure we currently have were based on and built for a very different age and different types of collection. This participant highlighted the individual systems in a range of different intelligence collection disciplines and went on to explain how this is being addressed: Nobody really foresaw this exponential growth and so as a result it is constant catch-up of bolt-on systems and trying to put things in different buckets to enable really bespoke capabilities to be stood up, which par­ ticularly in an operational sense we need to do to ensure the data can be triaged and analysed. (ODM) The challenge of sharing digital intelligence, let alone conducting big data analytics, between the AIC and new NIC agencies emerged as a theme throughout the interviews. Technical challenges facing the NIC seem to be exacerbating the existing challenges of establishing connectivity between sys­ tems which operate on different classification levels and leveraging data holdings across the entire community. Another participant, while discussing systems, inadvertently covered the feeling many participants raised of a lack of (or perceived lack of) respect for the capabilities, skills and assets organisations bring to the whole community. This SDM noted: I think that NIC is a really interesting place at the moment because half of the NIC is very comfortable sitting at TS [top secret] and the other half loves unclassified and both of us look at each other going how do you do your business like that? I think that’s something I think there needs to be a bit more, I think there’s some acceptance that we’re different, but I don’t know if there’s much respect in that acceptance. As one participant suggested: It probably requires us to be more integrated as an AIC … I think it requires we have closer integration with the other agencies, because if data going beyond the individual’s ability to conceptualise forms a larger part of our sources then we need to be more aware of it. (ODM)

Big Data and Intelligence in Practice 107 One participant raised the challenges of data sets held in different agencies and systems and suggested that in order to succeed with big data agencies need to update their mindsets: I think the intel community and Australia generally is still stuck in the second industrial mindset. The Australian Government is very siloed in that regard … The thing about big data is that if you want to make best use of it, you have to do it at scale … You have to be non-discriminatory about the sharing to get the most out of it. [The intel community] are still very much operating in the second industrial revolution mentality – and that is slow. It is bureaucratised, it is hierarchical, it is full of checks and balances that are appropriate to democracy but also reflect a particular time and place. (ISME) Impact of Big Data on the Role of the Analyst Participants described how big data is changing the ways that intelligence is collated and compiled for analysis, including the role of the analyst in intel­ ligence work. Whilst the role of analysts in intelligence was not specifically raised by the interviewer, many of the SDM and ISME participants proac­ tively talked about the impact of big data on the way intelligence analysts currently operate and could operate in the future. Emerging from the data were differing schools of thought on the way that intelligence agencies and the intelligence community might conduct intelligence activities and what role analysts would play in this process. These are covered in turn in this section. Participants described the current model as ‘analyst-centric’, that is, the analyst is at the centre, directing the intelligence cycle. Some participants felt analysts are able to use new technologies within the existing model. One participant described it in this way: ‘We are still in a paradigm where the analyst is at the centre’ (SDM). Another participant suggested that big data analytics could be used to improve the analyst-centric model: The thinking would be around finding ways to give time back to analysts to enable them to have space to go after the problems, to solving pro­ blems and looking at the implications of what the data says rather than ordering and collating the data itself. (SDM) Van Puyvelde, Coulthart and Hossain (2017, p. 1412) assert that data analy­ tics can contribute to intelligence analysis but not replace it, because analysis is a human activity that requires judgement and contextualisation. This research study shows continued support for this school of thought, especially in security and assessment agencies, and many participants contributed

108 Big Data and Intelligence in Practice insights into areas where big data technologies could support human analysis to retain accountability, judgement and contextualisation. However, this study goes further to examine another perspective raised by participants, namely that big data will see a removal of the analyst from the centre of the intelligence analysis process – transforming, but not completely removing, the role of the analyst. This perspective presented by participant data is about changing the paradigm from an analyst – or individual person – driven model. This view was posited by the head of an intelligence agency who saw big data as refocusing analytical effort away from routine data compilation and briefings – often a core part of intelligence work: Intelligence will be served up in a simple and individual way … An incredible amount of time is wasted at the moment fighting for infor­ mation or finding information and I think that the prospects as we get better with data analytics, machine learning and all of that … I think that my successor’s successor would come to the office in the morning and immediately be served up a palette of information and intelligence very much individualised to my responsibilities. The stuff I need to worry about. You know, an Australian has been kidnapped in Somalia over­ night and therefore it now has importance and therefore I am going to need a battle track if you like, almost on an hourly basis, any develop­ ments on that. The ability using data, using analytics, using machine learning and the like to be able to save a whole lot of time and money and with my fingerprint or eyeball or whatever I am served up a palette of high-quality intelligence or information in a compressed period of time would mean it saves an incredible amount of time. (SDM) The perspective that big data will move intelligence organisations away from an analyst-driven model was raised by participants from a number of agen­ cies and disciplines; however, it was described in most detail in relation to geospatial intelligence (GEOINT): Big data will transition us from the old intelligence paradigm where the insights were derived from the genius of the analyst by getting themselves across the whole range of sources and being steeped in the subject matter. There will be less of that and more just crunching the numbers and massive processing power. The analyst will still be critical and we will still require the analyst to guide the machine, you assume, for the foreseeable future but there will be less interpretation of raw intelligence. In our case, imagery. There should be less eyes on imagery and much more eyes on databases that the computer has derived from imagery. Much more human–machine interaction and it should mean a really significant increase in the production of intelligence. I guess intelligence might change from being the first, second even third level of the

Big Data and Intelligence in Practice 109 interpretation of raw data to something much more insightful. That raw data would just be considered observations, not being intelligence in and of themselves but populating a computer-generated database from which the real intelligence is drawn. So, it should speed things up, it should mean in theory that we are making much better judgements and we are getting across things that we didn’t have time to do in the past. I say all of this in theory because at the moment it is all theory. In our discipline of GEOINT, none of it has been applied in anger yet – not in a serious way. We have the massive databases; we do not have the technology to make sense of them for us. So, we are still in the analyst-centric paradigm. (SDM) The desire to have intelligence analysts focused on ‘higher-level’ analysis – further away from raw data processing – was universal. Participants from all agencies and intelligence types described an aspiration for intelligence ana­ lysts to be ‘pushed’ relevant information from automated processes and for big data to enable more space and time for human analysis. Almost all par­ ticipants fell into one of the above perspectives in the model of intelligence delivery. A large number of participants raised various industries as examples of how automation and augmentation are taking over large swathes of pro­ fessional and analytical jobs and revolutionising the future of work. The ideas referenced were closely aligned with the work of renowned economist Baldwin (2019), who argues that new technologies are causing digital dis­ ruption far greater than we realise and are already transforming analytical work. There was also an entirely different perspective – from a few participants – that the big data landscape is the starting point for the complete removal of analysts from the intelligence activity. There was not time to explore this in detail, but one participant commented that they foresaw a world where ana­ lysts are redundant: ‘I see in the short term – five to ten years – the analyst being augmented by these capabilities. But after that, I can’t see a future where analysts are not replaced by machines’ (SDM). Another SDM outlined a similar perspective: I think in the short term – next five years to ten – we will start to intro­ duce and utilise these systems [AI to improve intelligence production] to an increasing degree, up to the point where they start to become more capable than humans do. At which point the evolution would be com­ plete. I do not believe any of us understand the future we are about to step into. The analyst has been at the centre of intelligence since the profession began. Over time, technology has increasingly supported the analyst, but the tools and techniques have been largely analyst driven or initiated. However, the big

110 Big Data and Intelligence in Practice data landscape has the potential to transform the role of the analyst in intelligence completely. This chapter evidenced some of the most significant and specific impacts of big data for intelligence agencies and the production of intelligence. Data abundance, digital connectivity and ubiquitous technology affect agencies throughout the intelligence cycle. Big data is evolving the way that national security agencies operate, particularly changing intelligence as knowledge, an activity and an organisation. The first section in this chapter demonstrated how intelligence as knowledge is undergoing change in a big data-enabled world. Big data is changing the kind of knowledge needed for intelligence, as well as the gaps in knowledge, including what it is to ‘know’ something. According to participants, this necessitates intelligence activity becoming more purposeful. Big data has also increased uncertainty in individual data points and in some intelligence assessments, and it is changing how intelli­ gence is received, digested and understood by decision-makers. The second section explored the impact of big data on intelligence activities, examining what constitutes intelligence activities before detailing some of the changes to the intelligence cycle that participants articulated as the most pressing or of the highest priority: collection, analysis, and communicating intelligence and sharing data. The final section examined the impacts of big data on intelli­ gence as an organisation, and on the NIC as a whole community. It showed that big data exacerbates existing challenges and creates new ones for data sharing across the NIC and impacts the role of the analyst in intelligence production, with three models discussed. This chapter shows that big data is transforming how intelligence is practised as knowledge, activities and organisation.

Notes 1 An abundance of data (and sometimes the absence of it) enables those who collect it to make inferences about the beliefs, values, preferences, psychological state, and intimate details of those who produce it, including people’s feelings and vulner­ abilities. These inferences are made about individuals, often without their knowl­ edge, by the aggregation of data collected from seemingly mundane activities. In short, big data has exploded the scope of personal and personally identifiable information. Some data is individualised and some of it is collected in so-called ‘anonymised’ data sets, although almost all of it can be re-identified to the indivi­ dual level. It is possible to build an increasingly comprehensive picture about people and things from data alone, even if that data is anonymised. (HammondErrey 2022). 2 In the UK and Australia there is limited research or commentary with figures. Australian Government reports show that all agencies distinguish between opensource information (meaning unprotected publicly available information) and pri­ vate information (where the originator of the information has taken steps to pro­ tect or add privacy restrictions), even though the information may be accessible via an open-source medium, such as a social media platform (IGIS 2018, p. 41). 3 An overview of the types of intelligence collection by discipline can be found in Appendix B.

Big Data and Intelligence in Practice 111 4 As covered earlier, the 5Vs of big data are: volume, velocity and variety (Laney 2001), veracity (uncertainty and inconsistency in data) and value (insights into and from data) (Akhgar et al. 2015; van der Sloot, Broeders & Schrijvers 2016). 5 Warranted collect was described by participants as information collected using special powers set out in their agency’s legislation such as the Australian Security Intelligence Organisation Act 1979 and Telecommunications (Interception and Access) Act 1979.

References Agrell, W & Treverton, GF 2015, National intelligence and science: beyond the great divide in analysis and policy, Oxford University Press, Oxford. Akhgar, B, Saathoff, GB, Arabnia, H, Hill, R, Staniforth, A & Bayerl, PS 2015, Application of big data for national security: a practitioner’s guide to emerging technologies, Waltham Elsevier, Amsterdam. Australian Army 2018, Land warfare doctrine 2–0: intelligence 2018, Australian Army, Canberra. Australian Security Intelligence Organisation Act 1979 (Cwlth) 1979, accessed 20 May 2023, https://www.legislation.gov.au/Details/C2022C00162. Baldwin, R 2019, The globotics upheaval: globalisation, robotics and the future of work, Orion, London. Bearne, S, Oliker, O, O’Brien, KA & Rathmell, A 2005, National security decision-making structures and security sector reform, RAND Corporation, Santa Monica, CA. Betts, RK 2007, Enemies of intelligence: knowledge and power in American national security, Columbia University Press, New York. Blazquez, D & Domenech, J 2018, ‘Big data sources and methods for social and economic analyses’, Technological Forecasting and Social Change, vol. 130, pp. 99– 113. Brantly, AF 2018, ‘When everything becomes intelligence: machine learning and the connected world’, Intelligence and National Security, vol. 33, no. 4, pp. 562–573. Burnett, M, Wooding, P & Prekop, P 2005, Sense making in the Australian Defence Organisation (ADO) intelligence community, DSTO, Edinburgh, SA. Chesterman, S 2011, One nation under surveillance: a new social contract to defend freedom without sacrificing liberty, Oxford University Press, New York. Coyne, J 2014, ‘Strategic intelligence in law enforcement: anticipating transnational organised crime’, PhD thesis, Queensland University of Technology. Cruickshank, I 2019, ‘On data science and intelligence analysis’, Military Intelligence, July–September, pp. 29–32. Davies, PHJ, Gustafson, K & Rigden, I 2013, ‘The intelligence cycle is dead, long live the intelligence cycle: rethinking intelligence fundamentals for a new intelligence doctrine’ in M Phythian (ed.), Understanding the intelligence cycle, Routledge, London, pp. 56–75. Degaut, M 2015, ‘Spies and policymakers: intelligence in the information age’, Intelligence and National Security, vol. 31, no. 4, pp. 509–531. Evans, G 2009, ‘Rethinking military intelligence failure – putting the wheels back on the intelligence cycle’, Defence Studies, vol. 9, no. 1, pp. 22–46. Friedman, JA & Zeckhauser, R 2018, ‘Analytic confidence and political decisionmaking: theoretical principles and experimental evidence from national security professionals’, Political Psychology, vol. 39, no. 5, pp. 1069–1087.

112 Big Data and Intelligence in Practice George, RZ & Bruce, JB, eds., 2014, Analyzing intelligence: national security practitioners’ perspectives, 2nd edn, Georgetown University Press, Washington, DC. Gill, P & Phythian, M 2006, Intelligence in an insecure world, Wiley, Hoboken, NJ. Goldman, J 2018, ‘The ethics of research in intelligence studies: scholarship in an emerging discipline’, International Journal of Intelligence and CounterIntelligence, vol. 31, no. 2, pp. 342–356. Gookins, AJ 2008, ‘The role of intelligence in policy making’, SAIS Review, vol. 28, no. 1, pp. 65–73. Gordon, S 2017, A conversation with Sue Gordon Principal Deputy Director of National Intelligence, Walter E. Washington Convention Center, Washington, D.C., 7 September. Hammond-Errey, M 2022, Big data and national security: A guide for Australian pol­ icymakers, Lowy Institute, Sydney. Hammond-Errey, M 2023, Secrecy, sovereignty and sharing: How data and emerging technologies are transforming intelligence, United States Studies Centre at the University of Sydney, Sydney. Herman, M 2001, Intelligence services in the information age: theory and practice, Frank Cass, London. Hershkovitz, S 2019, ‘How tech is transforming the intelligence industry’, Tech Crunch, 10 August, https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch. com/2019/08/10/how-tech-is-transforming-the-intelligence-industry/amp/. Heuer, RJ 1999, Psychology of intelligence analysis, Center for the Study of Intelligence, Central Intelligence Agency, Washington, DC. Hulnick, AS 2006, ‘What’s wrong with the intelligence cycle’, Intelligence and National Security, vol. 21, no. 6, pp. 959–979. Hulnick, AS 2010, ‘The downside of open source intelligence’, International Journal of Intelligence and CounterIntelligence, vol. 15, no. 4, pp. 565–579. IGIS (Inspector-General of Intelligence and Security) 2018, 2017–2018 annual report, Commonwealth of Australia, Canberra. Joint Chiefs of Staff 2017, Joint and national intelligence support to military operations, Joint Chiefs of Staff, Washington, DC. Kent, S 1966, Strategic intelligence for American world policy, Princeton University Press, Princeton, NJ. Kitchin, R 2014, The data revolution: big data, open data, data infrastructures & their consequences, Sage, London. Laney, D 2001, ‘3D data management: controlling data volume velocity and variety’, META Delta, 6 February. Laqueur, W 1993, The uses and limits of intelligence, Transaction Publishers, Piscat­ away, NJ. Lim, K 2015, ‘Big data and strategic intelligence’, Intelligence and National Security, vol. 31, no. 4, pp. 619–635. Lowenthal, MM 2012, Intelligence: from secrets to policy, 5th edn, Sage/CQ Press, Los Angeles, CA. Mandel, DR 2015, ‘Accuracy of intelligence forecasts from the intelligence consumer’s perspective’, Policy Insights from the Behavioral and Brain Sciences, vol. 2, no. 1, pp. 111–120. Marrin, S 2009, ‘Intelligence analysis and decision-making’, in P Gill, S Marrin & M Phythian (eds), Intelligence theory: key questions and debates, Routledge, New York, pp. 131–150.

Big Data and Intelligence in Practice 113 Omand, D 2010, Securing the state, Columbia University Press, New York. Omand, D 2013, ‘Securing the state: national security and secret intelligence’, Prism: A Journal of the Center for Complex Operations, vol. 4, no. 3, pp. 14–27. Omand, D 2020, ‘Reflections on intelligence analysts and policymakers’, International Journal of Intelligence and CounterIntelligence, vol. 33, no. 3, pp. 471–482. Omand, D, Bartlett, J & Miller, C 2012, #Intelligence, Demos, London. Phythian, M (ed.) 2013, Understanding the intelligence cycle, Routledge, Abingdon. Reinsel, D, Gantz, J & Rydning, J 2018, The digitization of the world from edge to core (IDC White Paper), IDC, Needham, MA. Scott, L & Jackson, P 2004, ‘The study of intelligence in theory and practice’, Intelligence and National Security, vol. 19, no. 2, pp. 139–169. Stout, M & Warner, M 2018, ‘Intelligence is as intelligence does’, Intelligence and National Security, vol. 33, no. 4, pp. 517–526. Symon, PB & Tarapore, A 2015, ‘Defense intelligence analysis in the age of big data’, Joint Force Quarterly, vol. 79, no. 4, pp. 4–11. Telecommunications (Interception and Access) Act 1979 (Cwlth) 1979, accessed 20 May 2023, https://www.legislation.gov.au/Details/C2020C00092. US Government 2009, A tradecraft primer: structured analytic techniques for improving intelligence analysis, US Government, Washington, DC. van der Sloot, B, Broeders, D & Schrijvers, E (eds) 2016, Exploring the boundaries of big data, Netherlands Scientific Council for Government Policy, The Hague. Van Puyvelde, D, Coulthart, S & Hossain, MS 2017, ‘Beyond the buzzword: big data and national security decision-making’, International Affairs, vol. 93, no. 6, pp. 1397–1416. Vandepeer, C 2016, ‘Question-asking in intelligence analysis’, ASPJ Africa & Francophonie, 4th Quarter, pp. 24–43. Vandepeer, C 2018, ‘Intelligence and knowledge development: what are the questions intelligence analysts ask?', Intelligence and National Security, vol. 33, no. 6, pp. 785–803. Vrist Rønn, K & Høffding, S 2013, ‘The epistemic status of intelligence: an episte­ mological contribution to the understanding of intelligence’, Intelligence and National Security, vol. 28, no. 5, pp. 694–716. Westerlund, M, Isabelle, DA & Leminen, S 2021, ‘The acceptance of digital surveil­ lance in an age of big data’, Technology Innovation Management Review, vol. 11, no. 3, pp. 32–44. Zegart, A 2022, Spies, Lies, and Algorithms: The History and Future of American Intelligence, Princeton University Press, Princeton. Zuboff, S 2019, The age of surveillance capitalism: the fight for a human future at the new frontier of power, Profile Books, London.

5

Data and Privacy

No book on big data would be complete without discussing privacy. Given the vast change in the information ecosystem as a result of the big data landscape and the many known privacy concerns1 it is unsurprising that privacy was discussed in every interview and raised organically by all parti­ cipants. The big data landscape has and continues to radically transform privacy in society broadly. This chapter explores the impacts on privacy from the big data landscape in two sections. The first section analyses the potential impacts of big data on privacy for intelligence activities. This looks at the way in which big data has changed social conceptions of privacy and challenges global privacy legisla­ tive frameworks, as well as those in Australia and why this is important for intelligence agencies. This chapter builds on the extensive literature eviden­ cing that big data is changing privacy norms globally and the perception in Australia that there is a need to rethink the privacy principles underpinning privacy laws. This section then shows how an abundance of data – the capacity to identify, link and use data quickly – has made privacy intrusion more remote from the individual and less visible. It also means that privacy is not absolute but temporal, aggregation and (re)identification can occur at scale now or at any time in the future. The second section examines the impact of big data on intelligence agen­ cies and their activities specifically, finding that it affects agencies differently depending on their function. This research suggests that the direct impacts of big data on privacy in intelligence agencies are currently limited and pre­ dominately dependent on an agency’s role and legislative mandate, affecting some agencies more than others. For participants, the primary impact of the big data landscape on privacy among the AIC agencies is dependent on whether the agency has a foreign or domestic mandate. Big data is changing how some agencies collect, store and analyse data, particularly if the agency is subject to a legislative requirement to determine whether the data relates to an individual who is Australian.

The Big Data Landscape: Rethinking Privacy Unlike the social sciences, in computer science – where most research on big data applications and technologies is published – there is surprisingly little DOI: 10.4324/9781003389651-6

Data and Privacy 115 empirical research about the privacy and security impacts of big data, as noted by Strang & Sun (2017) although it is a growing field. Privacy is complicated (Nissenbaum 2010, p. 67; Pulver & Medina 2017, p. 246) and is a concept in disarray (Solove 2008). For a concept that has such importance in modern, digital societies, ‘privacy’ is notoriously slippery and hard to define (Richards & King 2016). Nobody can articulate exactly what it means (Solove 2008). ‘Currently, privacy is a sweeping concept, encompassing (among other things) freedom of thought, control over one’s body, solitude in one’s home, control over personal information, freedom from surveillance, protection of one’s reputation, and protection from searches and interrogations’ (Solove 2008, p. 13). Though privacy is invoked with respect to many aspects of life, the term is used here primarily as it relates to information. In this context, Chesterman (2011) asserts that a right to privacy can be understood as the claim of an individual to determine for themselves when, how and to what extent infor­ mation about themselves is communicated to others. Richards and King (2016) suggest that privacy is not merely about keeping secrets, but about the rules we use to regulate information, which is and always has been in inter­ mediate states between totally secret and known to all. Since Froomkin (2000) asked if digital data collection was the death of privacy, many have predicted such a demise (Cohen 2017) and argued that privacy is one of the greatest challenges presented by big data (Aho & Duffield 2020; Bao, Chen & Obaidat 2018; boyd & Crawford 2012; Houser & Sanders 2017; Lyon 2015; Richards & King 2016; Yu 2016). One of the prevailing themes emerging in this research is the notion that big data is changing social conceptions of privacy and at the same time challen­ ging social norms and understandings of what constitutes privacy in society globally as well as Australia’s legislative regime – primarily The Privacy Act 1988 and its underlying Australian Privacy Principles (APPs). According to participants in this study, the most significant change to privacy caused by big data is in broader society, rather than specifically in a national security con­ text. Whilst participants indicated that they saw the idea of privacy in society as expanded and challenged by big data, many suggested the implications for the national security sector and intelligence are not yet known. The Privacy Act 1988 applies only to some of the NIC agencies. The concept of privacy, and the potential for aggregation of data to occur at any time after collection, was a large focus of interviews and all partici­ pants organically raised the changing concept of privacy as an area that will at some point impact national security. This is because, as participants indi­ cated, intelligence agency access and use of data evolves to reflect changing social norms. In many ways, it is hard and not particularly helpful to distin­ guish which changes to privacy are related to big data specifically rather than broader digital developments, so they are largely considered together here. Participants indicated that digitalisation and big data are fundamentally transforming modern privacy in society. This section examines the way in

116 Data and Privacy which participants perceive big data has changed social conceptions of priv­ acy, requiring rethinking of the privacy principles, and why this is important for intelligence agencies. Tensions between identifying information and privacy are not new; Bok (1989) discussed issues such as the abuse of medical or financial records, and the potential for embarrassment or blackmail when sensitive information is disclosed. However, Becker (2019, p. 307) argues for the need to rethink ‘the concept of privacy in the digital age [which] inevitably entangles the descriptive and the normative dimensions of this concept’. Becker (2019, p. 307) goes on to say: ‘it is possible to describe the degree of privacy people enjoy, without taking a normative stance about the desirable degree of privacy’. Nissenbaum (2010, p. 68) argues that one of the benefits of starting with what Gavison (1980) terms a neutral conception of privacy is that it allows one to talk about states of increased and decreased privacy without begging the normative question of whether these states are good or bad. A neutral conception of privacy leaves open the possibility that in certain circumstances less privacy might be better than more and that reductions in privacy need not constitute violations, intrusions or incursions, all terms that signal that something has occurred that ought not to have (Nissenbaum 2010). Most participants orga­ nically and explicitly stated that the normative dimension of privacy was a matter for the Australian people and government, not intelligence agencies (or members of the public service) to express views on. Participants in this study indicated that, for society broadly, the impact of big data on individual privacy is transformative and still evolving. However, participants indicated that the existing understanding of privacy in Australia needs to be reconsidered and many in this research asked questions like: ‘What does privacy in a modern era look like?’ Participants talked through – but did not presuppose a normative outcome to – questions such as: What is privacy in the digital era? What does privacy mean in a big data world? What can we expect? One participant suggested that, with so much personally identifying information available, ‘the question will be, where will privacy begin and end?’ (SDM). Participants in this study generally described privacy in a descriptive and neutral way rather than in a normative sense, although many raised the notion of balance in relation to government and intelligence. Many participants discussed the changing balance between the individual right to privacy and government intrusions that are arguably for the common good, such as this participant: I think the challenge is the obvious one, the challenge is the appropriate balance between the individual’s right to privacy – up to a point. There is a balance involving that. The balance involving community expectation and liberal democracy is that data relating to them, within government and outside government, is only accessed and utilised for proper legis­ lated purposes. The balance between all of that on the one hand and I suppose the shift in the threat environment, whether it be state-based

Data and Privacy 117 actors, whether it be non-state actors and in respect to the latter both classic national security terrorist and organised crime and transnational crime. So, getting the balance of that right is the obvious challenge. Government has been dealing with that challenge for a long time. But I suppose the more data can be accessed by government, the greater and the more people who have access to the data, the greater the risk of misuse. (SDM) Consistent with the existing literature, participants in this study had a diverse range of views on privacy from a personal perspective as well as their per­ ceptions of community views on privacy and how privacy impacts intelli­ gence. As one participant stated: ‘if I ask how the community feels, I’ll get so many different answers’ (SDM). Another participant used an example of My Health Record, an Australian national digital health record system that has received extensive public commentary and criticism2: There are lots of views on privacy and you only need to look at the My Health thing – which didn’t work out how the government expected it would work out – to see it is not easy to predict and there is not a single social view on privacy. I think it is a topic of public debate and My Health was an example of that. (SDM) Many participants in this study mentioned the need for legislative review of The Privacy Act 1988, written prior to widespread adoption of the internet and mobile devices. At the time of interview, a number of aspects of privacy, data and intelligence were under review, legislatively and from a policy per­ spective. Almost all participants asserted that aspects of privacy as set out in the Australian Privacy Principles – the foundation of Australia’s Privacy Act 1988 – are rendered obsolete as a result of big data and that the privacy legislation has failed to keep up with technological change. Participants explained that big data generally, and especially the abundance of personally identifying (or potentially personally identifying) information in society, has huge implications for privacy and the mechanisms designed to protect indi­ vidual privacy. Many participants outlined the changes visible in their lifetime and work experience, such as: I just think norms of what we consider public domain, and where the rights to privacy exist, those boundaries will all be pushed. Pushed and pushed and pushed until they break almost, compared to what you and I probably grew up with. People are generally more accepting of it when they do stuff online in the world, they are ceding an element of privacy. I think that has become a norm more widely accepted. (ODM)

118 Data and Privacy Participants suggested that there are many views on privacy in society and that they are currently in a state of transition: The way that [the] general public think about their privacy doesn’t make a lot of sense at the moment. Maybe at some point it will make sense, it might be that privacy is cast iron and we have worked out a way of protecting it. Or, I think it’s more likely, we won’t worry about it so much. That is, society will conceive of privacy very differently to how we do now. It could go either way. (SDM) Many participants highlighted the need to rethink privacy for a digital world: There’s a privacy framework in this country, and it exists for a reason, so it is a good thing. But we are at a really interesting crossroads here where technologies, especially around AI and machine learning, are starting to be used in companies and countries in a way that we [the Australian Government] would never do it, and as a result those countries are gain­ ing experiences and lessons that will put them ahead in those technologies more than we ever can. So that’s one aspect, so in a way we’re going to fall behind if we don’t think about what our privacy framework is. I also think we need to think about the basis of privacy; privacy frameworks have been designed around a very archaic and obsolete set of principles. (SDM) Participants expressed concern about the lack of regulation of the collection and use of types of data by the private sector. This is consistent with com­ munity attitudes in Australia. Survey research from 2020 shows that Aus­ tralians continue to be unaware of how their data is collected, used and shared online and the vast majority express concerns about data practices (ACCC 2020; Consumer Policy Research Centre 2020). For example, 88 per cent of Australian consumers surveyed do not have a clear understanding of how their personal information is being collected and shared, while 94 per cent are uncomfortable with how their personal information is collected and shared online (Consumer Policy Research Centre 2020). The speed of the digital era has exacerbated regulatory gaps in a wide range of sectors where companies who argue their services are digital innovation (rather than a similar existing service provided in a digital manner). A classic example of this is the ride sharing app Uber. Uber and other taxi apps have fundamen­ tally transformed the market for ‘point-to-point’ transportation (Wyman 2017). Regulators around the world are struggling to recast taxi regulation (Wyman 2017), in large part because Uber self-identifies as a technology company, not a transportation company (Rosenblat 2018, p. 5). This is a contested claim that is facing legal challenges in a number of countries (Rosenblat 2018). However, the model is generating open resistance across

Data and Privacy 119 the globe and new proposals to regulate these companies are emerging (Edward 2020). A number of participants perceived that, despite growing awareness about the level of commercial data collection, there may already be enough data for analysis to be effective: I sense that the individual is about to rebound and want to know more about the explicit or implicit contract they are assuming in their online shopping habits etcetera. There has been a certain naivety within indivi­ duals about how much data they’ve given over to companies and that naivety is diminishing very rapidly. Even if that naivety diminishes, there is enough power in the big data itself, in the mega utility of the data, that actually it isn’t going to matter. You could still use it for incredibly powerful purposes whether that’s commercially or for intelligence agencies. That’s the path we are on. (SDM) This participant highlighted the ‘mega utility’ of data, which is essentially another way of describing aggregation, discussed further in the next section of this chapter. A number of practitioners suggested they perceived that there was enough information already in existence to aggregate new information. Several participants raised that effective regulation of data collection will not be easy due to the complexity of the information flows, data ownership and creation structures and widespread adoption of technologies. A handful of participants suggested that, as awareness of data collection practices increa­ ses, there will be a ‘privacy rebound’ in Australia, such as: ‘I think there will be an individual rebound but I think it won’t matter because the existing data [in the world] is already so rich and in such vast quantities it won’t matter’ (SDM). Another participant noted: I think today the public has a greater regard to intrusion by the gov­ ernment than intrusion by private corporations. There seems to be more concern around it and the population holds the government to higher standards of accountability than it does around private industry … I think that is changing and this concept of a ‘privacy rebound’ I agree with and think it will normalise over time and people in the future will be more likely to set the same sort of standard around privacy and ethics for government and private enterprise. But I don’t think we are there yet and there is a material difference, today. (TECH) Temporal Privacy: ‘Anonymisation’ and Aggregation Issues around personally identifying information and privacy are not new (Bok 1989). However, according to participants, big data has exacerbated the

120 Data and Privacy existing tensions, creating them on a much bigger scale and along a con­ tinuing timeline. Solove (2013) explains this as the ‘aggregation effect’ of big data: many little bits of innocuous data can say a lot in combination and, as data gets aggregated, information that was previously not identifiable can be identified. The identifiability of data is not static; it depends upon context (Solove 2013). ‘A search query, for example, is often not inherently identifi­ able. Its identifiability depends upon the existing data available online… As data gets aggregated, information that is not identifiable can become identified’ (Solove 2013, p. 1891). Participants described this problem ‘at scale’ as being that the big data landscape has resulted in data being able to be connected to other data at any point in time (now or in the future), which affects privacy from a social and national security perspective. As this aggregation and identification can occur at any time in the future, it directly challenges Australian Privacy Principle 2 (Anonymity and pseudonymity), which requires individuals to have the option of not identifying themselves (Office of the Australian Information Commissioner 2019). It is almost impossible to anonymise data sets at scale and participants in this research highlighted examples during the interviews. Anonymising datasets through de-identification and sampling before sharing them has been the main tool used to address the privacy concerns associated with the collection and use of big data (Rocher, Hendrickx & de Montjoye 2019). The idea that big data can be anonymised is being proven false as researchers and compa­ nies show just how easy it is to (re)identify individuals from huge data sets. Using anonymised mobile phone data of 1.5 million individuals for fifteen months, de Montjoye et al. (2013) found that four spatio-temporal points are enough to uniquely identify 95 per cent of the individuals, indicating that human mobility data (from geolocated phone records) is surprisingly unique and even coarse data provides little anonymity. De Montjoye et al. (2015) subsequently found that four data points – such as dates and locations of purchases – are enough to identify 90 per cent of the people in a data set of three months of credit card transactions by 1.1 million users. Sweeney (2015) highlighted how anonymised hospital records sold by the Washington State for US$50 could be re-identified from news stories, which included sensitive information on patients. Culnane, Rubinstein and Teague (2017) describe the successful re-identification of patients in an Australian de-identified open health dataset. As in prior studies of similar datasets, they found that a few mundane facts often suffice to isolate an individual and some people can be identified by name based on publicly available information (Culnane, Rubinstein & Teague 2017). Rocher, Hendrickx and de Montjoye (2019) developed and proposed a method that can accurately estimate the likelihood of a specific person being correctly re­ identified, even in a heavily incomplete dataset, and found that 99.98 per cent of Americans would be correctly re-identified in any dataset using 15 demo­ graphic attributes. Privacy only marginally improves with scale as well, with

Data and Privacy 121 Farzanehfar, Houssiau & de Montjoye (2021) using a country-size dataset of 60 million people, and only requiring four auxiliary demographic attributions to identify 93% of people. These findings represent fundamental constraints on individual privacy in an era of big data and have important implications for the design of frameworks and institutions dedicated to protecting the privacy of individuals as well as significant potential national security ramifications. One participant linked the impact of big data on privacy to the scale of aggregation and specifically the removal of human decision-making choices about privacy intrusion: Another big challenge is privacy. We’ve all grown up in our Western society since World War II with the concept of privacy. Big data chal­ lenges those concepts, not just the scale of information and also the lack of conscious decision-making on that privacy … [because] data analysis can happen anywhere at any time after collection. (ISME) Participants described privacy being challenged globally and a number raised the concept that many of the changes driven or enabled by big data are occurring unconsciously, as noted in the comment above. Parti­ cipants commented on the potential for big data to affect privacy on a mass scale when processes are automated. Given the unique role and privacy-intruding capabilities of intelligence agencies in society, partici­ pants in this research are uniquely placed to comment on changes to privacy in broader society: The question will be where will privacy begin and end? People who are putting information out there publicly, that’s one thing, people who have got a tax file number that’s one thing, people who have got bank accounts, that’s one thing, credit card, passport and Woolworths machine which woofs all that up and collects the data. As opposed to who you’re sleeping with, who you’ve got relationships with … This is not the purview of government. They [companies] are wanting to draw inferences about you so that they can make a buck. That’s not what government is about, it is about protecting the security of its people. (SDM) Becker (2019, p. 307) explains that, while big data applications, cloud com­ puting and profiling are widely recognised as potential threats to privacy, for many ‘feelings of resignation and [questions of] why should we bother lie dormant’. Similarly, in this study participants expressed the sense that many Australians acquiesce to ubiquitous data collection as one participant outlined:

122 Data and Privacy I despair that people don’t have much of a sense of privacy. The next generation don’t have much sense of privacy. They don’t see or engage with the concept and but also that matches almost perfectly to compa­ nies not even thinking about it. I mean every company has got a privacy policy but does anyone really think that that privacy policies are being followed properly? (ISME) Similar to the role of aggregation, addressed above, the secondary uses of data were another area where participants indicated big data is challenging privacy norms globally and several of the Australian Privacy Principles. In the big data era, ‘the greatest threats to privacy come not at the point that personal information is collected, but rather from the secondary uses of such information’ (Etzioni 2018, p. 295). Secondary uses of data are those which are other than the initial purpose of collection. ‘Existing privacy protections focused on managing personally identifying information are not enough when secondary uses of big data sets can reverse engineer past, present, and even future breaches of privacy, confidentiality, and identity’ (Richards & King 2019, p. 393). This concept of future privacy breaches is significant because, as explored earlier, Solove (2013) notes that aggregation alters the identifiability of data. The secondary use of data was talked about by many participants who expressed the view that the regulation is inconsistent and that the public and private sectors are not equally regulated. Participants discussed the differences in regulation around government and commercial use of data for secondary purposes: That is right and what you can use it for because of the way that it has been collected. That makes it very complicated in terms of being able to mine that information because it all depends on what the purpose is. (TECH) Participants did highlight that legislative reform specifically in the context of national security is an area where big data is impacting intelligence. One of the questions asked in all interviews was: If you could suggest anything to improve national security use of big data, what would that be? Around half the participants responded with legislative frameworks around privacy and raised the need for legislative reform but did not specify what was needed in detail. One participant hinted at why this may be the case, in response to the question: I think the challenge is in putting a legislative framework around it where there is none, or almost none. So, because the Privacy Act doesn’t apply, the only thing that regulates what we would traditionally call metadata which is now a massive minefield is 174, 175 of the TI Act [Telecommunications (Interception and Access) Act 1979], which set the

Data and Privacy 123 bar at a level which was probably appropriate in 1979. Then you have the Privacy Rules, which only really regulate disclosure, which don’t really have anything to say about retention. That’s it. You’ve got ministerial authorisation rules for the three foreign intelligence agencies but there is very little regulation and I think that’s one of the challenges. How do you regulate it without cutting off this vital source of information? (SDM) A few participants responded calling specifically for clarification of the dif­ ferences between the NIC and AIC legislative frameworks. One ISME commented: In terms of the legislative framework, Dennis Richardson’s review is a once in a generation opportunity to put in place a framework that strikes a balance between Australians’ right to privacy and agencies having access to information for better decision-making – and to share that information. Whilst privacy is a much bigger social issue than just national security, par­ ticipants indicated that how privacy is perceived broadly by Australians affects their relationships with government and how the activities of intelli­ gence agencies are perceived by citizens forms the basis of their legitimacy. Their views echo the literature highlighting the role of legitimacy in the suc­ cess of authorities, institutions and institutional arrangements (Tyler 2006) and the delicate balance of maintaining public confidence (Omand 2010). Trust is examined in detail in Chapter 7.

Big Data Landscape Privacy Implications Affect Intelligence Agencies Differently There is ‘a strained relationship between privacy on one side and the special powers granted by law to intelligence and security services on the other. Some of these special powers infringe the private life of citizens’ (Aerdts & de Valk 2018, p. 270). This research finds that big data impacts on privacy in intelligence agencies, but it affects them differently. The intelligence agencies that form the NIC in Australia operate under different legislative provisions based on their mission, and this is particularly pertinent in relation to priv­ acy. Emerging from the participant data is a sense that there is one very sig­ nificant distinction between the AIC collection agencies – that is, whether the agency has a foreign or domestic mandate. This distinction is not as easy to make with the additional agencies added in the expansion to the NIC, because a number have a domestic and foreign mandate and they are not designated in the same way (as conducting intelligence collection or assess­ ment). Many of their functions are subject to The Privacy Act 1988, from which the AIC agencies are exempt. A number of participants from the NIC

124 Data and Privacy organically raised the role that mission plays in perceptions of privacy. One SDM participant outlined: It also depends around what your mission is … What’s the mission? The AFP’s mission is to catch criminals and serious organised crime, while Tax’s mission is to make money for the government that will col­ lect revenue. That contract or that perception in the community will be very much driven by what the mission is of the agency as well who seeks that. As foreshadowed in the introduction, intelligence collection agencies with a foreign focus (ASD,3 AGO4 and ASIS5) are prohibited from collecting in Australia or on Australian citizens. As a result, in democracies there is a very clear demarcation between citizen and non-citizen and in Australia these agencies distinguish clearly between Australians and non-Australians (IGIS n.d.; see also ONI n.d.). In this context, an Australian person is someone who is an Australian citizen, or a permanent resident of Australia. The dis­ tinction is important, because Australia’s foreign intelligence collection agencies must not conduct an activity to produce intelligence on an Aus­ tralian person, except in particular circumstances and only when authorised by the relevant minister.6 Because of the limitation on intelligence activities on Australian persons, the IGIS examines the records of intelligence agencies to ensure no agency illegally collects or reports on anyone who might be an Australian person. According to participants in this study, the distinction is critical because it was created to protect citizens in democracies from ‘secret police’ and domestic abuse of human rights. This is a view held within the intelligence community broadly, as the Richardson Review outlined: ‘there should be a clear separation between those agencies responsible for the col­ lection of security intelligence, and those responsible for policing and the enforcement of the law, to avoid creating the perception – or the reality – of a “secret police”’ (Richardson 2020, p. 37). Within this context, a breach of privacy means intrusion into the privacy of an Australian. According to participants in this study, for agencies with a for­ eign intelligence collection mission, respecting the privacy of Australian citi­ zens is paramount, both as a principle and in practice. Pursuant to section 15 of the Intelligence Services Act 2001 (Rules to protect privacy of Australians) the ministers responsible for AGO, ASD and ASIS are required to make written rules regulating the communication and retention of intelligence information collected by these agencies that concerns Australians. These are known as the [agency name] Privacy Rules. Each of these agencies have their Privacy Rules online and participants referenced them during the discussions. Participants from foreign technical collection agencies discussed the chal­ lenge of distinguishing ‘Australian’ data and entities from ‘non-Australian’ data and entities within the stratospheric data sphere. One SDM articulated this and presented the need for two different discussions:

Data and Privacy 125 I guess that’s why our view is that it [the distinction between Australian and non-Australian] is quite clear and that it does need to be made clear. The risk is that if you don’t make it clear that some agencies are foreign focused and some are domestic focused, those issues start to escalate a bit in the context of big data. So, our starting position is frameworks that if you like make it very clear that some agencies are foreign focused and some are domestic focused. Now, if you accept that you can have a discussion around ethics and big data and what that means in two dif­ ferent spaces, or two different contexts … There are two different con­ texts to be had about what you might do offshore and what you might do in Australia. (SDM) Participants from foreign-focused agencies articulated that the conversation from their perspective was around performing their legislated functions while respecting the privacy of Australian citizens. Participants described that the impact of privacy and big data for foreign intelligence agencies is largely about technical capability to ensure compliance with legislation protecting the privacy of Australian citizens. Many participants raised the issue of privacy within this context and expressed that this is a key consideration in their planning for using big data technologies. As one participant concluded, ‘In GEOINT, we are many years away from this potential reality [using machine learning on all imagery], but we are already thinking about how to ensure Australians’ privacy in a system that has bulk data and machine learning’ (SDM). This participant indicated that, while they were thinking about principles and technical solutions to achieve this, none had yet been found. Participants from agencies with a legislatively defined foreign focus are clear about the challenges of big data’s capability for their remit and bounds of operation and are adamant that they do not collect on Australians. A participant from one agency indicated that they were able to assure privacy compliance when they were operating without using certain kinds of big data analytics; however, as technology progressed, this would challenge compliance: At the moment it is easy for us to control. So, we can be really assured that we are not infringing accidentally on an Australian’s rights because a human does most of the analysis, so if we are focused on one parti­ cular target then that is what we look at; we don’t database the infor­ mation that’s incidentally collected. For big data to really work, you really need ever populating and growing databases. It doesn’t matter in a sense what the imagery was collected for, you just want to know, for example, the location of every car that’s in the image. You do that for every car, or every plane or whatever it happens to be. So, when the question pops up in three years’ time, you have a database you can go

126 Data and Privacy back through rather than having to search through imagery … AGO is very focused on protecting Australians’ privacy and we operate within a compliance regime that enforces a culture of protections for Australians. (SDM) Domestically focused agencies have a different set of privacy challenges. These are exacerbated by ambiguity around the ‘intelligence’ functions of the NIC agencies. The agencies added to the NIC (AFP, ACIC, AUSTRAC and the Department of Home Affairs) have domestic and foreign mandates and are not designated as conducting either intelligence collection or assessment. Most of their functions are also regulated by The Privacy Act 1988. Participants from these domestic agencies discussed oversight mechanisms, propriety and existing legislative frameworks relating to privacy, which are covered briefly in Chapter 6. Participants from the AIC domestically focused agency highlighted what they saw as a critical relationship between the agency’s mission and their authorising environment, or authority to act. Participants from this agency indicated that privacy challenges presented by big data change little relating to their existing legal authority, because they have to meet the same thresh­ old for collection and because the law has not kept up with the technology. As an SDM participant from the oversight body noted: In this space there are probably less legality issues because the law hasn’t kept up. There isn’t legislation around many of these things. For agencies that are regulated by the Privacy Act, which is none of the six we [IGIS] currently oversee. The six we oversee have been exempt from the Privacy Act since its creation in 1988. You might like to consider what that meant in 1988 when big data was a spreadsheet, to now. That exception has far more effect now than it did in 1988. There is less legality but propriety doesn’t change and agencies do take into account propriety, by which we mean what does the hypothetical, well-informed, average, reasonable observer think. The most significant change for domestically focused agencies, according to participants, is that much of the data already exists in the public domain and therefore may not need to be collected using intrusive or covert methods, which require external judicial or ministerial oversight. One SDM noted: The real questions are how do we reconcile what we see as the power of big data and what do we see as the proper legislative frameworks underpinning it? What are the limitations on powers? I think big data is going to put more and more pressure on questions of propriety rather than just legal authorities. If we can do it, should we do it? Whilst it is possible to differentiate the privacy implications for foreign and domestic intelligence collection, it is more difficult to understand how big

Data and Privacy 127 data impacts on the NIC agencies, given many have a foreign and domestic mandate and are not ‘intelligence collectors’ in the same way. This chapter shows how changing conceptualisations of privacy in society due to big data have implications for intelligence agencies. The gaps in the way that big data is regulated in society (Aho & Duffield 2020; Jin & Wagman 2021; Peterson & McDonagh 2019) have current and future impli­ cations for national security. Domestic and internationally focused agencies have different challenges in relation to privacy. For domestic agencies, the dramatic increase in data that is available without the use of special powers and can be used to create a pattern of life – and which is available to a wider range of non-government actors – results in a need to strengthen propriety and clear authorising environments. The big data landscape also increases the capacity for privacy intrusion to occur in the future as more data iden­ tifies individuals. For internationally focused agencies, the challenges are in identifying what data is ‘Australian’ so that they can continue their mission while respecting the privacy of Australians. Furthermore, this research finds that the distinction between domestic and internationally focused agencies is more important than ever.

Notes 1 Extensive concerns have been raised about big data and privacy. See for example, Aho and Duffield (2020); boyd and Crawford (2012); Broeders et al. (2017); Casanovas et al. (2017); Houser and Sanders (2017); Krasnow, Waterman and Bruening (2014); Tene and Polonetsky (2013). 2 My Health Record is an online, nationwide Australian personal health record system. As currently implemented, the Australian My Health Record system is an online summary of key health information for individuals that theoretically allows them to manage the content and share necessary information with stakeholders in the healthcare system (Pang et al. 2020). It also allows healthcare professionals to add and share information and medical records. In 2018, it switched from an optin model to an opt-out model, meaning that users are automatically enrolled unless they opt out (Pang et al. 2020). This transition was controversial with sig­ nificant public discussion and concern around a number of privacy and data security issues (Barbaschow 2020; Pang et al. 2020; Vimalachandran et al. 2020; Wolf & Mendelson 2019). In 2019, it was noted that of ‘the 23 million people with a My Health Record, the data shows 91 per cent – 21.13 million people – have never accessed their record’ (McCauley 2019). 3 ASD collects foreign signals intelligence. A full definition is available in Appendix A. 4 AGO collects and analyses geospatial and imagery intelligence in support of Aus­ tralia’s defence and national interests. A full definition is available in Appendix A. 5 ASIS collects secret intelligence from human sources about the capabilities, inten­ tions and activities of individuals or organisations outside Australia. A full definition is available in Appendix A. 6 There are some specific exemptions. For example AGO is authorised to provide Commonwealth and state authorities and bodies approved by the Minister for Defence with imagery and other geospatial products that are not intelligence, technical assistance and support for carrying out their emergency response functions.

128 Data and Privacy

References ACCC (Australian Competition and Consumer Commission) 2020, Digital Advertising Services Inquiry – interim report, ACCC, Canberra. Aerdts, W & de Valk, G 2018, Privacy from an intelligence perspective, Amsterdam University Press, Amsterdam. Aho, B & Duffield, R 2020, ‘Beyond surveillance capitalism: privacy, regulation and big data in Europe and China’, Economy and Society, vol. 49, no. 2, pp. 187–212. Bao, R, Chen, Z & Obaidat, MS 2018, ‘Challenges and techniques in big data security and privacy: a review’, Security and Privacy, vol. 1, no. 4. Barbaschow, A 2020, ‘Nearly 23 million Aussies have a My Health Record, but only 13 million are using it ', ZDNet, 8 April, accessed 20 May 2023, https://www.zdnet. com/article/nearly-23-million-aussies-have-a-my-health-record-but-only-13-million­ are-using-it/. Becker, M 2019, ‘Privacy in the digital age: comparing and contrasting individual versus social approaches towards privacy’, Ethics and Information Technology, vol. 21, no. 4, pp. 307–317. Bok, S 1989, Secrets: on the ethics of concealment and revelation, Vintage Books, New York. boyd, d & Crawford, K 2012, ‘Critical questions for big data’, Information, Communication & Society, vol. 15, no. 5, pp. 662–679. Broeders, D, Schrijvers, E, van der Sloot, B, van Brakel, R, de Hoog, J & Hirsch Ballin, E 2017, ‘Big data and security policies: towards a framework for regulating the phases of analytics and use of Big Data’, Computer Law & Security Review, vol. 33, no. 3, pp. 309–323. Casanovas, P, De Koker, L, Mendelson, D & Watts, D 2017, ‘Regulation of big data: perspectives on strategy, policy, law and privacy’, Health and Technology, vol. 7, no. 4, pp. 335–349. Chesterman, S 2011, One nation under surveillance: a new social contract to defend freedom without sacrificing liberty, Oxford University Press, New York. Cohen, JE 2017, ‘Surveillance vs. privacy: effects and implications’, in D Gray & SE Henderson (eds), The Cambridge handbook of surveillance law, Cambridge University Press, New York, pp. 455–469. Consumer Policy Research Centre 2020, CPRC 2020 data and technology consumer survey, Consumer Policy Research Centre, Melbourne. Culnane, C, Rubinstein, B & Teague, V 2016, ‘Crime and Privacy in Open Data: Testing the strength of methods used for protecting privacy in open data shouldn’t be a crime’, Pursuit, accessed 17 April 2023, https://pursuit.unimelb.edu.au/articles/ crime-and-privacy-in-open-data. de Montjoye, YA, Hidalgo, CA, Verleysen, M & Blondel, VD 2013, ‘Unique in the crowd: the privacy bounds of human mobility’, Scientific Reports, vol. 3, art. 1376. de Montjoye, YA, Radaelli, L, Singh, VK & Pentland, AS 2015, ‘Unique in the shopping mall: on the reidentifiability of credit card metadata’, Science, vol. 347, pp. 536–539. Edward, W 2020, ‘The Uberisation of work: the challenge of regulating platform capitalism. A commentary’, International Review of Applied Economics, vol. 34, no. 4, pp. 512–521. Etzioni, A 2018, ‘A privacy doctrine for the cyber age’, in B van der Sloot & A de Groot (eds), The handbook of privacy studies: an interdisciplinary introduction, Amsterdam University Press, Amsterdam, pp. 295–298.

Data and Privacy 129 Farzanehfar, A, Houssiau, F, & de Montjoye, Y-A 2021, ‘The risk of re-identification remains high even in country-scale location datasets’, Patterns (New York, N.Y.), vol. 2, no. 3, pp. 100204–100204. Froomkin, M 2000, ‘The death of privacy?’, Stanford Law Review vol. 52, no. 5, pp. 1461–1543. Gavison, R 1980, ‘Privacy and the limits of law’, Yale Law Journal, vol. 89, no. 3, pp. 421–471. Houser, KA & Sanders, D 2017, ‘The use of big data analytics by the IRS: efficient solutions or the end of privacy as we know it?', Vanderbilt Journal of Entertainment & Technology Law, vol. 19, no. 4, pp. 817–872. IGIS (Inspector-General of Intelligence and Security) n.d., Frequently asked questions, IGIS, https://www.igis.gov.au/FAQ. Intelligence Services Act 2001 (Cwlth) 2001, accessed 25 May 2023, https://www.leg islation.gov.au/Details/C2022C00294. Jin, GZ & Wagman, L 2021, ‘Big data at the crossroads of antitrust and consumer protection’, Information Economics and Policy, vol. 54. Krasnow Waterman, K. & Bruening, PJ 2014, ‘Big Data analytics: risks and responsibilities’, International Data Privacy Law, vol. 4, no. 2, pp. 89–95. Lyon, D 2015, ‘The Snowden stakes: challenges for understanding surveillance today’, Surveillance & Society, vol. 13, no. 2, pp. 139–152. McCauley, D 2019, ‘Australians shun My Health Record with only 9 per cent ever logging in’, The Sydney Morning Herald, 22 December, accessed 6 June 2023, http s://www.smh.com.au/politics/federal/australians-shun-my-health-re cord-with-only-9-per-cent-ever-logging-in-20191220-p53lz0.html. Nissenbaum, HF 2010, Privacy in context: technology, policy, and the integrity of social life, Stanford Law Books, Stanford, CA. Office of the Australian Information Commissioner 2019, ‘Australian Privacy Principle 2 – Anonymity and pseudonymity’, APP Guidelines, accessed 5 June 2023, https:// www.oaic.gov.au/__data/assets/pdf_file/0005/1202/app-guidelines-chapter-2-v1.1.pdf. Omand, D 2010, Securing the state, Columbia University Press, New York. ONI (Office of National Intelligence) n.d., Legislation, accountability and privacy, accessed 7 December 2021, https://www.oni.gov.au/legislation-accountability-privacy. Pang, PC-I, McKay, D, Chang, S, Chen, Q, Zhang, X & Cui, L 2020, ‘Privacy con­ cerns of the Australian My Health Record: implications for other large-scale optout personal health records’, Information Processing & Management, vol. 57, no. 6. Peterson, M & McDonagh, M 2019, ‘Data protection in an era of big data: the challenges posed by big personal data’, Monash University Law Review, vol. 44, no. 1, pp. 1–31. Pulver, A & Medina, RM 2017, ‘A review of security and privacy concerns in digital intelligence collection’, Intelligence and National Security, vol. 33, no. 2, pp. 241–256. Richards, NM & King, JH 2016, ‘Big data and the future for privacy’, in FX Olleros & M Zhegu (eds), Research handbook on digital transformations, Edward Elgar, Cheltenham, UK, pp. 272–290. Richardson, D 2020, Comprehensive Review of the Legal Framework of the National Intelligence Community, Commonwealth of Australia, Canberra. Rocher, L, Hendrickx, JM & de Montjoye, YA 2019, ‘Estimating the success of reidentifications in incomplete datasets using generative models’, Nature Communications, vol. 10, no. 1, art. 3069. Rosenblat, A 2018, Uberland, University of California Press, Berkeley, CA.

130 Data and Privacy Solove, DJ 2008, Understanding privacy, Harvard University Press, Cambridge, MA. Solove, DJ 2013, ‘Introduction: privacy self-management and the consent dilemma’, Harvard Law Review, Vol. 126, No. 7 (May), pp. 1880–1903, https://harvardlawreview. org/print/vol-126/introduction-privacy-self-management-and-the-consent-dilemma. Strang, KD & Sun, Z 2017, ‘Big data paradigm: what is the status of privacy and security?', Annals of Data Science, vol. 4, no. 1, pp. 1–17. Sweeney, L 2015, ‘Only You, Your Doctor, and Many Others May Know’, Technol­ ogy Science, 28 September, accessed 17 April 2023, https://techscience.org/a/ 2015092903/. Tene, O & Polonetsky, J 2013, ‘Big data for all: privacy and user control in the age of analytics’, Northwestern Journal of Technology and Intellectual Property, vol. 11, no. 5, pp. 239–273. The Privacy Act 1988 (Cwlth) 1998, accessed 22 May 2023, https://www.legislation. gov.au/Details/C2022C00361. Tyler, TR 2006, ‘Psychological perspectives on legitimacy and legitimation’, Annual Review of Psychology, vol. 57, pp. 375–400. Vimalachandran, P, Liu, H, Lin, Y, Ji, K, Wang, H & Zhang, Y 2020, ‘Improving accessibility of the Australian My Health Records while preserving privacy and security of the system’, Health Information Science and Systems, vol. 8, no. 1, p. 31. Wolf, G & Mendelson, D 2019, ‘The My Health Record system: potential to under­ mine the paradigm of patient confidentiality?', UNSW Law Journal, vol. 42, no. 2, pp. 619–651. Wyman, K 2017, ‘Taxi regulation in the age of Uber’, New York University Journal of Legislation and Public Policy, vol. 2, pp. 1–100. Yu, S 2016, ‘Big privacy: challenges and opportunities of privacy study in the age of big data’, IEEE Access, vol. 4, pp. 2751–2763.

6

Ethics and Bias

Big data challenges existing notions of intelligence ethics and ethical beha­ viour in national security agencies. This chapter contributes unique perspec­ tives on the practical application of ethics relating to the use of emerging technologies in intelligence agencies. The concept of ethical intelligence has emerged at various points in the preceding chapters but is examined in a deeper and more focused way here and highlights the impact of big data on ethics in intelligence. The first section in this chapter shows that practitioners perceive there are notable and complex ethical dimensions to the big data landscape and that there need to be clear ethical boundaries for understanding and using data and emerging technologies in intelligence. It is not possible to ethically automate many aspects of intelligence work. Additionally, the ethical use of intelligence extends beyond collection and intelligence practitioners to include those who make decisions using intelligence. Furthermore, the pur­ pose of big data-enabled intelligence collection and analysis needs to be clearly articulated to avoid unethical use. The second section in this chapter illuminates the impact of big data in automation and application of ethics in society. It considers how ‘ethics at scale’ represent a considerable ethical dilemma if applied to intelligence activities. It offers insight into the ethics of algorithmic decision-making at an individual, organisation and nation-state level, which reflects the context and culture of the companies and countries that created them, and the data they were trained on. The third section examines the role of bias in intelligence ethics. It examines the kinds of data bias relevant to intelligence activities, including the difference between cognitive bias and data bias. The section also explores the intelligence challenges and inherent limitations of working with incom­ plete data sets not designed for intelligence work and the bias of intelligence collection itself as a process of data collection that is by nature targeted, and therefore potentially incomplete or compromised by bias.

Understanding the Ethical Boundaries of Intelligence Ethics is the branch of philosophy that asks the question, what should we do? (Beard & Longstaff 2018). In their discussion about ethics in intelligence DOI: 10.4324/9781003389651-7

132 Ethics and Bias activities, Omand and Phythian (2018, p. 1) define ethics as ‘a social, reli­ gious, or civil code of behaviour considered correct, especially that of a par­ ticular group, profession, or individual’. Herman (2004, p. 343) suggests that ‘ethics fuse ideas of personal morality and social utility; on the one hand the dictates of good conscience, and on the other accepted standards (or ideals) of human intercourse and the social consequences if they are flouted’. Beard and Longstaff (2018, p. 16) add: ‘Ethics asks us to take responsibility for our beliefs and our actions and to live a life that’s self-consciously our own’. The term ethics has two distinct applications: it can refer to a value-neutral dis­ cussion of the contours of a normative framework, and it can also be a value judgement of the rightness or wrongness of given actions according to a particular normative framework (Born & Wills 2010). Whether the ethics of intelligence are in fact worthy of consideration has itself been a matter of academic debate (Herman 2004). While the notion of intelligence ethics has historically been described as an oxymoron (Born & Wills 2010; Jones 2009; Shelton 2011), intelligence ethics is increasingly being considered and viewed as a valuable concept to guide decision-making (Ers­ kine 2001; Goldman 2018; Herman 2004). Ethics are seen to support efforts to improve the accountability, image, professionalism and control of intelli­ gence services (Born & Wills 2010). Scholars argue that more research must be done in order for us to better understand the ethical quandaries involved in intelligence activities (Bar-Joseph 2010; Herman 2004). Vrist Rønn (2016) details that most contemporary observers of intelligence view intelligence ethics as a crucial and compulsory element of intelligence activities. Dider­ ichsen and Vrist Rønn (2016) argue that, in an age of global terrorism and emerging technical potential for mass surveillance, the moral limits to the use of intelligence methods for security purposes is clearly among the most pressing of ethical questions. Born and Wills (2010) offer additional reasons for research into intelligence ethics: changing functions of intelligence ser­ vices; demands for accountability and respect for human rights in the work of intelligence services; various controversies arising from the work of Wes­ tern intelligence agencies; and the concerns expressed by international orga­ nisations in the aftermath of these controversies. To date, there has not been much in the way of empirical contributions to the enquiry and emerging debate, and further investigation into ethics and intelligence is essential . (Erskine 2004, p. 377; Petrauskaite & Šaltenis 2018). The term ethics (or variants such as ethical or ethically) appeared organically in every interview during this research. The challenges – real and perceived, current and emerging – appear to be on the minds of participants in relation to the way they make decisions, and the considerations they take into account. Participants in this study did not directly define ethics, but in the discussions they consistently referenced ethical considerations in terms of the ‘right’ behaviours associated with intelligence activities. Almost all participants spoke about what they saw as the increased importance of ethics and ethical decision-making in an era of big data with its expanding

Ethics and Bias

133

collection and analytical possibilities and capabilities. Furthermore, participants highlighted some of the practical and operational ways that big data impacts ethics and ethical considerations in intelligence. This section examines themes related to the complexity of ethics in intelligence and the ethical boundaries of big data in intelligence that emerged from this research. At the beginning of the twenty-first century, ‘the moral dilemmas and competing demands facing intelligence practitioners and organisations have arguably become more challenging than ever before’ (Erskine 2004, p. 377). These ethical or moral dilemmas – instances where an individual has moral reasons to do ‘each of two actions, but doing both actions is not possible’ (McConnell 2022, p. 3) – complicate decision-making for individuals. The use of big data creates ethical dilemmas for users – including national security practitioners. Hence, Floridi and Taddeo (2016) aim to establish data ethics as a branch of philosophy that studies and evaluates moral problems related to data, algorithms and corresponding practices, in order to for­ mulate and support what they call ‘morally good’ solutions. Floridi and Taddeo (2016, p. 3) define data ethics as: the branch of ethics that studies and evaluates moral problems related to data (including generation, recording, curation, processing, dissemina­ tion, sharing and use), algorithms (including artificial intelligence, artifi­ cial agents, machine learning and robots) and corresponding practices (including responsible innovation, programming, hacking and profes­ sional codes), in order to formulate and support morally good solutions (e.g. right conducts or right values). Richards and King (2013, p. 46) call for big data ethics within legal bound­ aries and, while they consider the same complexity and dimensions as Floridi and Taddeo, their conceptualisation is quite different: ‘as a social under­ standing of the times and contexts when big data analytics are appropriate, and of the times and contexts when they are not’. Participants in this research spoke about the need for intelligence agencies to evolve quickly to enable them to keep track of technological capabilities and articulated what they saw as evolving ‘ethical boundaries’ in their work. They saw that the boundaries continue to change as the technology changes. This research suggests that participants perceive that there are clear ethical boundaries for using big data and new technologies in intelligence. Emerging from this study are three key impacts of big data on ethical considerations within intelli­ gence. First, it is not ethically appropriate to automate many aspects of intelligence work. Participants in this study indicated that the use and appli­ cation of big data capabilities in an intelligence context was appropriate in some circumstances, but not others, and this is explored below in the context of automation. Second, the ethical use of intelligence extends beyond collec­ tion and intelligence practitioners, to include those who make decisions using

134 Ethics and Bias that intelligence. Finally, the purpose of big data-enabled intelligence collection and analysis needs to be specified precisely. Unautomated: Aspects of Intelligence Where Big Data Will Not Be Useful Almost all participants indicated that automation of simple and non-complex tasks is already occurring, or capable of occurring, in their agency. Partici­ pants indicated that this included automating activities such as the ingesting of data, simple data matching across defined data sets, federated searches and automating extraction of data from large data sets using keywords. Par­ ticipants believed that big data is increasing the complexity of ethical dis­ cussions for the intelligence community; however, they also articulated some areas where they saw distinct boundaries around ethical intelligence practice. Participants described clear ethical boundaries around aspects of their work, often indicating that the kinds of decisions being made could not be deter­ mined by data alone and automation would not assist. All participants indi­ cated it was not currently possible to automate many aspects of intelligence work in all agencies, as the problems are not readily solved by data or big data analytics and many of the intelligence collection and analysis decisions require human decision-making. One participant described the goal of using big data and automating intelli­ gence functions: ‘We are not going to be designing a system which kicks off automated responses and starts automated actions. We are designing to help human analysts come to a conclusion on something’ (SDM). This view – that the goal is not to automate many functions of intelligence – was echoed by law enforcement participants. Participants perceived that ethics requires a distinct and prevailing role for human decision-makers in implementing big data tech­ nologies in intelligence analysis, and many viewed human judgement as essential in most of the threats national security agencies deal with: There will be a lot of scenarios where, as we move into this world, you won’t be able to automate. My view is that we can automate straight­ forward things. You can automate something that is simplistic and takes a lot of data crunching … But where there are lot of complex human components, like child exploitation. Is that particular act exploiting a child, or is that act exploiting a child? There are things that you can’t ask algorithms to decide. At this point in time, you could not use data to make those kinds of decisions. (SDM) The reference above to ‘those kind of decisions’ is reflective of the view of the vast majority of participants, who indicated that many of the intelligence advice and national security decisions cannot be fully automated as they require analysts to interpret the data and involve subjective decisions. Examples provided include deciding what constitutes child exploitation

Ethics and Bias

135

material (as opposed to identifying children in images which is already pos­ sible), granting security clearances, approving or denying visas, and assessing the intent of foreign leaders. One participant explained why they saw the role of human ethical judgement as critical: The algorithm doesn’t know what the ‘right’ thing to do is; it only knows what it has been told to look for, criteria it has been told to look for or assign to things. This is why the human being decision-maker is so important and being able to say, look, the machine is telling me this, but I need to do extra work here to answer the question, because this just doesn’t seem like the right thing to do. (TECH) Another participant described in detail why they saw human decisionmaking and the ability to question machine-learning results as a significant ethical component of intelligence: At the moment we are nowhere near mature enough to even have confidence in a machine to be making decisions. I think there are essential and good reasons for having a human in that process, both from a public confidence and compliance perspective, but also what happens if a machine goes wrong? If the user doesn’t know how the machine is doing it, how are they empow­ ered to question it? I see great potential for some automated functions in machines, that for example might spit something out that says you might want to look over here because based on everything you have taught me to do, this looks like something you might be interested in, go and have a look at it. So, as a triaging concept, absolutely. As a decision-making, intelligence production machine, I don’t want to have anything to do with it. (SDM) Another participant highlighted the view that over time the ethical bound­ aries of human and decision-making interaction may change, as parts of the process are able to be tested: I certainly wouldn’t be comfortable moving directly to automation [to achieve intelligence outcomes]. You have to be willing to accept [too much] error … A big part of what we do is prioritisation and because in my area the data volumes are so big. There is probably a compromise there where can [we] leave prioritisation to automated decision-making. Once that’s been tested and verified, I’d be sort of comfortable with that. (ODM) Participants indicated this was the majority of the big data analytics their agencies were currently using, although there was a desire for further development of these capabilities in the future:

136 Ethics and Bias I think mostly for us, most of what we [Agency X] need to do is about automation. My view is that we need to really focus on automation [of simple tasks] rather than augmented decision-making because there are too many unanswered questions around how you put in checks and balances about how you do augmented decision-making. So, I think for us a lot of it is, why are we actually doing it? It is not just about effi­ ciencies. In the end a lot of it will be about, we have got to have better decisions, it is not just about efficiency. (TECH) The term augmented decision-making is one of many used by participants to describe a process of using technology to improve human decisions. Burton, Stein and Jensen (2019, p. 221) define augmented decision-making as a pro­ cess where ‘algorithmic insights are utilized accurately and, most impor­ tantly, discriminately’. One SDM participant defined the terms used within their agency: ‘we do refer to automated and augmented decision-making. Automated is basically doing something for you, augmented is really about a decision aid.’ Many participants suggested that using automated data matching across systems and data sets to help target prioritisation, within strict parameters, was the kind of augmented decision-making they were thinking of. Burton, Stein and Jensen (2019, p. 221) explain that successful human–algorithm augmentation is one in which the human user is able to accurately discern both when and when not to integrate the algorithm’s jud­ gement into their own decision-making. Participants in this study indicated that they saw ethical problems in moving too quickly from automation of discrete and verifiable tasks to using analytics broadly. Many suggested more complex augmented decision-making requires a slow and phased path: This might change over time as technology improves and we address those sorts of ethical issues … I think as an initial step the approach we’ll be taking is that any adverse outcome that comes from any sort [of] automated or augmented decision-making process will have to be human checked. (ODM) Intelligence Ethics Includes Decision-Making The academic focus on ethics has predominately been related to intelligence collection functions (Bellaby 2012; Born & Wills 2010) and especially secret collection (Hulnick & Mattausch 1989; Omand & Phythian 2018). This focus on collection, and in particular human intelligence collection, has resulted in inadequate attention being paid to other phases of the intelligence cycle (planning and direction, analysis and production, and dissemination) to the detriment of a broader consideration of ethics in the work of the intelligence services (Born & Wills 2010). Participants in this study indicated that one of the major impacts of big data for the intelligence community is the need to

Ethics and Bias

137

consider ethics related to collection and analysis, covered above, as well as the outcomes or decision-making and action associated with, or resulting from, intelligence, which is covered below. Participants discussed the need for consideration of ethics in all elements of intelligence and explained the role of ethics in all phases of the intelligence cycle. Participants highlighted this was especially important when using intelligence advice and product to act or make decisions, whether that action or intervention is undertaken by a minister, policy maker, military officer, police officer or intelligence agency. Participants indicated that ethical dilemmas are likely to occur throughout the intelligence process as well as when intelligence is used to support a national security decision. As one ISME noted: You should never automate threat to life … Because you don’t want to kill someone accidentally. If Defence is going to kill someone … there is international law, domestic law, there are rules of engagement so it is actually surrounded by a whole set of rules. One participant offered an example in relation to assessing whether an indi­ vidual posed a security concern: ‘Ultimately, I think the decision about whether a threat exists and how we respond to it needs to be a human deci­ sion’ (SDM). This participant went on to describe that they saw an ethical responsibility for each decision-maker in the process, whether they were an analyst, manager, police officer or policy maker. Most participants described a process in which decision-makers at all levels understood the basic analytics, outputs and implications of analysis: A lot of that comes back to making sure your methodology is sound, you have decision-makers that understand what those big data analytics are doing and what the outputs mean, particularly if as an organisation you are going to be relying on that as a capability, that a large chunk of the organisation will be relying on and making decisions and assessments on. That whole process needs to be well understood. (ODM) The policy decision-makers are not going to see the back end, they don’t see the weeks and months of all the information that supported the one dot point that is our advice. But we need to make sure that when we do need to fall back on it that we can show a rigorous process … I think the accuracy or credibility of the inputs we are putting into decision-making is important and confidence in the automated processes … How you assess the accuracy and credibility of information, because big data is notoriously unreliable, is becoming a big challenge for us. We’ve always been able to prove for example in a coronial enquiry – we unpick all of our decisions, so we can show how we made decisions and what we

138 Ethics and Bias considered. So, we need that in the automation, we need to be able to show the parameters if you like. (SDM) Omand and Phythian (2018) argue that ethical actors include those who decide how and where to authorise action based on intelligence, be they policy makers, military commanders or police officers. This was a critical area for participants in this study and this section considers the kinds of decisions intelligence might be used for and how big data impacts the pro­ duction of that intelligence and subsequent decisions made using it. Omand and Phythian (2018, p. 171) outline what they see as an ‘ethical baton passing from the intelligence analyst who issues the reporting – with, we hope, ade­ quate caveats about reliability – to the decision maker who receives it and decides whether to act on it’. Participants in this study suggested that this is especially critical now that there are more agencies and broader functions in the NIC. One participant described the challenges inherent in using the results of big data analytics or automated processes to take action and some of the considerations for different agencies: What is missing in this debate is how do you apply those rules when you automate [aspects of intelligence]. If you go to arrest someone, there are rules about gathering evidence, they have a right to a lawyer, there are a whole bunch of rules around the process. If you are going to automate the process, how do you apply those rules to both that analysis and that outcome? (ISME) Another participant described this process from an international perspective, highlighting the ethical challenge of understanding and explaining the decision-making process at all levels: The thing we have been discussing here is being able to explain why a decision has been made and why a machine has made that decision. It’s been an interesting discussion too with US partners! They are doing a lot more in this space. They are in some areas, around the border and so forth, open to appeal and they have found that on appeal they can’t answer because they don’t know the rules that were applied to the data. So, I guess when we think about the future it’s actually understanding what rules – not letting the technology get so far ahead that we don’t understand how the decision was made. (ODM) Intelligence, Ethics and Purpose Throughout the research, participants organically raised their commitment to ethical behaviour and expressed concern about activities they perceived as

Ethics and Bias

139

not accurately reflecting their agency’s purpose, or the purpose of the agen­ cies conducting activities. They expressed views about the different values and purpose of agencies within the NIC and AIC and believed that these increase in significance when big data is used, due to the scale of bias and potential intrusiveness of big data analytics. One participant described the need for a clear understanding of the purpose of using big data: Fundamentally the impact of big data [on intelligence] is about under­ standing purpose. People get hooked on technology, but you need to explain purpose. Why are we doing this? … So, you have to be quite specific around what is the reason you want to do this stuff? People are trading off their civil liberties because that’s what is happening. You’re giving something up to prevent a worse thing happening over here. (ISME) A number of participants viscerally responded to potential uses of data that they perceived to be unethical and outside the purpose of the NIC: If you consider someone a potential offender … well they haven’t broken the law so how are you going to treat them? If they’ve come to notice and you pursue it fine. But if you start to use algorithms to identify offenders in society then that’s where you go back and read 1984 and Brave New World. (ISME) Many participants delineated the boundaries of ethical behaviour based on their agency’s purpose and mission, such as this comment: Law enforcement agencies should not be in the business of seeking to identify potential offenders. That to me is not law enforcement – I don’t know what it is but I think it’s something pretty scary. You can be guaranteed, absolutely guaranteed of one thing. If you go down the path of seeking potential offenders a lot of innocent people are going to suffer … Take what we know about terrorism. You can speak to people who believe in extreme literal interpretations of the Quran who think Osama Bin Laden was a hero and sympathetic to ISIS but would never think of killing a fellow person or indeed helping someone. They may provide the broader intellectual framework within which terrorists can operate but they are not committing a crime. I think the whole business to use algorithms to identify potential offenders … I think I’d be out on the street campaigning [against] it. (ISME) Participants organically raised the notion of values, how they are created and shaped, and how they support ethical decision-making, as this participant highlighted:

140 Ethics and Bias So, part of it is goes to the values of an organisation. One of ASD’s values is that we obey the law. It sounds silly but when you think about what ASD could do – watch the Secret City! – what ASIO could do, what immigration could do, so actually a strong ethical base is critically important to those organisations. And it is something that people forget because ethics is not discussed a great deal, except in boring conversa­ tions, but at the end of the day, ethics is critically important in big data. If you are going to use big data you still have to have the same ethical underpinning in your approach. ASD has it [obeying the law] in their mission statement. It’s written on the wall and people talk about it. (ISME) Many participants raised their organisational values in the context of ethics. Participants raised the notion that organisational values help to shape and also reflect what they saw as ethical and unethical uses of big data – the importance of clear, specific purpose. A discussion of ASD values organically came up in interviews with all participants who currently or previously worked at ASD. Participants from AIC agencies described the ethical boundaries in intelligence activity as unique, because of the functions of the intelligence community. This participant listed the ASD values, and then noted: Those values were not derived and imposed on the staff. They were derived from talking to the people inside the organisation. It was about purpose. What do we do? We make a difference, we strive for excellence because you should strive for excellence, you know, we operate in the slim area between the difficult and the impossible, because that does actually describe what ASD does. We obey the law because we have this enormous capability. (ISME) When asked whether they felt confident about their agency’s use of big data to support decision-making, one participant responded: ‘I think one of the key things is also having a clear sense of what our mission is. We know why we exist’ (SDM). Another participant suggested: ‘It’s very philosophical but the ways and things that will be valued in terms of decision-making will be ethics and morals around how data is used and exploited’ (SDM). One par­ ticipant explained the similarities and differences between the challenges faced by different agencies: There is a core group [the AIC] in the NIC then the others. So, it is a sort of tiered system. You know the other agencies still have sort of huge data analytic challenges to deal with. It might not be intelligence in the same way that we would see it but nonetheless the AFP, ACIC they still need to make sense of the world to drive their operations … The scale is

Ethics and Bias

141

not the same but in terms of bringing together disparate data sets and in terms of bringing behavioural analytics to bear there are some similar challenges … Huge ethic and proportionate responses around whether you might be able to go that far and is it proper to able to go that far? (SDM) Participants raised ethical behaviours and principles that they saw as crucial in the practice of intelligence, in an ad hoc fashion. This is an area that needs further development and focused research to become a valuable contribution. In conclusion, big data impacts how participants understand ethical bound­ aries in intelligence in three key ways. First, it is not possible to ethically automate many aspects of intelligence work, as it often requires human analysis and subjective decision-making. Second, the ethical use of intelli­ gence extends beyond collection and intelligence analysis to include those who make decisions and take actions using that intelligence. Finally, the purpose of big data-enabled intelligence collection and analysis needs to be specified precisely to avoid unethical use.

‘Ethics at Scale’ The key debates and concerns surrounding the use of big data in society are reflected in Richards & King’s (2013, p. 42) three paradoxes of big data – transparency (mass data collection by operations that are themselves shrou­ ded in secrecy), identity (data use at the expense of individual and collective identity) and power (big data can democratise capabilities while centralising power in large institutions and corporations). Participants spoke about the ethical challenges of big data and emerging technologies in relation to society more broadly, rather than solely about intelligence, largely because this is where many expressed the immediate impacts were being felt. Many partici­ pants argued that ethics in society and in intelligence are even more impor­ tant in a more fragmented and diversified data environment. This section considers ethics on a large scale, where the focus is coding individual human decisions, which are then analysed using algorithms, and the current or potential application in intelligence. Ethics at scale in an intelligence context concerns how intelligence decisions made now by individual intelligence officers could be made ‘at scale’ by automated processes. It then offers insight into ethics at an organisation or nation-state level, where algorithmic deci­ sions will represent the culture of the companies, organisations and countries they were created in and the data used to train systems. Participants highlighted that new technologies are driving a need to ‘codify’ ethics and ethical decision-making in new ways. A key theme emer­ ging in this research is that participants believe that ethical decisions are already being automated and applied at scale in a number of contexts in society and that, while this is nascent in their experience in national security environments, it represents a considerable ethical dilemma caused by the big

142 Ethics and Bias data landscape. Many of the big data technologies and systems already in place in society have considerable inbuilt biases which we may or may not even be aware of. Emerging technologies enable the capture and analysis of data on a large scale and in real time, making it impossible to apply indivi­ dual ethical considerations to a range of actions, whether that be collecting or analysing data, or using that data to make or automate decisions. This means that ethical decisions are being made consciously or otherwise at the ‘back end’ – or programming phase – of the process but may not be visible until an outcome or decision, or user action, is reached at the other end of the process. I describe this as ‘ethics at scale’. Participants highlighted that ethics at scale means algorithmically representing existing human decisionmaking processes, including the ethical calculations within these decisions, at scale and in real time. Participants indicated they saw the challenge of algorithmically representing ethics at the scale of big data as a primary ethical concern in society, with important national security implications. Ethics have largely been considered an individual, personal or singular activity (Beard & Longstaff 2018), a transaction in which an individual makes decisions guided by an ethical code, compass or frame of reference (Beard & Longstaff 2018; Erskine 2004; Herman 2004; Omand & Phythian 2018). However, due to the ways that big data and emerging technologies are being used, it is now necessary to consider how ethics apply ‘at scale’. Parti­ cipants in this research shared a range of perspectives about ethics on a broad spectrum from the idea that we should code everything to a perception that not everything can and should be algorithmically represented. Most participants indicated that, for the immediate future at least, algorithmic representation of human decision-making is of limited utility or problematic due to the challenge of representing ethics at scale. A few participants pro­ posed that all human decision-making in society will eventually be auto­ mated. Many participants saw the requirement to represent some of the ethical decisions currently made by individuals in code as inevitable, in society at large: You are having to code things that previously would have [been] done by a human decision-maker. The driverless car is a great example, where the data is having to make the decision about whether it runs over a child or diverts and potentially kills the passengers – which is the worst? Nor­ mally you’d have a person there who would make that decision. In the future, you’re going to have to code things into data and algorithms that previously didn’t have to be coded. That will bring out a lot of ethical questions because they are things we haven’t had to consider before. (SDM) Participants raised the challenge of whose ethical choices and decisions were being represented by algorithmic processes. Most participants indicated that this was a fundamental sticking point of ethics at scale in broader society –

Ethics and Bias

143

however the comment below, which called for clarity in implementation, was a minority perspective: When the Google self-driving vehicle hit and killed someone and it makes front page news in the same day where thousands of people die in manually driven vehicles, what standard are we holding the machine up to versus ourselves? Why should that be any worse than when a human accidentally pulls the trigger, or intentionally disregards a piece of evi­ dence that could exonerate someone? We need ethics and rules and guidelines as to the left and right of arc. (SDM) Participants indicated they were uncertain how, and if, ethics can be auto­ mated and applied at scale for national security purposes. Participants unanimously agreed that within intelligence agencies human decision-making should remain extant, at least in the short term, as the earlier sections of this chapter addressed. One participant reflected the view of many on the limits of using algorithms within intelligence agencies: There will always be a bias in these systems which are becoming complex in the way that human thinking is complex. I don’t think that means we shouldn’t use them. As of today, we should be relying on machines for suggestions but what needs to stand behind that is human analysis and validation of their conclusions and humans standing behind the deci­ sions that are made. I don’t think we are at a point as a society where we trust machines to make those decisions. (TECH) In this context, the participant was talking about national security agency decisions which could have adverse effects on individuals, such as making assessments about potential security threats or visa applications. Participants pointed to research which shows algorithm-based decisions can be biased towards one group in society at the expense of another, for example bias against black offenders in sentence lengths in the US (Angwin et al. 2016) – and the speed at which that is occurring. Participants indicated that this kind of bias at scale is a significant ethical dilemma caused by big data in intelligence. In the context of intelligence, most participants raised what they saw as the challenge of managing bias and the relationship between awareness of human and data bias and the potential to exacerbate existing bias using big data technologies. It is possible that the characterisation of big data by par­ ticipants that establishes a clear division between the two is a false dichot­ omy and more research is needed to better understand human and data bias in intelligence. Participants indicated that big data has the potential to dra­ matically speed up and exacerbate existing human bias, which according to

144 Ethics and Bias participants presents a fundamental ethical challenge for agencies facilitating public movement, such as law enforcement: It’s the speed and the scale at which we could be wrong now [that] will be absolutely tragic. That’s the difference, that’s the difference in the bias and we’re already seeing that. One primary line officer at customs might have a bias towards Middle Eastern males and specifically target them at one airport while he’s on shift. Now we have the potential to disseminate that bias – globally, in fact – so say this group of people are of interest and, all of a sudden, hundreds and thousands and millions of people are getting stopped unnecessarily every time they travel. That’s a new level of social disruption. (ODM) Another participant similarly highlighted the notion of bias at scale, but in the context of analytical processes and the potential of big data to compound and exacerbate existing cognitive biases: The positive feedback loop is the same sort of thing and then you see the confirmation bias – ‘Oh, I am right’. Big data exacerbates all of that. So, one of the questions any organisation should have is how you introduce a diverse set of uncomfortable views and ideas. Really every agency should introduce that as a matter of course. To ensure the health of the place. (ISME) A number of participants raised the need for intelligence agencies and ana­ lysts themselves to have a greater awareness of data bias, as this comment illustrates: We need to train our analysts to understand that bias is inherent and they should not be just accepting blindly what the machine tells them. They should be taking that as a suggestion or for consideration and acting on that accordingly. I think in the longer term the world is likely to end up is that these things will become things that society relies on, but I think what’s missing there – and maybe it’s coming – is the concept of liability there. People are responsible for their decisions and there is a societal consequence to getting those wrong. At the moment there is an absence of liability around … whether it is AI or data decisions with biases and I think those responsibilities will need to be assumed by someone who is responsible for the intelligent agents – or whatever they are – for what they decide and do. I think the first place that is likely to happen is in autonomous vehicles. (TECH) This notion of algorithmic representation of ethics at scale is critical in understanding how participants view the challenges of ethics and big data, in

Ethics and Bias

145

society and in national security. A number of participants raised ethics at scale as distinct from individual ethics. One participant used the ‘trolley-car’ dilemma to explore the possibilities of coding in society broadly and how different organisations would reflect these considerations: The trolley car dilemma will be critical for self-driving vehicle dilemmas … At some point the equations we calculate every day while we drive must be algorithmically represented. Is the Google algorithm for making that decision the same as the Uber algorithm for making that decision? (SDM) The quotation above makes the rhetorical point that algorithmic decisions will represent the culture and environment in which they were created. Throughout this research, the notion of bias and algorithms representing different kinds of organisational and nation-state cultures was pervasive. As one participant explained: ‘In many ways, the machines of different cultures will take different approaches and responses. The machines that Russia and China develop will be culturally different… It’s already like talking different languages!’ (SDM). Another participant described the way that technology reflects the culture it is created in as a ‘cultural clash of values’ (SDM). Given how far ahead and how much China is investing in terms of AI, supercomputing and given how much they are collecting data sets on their population and what a strong ideological bent it has in terms of reinforcing the ideology of the Chinese Communist Party … What is that going to look like from a values perspective? (ODM) Some participants spoke about the cultural and ethical differences between societies and the kinds of technologies nation-states and companies in dif­ ferent jurisdictions create. In a similar vein, Livermore (2018) examines the vastly different approaches taken by the United States and the Russian Fed­ eration regarding the development of robotic fighting vehicles and their eventual operational use (in a military context). The US approach, requiring final human decision-making before the use of lethal force is contrasted with the Russian approach pursuing fully autonomous systems, both of which present different moral and practical challenges (Livermore 2018). According to participants in this research, the way that nation-states approach the development of technologies for waging war will shape the character of future conflict.

Bias in Intelligence Ethical considerations are prevalent in all aspects of everyday life and in intelligence work (Erskine 2004; Omand & Phythian 2018). Bias is ‘a

146 Ethics and Bias tendency, inclination or prejudice toward or against something or someone’ (Psychology Today 2021).1 Bias was discussed in every interview and the need to consider data bias was expressed by participants as an essential component of ethical intelligence. This section examines bias in intelligence ethics in four parts. First, this section considers bias as a component of ethics in intelligence. Second, it examines the difference between cognitive bias and data bias and then considers whether the latter should aspire to reduce the former. Third, it considers the intelligence challenges of incomplete data sets. Finally, it highlights the bias of intelligence collection itself. Intelligence Ethics Includes Considering Bias There was consensus amongst participants in this research that ethics in intelligence includes considering bias, whether that bias emerges from data (analytics, technologies or data itself) or human judgements. Participants explored the kinds of bias associated with big data that they saw in society broadly and specifically in their national security work. Additionally, according to participants, managing the bias that is inherent in big data sys­ tems is a major ethical challenge for intelligence agencies and bias is a key consideration in the development of systems. Almost all participants, across all categories, were aware of academic studies relating to big data bias. A number mentioned specific research examples, such as an algorithm that could almost perfectly classify images of huskies and wolves but was found to be identifying wolves based only on the snow in the image background, rather than based on analysis of canine features (Ribeiro, Singh & Guestrin 2016). Participants raised many examples of failures of big data due to bias and indicated that this is one of the reasons that bias must be considered within an ethical lens by intelligence practitioners. Many of the participants indicated their agencies were using big data analytics in niche applications only, so the discussion was largely focused on what partici­ pants saw as future bias challenges, or challenges they had not yet overcome. Tversky and Kahneman (1974, p. 1124) introduced the concept of cogni­ tive biases, showing that ‘people rely on a limited number of heuristic prin­ ciples to reduce the complex tasks of assessing probabilities and predicting values to simpler judgemental operations’. Since then, cognitive biases and their impact on intelligence analysis have been considered in the intelligence literature (Heuer 1999; Heuer & Pherson 2015; Mandel & Tetlock 2018; Whitesmith 2020). Heuer (1999) applied the insights of Tversky and Kahne­ man (1974) to intelligence problem sets in Psychology of intelligence analysis. In what has become a textbook for practitioners called Structured analytic techniques for intelligence analysis, Heuer and Pherson (2015) provide 55 structured analytic techniques to assist analysts to avoid some of the cognitive biases set out by Heuer (1999). Understanding cognitive bias and using structured analytic techniques is common intelligence analysis practice and many Australian officials have

Ethics and Bias

147

been introduced to them extensively and trained in their use at practitioner and manager levels. Participants in this research discussed bias in the context of big data and the way it impacts society broadly and intelligence agencies specifically. This section is structured thematically around the kinds of data bias participants perceived as directly relevant to their intelligence activities and that they were specifically concerned about. Cognitive Bias and Data Bias When discussing bias almost all participants acknowledged existing human cognitive bias as well as the inherent biases of big data: ‘We’ve got to acknowledge that we’re already biased … How do we manage that bias in a highly digital environment?’ (TECH). A number of participants questioned how different big data bias would be from cognitive bias: I mean how do we account for bias now? You become conscious of it, I guess. We’ll just have to do the same with machines. Maybe have a red team algorithm to attack potential bias in the data. There will be no silver bullet way to get rid of bias I suppose. It will be a balancing act. (SDM) However, most participants indicted they had specific concerns about identi­ fying big data bias and indicated current human analysis is an essential component of developing systems: ‘Yes, I have concerns about bias. We must constantly test for it, and you need humans to confirm results or do further analysis’ (SDM). Participants explained some of the specific challenges of using data to train systems and understanding the data you use: I don’t know that there is a solution around ethics and artificial intelli­ gence. I think that it is more around looking at the data that you are using to train your system on and really scrutinising that in terms of potential biases. There are techniques to try and drive that from a statistical point of view but you also have to take that from a logical point of view. Logical thinking in terms of, well, do we just want to compound the decisions that have been made always and how accurate is that going to be? (TECH) In discussing ‘compounding decisions’, this participant highlighted an issue raised by many interviewees, asking whether consideration of data bias and use of data analytics should aspire to reduce existing human bias. As one participant noted: We certainly shouldn’t have bias towards racism in whatever machine is developed. That goes to gender, race, sexual orientation … I think that

148 Ethics and Bias this gets down to the ethics of it surely, we shouldn’t develop a machine that is like us … It needs to aspire to be better than us. (SDM) Many participants saw an opportunity to build systems that reduce unfair or discriminatory bias, rather than replicating bias. Another participant explained this position more clearly: An element, not the totality but an element, of the reason why there are more Indigenous people in jail and more black people shot in the US by law enforcement is an algorithm embedded in the mind. Every bit of research bears that out. Why in the hell would you seek to embed such bias? I mean why would you embed that kind of bias in your technology? (ISME) However, some participants raised issues about the differences between machines and humans in the context of a broader discussion about human failure to ask questions of machines. In particular, this interviewee noted: We have got to be careful that we neither think of machines as perfect nor deride them for being imperfect. They certainly don’t have malice. They can end up giving us wrong answer – although they may well be giving us the right answer for the information they had – literally as described. (SDM) Incomplete Data Sets and Bias Most data collected by intelligence agencies is created for purpose other than intelligence. Big data that is accessed by intelligence agencies is rarely part of complete data sets, and this has the potential to cause bias in subsequent ana­ lytical processes. Incomplete datasets have been a documented issue in broader data collection, including in areas such as electronic health records (Wells et al. 2013) and artificial intelligence (Schwartz et al. 2022). Incomplete data sets can be caused by a variety of factors, including sampling issues, such as not all individuals completing a given form, or a lack of mobile devices in a given population, systematic exclusion or inclusion of groups, detection bias, or evaluation bias (Schwartz et al. 2022, p. 8). According to participants, much of the work conducted by intelligence agencies results in data bias caused by specific collection processes and incomplete data sets. Participants indicated that when data is collected from third parties, or domestically through intrusive means, it is often incomplete and cannot be used effectively for many applications of advanced analytics, as this ODM explained: We have warranted collect [special powers set out in legislation] which means we get to see information no one else gets to see, so there is not

Ethics and Bias

149

necessarily a ‘right’ thing to do with it in the context of analytics. Part of that is that a lot of the data we collect has not been made for analy­ tics … Which means we get data and can access data in different ways from other organisations. One characteristic that is interesting in this environment for data is that most places when they have data it’s been generated for the purpose, or a purpose, of analytics typically. Point of sale etc. … It hasn’t been made for the purposes of analytics, so we are exploring the value of that to find something of interest to us. There is also a whole bunch of other data that has been made for analytics sys­ tems than the one we have … The quality of that information, the con­ sistency of it and the availability of it. So, we are very opportunistic in the data we have access to because a lot of the accesses, certainly the ones we have ourselves, are quite intermittent. (ODM) Participants from different agencies described how incomplete data affected them based on their respective collection frameworks. One participant from a foreign technical agency said: Most of our data is shit. It is incomplete, we are the unintended recipient, we are using it for a purpose that it wasn’t created for and a whole bunch of our existence is trying to make data fit for a purpose and understand it. (ODM) Another participant described the implications of one example of incomplete data – date ranges – for analytical systems: A clear understanding of what the absence of data means [is especially important]. Why are things not filled in and what does vacant data mean in a data set? Sometimes the transfer of data can see dates missing from a range – so you can make an assessment but if the activity you’re looking for happened on that date the absence of data doesn’t mean the activity didn’t occur. So actually, having that understanding of what is in the data set but also importantly what is absent from the data set is really key to having good bulk data. (ODM) A large number of participants raised the notion of data provenance – understanding where data has come from, why it has been collected, and what is included and missing in the data set. One participant asked: ‘it comes back to the provenance of the data … How can we build some assurance around that?’ (SDM). Another suggested: I think you have just got to proceed with a profound understanding of the inherent limitations in all of this. Just because it is a machine [that] is

150 Ethics and Bias making the decision doesn’t mean it is going to be free of bias. You have got to think about your data sets. I think my mantra is you can’t do good data science on poorly curated data. You have got to make sure you understand the data you have got, that you understand its prove­ nance, its strengths and weaknesses from a bias perspective, from a quality perspective. I think you need to understand what it is you’re working with. (SDM) Data Bias in Intelligence Collection Intelligence collection is by its nature targeted and many participants raised the problem specific biases in data that is collected by intelligence agencies. Participants raised concerns about potential data bias in data collected by intelligence agencies in relation to race, ethnicity, gender, age and features of the natural world, such as oceans and land. Data bias has the potential to exacerbate harms (Schwartz et al. 2022, p. 9). Bias in data collected by intelli­ gence agencies has specific implications for big data analytics, largely that they are not representative data sets and cannot be readily used for indicators and predictive analytics or used to derive value from existing data holdings. Data collection inside Australia’s domestic intelligence and law enforce­ ment agencies must meet specific legal thresholds, such as suspicion of a criminal offence, before being collected and is therefore targeted and direc­ ted. Participants from these agencies described the kinds of data they collect as being biased through the process of collection and therefore not useful for many big data applications, such as machine learning: ‘There are many interesting challenges about where your data comes from, and actually understanding it’ (ODM). During this discussion, this participant high­ lighted why consideration of the data you collect is critical when using big data analytics. In particular, this participant was explaining that using racially biased data (collected due to a mandate to focus on a specific type of crime, or in a specific region) would have disastrous impacts if used as a training set: I’ll go back to child exploitation as an example. We’ve been dealing with countering child exploitation in Aboriginal communities. Well, obviously, straight away, all the data coming out of there’s going to be of Aboriginal kids, so if you used it to train algorithms, it’s going to push towards a bias. That bias is going to be a data source bias for you, it’s about actually understanding the implications of the data that you’re using to train the systems, before you think about design those systems … That example wouldn’t work [for machine learning]. (ODM) Another participant raised a similar challenge in terms of biased historical and contemporary work in agencies which may not be reflective of the

Ethics and Bias

151

overall threat environment. Some participants described the challenge in using existing intelligence data sets to derive value from data – one of the keys to big data analytics: Yes, we become biased by what we investigate … If you look at the CT data it is very Middle East focused, all the images are very Middle Eastern. The fact is, is we’ve got a lot sitting on our doorstep in Indo­ nesia and the Philippines, but if you try and get a computer to actually start recognising that, it will be looking, in terms of images, it looks for deserts and Humvees, and all that sort of stuff, but if you have a look in Mindanao, it’s all jungle cams … Yes, it’s all very, very different. (SDM) A number of participants raised the AFP’s Project Stonefish as an example of a contemporary project exploring machine learning for a national security purpose. Project Stonefish is an AFP initiative for law enforcement, and academic and commercial cooperation in the field of automated offensive material detection (Dalins et al. 2018). In their research, Dalins et al. (2018) detail the design and implementation of a deep-learning based child exploi­ tation materials [CEM] classifier, leveraging existing pornography detection methods to overcome limitations in this field. This research found biases in skin tone analysis in CEM cases that rendered it of limited use (Dalins et al. 2018). However, at the time of the interviews, one SDM indicate that skin tone bias had been overcome and the focus was now on more subjective issues: It was initially biased around skin tones. If we look at CEM we see the ways the categories have been defined and described are subjective because they’re what a human might say is a more offensive level – and this is not surprising. But, for a computer, they’re not necessarily different, let alone better or worse … So, yeah, skin tones I know was one, adults to children is another, particularly for certain types of images because of the propensity for certain images [to dominate data sets]. But it’s quite good at discriminating adult pornography from child pornography now and it’s actually quite good at certain categories of child pornography and quite poor at others. And some of that is down to the fact that it’s hard to translate the category in terms that a computer can work with because they’re a bit more subjective and emotive rather than actual. (SDM) A number of senior decision-makers commented on the lack of expertise in intelligence agencies and oversight bodies to identify bias. This was reflected in this participant’s comment: There are also challenges in understanding some of the assumptions built into algorithms. Lots of writing about the biases in algorithms and,

152 Ethics and Bias as a non-engineer, non-scientist, we have to understand that. Our agency doesn’t have a suite of engineers in the back and we have to try to understand that and ask the agencies and look to see that they are unpicking that and look to see that they are assuring themselves about the assumptions built into their own systems. (SDM) The ethical issues that big data (Taddeo & Floridi 2018) and data analytics (Kitchin 2014; Saltz & Dewar 2019) pose are pressing for both academia and society (Mills 2019, p. 49), and this research finds that big data similarly poses ethical dilemmas for the intelligence community. This chapter showed there are specific ethical boundaries around the use of big data in intelli­ gence, in particular around automating intelligence activities, the ethical use of intelligence derived from big data to make decisions and necessitating a narrow definition of the purpose of big data-enabled intelligence collection and analysis. This chapter also illuminated the challenges of applying ethics at scale, the roles of data users, from intelligence collectors to analysts to government decision-makers, and the impact – both current and potential of bias, including in data sets and in data collection.

Note 1 ‘Bias is a natural inclination for or against an idea, object, group or individual. It is often learned and is highly dependent on variables like a person’s socioeconomic status, race, ethnicity, educational background, etc. Biases are often based on ste­ reotypes, rather than actual knowledge of an individual or circumstance. At the individual level, bias can negatively impact someone’s personal and professional relationships; at a societal level, it can lead to unfair persecution of a group, such as the Holocaust and slavery’ (Psychology Today 2021, np).

References Angwin, J, Larson, J, Mattu, S & Kirchner, L 2016, ‘Machine bias: there’s software used across the country to predict future criminals. And it’s biased against blacks’, ProPublica, 23 May, accessed 2 August 2017, https://www.propublica.org/arti cle/machine-bias-risk-assessments-in-criminal-sentencing. Bar-Joseph, U 2010, ‘The professional ethics of intelligence analysis’, International Journal of Intelligence and CounterIntelligence, vol. 24, no. 1, pp. 22–43. Beard, M & Longstaff, S 2018, Principles for good technology, Ethics Centre, Sydney. Bellaby, R 2012, ‘What’s the harm? The ethics of intelligence collection’, Intelligence and National Security, vol. 27, no. 1, pp. 93–117. Born, H & Wills, A 2010, ‘Beyond the oxymoron: exploring ethics through the intel­ ligence cycle’, in J Goldman (ed.), Ethics of spying: a reader for the intelligence professional, Scarecrow Press, Portland, OR, pp. 34–56. Burton, JW, Stein, MK & Jensen, TB 2019, ‘A systematic review of algorithm aver­ sion in augmented decision making’, Journal of Behavioral Decision Making, vol. 33, no. 2, pp. 220–239.

Ethics and Bias

153

Dalins, J, Tyshetskiy, Y, Wilson, C, Carman, MJ & Boudry, D 2018, ‘Laying foun­ dations for effective machine learning in law enforcement. Majura – A labelling schema for child exploitation materials’, Digital Investigation, vol. 26, pp. 40–54. Diderichsen, A & Vrist Rønn, K 2016, ‘Intelligence by consent: on the inadequacy of just war theory as a framework for intelligence ethics’, Intelligence and National Security, vol. 32, no. 4, pp. 479–493. Erskine, T 2001, ‘Assigning responsibilities to institutional moral agents: the case of states and quasi-states’, Ethics and International Affairs, vol. 15, no. 2, pp. 67–85. Erskine, T 2004, ‘“As rays of light to the human soul”? Moral agents and intelligence gathering’, Intelligence and National Security, vol. 19, no. 2, pp. 359–381. Floridi, L & Taddeo, M 2016, ‘What is data ethics?’, Philosophical Transactions: Mathematical, Physical and Engineering Sciences, vol. 374, no. 2083. Goldman, J 2018, ‘The ethics of research in intelligence studies: scholarship in an emerging discipline’, International Journal of Intelligence and CounterIntelligence, vol. 31, no. 2, pp. 342–356. Herman, M 2004, ‘Ethics and intelligence after September 2001’, Intelligence and National Security, vol. 19, no. 2, pp. 342–358. Heuer, RJ 1999, Psychology of intelligence analysis, Center for the Study of Intelligence, Central Intelligence Agency, Washington, DC. Heuer, RJ & Pherson, R 2015, Structured analytic techniques for intelligence analysis, 2nd edn, CQ Press, Thousand Oaks, CA. Hulnick, AS & Mattausch, DW 1989, ‘Ethics and morality in United States secret intelligence’, Harvard Law & Public Policy Review, vol. 12, no. 2, pp. 509–522. Jones, JM 2009, Is ethical intelligence a contradiction in terms?, Scarecrow Press, Lanham, MD. Kitchin, R 2014, ‘Big data, new epistemologies and paradigm shifts’, Big Data & Society, vol. 1, no. 1. Livermore, D 2018, ‘Balancing effectiveness and ethics in future autonomous weapons’, Small Wars Journal, 20 September, accessed 26 May 2023, https://smallwarsjournal. com/jrnl/art/balancing-effectiveness-and-ethics-future-autonomous-weapons. Mandel, DR & Tetlock, PE 2018, ‘Correcting judgment correctives in national security intelligence’, Frontier Psychology, vol. 9, p. 2640. McConnell, T 2022, ‘Moral Dilemmas’, in EN Zalta & U Nodelman (eds.), The Stanford Encyclopedia of Philosophy, Stanford University, accessed 10 June 2023, https://plato.stanford.edu/archives/fall2022/entries/moral-dilemmas/. Mills, K 2019, Big data for qualitative research, Routledge, Abingdon, Oxon. Omand, D & Phythian, M 2018, Principled spying: the ethics of secret intelligence, Oxford University Press, Oxford. Petrauskaitė, A & Šaltenis, L 2018, ‘The interaction between intelligence operations and ethics in the context of national security: a theoretical review of the problem’, Lithuanian Annual Strategic Review, vol. 16, no. 1, pp. 401–424. Psychology Today 2021, Bias, Psychology Today Australia, accessed 2 December 2021, https://www.psychologytoday.com/au/basics/bias. Ribeiro, MT, Singh, S & Guestrin, C 2016, ‘Why should I trust you?’ [conference presentation], 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, 13–17 August. Richards, NM & King, JH 2013, ‘Three paradoxes of big data’, Stanford Law Review Online, vol. 41, no. 3, pp. 41–46.

154 Ethics and Bias Saltz, JS & Dewar, N 2019, ‘Data science ethical considerations: a systematic litera­ ture review and proposed project framework’, Ethics and Information Technology, vol. 21, no. 3, pp. 197–208. Schwartz, R, Vassilev, A, Greene, K, Perine, L, Burt, A & Hall, P 2022, ‘Towards a Standard for Identifying and Managing Bias in Artificial Intelligence’, NIST Spe­ cial Publication 1270, National Institute of Standards and Technology, US Department of Commerce, United States. Shelton, AM 2011, ‘Framing the oxymoron: a new paradigm for intelligence ethics’, Intelligence and National Security, vol. 26, no. 1, pp. 23–45. Taddeo, M & Floridi, L 2018, ‘Regulate artificial intelligence to avert cyber arms race’, Nature, vol. 556. Tversky, A & Kahneman, D 1974, ‘Judgment under uncertainty: heuristics and biases’, Science, New Series, vol. 185, pp. 1124–1131. Vrist Rønn, K 2016, ‘Intelligence ethics: a critical review and future perspectives’, International Journal of Intelligence and CounterIntelligence, vol. 29, no. 4, pp. 760– 784. Wells, BJ, Kattan, MW, Nowacki, AS, & Chagin, K 2013, ‘Strategies for Handling Missing Data in Electronic Health Record Derived Data’, EGEMS (Washington, DC), vol. 1, no. 3, pp. 1035–1035. Whitesmith, M 2020, ‘Experimental research in reducing the risk of cognitive bias in intelligence analysis’, International Journal of Intelligence and Counter Intelligence, vol. 33, no. 2, pp. 380–405.

7

Trust, Transparency and Legitimacy

The big data landscape and the broader information and technology ecosystem it enables has and is changing the relationships between intelli­ gence agencies and the Australian people. This chapter examines the way in which interviewees perceive their relationships with the public and how the big data landscape has and will impact those relationships. Emerging strongly from the data was a sense that trust is significant in the role of national security agencies in Australia. This chapter examines trust in two sections. First, it unpacks how participants understand trust and the key concepts of trust, legitimacy and the social contract, which each emerged from interview data. Second, this chapter looks at how participants’ percep­ tion of trust is built and developed, including the importance of aligning big data use with agencies’ values and purpose, transparency and public engagement. Trust, transparency and legitimacy are concepts that exist in all democracies but with different expectations and cultural nuances expectations among societies, groups and individuals.

Understanding Legitimacy and Trust for NIC Agencies The big data landscape has the potential to transform the relationships intelligence organisations have with society. This section shows that agencies have different needs with respect to legitimacy and trust and different rela­ tionships with the public, which participants viewed as being affected by big data. This research found that participants from each of the NIC agencies understand trust differently, which tends to be based on the function and type of community interaction of each agency. This is likely to be similar in all democratic jurisdictions, where intelligence functions have oversight mechanisms separate to political decision-making. Participants indicated that they see big data is affecting the trust Australians have in NIC agencies. Most participants acknowledged there are different ways to consider the notion of trust in national security. Whilst there was not time in the inter­ views to unpack all the variations, participants explored ideas of trust and legitimacy as well as notions of a social contract between the institutions of the nation-state and the population. Participants used a range of terms to DOI: 10.4324/9781003389651-8

156 Trust, Transparency and Legitimacy encapsulate the trust relationship and the legitimacy of the public sector in society. This section first discusses trust and legitimacy. Second, it explores the two main ways of approaching trust and legitimacy identified in this research, and how they are affected by big data. The first of these approaches is through the notion of a social contract. This view was posited by the lar­ gest number of participants, primarily from the six original AIC agencies and the ISMEs. The second way of approaching trust is more relevant to the four agencies added to the NIC, encompassing policing and delivering public good in relation to financial intelligence. Trust in government has been identified as one of the most important foundations upon which the legitimacy and sustainability of political systems are built (OECD 2013, p. 21). Legitimacy is a core concept within political science (Weatherford 1992, p. 149). Diamond (1990, p. 49) defines legitimacy within a democracy as depending on the consent of the governed: To be stable, democracy must be deemed legitimate by the people; they must view it as the best, the most appropriate from of government for their society. Indeed, because it rests on the consent of the governed, democracy depends on popular legitimacy much more than any other form of government. Although closely related, legitimacy and trust are conceptually distinct (Meško & Tankebe 2015). Legitimacy describes ‘power that is acknowledged as rightful by relevant agents, who include power holders and their staff, those subject to the power and third parties whose support or recognition may help confirm it’ (Beetham 2013, p. 19). Implicit in this definition is a focus on judgements about the present; in other words, legitimacy is con­ cerned with recognition of claims of the right to exercise power here and now, rather than in the future (Bottoms & Tankebe 2012). In a simple sense, legitimacy is the acceptance of the right of the government to do its work, often involving the use or threat of force (Robinson, Stoutenborough & Vedlitz 2017). Trust is assumed to be an integral element of legitimacy (Tyler 2006). According to Weatherford (1992), legitimacy is too conceptually complex to study directly, which has resulted in several alternative avenues that address various aspects of legitimacy. ‘One of the most common approaches has been to examine legitimacy through the lens of trust. Trust is often used to approximate legitimacy because the two concepts share many of the same characteristics’ (Robinson, Stoutenborough & Vedlitz 2017, p. 9). Indeed, Jackson and Gau (2016) and Jackson (2018) call this definition of legitimacy the most influential definition of institutional trust. Legitimacy is a psychological property of an authority, institution, or social arrangement that leads those connected to it to believe that it is appropriate, proper, and just. Because of legitimacy, people feel that they ought to defer to decisions and rules, following them voluntarily out of

Trust, Transparency and Legitimacy 157 obligation rather than out of fear of punishment or anticipation of reward. (Tyler 2006, p. 375) To date, there is little known about public trust in national security agencies specifically, despite their significant role. There have been no comprehensive surveys of trust in Australian intelligence agencies. Hillebrand and Hughes (2017, p. 14) note that in the UK ‘there are rarely any studies or opinion polls which provide quantifiable data on the decline in public confidence’ or trust in intelligence institutions. This is echoed by Lomas and Ward (2022), who state that public opinion polling of intelligence services (in the UK) is limited, topical (such as counterterrorism) or related to broader trust in government institutions. There have been some public opinion polls in the US and UK which surveyed the public for their opinions on intelligence agencies and activities (Slick, Busby & Oswal 2021; YouGov 2021). As Ping Li (2012) outlines, there is a wealth of literature in other academic disciplines on developing trust, and trust research has enjoyed explosive growth in the past twenty years (Barbalet 2009; Fukuyama 1995; Levi & Stoker 2000; Luhmann 2017; Morgner 2018; Robin­ son, Stoutenborough & Vedlitz 2017; Rousseau et al. 1998). However, much of the research on trust deals with interpersonal trust (Bouckaert & Van de Walle 2001), and a little on trust in government institutions, but an absence specifically when it comes to national security and intelligence agencies. Trust has been defined in many different ways (e.g., Barbalet 2009; Bouckaert & Van de Walle 2001; Levi & Stoker 2000; Luhmann 2017; Meško & Tankebe 2015; Robinson, Stoutenborough & Vedlitz 2017) but, in contrast to legitimacy, trust is future oriented: it is a ‘positive feeling of expectation regarding another’s future actions’ (Barbalet 2009, p. 375). Omand (2010, p. 9) considers national security a ‘state of trust’ on the part of the citizen that risks to everyday life, whether from human-made threat or impersonal hazards (for example, COVID-19 or climate change), are being adequately managed to the extent that there is confidence that normal life can continue. Being legitimate is important to the success of authorities, institutions and institutional arrangements since it is difficult to exert influ­ ence over others based solely upon the possession and use of power (Tyler 2006). A key prediction of citizen–authority relations, known as procedural justice theory (Jackson 2018), is that people will comply with the law and cooperate with legal authorities when they ascribe legitimacy to justice insti­ tutions (Tyler 2006). A critical element of Omand’s (2010, p. 9) ‘state of trust’ is the understanding that national security agencies provide intelligence which contributes to safeguarding national interests and the lives of citizens and ‘that, in doing so, those agencies act with propriety, legality and pro­ portionality, are responsive to Ministerial direction and control, and are accountable for their activities’ (Department of the Prime Minister and Cabinet 2017, p. 111). Intelligence agencies must respect the restrictions of liberal democracy, or risk being a threat to that democracy (Irvine 2010).

158 Trust, Transparency and Legitimacy Participants indicated agreement with Omand’s (2010, p. 9) concept of a ‘state of trust’. In this research, participants expressed that the trust of citi­ zens in national security agencies (and government broadly) is critical to their ability to operate. The word trust, trusting or trusted or the expression of a desire to be a trusted agency appeared organically in all but one inter­ view. Participants indicated a desire to be trusted by the Australian public and many articulated concerns about how trust might change as a result of big data: In an esoteric sense, public accountability and trust are the biggest challenges [of big data for national security]. Because the use of big data and the public’s perception of how big data is used will form a big part of whether they trust the national security apparatus or not. We make a really big thing of the fact that our success relies on the public’s trust and anything that erodes that is generally considered a bad thing. (SDM) Participants agreed on the significance of legitimacy and public faith in institutions, with comments such as: ‘maintaining public confidence in our work is crucial’ (SDM). They raised concerns about the impact of big data on trust: ‘we need to manage an authorising environment that sees ASIO as a trusted agency. If people don’t have confidence in how we handle informa­ tion [especially big data] then that’s going to be eroded’ (ODM). There was a widespread view across agencies and from the vast majority of participants that a big data-enabled world is in the process of changing the legitimacy of the broader public sector as well as national security agencies more specifi­ cally. Participants expressed the view this is already impacting or has the potential to impact the relationship their agencies have with the Australian people, either directly or in a more nebulous sense, as it affects the trust Australians have in them to fulfil their mission. Social Contract and the Australian Intelligence Community The concept of a social contract, also known as social contract theory, is one of the oldest philosophical theories on the origin of the state (Gough 1978). Whilst similar ideas can be traced to the Greek Sophists, social contract theories had their greatest currency in the seventeenth and eighteenth cen­ turies and are associated with philosophers such as Thomas Hobbes, John Locke and Jean-Jacques Rousseau (Encyclopædia Britannica 2019). In JeanJacques Rousseau’s 1762 treatise The social contract, the French philosopher argues that laws are binding only when they are supported by the general will of the people. Rousseau’s theory of the social contract ‘dictates that each member gives up their individual right to act as they choose in favour of the general will of the community’ (Wraight 2009, p. 44). ‘The central idea is that coercive political authority can be legitimised through the notion – either

Trust, Transparency and Legitimacy 159 historical or hypothetical – of some kind of pact’ (Chesterman 2011, p. 249). One participant characterised a commonly expressed view that the relation­ ship between citizens and agencies is a social contract to keep Australians safe and protect Australian interests: There is a social contract with government and the people that the gov­ ernment will keep us safe. It is why we have police officers and the mili­ tary. They are there to keep us safe. The intelligence agencies are there to provide information to government to help them make clever decisions. That’s a broad, rough characterisation but that’s really what it is. There are security agencies for where law enforcement isn’t sufficient. There is a social contract there. (ISME) Scholars have begun to consider the impact of big data on the social contract (Unsworth 2016) and in the intelligence context specifically (Chesterman 2011; Treverton 2009). Unsworth (2016, p. 95) explores how big data and our ability to parse and mine large datasets for meaningful information change the social contract, concluding that ‘the contract must be re-evaluated to respect and limit the potential power imbedded in such discovery’. Chesterman (2011, p. 247) argues that the threats posed by terrorism combined with the opportunities offered by technological innovation have created a new social contract. Chesterman (2011, p. 247) further argues that the public’s willingness to compromise its privacy has changed ‘the context within which decisions on national security matters are made’. Unsworth (2016, p. 84) explains the role of a social contract, and the possibility it may need to evolve, in a big data era: In today’s world of ubiquitous technology and big data, trust is a necessary and foundational principle for the protection of personal information. Since we cannot be exactly sure how (or by whom) the data traces we leave behind may be used, it is especially important that we can trust that the process by which the policies are designed is transparent. Whether data is being used for our consumerist benefit or for national security it is important that we can trust the intentions of the user. A new type of social contract need not be based on the assumption that data collection and its consequent use by the government and commer­ cial entities leads to unwarranted laying lives bare. Rather, we need to consider how values such as trust, privacy, and justice can (re)inform the social contract in order to support these principles. Participants in this research expressed the view that the reduction of indivi­ dual privacy in society caused by big data negatively impacts the social con­ tract between Australians and the AIC agencies. Other participants indicated that the social contract is currently in a state of flux, and that big data is

160 Trust, Transparency and Legitimacy impacting community expectations of trust in institutions, but they were still unsure what this means for their agency. Participants expressed the view that this change is causing a degree of anxiety about what it could mean for the AIC agencies. In many ways, the participant responses in this research were focused on understanding and developing trust in response to big data. One participant noted: The more data that is available, the more governments will be able to respond to threats, no matter where they originate from. However, as more data is available to government, it will be critical that the public feel that they can trust the government with their data. (SDM) The notion this participant mentions – citizens trusting government with their data – was a theme throughout this research. Participants expressed the view that big data impacts trust in the entire system of government as it is reliant on trust in the way data is collected and used across all government agencies. Furthermore, participants suggested that trust in data should be transferrable to larger datasets – irrespective of who collected the data. Some participants suggested this is a different paradigm of national security trust, such as this comment: We have to be very careful about the context or reason why the data exists in the first place, so that we don’t use the data incorrectly as you are then starting to build in biases that augment decisions built in with biases you didn’t even realise were there … That also means to me the social contract is changing around just because data is available doesn’t mean we should have access to it. It is sort of changing some of the processes around how we make decisions and when decisions are made if we should actually have access to the data. It means that often … the traditional police investigation … someone did something or they think someone will do something and it is normally led by the investigator; however now with big data the data itself is raising questions, it is actu­ ally a completely different paradigm in the way that an investigation operates. I think there is a retraining and rethinking about who is involved, what decisions are being made, how are the authorisations happening and that is just because data is available doesn’t mean we should have it. (TECH) A number of participants suggested that, as a result of the big data land­ scape, expectations of service delivery have increased generally in society, as well as in government and that this has implications for the national security community. This raises tensions about data collection and expectations around provision of government services. Participants expressed the view that

Trust, Transparency and Legitimacy 161 aspects of these expectations are inconsistent with what they saw as their current social contract: So, in terms of the social contract, people want improved services from government overall. The only way to get internet-style services from government is for the government to have internet-style capabilities, which includes massive data repositories. I think people will have to work through that … they don’t seem to want government to have that kind of data. (SDM) Many participants raised the different relationships that individual agencies have with the people of Australia. Participants indicated that they believe the purpose of individual NIC agencies needs to be clearly articulated and understood by the Australian people as it impacts what they perceive as their social contract and how they understand trust. Participants expressed views about their own agency’s social contract as well as perceptions of those of other agencies. Participants indicated that different agency structures affect how people within an agency view trust. For example, a number of partici­ pants suggested that legitimacy and trust mean different things, conceptually and in practice, for statutory authorities and departments. In particular, a number of participants indicated a distinction between the original AIC agencies and those added to form the NIC. One participant described this: To be perfectly honest, trust is the other that worries me about the expansion to the NIC. When you expand the AIC to the NIC you are then including all these agencies for whom intelligence is not a primary role and who don’t have the same approach to rigour and review and this is a community cultural challenge … At the core of the NIC you have a group of agencies who for fifty, sixty, seventy years have worked with an incredibly strong social contract with the Australian people in terms of how they go about their business. You know, you throw the AFP into the mix – they aren’t an intelligence agency. Home Affairs as far as I can tell have no social contract at all and no sense of proportion and these are really important questions … We have a real choice to make about what kind of society do we want to be and what is the proper role of an intelligence agency in that society. (SDM) A number of participants expressed similar notions to the view above that big data exacerbates trust issues and tensions between the agencies within the NIC and AIC. Even within the AIC agencies, participants viewed trust and the social contact differently. This was particularly pronounced between agencies with a foreign collection mission and those without. Agencies with a foreign collection focus (ASD, ASIS and AGO), operating under the

162 Trust, Transparency and Legitimacy Intelligence Services Act 2001, have clear prohibitions on intelligence collec­ tion on Australian nationals (a small number of exceptions by ministerial authorisation exist) and within Australia. This was explored in more detail in Chapter 5. Participants from these agencies had less propensity to engage with the notion of domestic legitimacy as their activities are almost exclu­ sively offshore and focused on foreign nationals. Participants from Australia’s foreign intelligence agencies talked about trust in terms of upholding intelli­ gence collection that respects the privacy of Australians and is focused offshore or on foreign nationals: Clearly, we have to calibrate our responses very carefully with Australian national security in the work that we do … But to be honest, anyone of any other [non-Australian] nationality, the Intelligence Services Act gives us carte blanche to undertake in the national interest foreign espionage. Now, having said that, it is incumbent on us and it’s something that has got to be very well thought through and managed because it is inherently a risky business. There is reputational risk for the nation for us if we are not very, very careful in how we go about our work … That is, that if we are not careful or we overstep the mark or we don’t manage the rela­ tionship very carefully it can backfire in a very adverse way given the seniority or the type of person we are dealing with. (SDM) Participants from agencies with a strategic assessment focus (ONI and DIO) were slightly less likely to be engaged in discussions about social contract as they neither directly collect intelligence, nor did they at the time have publicfacing components of their organisation. ONI is expected to develop more public-facing engagement due to its expanded leadership role. Participants from both agencies expressed the view that they accessed intelligence on the expectation that it had been collected lawfully and handled with propriety. From a strategic perspective, participants from these agencies discussed trust in democratic functions and institutions very broadly and the longer-term impacts for the community should trust decline. Understanding Trust in the ‘Plus Four’ NIC Agencies Many participants saw that the four agencies added to the AIC from the NIC had a different relationship with the people of Australia, as mentioned above. Sometimes these agencies were referred to in this research as the ‘plus four’. Most participants indicated that there are differences in the way the NIC and the AIC understand trust and how it is impacted by big data. The ‘plus four’ were seen by participants as different kinds of agencies from the AIC and seen to develop trust differently. As one participant quoted above in the social contract section highlighted, the AFP is not primarily an intelli­ gence agency, and neither is the Department of Home Affairs – or

Trust, Transparency and Legitimacy 163 AUSTRAC. Another participant stated: ‘the Federal Police’s core business is policing. They have an intelligence division. So does immigration and border force but their primary function is not intelligence … The other agencies [AIC] that’s all they do’ (ISME). Many participants expressed the view that these agencies have a different social contract to the AIC as they are not primarily intelligence agencies. This was not explored further specifically in relation to the Department of Home Affairs or ACIC. Some participants suggested the AIC’s social contract has been weakened by the expansion to the NIC, while others suggested that the AFP particularly has a stronger social contract. Participants from Australia’s financial intelligence agency (AUSTRAC) were vocal about the need to understand trust in the context of delivering public value, largely due to its regulatory and enforcement functions and relationships with large financial entities. Many participants, from several agencies, highlighted the specific relation­ ship law enforcement have with the community – and that this is distinct from the kinds of relationships intelligence agencies have. Participants from a range of agencies suggested that of the ‘plus four’ agencies, the AFP has the most significant trust relationship with the Australian public, and they dif­ ferentiated the specific relationship police have with the public from the relationship their [intelligence] agency has with the public. Many participants raised the policing relationship in the context of what is known as the Peelian principles: nine principles ostensibly developed by Sir Robert Peel, often considered the father of modern policing. Whilst the Pee­ lian principles relate to more than legitimacy (Sheptycki 2009) and have been the subject of considerable debate within the policing literature1 (Treverton et al. 2011, p. 25; Lentz & Chaires 2007; Loader 2014; Bennett Moses & de Koker 2017; Sheptycki 2009), respondents in this study adopted the term to refer to notions of trust, legitimacy and consent in relation to policing. Sheptycki (2009, p. 173) outlines that the basis for the Peelian principles is that the police officer is simply a citizen in uniform and emphasises the ‘strategy of minimal force, the social service role of police, crime prevention, the rule of law, efficiency and the effective bureaucratic control of operations, legitimacy and democratic accountability’. Notwithstanding these debates, the Peelian principles continue to be important in that they are often used in modern criminal justice education (Lentz & Chaires 2007) and continue to be taught in policing academies around the world. According to Schafer (2013), the Peelian principles intend to link public trust with achievement of law enforcement goals. One SDM summarised their understanding of the Peelian principles, a view consistent with that of many participants: Policing has its tenants and its philosophical principles underpinning it and they are often referred to as the Peelian principles. They resonate for me and I think they’d resonate with anyone who reads them, particularly in communities like ours as they should. You police by consent. The

164 Trust, Transparency and Legitimacy public to the police and the police to the public, in that you police the public with their consent. (SDM) Schafer (2013, p. 132) expounds on the Peelian ideals frequently incorporated into the idea of ‘policing by consent’, explaining that the capacity of the police to achieve their outcomes is dependent upon the cooperation, trust and approval of the citizens they serve. One SDM noted that ‘police derive their legitimacy from the public’, while another SDM mused: ‘what is gov­ ernment and the public expectation of the police with respect to the protection of privacy?’ before emphasising the significance of trust: ‘If we breach the trust of the people we are out of work.’ One participant clarified why they saw police as having a specific trust relationship: Police agencies rely on public trust and they all work hard from com­ munity policing upwards and the intelligence side of it for most police agencies is a fraction of their budget, maybe 10 per cent of their budget is on that intel side, the bulk of it is community facing. That brings a particular ethos. Police are trusted, firefighters are trusted, ambulance officers are trusted, because of that interaction with the community. (TECH) This comment shows that some participants consider the AFP as having a strong, but also different social contract to the AIC agencies. However, another participant explained the possible disruptive impact big data could have on the AFP’s social contract. This participant commented that they foresaw a transformation in the way investigations proceed, if big data and analytics are used to help formulate decisions usually made using human judgement and discretion: The Peelian principles basically says that the police is ‘by the community for the community’ … ultimately we should not be making significant decisions using this sort of technology [big data analytics] … That is totally changing the way that the Peelian principles have been employed since 1880 I think or 1900. So that is a fundamental shift in the statutory authority of a constable of the police. If we are having a machine make that decision or even a machine recommending a decision as to what is the appropriate charge, you know, what is the appropriate investigation strategy that is a total change of the whole principles of policing. (SDM) Whilst the Peelian principles were frequently discussed in the context of policing, no participants distinguished between the (clearly different) role of police officers and policing intelligence. There is a crossover between certain AIC and NIC functions. Despite their different roles, participants from

Trust, Transparency and Legitimacy 165 agencies with a direct domestic security responsibility (AFP and ASIO) were most vocal about the requirement for legitimacy and building trust with the Australian people and Australian businesses. They believed that, for their agency, maintaining trust is primarily connected to actively preventing harm. As highlighted elsewhere in the book, participants from these agencies also saw the potential for large-scale, mass intelligence collection to be detrimental to public trust.

Developing Trust The development of trust is perceived to be impacted by the big data landscape. This section examines participants’ views on how trust in intelligence agencies and activities develops, what is important in that process and the impact of big data. Participants indicated that, while trust is a nebulous term and difficult to measure, there are essential components to developing trust for the intelligence community. Emerging from the data were themes seen by participants as critical in developing and maintaining trust in intelligence agencies in a big data era. First, big data is already transforming the role of public awareness and public engagement in the NIC – seen by participants as an entirely new function for the intelligence community. Second, participants discussed the role of transpar­ ency in developing trust and how this could be affected by big data. Finally, organisational purpose – and ensuring intelligence activities align with a clearly articulated purpose – was described by participants as a critical mechanism for developing trust. These themes were not always clearly delineated and were often expressed as interwoven and interlinked. Public Awareness and Public Engagement National security leaders and practitioners perceive a need to raise public awareness of the impacts of the big data landscape on national security and to do so in a way that builds trust with Australians. Participants articulated that in a big data environment – where more information is available to everyone – agencies have an increased responsibility to develop trust through public awareness of the impacts of technologies on national security and public engagement. This study shows for the first time that participants, who are intelligence community leaders and practitioners in Australia, believe public engagement is a valuable component of trust building with the Australian people and that big data is changing this. The big data landscape has created the perception within intelligence agencies that raising public awareness and building a public profile – albeit a limited one – is required in addition to government-led activities and that public engagement is valuable. Many participants indicated that building trust is contextual. In the context of national security, most participants suggested that the process of developing trust in intelligence agencies from both government and the Australian people

166 Trust, Transparency and Legitimacy varies based on the environment. Many participants asked rhetorical questions about the boundaries of legitimacy, including an increasing role for public engagement, along the lines of this question from an ISME: ‘do we want gov­ ernments in liberal democracies to have access to everything?’ For most partici­ pants, the philosophical questions about who and what an intelligence agency is and does in the modern era should be answered by the Australian people and government. Unsworth (2016, p. 86) argues that ‘traditionally, the social contract implied an agreement between individuals and government. This definition is complicated by the increasing interplay between commercial interests and government.’ As one SDM noted: Wherever you have a lot of information – the more information an organisation has accessible to it, the greater the responsibility in how that information is securely kept and the process whereby you access that information and the purpose for which it is utilised. (SDM) There were nuanced differences between participants on whether under­ standing, assessing and improving the social contract is the role of the intel­ ligence agencies (public service) or government (elected officials). As one stated, ‘In a democracy, this [deciding the appropriate access and use of data by intelligence agencies] is a role for the government of the day’ (ISME). This raises the question of whether the government should play an intermediary role in the social contract between intelligence agencies and the public and if so, what could that role look like? Many participants explored what access to data means practically for intelligence agencies and its impact on developing trust, especially the shift from ‘owning’, or being the primary collector of data to ‘accessing’ data, as the comment from this ODM highlights: It’s really hard to balance against the desire as an investigator or opera­ tional officer, the great desire, to hoover everything in [as much data as possible] and just have it all at our fingertips. However, the more experi­ ence you have and the more senior you get you realise that has problems for our authorising environment, the extent to which we are trusted and how we position ourselves in the world and indeed the Australian community, and that becomes less attractive. (ODM) Many participants proposed that intelligence secrecy has hindered public awareness of what they saw as the real activities of intelligence agencies. One participant explained: The problem is that the public doesn’t understand this space. Post Snowden, it was really intriguing, you know, we were spying on

Trust, Transparency and Legitimacy 167 everybody and Des Ball used to say ASD was monitoring every phone call … Could you imagine how boring that would be? ‘I am on the way home dear; do you want me to pick up takeaway and some toilet rolls? OK, cool.’ Why on earth would you do that? The way that technology works now [referring to big data], there has got to be a conversation with government and subsequently the public. (ISME) However, a few participants argued public awareness is hindered by a lack of public interest in aspects of national security and how the NIC use big data in the community, reflected in this comment: I can guarantee you the people that live in the western suburbs of Sydney – and that’s a lot of my family – wouldn’t care [about national security, or big data]. My view is a classic Canberra bubble, to use that term, where 30km around Parliament House care but everyone outside of that … I just don’t think there is a burning want for information. (SDM). Almost all participants expressed the view that big data is changing how people view security and trust in government more broadly. One participant noted that as government data holdings increased: [The] balance will have to be found between security and safety. Hopefully people don’t err on the side of perfect safety because then we are living in a police state – thankfully we are nowhere near that. We operate under very robust checks and balances. (SDM) Participants argued that public engagement is critical to building and main­ taining trust in the national security apparatus. Public engagement is a gen­ eral term for a broad range of methods through which members of the public become more informed about and/or influence public decisions (Institute for Local Government 2012). In this context, it includes one-directional and two-directional communications as well as communication through inter­ mediaries such as media. Within the NIC, one agency – IGIS – has a man­ dated public engagement function, on behalf of the NIC (IGIS n.d.), although others, such as ASIO and AFP, have community liaison functions. There was a strong sense from participants that a public discussion about the use of big data by the government (broadly, including intelligence agencies) in terms of access, storage and sharing, is necessary. Participants indicated that the big data landscape is causing a significant shift – requiring specific public engagement with Australians. As one parti­ cipant reflected: ‘I think there needs to be a public discussion in Australia, a conversation with the Australian population about how they want to be

168 Trust, Transparency and Legitimacy treated and how they expect others to be treated in relation to data’ (SDM). Based on this research, two primary mechanisms for public engagement emerged: government and policy led public engagement and intelligence agency led increased public awareness of agency activities. The participant above went on to describe government-led discussions: If you are in a democratic state that conversation is being held all the time, not very effectively, but it is a basis for that conversation to be brought out. It is much harder to have that in a state where there isn’t open conversation and there’s a real threat of this in the future if they can’t manage that conversation about ethics and morals with their populations because the people will have a much bigger vote – especially with this data. Or being manipulated by this data. So, I think there is going to have to be a bigger conversation and I think it’s already started, even with something like My Health. Not that I have in any way views that matter but it’s part of the problem because look how many people went to opt out of it because they are scared of having their data aggre­ gated into a system and that’s part of the problem. There needs to be a discussion about what are the benefits to that; what are the risks and problems. (SDM) Almost all participants commented that public awareness and engagement of this kind was new for the NIC and particularly for the AIC agencies. Many commented that this research was the first of its kind across the community, especially involving recorded interviews. One participant highlighted reti­ cence about public engagement: ‘You’ve got a culture here that has an immunological response to being public!’ (SDM). Another explained: ‘it is an uncomfortable place for us – you know, ten to fifteen years ago you would never have seen the DG [Director-General] of ASIO in the news’ (SDM). Another participant explained what they saw as increasing agency led public awareness raising as well as government-led engagement, which several participants described as a public debate or discussion: It [trust] is something that we look at. Is it [the intelligence activity] foreseeable, is it explainable, is it something people understand? Talking to the Australian people is something you can already see agencies doing much more in this space. I don’t know that big data is fundamentally going to change trust but that you need to have that public debate now to make sure it won’t. (SDM) Almost all participants described intelligence agencies’ public engagement as a one-directional process, that is, coming from intelligence agencies, more akin to public awareness. Whilst public lectures and speeches may increase

Trust, Transparency and Legitimacy 169 an agency’s public profile, it is yet to be seen if this extends to two-directional interactions. When asked about how the NIC formally comes to understand the views of the public, some participants responded that they saw this role as an IGIS function. Other participants indicated it could be a component of the intelligence community leadership role of ONI, while others indicated this is solely an elected government’s responsibility through policy. Many participants expressed a desire to better understand community views and expectations of government and intelligence agency data collection and use, however that was achieved. Participants did not express views on how they saw IGIS or ONI would be able to achieve this. The exceptions were parti­ cipants from AFP, and to a lesser extent ASIO, who saw a growing role for their agencies and members in public engagement, largely due to their existing community liaison functions. Public commentators note that the AIC agencies are increasing their public profile (Edwards 2020; Hammond-Errey 2021). Many participants referenced recent examples of intelligence agencies increasing their public profile and commentary. In the 12 to 24 months preceding this study, some of the AIC agencies featured unprecedented levels of public engagement. The Australian Signals Directorate joined Twitter in 2018, and in August 2020, ASIO followed suit. Since 2019, the Director-General of Security, Mike Burgess, has made more public statements than in all previous years com­ bined, including the inaugural Annual Threat Assessment in February 2020, March 2021, February 2022 and February 2023 and the IPAA podcast in June 2020 (ASIO 2023a). In 2019, an ASD employee was interviewed about their work on ABC Radio National (Radio National Breakfast 2019). In November 2020, ASIO launched its first-ever public information campaign: Think before you link (ASIO 2023b). In December 2019, Australian Secret Intelligence Service Director-General Paul Symon gave his first-ever public interview to the Australia in the World (2019) podcast, and in October 2020 he did a series of video interviews with the Australian Strategic Policy Institute (Dobell 2020). In the context of trust, a number of participants raised the lack of experience and expertise intelligence agencies have with public awareness: I think that we are not very good at educating the public about what we can and can’t do and is this, this whole, you know, intelligence community is always keep everything secret including us. I think if there’s this air of mystique then it creates two things. One, an unreal expectation of what we can do. But two, the whole idea that we’re out to get them. (SDM) All participants expressed a desire for the Australian people to better understand their organisation’s role, purpose, mission and integrity. Almost all participants expressed the view that increased engagement is a critical

170 Trust, Transparency and Legitimacy component of legitimacy and public trust and indicated they saw their mis­ sion as clear but it needed to be more heavily communicated. There was one contrasting view that public engagement is unnecessary and that the general public are not interested in the detail of NIC capabilities or access to data – a diametrically opposed position from those presented earlier. This participant argued that: The notion of public engagement, it doesn’t make sense to me. Not in the context of trying to keep secrets, because we have inspector generals that rightfully have access to everything and report to Parliament. But public engagement? I don’t understand that. I can bet you the Depart­ ment of Defence doesn’t do this, to get public support for advanced weapons systems that kill people. It just doesn’t do that. It just doesn’t work like that. We are making capability decisions on behalf of the people of this country in the context of a democracy that has allowed the government to make decisions. (SDM) Whilst almost all participants indicated transparency is desirable, one argued that increasing communication does not necessarily equate to increased infor­ mation, understanding or trust: ‘You can be more public by giving speeches, you can be more public by having a Twitter account but, beyond that, you are not going to be saying much’ (SDM). This participant went on to say: I would suggest that that opening up will hit a hard wall at some point. ASIO is different from others in the intelligence community in that they have to talk to members of the public. They rely on the community in that context. Certainly, historically, other agencies are secretive. It is the Australian Secret Intelligence Service. That’s the first point. The second point is that the comparisons are often made to NSA, GCHQ, CIA and, while I understand and accept that, I think the context is different. The CIA is in the movies every three minutes. GCHQ have a context in the history of Bletchley Park, Alan Turing, and it’s different. If you go to most people in the UK what is GCHQ, and they will tell you. You go to Australians and ask what is ASD? They won’t know. (SDM) The desire expressed by many participants to be better understood by the public appears to be an antidote to this participant’s perspective, as does the aforementioned activities raising agency profiles. Another participant high­ lighted the requirement to engage with other stakeholders such as industry more, a common theme in this study: You don’t want to be out there [engaging] all the time and we have to balance that as you don’t want to be used as a political mouthpiece and

Trust, Transparency and Legitimacy 171 that’s a difficult balancing act … Although that is changing. I think it is shifting and we are engaging with industry more. However, we never want to be front and centre, it’s not appropriate for a security service, for obvious reasons but we need to retain and constantly earn the trust of the public. (SDM) A few participants expressed the view that the government has lost trust. Within the context of a discussion about the challenges of big data and national security, one technologist stated: The general community has lost trust not just in the public sector but also in the bigger companies. I think you are going to have a very hard fight to pass any kind of legislation that allows us to do more than what we are currently doing. (TECH) One SDM unpacked what they meant by a loss of trust: How do we unbreak government? Undisrupt government – we are a disrupted enterprise; we have lost trust. The business we are doing and the way we are currently doing it are failing. So, overlay that then with our use of technologies and you can see why we are jaundiced. Yes, we do match data. We do it to protect you. We are not doing it to find your sexual orientation or religion. Show people what you are searching for. What you don’t care about – Google cares a lot more about sexuality than I do. I am not motivated by money. I am motivated by the mission. Publish what your mission is, say to people what you are trying to find and why you’re doing it, what the rule sets are for how you try to protect and give people an ability to notify you if they believe the effect is wrong. Follow them up. (SDM) The big data landscape has impacted the way participants in intelligence agencies see developing trust and many now acknowledge the need for a public profile and suggest that public engagement is valuable. Public engagement was seen by most, but not all, participants as a component of building trust with the Australian people. There were a number of partici­ pants who highlighted practical challenges or concerns, such as the histori­ cally secretive role of intelligence or their inability to be truly transparent, while other participants questioned whether public engagement is a good thing for the intelligence community. Participants suggested that acknowl­ edging the role of public awareness and public engagement in building trust is a new approach for Australian intelligence agencies.

172 Trust, Transparency and Legitimacy Transparency In the context of public accountability, ‘transparency is defined as the availability of information about an actor allowing other actors to monitor the workings or performance of this actor’ (Meijer 2014, p. 511). Robinson, Stoutenborough and Vedlitz (2017, p. 9) cite extensive evidence that suggests that when a government attempts to be more accessible, transparent and interactive, it tends to have a positive impact on public trust. Meijer (2014) argues that transparency can be realised passively (through freedom of information requests), proactively, and through forced access (such as leaking and whistleblowing); and all of these forms are argued to contribute to public accountability. In the national security environment, public transparency is traditionally low relative to other government agencies, as many of them are exempt from aspects of transparency regimes (Bennett Moses & de Koker 2017). This varies extensively in different jurisdictions. Although some argue that opacity remains an obstacle to effective public accountability, transparency and trust: ‘openness and democratic transparency are, however, challenging and per­ haps problematic ideals in the domain of intelligence, since intelligence agencies need, for good reasons, to keep many of their activities secret’ (Diderichsen & Vrist Rønn 2016, p. 480). One ODM explained this in relation to intelligence agencies: I think from an intelligence perspective, and in particular an ASIO per­ spective, we don’t have the same degree of transparency that other parts of the bureaucracy do. So, people can’t say can you explain this parti­ cular decision and expect to get the intelligence that sits behind it. That’s where intelligence agencies are a little bit different to other government departments. So, you can appeal to the tax office to have your data reviewed and you’ll probably get most of the data because none of it is collected in the way that ASIO collects intelligence. But for ASIO, we are not subject to the same rules and indeed we shouldn’t be but, equally, it means that people can’t deliver the same level of assurance through their own review. So, where people are affected they have less right of reply. There is an ongoing tension between transparency on the one hand and the secrecy of intelligence activities on the other. Participants in this study indi­ cated that big data could exacerbate this tension if there is not an element of transparency about big data systems and analytics. Transparency in relation to government collection, analysis and action on data relating to ‘national security and law enforcement has historically been low’ (Bennett Moses & de Koker 2017, p. 538). Bennett Moses and de Koker (2017) found that in Australian and UK agencies, participants recognised the importance of transparency and awareness of national security and law enforcement data powers as a component of public trust in agencies and that the use of big data compounds concerns about the transparency of government powers.

Trust, Transparency and Legitimacy 173 There are varying levels of transparency within agencies within the NIC – plus four agencies, such as the AFP, have more transparency than traditional AIC agencies, such as ASIS. Participants from agencies with a domestic security focus were particularly concerned about the transparency of big data processes, analytics and decision supports, as this comment reflects: The use of big data has got to be ethical and it’s got to be transparent. The transparency around it is important. It’s got to be tested and tried. It’s got to be used in a way that is fair and reasonable to the defendants. (SDM) Unsworth (2014 p. 14, 2016) argues that, irrespective of whether we approach the issue of trust in relation to privacy, we do know that our daily activities leave a digital trace and can only trust that organisations and the government will use these bits of information in a way that ‘comports with our concep­ tions of trust’. Transparency is crucial in this case because, if we don’t know what or how data is being used, we can only rely on the words and actions of organisations and governmental agencies (Unsworth 2014, p. 14). A number of participants talked about developing trust in intelligence agencies in the context of government use of data, and broader regulation of data. Several participants asked questions along the lines of: what does it mean to trust in a big data era and how do we engender the public’s trust and belief in government integrity around data? The Telecommunications (Interception and Access) Act is a public document, and it says the government will authorise tapping your phone in six specific circumstances, all of which to do with major crime … The problem is of course that technology has evolved and it’s just not that simple anymore … So, part of the debate which has been there previously, and will come back I think, is how do you explain that social contract in a context where technology is so difficult to manage. (ISME) When this participant was talking about technology being difficult to manage, they were referring to digital connectivity having altered the tele­ communications infrastructure, such as obfuscating the origin and destina­ tion of communications. This participant was highlighting the challenge of increased transparency because the ways to intercept communications are changing due to changes in digital connectivity. Similarly, many participants raised inherent tensions between the kind of access to personal data needed to prevent harms occurring, and the much broader access to personal infor­ mation and changes in communications infrastructure stemming from digital connectivity and big data. When discussing the increasing public profile of intelligence agencies in Australia and public discussions of big data, this participant provided the perspective of the oversight body:

174 Trust, Transparency and Legitimacy The more public transparency and visibility of what the agencies do is better from our perspective, but that is a call for them to make and not for us as the oversight body. It is a challenge for us in keeping up with that. I can’t see it as a bad thing for people to understand what agencies do … I think it gives them more social licence and legitimacy. (SDM) Almost all participants articulated – including from Australia’s intelligence oversight body – that they saw a need to be more transparent as a direct result of data abundance. The view posited above reflects the perspective many participants expressed that increased transparency would increase trust and legitimacy. This is consistent with the literature on oversight, which shows the prevailing thinking in the national security literature is that strong oversight and accountability mechanisms of intelligence agencies are critical to effective democracy (Department of the Prime Minister and Cabinet 2017; Omand 2010; Walsh 2011). This oversight of intelligence services is a central tenet of the ‘state of trust’ between intelligence services and the community of which they are part (Omand 2010). Most participants organically raised intelligence oversight as key to trust and legitimacy but did not elaborate on how they saw this role evolving in specific terms. Participants indicated that they saw big data impacting intelligence over­ sight by adding complexity for the oversight body as well as increasing the need for discussion between intelligence agencies and the oversight body about big data technologies. However, this view was not universal, and some participants highlighted the potential lack of transparency in this approach. This is an area that would benefit from future research. Treverton (2009, p. 253) argues that it is ‘precisely because intelligence tools cannot be entirely transparent – lest the nation’s enemies adapt their operations to circumvent them – that the social contract requires some processes of secret oversight.’ Some participants in this study indicated that they perceived increased transparency is possible and that individual agencies should be more proactive about public engagement. Many participants expressed the view that there are significant oversight mechanisms in place to ensure propriety and that this is a form of transparency, directly linked to trust. Some also talked about the role of oversight offering public value and delivering public good in a democracy. How big data impacts intelligence oversight was largely focused on privacy and the broader impacts on intelligence remain largely unexplored and an important area for future research. Trust and Alignment with Agency Purpose and Values Organisational purpose and values were seen by participants as critical to developing trust, exacerbated in a big data era, and many saw that this has been further challenged by the expansion of the intelligence community from the AIC to the NIC. As the first section in this chapter showed, different

Trust, Transparency and Legitimacy 175 agencies understand trust differently. The perception of participants that different agencies use data and develop trust differently was particularly apparent between law enforcement and intelligence participants as well as between agencies that operate under foreign and domestic intelligence legis­ lative frameworks. This also suggests there is not yet common ‘whole of intelligence community’ alignment on purpose and values. Whereas much of the literature has a focus on national government and institutional trust broadly, participants raised and discussed trust from an intelligence community or individual agency perspective, occasionally draw­ ing contrasts with previous agency experience. A handful of SDM and ISME participants explained the significance of differentiating between foreign and domestic intelligence collection: The distinction between foreign and domestic [intelligence mission] does need to be made clear. The risk is that if you don’t make it clear that some agencies are foreign focused and some are domestic focused, those issues start to escalate in the context of big data. So, our starting posi­ tion is frameworks that make it very clear that some agencies are foreign focused and some are domestic focused. Now, if you accept that you can have a discussion around ethics and big data and what that means in two different spaces, or two different contexts. It is really important that there is public debate. It’s just that you have to ask the right question for the right conversation. By it all blending together it’s not very helpful. (SDM) Chapters 1 and 2 outlined some of the primary differences between foreign and domestic agencies – and their legislative frameworks – and Chapter 4 examined the impact of big data on intelligence activities. The comment above highlights a perception a number of participants expressed that there is a need to talk about ethics and big data in foreign and domestic contexts distinctly, as the jurisdictional issues alter the kind of trust building required. As outlined in Chapter 5, the privacy considerations in domestic and foreign intelligence activities are very different. Participants in this study indicated that there is a need for increased communication about specific data access in specific situations with clarity around organisational roles and functions, as shown by this participant: I think we’ve got a lot more licence if we explain the reason and the value [behind what we do] and I think that’s even a thing around privacy. If you came to me and explained that if you are prepared to share this kind of data for specific reasons, like preventing certain harms, and trust us, I think that’d be a very different proposition for a lot of people – even as a government. It might actually build trust. (SDM)

176 Trust, Transparency and Legitimacy Many participants talked about the role of values, mission and purpose in effective intelligence organisations and the need for this to be communicated with increased specificity in relation to big data. A number of participants described the need to align organisational values and the use of big data clearly, as one SDM articulated: I guess to circle it back [to a conversation about purpose], when people understand that better and there’s trust, trust is what you need to take people into the unknown, and that also is your social licence to operate. So, around big data we have got to be, I think, more willing to talk about what we’re doing with it, where we’re going with it, what we’re getting out of it, why there’s public good in it, how we care about it, why we realise how important being a custodian of it is, and they’re not messages that you see out there. (SDM) A theme emerging from this research is that participants saw one of the components of developing trust as more clearly communicating individual organisational roles in society. Specifically, many participants indicated that agencies need to communicate this as individual agencies rather than as a community. Participants from some agencies, primarily AFP, ASIO, ACIC and AUSTRAC, specifically raised developing trust around data use in terms of increasing public safety, reducing harms and helping Australians. One participant outlined a reason to publicly communicate their agency’s mission: ASIO is a really good example because I think that if they were doing things the way they do now back in the 70s, right, there would be mas­ sive public backlash against them. Because of what they were what their mission was in the 70s as opposed to what their mission is now. Because the public perception of ASIO its mission is terrorists and not domestic protesters and the public is accepting of the fact. It is my view the Australian public is not scared because they’re open about what they’re after. (ISME) One participant summarised the views of most participants, highlighting the significance of their organisational values of proportionality and appropriateness of agency activities in developing trust: We cannot do our work without having public and government trust, quite rightly, and so we have to continually earn that and have people assured that we are treating things proportionally and appropriately. We have got to be really careful because some people might be tempted to say hoover it all up, give us everything. But firstly, it’s not helpful and

Trust, Transparency and Legitimacy 177 secondly, what is it appropriate for a security service to have and not to have and how do we use it? (SDM) Participants indicated that having a clear mission or purpose is critical to building trust, something that does not appear to have been explored in the national security literature. This view was voiced by participants from the majority of the NIC agencies. There is no known research in Australia on trust in intelligence agencies, or national security, a valuable area for future understanding. Furthermore, this section shows that the process of develop­ ing trust is different between agencies, especially between those that operate under foreign and domestic intelligence legislative frameworks. Trust in the national security apparatus is seen as an area where big data is having and will continue to have significant change. First, big data necessi­ tates a greater public profile for intelligence agencies, requiring them to raise awareness of their role, and how they access and use data, as well as increased public engagement on big data and technology issues. Second, big data has the potential to decrease the already low levels of transparency of intelligence activities. Finally, developing trust in a world of big data requires a clearer articulation of agencies’ mission and purpose – especially in relation to intelligence access and use of data. Trust in the role and activities of the national security community is critical for their effective operation. As Omand (2010) notes, there needs to be public trust that the intelligence and security apparatus will only be used when necessary for public protection against major dangers. Trust cannot be measured precisely, though. Given the extremely limited literature on trust in intelligence agencies, this chapter offers insights into the way in which participants from NIC agencies perceive their relationships with the Australian people. It examines the way in which participants perceive big data changing their relationship with the public and the significance of maintaining trust, transparency and legitimacy. First, it showed how participants understand trust and what differ­ ent agencies see as constituting trust. Second, it revealed how participants perceive trust is built, highlighting the significance of public engagement, transparency and aligning data use with an agency’s values and purpose.

Note 1 Some academics refer to them as the ‘so called Peelian principles’ (Loader 2014; Bennett Moses & de Koker 2017) and examination of their origin shows that the list often attributed to Peel has been possibly derived from a variety of sources and evolved over time (Lentz & Chaires 2007).

178 Trust, Transparency and Legitimacy

References ASIO 2023a, ‘Speeches and statements’, Australian Security Intelligence Organisation, accessed 25 May 2023, https://www.asio.gov.au/resources/speeches-and-statements. ASIO 2023b, ‘Think before you link’, Australian Security Intelligence Organisation, accessed 25 May 2023, https://www.asio.gov.au/resources/TBYL. Australia in the World 2019, Audio podcast, Australian Institute of International Affairs, 24 July, accessed 25 May 2023, https://www.internationalaffairs.org.au/a ustralianoutlook/ep-24-director-general-asis-first-ever-interview/. Barbalet, J 2009, ‘A characterization of trust, and its consequences’, Theory and Society, vol. 38, no. 4, pp. 367–382. Beetham, D 2013, ‘Revisiting legitimacy, twenty years on’, in J Tankebe & A Liebling (eds), Legitimacy and criminal justice, Oxford University Press, Oxford, pp. 19–36. Bennett Moses, L & de Koker, L 2017, ‘Open secrets: balancing operational secrecy and transparency in the collection and use of data by national security and law enforcement agencies’, Melbourne University Law Review, vol. 41, no. 2, pp. 530– 570. Bottoms, A & Tankebe, J 2012, ‘Beyond Procedural Justice: A Dialogic Approach to Legitimacy in Criminal Justice’, The Journal of Criminal Law & Criminology, vol. 102, no. 1, pp. 119–170. Bouckaert, G & Van de Walle, S 2001, ‘Trust building networks – how the govern­ ment meets citizen in the post-bureaucratic era: citizen directed government through quality, satisfaction and trust in government’ [conference presentation], EGPA Annual Conference, Vaasa, Finland, 5–8 September. Chesterman, S 2011, One nation under surveillance: a new social contract to defend freedom without sacrificing liberty, Oxford University Press, New York. Department of the Prime Minister and Cabinet 2017, 2017 Independent Intelligence Review, Commonwealth of Australia, Canberra. Diamond, LJ 1990, ‘Three paradoxes of democracy’, Journal of Democracy, vol. 1, no. 3, pp. 48–60. Diderichsen, A & Vrist Rønn, K 2016, ‘Intelligence by consent: on the inadequacy of just war theory as a framework for intelligence ethics’, Intelligence and National Security, vol. 32, no. 4, pp. 479–493. Dobell, G 2020, ‘The ASIS Interviews’, Australian Strategic Policy Institute, 26 October, accessed 26 May 2023, https://www.aspi.org.au/report/asis-interviews. Edwards, P 2020, ‘Australia’s intelligence agencies send mixed signals on openness and transparency’, The Strategist, 12 November, accessed 2 December 2021, http s://www.aspistrategist.org.au/australias-intelligence-agencies-send-mixed-signals-on -openness-and-transparency/. Encyclopædia Britannica 2019, Social contract, Encyclopædia Britannica, accessed 2 December 2021, https://www.britannica.com/topic/social-contract. Fukuyama, F 1995, Trust: the social virtues and the creation of prosperity, Free Press, New York. Gough, JW 1978, The social contract: a critical study of its development, Greenwood Press, Westport, CT. Hammond-Errey, M 2021, ‘Securing the legal foundation for Australia’s intelligence agencies’, The Lowy Interpreter, 2 February, accessed 2 December 2021, https:// www.lowyinstitute.org/the-interpreter/securing-legal-foundation-australia-s-intellige nce-agencies.

Trust, Transparency and Legitimacy 179 Hillebrand, C & Hughes, RG 2017, ‘The Quest for a Theory of Intelligence’, in R Dover, H Dylan & MS Goodman (eds.), The Palgrave Handbook of Security, Risk and Intelligence, Palgrave Macmillan UK, London. IGIS (Inspector-General of Intelligence and Security) n.d., Public engagement, IGIS, accessed 23 May 2023, https://www.igis.gov.au/what-we-do/public-engagement. Institute for Local Government 2012, What is public engagement and why do it?, Institute for Local Government, Sacramento, CA. Intelligence Services Act 2001 (Cwlth) 2001, accessed 22 March 2022, https://www.ap h.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId =r1350. Irvine, D 2010, ‘Limits of sovereignty and constraints of multilateralism – implica­ tions for domestic security’ [address], National Security College Conference, Canberra, 27 May. Jackson, J 2018, Norms, normativity and the legitimacy of justice institutions: interna­ tional perspectives, London School of Economics and Political Science Law Department, London. Jackson, J & Gau, JM 2016, Carving up concepts? Differentiating between trust and legitimacy in public attitudes towards legal authority, Springer, New York. Lentz, SA & Chaires, RH 2007, ‘The invention of Peel’s principles: A study of policing “textbook” history’, Journal of Criminal Justice, vol. 35, no. 1, pp. 69–79. Levi, M & Stoker, L 2000, ‘Political trust and trustworthiness’, Annual Review Political Science, vol. 3, pp. 475–507. Loader, I 2014, ‘In search of civic policing: recasting the “Peelian” principles’, Criminal Law and Philosophy, vol. 10, no. 3, pp. 427–440. Lomas, DWB & Ward, S 2022, ‘Public Perceptions of UK Intelligence: Still in the Dark?’, The RUSI Journal, vol. 167, no. 2, pp. 10–22. Luhmann, N 2017, Trust and power, Polity Press, Cambridge. Meijer, A 2014, ‘Transparency’, in M Bovens, RE Goodin & T Schillemans (eds), The Oxford handbook of public accountability, Oxford University Press, Oxford, UK, pp. 507–524. Meško, G & Tankebe, J 2015, Trust and legitimacy in criminal justice: European perspectives, Springer International Publishing, Cham. Morgner, C 2018, ‘Trust and society: suggestions for further development of Niklas Luhmann’s theory of trust’, Canadian Review of Sociology, vol. 55, no. 2, pp. 232–256. OECD (Organisation for Economic Co-operation and Development) 2013, Trust in government, policy effectiveness and the governance agenda, OECD, Paris. Omand, D 2010, Securing the state, Columbia University Press, New York. Ping Li, P 2012, ‘When trust matters the most: the imperatives for contextualising trust research’, Journal of Trust Research, vol. 2, no. 2, pp. 101–106. Radio National Breakfast 2019, radio broadcast, Australian Broadcasting Corporation Radio National, 1 April, Interview with ASD employee Claire [Name changed]. Robinson, SE, Stoutenborough, JW & Vedlitz, A 2017, Understanding trust in gov­ ernment: environmental sustainability, fracking, and public opinion in American politics, Routledge, New York. Rousseau, DM, Sitkin, SB; Burt, RS & Camerer, C 1998, ‘Not so different after all: a crossdiscipline view of trust’, Academy of Management Review, vol. 23 no. 3, pp. 393–404. Schafer, JA 2013, ‘The role of trust and transparency in the pursuit of procedural and organisational justice’, Journal of Policing, Intelligence and Counter Terrorism, vol. 8, no. 2, pp. 131–143.

180 Trust, Transparency and Legitimacy Sheptycki, J 2009, ‘Policing, intelligence theory and the new human security para­ digm’, in P Gill, S Marrin & M Phythian (eds), Intelligence theory: key questions and debates, Routledge, New York, pp. 166–185. Slick, S, Busby, J & Oswal, A 2021, ‘Public Attitudes on US Intelligence 2020 Final Trump-Era Survey Confirms Broad Popular Support, Reveals Opportunities for Greater Transparency’, The Chicago Council of Foreign Affairs, May, accessed 20 May 2023, https://globalaffairs.org/research/public-opinion-survey/public-attitudes -us-intelligence-2020. Treverton, GF 2009, Intelligence for an age of terror, Cambridge University Press, Cambridge. Treverton, GF, Wollman, M, Wilke, E, & Lai, D 2011, Moving toward the future of policing, RAND Corporation, Santa Monica, CA. Tyler, TR 2006, ‘Psychological perspectives on legitimacy and legitimation’, Annual Review of Psychology, vol. 57, pp. 375–400. Unsworth, K 2014, ‘Questioning trust in the era of big (and small) data’, Bulletin of the Association for Information Science and Technology, vol. 41, pp. 12–14. Unsworth, K 2016, ‘The social contract and big data’, Journal of Information Ethics, vol. 25, pp. 83–97. Walsh, PF 2011, Intelligence and intelligence analysis, Routledge, London. Weatherford, MS 1992, ‘Measuring political legitimacy’, American Political Science Review, vol. 86, no. 1, pp. 149–166. Wraight, CD 2009, Rousseau’s ‘The social contract’: a reader’s guide, Continuum, London. YouGov 2021, ‘Trust in UK intelligence and security agencies’, The YouGov Study on Spying, 30 September, accessed 20 May 2023, https://yougov.co.uk/topics/politics/a rticles-reports/2021/09/30/part-four-trust-uk-intelligence-and-security-agenc.

Conclusion

The optimism of early advocates that big data would be a ‘new frontier’ (Manyika et al. 2011) and revolutionise society (Mayer-Schönberger & Cukier 2014) has in fact translated to transformation of aspects of the national security sector, although often not in the ways originally antici­ pated. National security has been disrupted by the technological phenom­ enon of big data. The book sets out how these transformations range from challenging the very raison d’être of intelligence (Hershkovitz 2019) to the daily practices of intelligence practitioners, to the way intelligence agencies work as a community and the relationships they have with society as a whole. Emerging technologies like big data evolve quickly. Over the course of this research, the impacts of big data in society have become better understood, starting from relatively nascent and speculative discussions to a broader and more concrete awareness of their current and potential applications. This research set out to explore the impacts of big data in intelligence and it achieved that aim, as participants in this study identified contemporary changes to intelligence as a result of big data, as well as highlighting potential change. However, it also found that the participants considered the implica­ tions of big data in society more broadly, not just in intelligence agencies; they saw the transformative potential of big data for society from a new perspective. The conclusion reflects on the key themes of this book and highlights some implications for scholars, practitioners, and policymakers. Big data has created three features relevant to national security: data abundance, digital connectivity and ubiquitous technology. Together these form a big data landscape, which is transforming intelligence agencies and their work and fuelling new and emerging technologies. Data abundance refers to the extensive digital footprint of individuals and societies, including our activities and our absences. Digital connectivity is our constant connec­ tion to digital devices and infrastructure. Ubiquitous technology is the pre­ valence of digital technology across all facets of life and industries, and its growing centrality in essential processes in society. Big data also creates an infrastructure that enables rapid future transformation, both of society and national security. This big data landscape is essential for many new and emerging technologies and is one of the building blocks of artificial DOI: 10.4324/9781003389651-9

182 Conclusion intelligence. It is also a useful lens through which to see new and emerging technologies and better understand their impacts on national security and society. The national security implications of complete (or near-complete) data coverage of human lives are largely underappreciated in policy and public commentary, as is what can be done with such aggregate data and the power it confers to those that have it. The book built on the literature showing that big data has centralised economic and information power in the hands of a small number of companies (Cohen 2017; Edward 2020; Moore 2016; van Dijck, Poell & de Waal 2018), capturing how the big data landscape has concentred data and computational capacity to produce new forms of geo­ political and economic power. According to participants in this study, the changing big data landscape has and will continue to alter national security by changing who has information and power to change and influence aspects of society. This adds to what some termed a technological ‘arms race’ among nation-states as well as between nation-states and companies (Scharre 2019; Taddeo & Floridi 2018; Whittaker 2021). The largest technology companies now have more knowledge about citizens, as well as data and compute capacity than some nation-states (Lehdonvirta 2023, Verdegem 2022), which translates into power over infrastructure essential for services (van Dijck, Poell & de Waal 2018), and democracies (Richmond 2019; Watts 2020), as well as economic and geopolitical power. The big data landscape challenges some longstanding and foundational principles and practices of intelligence in democracies. The practice of secrecy in intelligence is shifting as a result of the big data landscape (Ham­ mond-Errey 2023) and this research charts the way practitioners think about secrecy in intelligence and the increasing role of declassification. The role of secrecy in intelligence in a world of data abundance is changing. But this research also suggests that intelligence practitioners and leaders see big data as increasing the value of intelligence and at the same time increasing the complexity of assessing harms and threats and delivering intelligence to decision-makers. This has significant implications for the activities and prac­ tices of the intelligence community as well as national security policy makers. The foundational principle of distinguishing between foreign and domestic intelligence collection (Richardson 2020, p. 167) is challenged by the big data landscape. Specifically, it impedes the ability of agencies to distinguish between citizen and non-citizens – people and data – which has major implications for policy makers, given the domestic–foreign distinction has long been argued as essential for compliance, oversight and accountability mechanisms (Richardson 2020). Chapter 2 also argued that the big data landscape – and the convergence of emerging technologies – complicates the practice of intelligence and challenges the capacity of intelligence agencies to embrace innovation and adopt new technologies. It further demonstrated how the big data landscape challenges the fundamental principles of data storage and compartmentalisation which intelligence agencies rely on to

Conclusion 183 reduce security risks (Department of the Prime Minister and Cabinet 2017). Numerous large, unauthorised disclosures indicate this is a legitimate con­ cern (Savage 2016). The big data landscape has challenged the foundational principles and practices of intelligence security. The big data landscape has shifted aspects of national security decisionmaking to outside government, in the form of individuals and companies. This changes who is considered a national security actor and how the intel­ ligence community needs to engage with them. Chapter 2 also showed that the big data landscape challenges existing methods of assessing harms and threats in national security. According to participants in this research, the focus on physical and economic harm is disproportionate to the social threats enabled by the big data landscape and the national security commu­ nity is not equipped to make harms assessments without the additional information and capacity residing in the private sector. This means that the relationships between the public and private sector are evolving, requiring increased interaction and collaboration, which has practical dimensions for practitioners and policymakers – from learning to engage with new stakeholders to increased declassification. The big data landscape is creating new social harms which have national security dimensions and are exacerbating existing national security threats to which the intelligence community needs to respond. Chapter 3 detailed some of these changes. The infrastructure of the big data landscape is pre­ dominately owned by commercial entities and the rapid growth of data and analytical capabilities in the private sector changes the nature of privacy for individuals and creates the potential – if not the reality – for remote and invisible privacy intrusions, intelligence-like targeting and surveillance by new actors. According to participants, the growth of new data and analytics occurring in the private sector, combined with under-regulation around data collection and use, is changing who creates and can access data. This means that some of the most intrusive aspects of intelligence collection (digital sur­ veillance, profiling, influence, monitoring, tracking and targeting) are now available to a wider range of actors, such as large technology companies, app developers, marketing companies and anyone who can purchase or steal data. Big data systems enable pervasive and remote tracking, monitoring and analysis and make surveillance capabilities accessible to many more actors, and this requires a stronger policy response to protect Australians. According to participants in this research, this also creates the potential for adversaries to purchase or acquire data and access to undermine national interests and hinder states’ ability to achieve national security objectives, as well as to harm individuals. Chapter 3 argued that big data can be used to harm individuals and society in different ways, such as enabling the amplification and automation of disinformation and misinformation (Hammond-Errey 2019). The big data landscape has fundamentally altered disinformation, forms of social control like active measures (Rid 2020), and information influence and interference

184 Conclusion (Hammond-Errey 2019) – both as a component of information warfare, and influencing and interfering in political and civic discourse. Data-driven tar­ geting, also known as microtargeting, tries to reach categories or groups and subgroups of individuals at a granular level (including individuals), and this capability can be used or exploited in ways that are either not legal or argu­ ably unethical. Participants suggested that the big data landscape is already transforming the national security threats Australia faces, highlighting infor­ mation warfare and social and political interference in democracies. This is an area that requires urgent research and policy consideration. The big data landscape has profoundly shifted some aspects of intelligence production. Empirical research on intelligence activities outside the US and UK has to date been extremely limited (Hughes, Jackson & Scott 2008; Van Puyvelde 2018) and a holistic view of intelligence in Australia has long been called for (Walsh 2011). The book showed how big data is transforming intel­ ligence across three foundational components of intelligence communities and intelligence activities: intelligence as knowledge, as an activity and as an orga­ nisation (Kent 1966). The big data landscape has already significantly trans­ formed aspects of intelligence, especially in the areas of collection, analysis and communication, with participants also perceiving significant future change. Big data has altered – and continues to alter – the knowledge needed for intelli­ gence activities. According to the participants, big data has changed both the kinds of knowledge needed and gaps in knowledge for intelligence. Context is more complex in a big data world and also more significant. Participants sug­ gested that identifying the right intelligence questions is becoming more diffi­ cult and time consuming. Chapter 4 detailed how big data has changed the kinds of knowledge needed for intelligence, due to the abundance in data and information not previously available or recorded. As intelligence is about answering questions to provide decision-makers with the ability to act (Omand 2020; Vandepeer 2018), the nature of infor­ mation required will continue to change as the big data and information environment evolves. The book reveals how big data increases uncertainty in individual pieces of data or information and can increase uncertainty in overall intelligence assessments, which can impact on the ability of intelli­ gence agencies to provide forewarning to governments. Big data has changed certainty and uncertainty both in the underlying data as well as in some cases in intelligence assessments. This is due to the underlying low-quality assur­ ance and dispersed location of big data. Chapter 4 also argued that big data is changing the way that information is digested by decision-makers, due to a more competitive and crowded information environment for operational decision-makers and policy makers. This is significant, as national security decision-making can involve the restriction of liberties, surveillance, or use of lethal and non-lethal force, and more research is needed to understand how these consequential decisions are made and affected by big data. Big data is changing the activities of intelligence agencies, especially aspects of intelligence collection, analysis and communication. As

Conclusion 185 technologies evolve and become more reliable, and new applications emerge, participants indicated that other parts of the intelligence cycle will continue to change. Furthermore, automation will continue to be used in ways that change the role of intelligence analysts in the intelligence cycle. For example, likely replacing aspects of intelligence work, in some cases completely, and in others reducing the amount of time spent on data collection, processing and manual analysis. More research is needed to understand these changes over time. Big data is changing intelligence organisations and sparking new ways of sharing data, especially when combined with the impetus for working outside of classified spaces arising from the COVID-19 pandemic. In the NIC, big data has changed intelligence organisations by altering current and potential data sharing, the way agencies access technologies, and the role of intelligence analysts in the intelligence production process. Participants indi­ cated that these changes are transformational for the NIC and the national security environment. More research is needed to better understand these changes and how real and perceived obstacles can be addressed. Big data has altered global privacy norms. Chapter 5 of the book analysed the impacts of big data on privacy, particularly data privacy. Building on the well-documented changing norms of privacy in society (boyd & Crawford 2012; McDonald & Forte 2020; Nissenbaum 2010, 2018; Vimalachandran et al. 2020) and lagging regulation of big data (Aho & Duffield 2020; Bao, Chen & Obaidat 2018; Casanovas et al. 2017; Sloot & Groot 2018; Strang & Sun 2017; Véliz 2021), the book showed that big data impacts Australian privacy norms too. Big data has transformed the capacity for commercial entities to access an abundance of data including the capacity to identify data, link it with other data and use it quickly (Etzioni 2018; Zuboff 2019; Neef 2014). The book shows big data has done the same for intelligence agencies. However, the big data landscape has also created possibilities for privacy intrusion – both more remote from the individual and less visible, irrespective of the actor collecting and analysing the data. Participants indi­ cated that the vast number of data collectors, sellers and users has led to a complex and confusing privacy landscape globally and for Australians. Additionally, given people’s unique individual trajectories and data points forming a digital footprint, aggregation and identification – or reidentification – and thus privacy intrusion can occur now or in the future. Chapter 5 argued that the way big data impacts privacy – and how privacy is regulated – in society at large has potential implications for the intelligence community. More specifically, this research suggested that the specific impacts of big data on privacy are dependent on each intelligence agency’s role and legislative mandate, affecting some agencies more than others. Par­ ticipants revealed that the greatest impact of big data on privacy is the sig­ nificant distinction among the AIC collection agencies between whether the agency has a foreign or domestic mandate. This distinction is not as easy to make with the agencies added in under the NIC, as a number have a domestic and foreign mandate and they are not designated as conducting

186 Conclusion intelligence collection or assessment the way the AIC agencies are. Increased clarity between the sometimes very different intelligence functions of the NIC and AIC would help ensure intelligence functions – and standards – are consistent across agencies. Big data is changing how some agencies collect, store and analyse data, particularly if they have a legislated obligation to ascertain whether the individual or data is Australian. Big data brings into focus the moral dimensions of data (Floridi & Taddeo 2016, p. 3) and most participants argued that ethical principles are of increasing importance to society as well as in the intelligence community as a result of big data. Drawing on the existing literature establishing that intelli­ gence has ethical boundaries (Bar-Joseph 2010; Frisk & Johansson 2021; Herman 2004; Omand & Phythian 2018; Vrist Rønn 2016), the book shows that big data is changing where these ethical boundaries lie. Chapter 6 highlighted the increased significance of ethics and bias in the big data landscape – and what that means for both intelligence and society more broadly. The first section in this chapter shows that practitioners per­ ceive notable and complex ethical dimensions to the big data landscape and point to the need for clear ethical boundaries around understanding and using data and emerging technologies in intelligence. If applied to intelligence practices, the decisions around ethics that are being automated and applied at scale by private companies in social contexts would face considerable ethical dilemmas. Participants highlighted that emerging technologies are driving a need to ‘codify’ ethics and ethical decision-making in new ways and at scale. Thus, big data requires the consistent evolution of ethical intelli­ gence practices, especially to keep pace with technological capabilities. According to the participants, there are aspects of intelligence where big data and automation cannot be used in an ethical manner, and other situations where more testing and refinement is needed before such systems are intro­ duced. Participants emphasised the importance of articulating a clear pur­ pose in not just collection, but also intelligence analysis, and ensuring the ethical use of intelligence includes those decision-makers who act on and make decisions using that intelligence to avoid unethical use. The second section illuminated how decisions around ethics in society are being automated and applied in relation to big data on a large scale. It con­ siders how ‘ethics at scale’ – where the focus is on coding individual human decisions to then be analysed using algorithms – represent a considerable ethical dilemma if applied to intelligence activities. It provided insight into the ethics of algorithmic decision-making – which reflects the context and culture of the companies and countries that created them, and the data they were trained on – at the individual, organisation and nation-state level. The topic of ‘ethics at scale’ is an understudied area that could warrant further research. The third section examines the role of bias in intelligence ethics. It exam­ ines the kinds of data bias relevant to intelligence activities, including the difference between cognitive bias and data bias. The section also explores the

Conclusion 187 intelligence challenges and inherent limitations of working with incomplete data sets not designed for intelligence work. Finally, it considered the bias of intelligence collection itself – the result of a process of data collection that is by nature targeted, and therefore potentially incomplete or compromised by bias. Participants indicated that big data has added a layer of complexity to the consideration of bias and increased the need for additional ethical con­ siderations surrounding the collection and use of information, due to its abundance and potential implications. Whilst intelligence practitioners are used to considering cognitive bias as a part of their work, participants acknowledged the need for consideration of the inherent biases of big data. In an intelligence context, any discussion of ethics must consider bias – whether that be human bias or data bias – and this is even more so the case with big data. Participants argued that the changes associated with big data necessitate a greater embedding of existing understandings and practices of ethics in intelligence, rather than creating entirely new ones. However, additional resources will be needed to ensure these perspectives can be appropriately considered and can evolve with the technology. How intelligence practi­ tioners perceive their ethical behaviours and obligations, and the principles they see as important in guiding their behaviour, would benefit from future research. Big data has impacted trust, transparency and legitimacy. The book examined the way in which the interviewees perceive their relationships as intelligence officials with the public and how big data has and could impact on that relationship. Trust in the institutions of national security is not well understood. Emerging strongly from the data was a sense that trust is sig­ nificant to the role of national security agencies in Australia. Participants recognised that big data, and the information ecosystem it enables, is chan­ ging the relationships between intelligence agencies and the public. Chapter 7 argued that big data impacts trust in the entire system of government and public service agencies, as it is reliant on trust in the way data is collected and used across all government agencies, not just the national security sector. Many participants suggested that intelligence agencies would be included in public perceptions of how the government more broadly has managed big data and cited failures, such as the robodebt scandal, as potentially impact­ ing perceptions of intelligence. Participants highlighted potential distrust in intelligence agencies as a serious concern and possible future challenge. Many participants distinguished between trust in politicians, public service agencies, and defence or national security agencies. Participants discussed the way that trust impacts intelligence agencies. Very few participants had seen tangible changes at the time of the interviews. However, a small number of participants indicated that they felt government broadly had lost trust because of big data. The book argued that big data is changing public per­ ceptions of the intelligence community in relation to citizen trust, transpar­ ency and the legitimacy of intelligence agency operations. It examined how

188 Conclusion participants understand trust and the key concepts of trust, legitimacy and the social contract, which emerged from the interview data. How big data alters the intelligence oversight landscape is an area that would benefit from future research. This chapter showed that participants perceive that big data impacts the development of trust, with a need to align big data use with agency values and purpose, transparency and public engagement. Trust in the intelligence community was seen by participants is essential to their effective operations. As Omand (2010) notes, there needs to be public trust that the intelligence and security apparatus will only be used when necessary for public protection against major dangers. The book offers insights into the way in which participants from NIC agencies perceive their relation­ ships with the Australian people. It examined the way in which participants perceive big data as impacting their relationship with the public and the sig­ nificance of maintaining trust, transparency and legitimacy. The book outlined how participants understand trust and what constitutes trust for different agencies and argued that the development of trust is perceived by them to have been impacted by big data. Participants articulated that, in a big data envir­ onment, intelligence agencies need to actively develop trust with the Australian people. Many participants highlighted this as a relatively new requirement and talked about the big data landscape increasing the need for greater public engagement, largely from intelligence agencies with the Australian people. Participants indicated that missteps in the use of big data could decrease Australian citizens’ trust in the government and intelligence agencies. Acknowledging that trust is a nebulous term and difficult to measure, participants indicated that there are essential components to developing trust for the intelligence community. Emerging from the data were themes that participants saw as critical in developing and maintaining trust in intelligence agencies in a big data era. First, the participants believe that the big data landscape is already transforming the role of public awareness of and public engagement with the NIC – an entirely new function for the intelligence community. Second, participants discussed the role of transparency in devel­ oping trust and how this is being and could be affected by big data. For example, many interviewees saw that data abundance is directly increasing social transparency and expectations about the transparency of intelligence agencies. Finally, the participants described organisational purpose – and ensuring intelligence activities align with a clearly articulated purpose – as a critical mechanism for developing trust. The big data landscape is changing the way that national security agencies perceive trust relationships with citizens, a fundamental component of democracies. The research leveraged semi-structured interviews with 47 senior and operational decision-makers within the Australian NIC. This is the first known qualitative research to have been conducted within the AIC agencies, that names them and thus contributes the perspectives of these participants, who are significant national security actors. This study shows that access to this community can contribute to global knowledge in unique and

Conclusion 189 substantial ways. Whilst other countries have security cleared empirical research facilities, Australia does not and this is an opportunity to improve future research to support national security activities and priorities, but also to provide greater transparency of intelligence agencies to the Australian government and citizens. This book argued that big data has already impacted intelligence and national security and that future changes are imminent. There are practical as well as policy implications arising from these findings. Intelligence in all facets – as knowledge, as an activity and as organisation – will need to transform to enable the best use of big data and associated technologies. Many changes will occur as a part of normal digital transformation and business improvements, such as increased digital data sharing and the testing and use of big data analytics. Some areas of change, such as needing to increase interaction with the private sector to better assess national security threats, will occur at the agency and NIC level. Examples, such as ASD's Australian Cyber Security Centre (ACSC) show this work has begun, but more is to be done. Other aspects will require more deliberate policy and legislative reform, such as improving data-sharing provisions, society wide privacy regulation, increased cyber security and infrastructure legislation, broad technology policy and regulation of electronic surveillance – some of which is underway. Further, some aspects of these impacts on national security and changes in the digital ecosystem will require more significant consideration, such as how to respond to the changing power dynamics between nation-states and the private sector and how to address technology underpinned geopolitical power shifts. These require further research and considerable policy debate. Big data has and will continue to change the way that national security is considered and achieved and what society expects from governments and their national security apparatus. The big data landscape has, is and will continue to disrupt national security, transform intelligence and fuel emerging technologies.

References Aho, B & Duffield, R 2020, ‘Beyond surveillance capitalism: privacy, regulation and big data in Europe and China’, Economy and Society, vol. 49, no. 2, pp. 187–212. Bao, R, Chen, Z & Obaidat, MS 2018, ‘Challenges and techniques in big data security and privacy: a review’, Security and Privacy, vol. 1, no. 4. Bar-Joseph, U 2010, ‘The professional ethics of intelligence analysis’, International Journal of Intelligence and CounterIntelligence, vol. 24, no. 1, pp. 22–43. boyd, d & Crawford, K 2012, ‘Critical questions for big data’, Information, Communication & Society, vol. 15, no. 5, pp. 662–679. Casanovas, P, De Koker, L, Mendelson, D & Watts, D 2017, ‘Regulation of big data: perspectives on strategy, policy, law and privacy’, Health and Technology, vol. 7, no. 4, pp. 335–349.

190 Conclusion Cohen, JE 2017, ‘Surveillance vs. privacy: effects and implications’, in D Gray & SE Henderson (eds), The Cambridge handbook of surveillance law, Cambridge University Press, New York, pp. 455–469. Department of the Prime Minister and Cabinet 2017, 2017 Independent Intelligence Review, Commonwealth of Australia, Canberra. Edward, W 2020, ‘The Uberisation of work: the challenge of regulating platform capitalism. A commentary’, International Review of Applied Economics, vol. 34, no. 4, pp. 512–521. Etzioni, A 2018, ‘A privacy doctrine for the cyber age’, in B van der Sloot & A de Groot (eds), The handbook of privacy studies: an interdisciplinary introduction, Amsterdam University Press, Amsterdam, pp. 295–298. Floridi, L & Taddeo, M 2016, ‘What is data ethics?’, Philosophical Transactions: Mathematical, Physical and Engineering Sciences, vol. 374, no. 2083. Frisk, R & Johansson, L 2021, ‘From samurais to borgs: reflections on the impor­ tance of intelligence ethics’, International Journal of Intelligence and CounterIntelligence, vol. 34, no. 1, pp. 70–96. Hammond-Errey, M 2019, ‘Understanding and assessing information influence and foreign interference’, Journal of Information Warfare, vol. 18, pp. 1–22. Hammond-Errey, M 2023, Secrecy, sovereignty and sharing: How data and emerging technologies are transforming intelligence, United States Studies Centre at the University of Sydney, Sydney. Herman, M 2004, ‘Ethics and intelligence after September 2001’, Intelligence and National Security, vol. 19, no. 2, pp. 342–358. Hershkovitz, S 2019, ‘How tech is transforming the intelligence industry’, Tech Crunch, 10 August, https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch. com/2019/08/10/how-tech-is-transforming-the-intelligence-industry/amp/. Hughes, RG, Jackson, P & Scott, L (eds) 2008, Exploring intelligence archives: enquiries into the secret state, Routledge, London. Kent, S 1966, Strategic intelligence for American world policy, Princeton University Press, Princeton, NJ. Lehdonvirta, V 2023, ‘Behind AI, a massive infrastructure is changing geopolitics’, Oxford Internet Institute, 17 March, accessed 10 April 2023, https://www.oii.ox.ac. uk/news-events/news/behind-ai-a-massive-infrastructure-is-changing-geopolitics/. Manyika, J, Chui, M, Brown, B, Bughin, J, Dobbs, R, Roxburgh, C & Byers, AH 2011, Big data: the next frontier for innovation, competition, and productivity, McKinsey Global Institute, New York. Mayer-Schönberger, V & Cukier, K 2014, Big data: a revolution that will transform how we live, work, and think, Mariner Books, Houghton Mifflin Harcourt, Boston, MA. McDonald, N & Forte, A 2020, ‘The politics of privacy theories: moving from norms to vulnerabilities’ [conference presentation] Proceedings of the 2020 Conference on Human Factors in Computing Systems. Honolulu, HI, USA 25–30 April. Moore, M 2016, Tech giants and civic power, King’s College London Policy Institute, London. Neef, D 2014, Digital exhaust: what everyone should know about big data, digitization and digitally driven innovation, Dale Neef, Upper Saddle River, NJ. Nissenbaum, H 2010, Privacy in context: technology, policy, and the integrity of social life, Stanford Law Books, Stanford, CA. Nissenbaum, H 2018, ‘Respecting context to protect privacy: why meaning matters’, Science and Engineering Ethics, vol. 24, pp. 831–852.

Conclusion 191 Omand, D 2010, Securing the state, Columbia University Press, New York.

Omand, D 2020, ‘Reflections on intelligence analysts and policymakers’, International

Journal of Intelligence and CounterIntelligence, vol. 33, no. 3, pp. 471–482. Omand, D & Phythian, M 2018, Principled spying: the ethics of secret intelligence, Oxford University Press, Oxford. Richardson, D 2020, Comprehensive Review of the Legal Framework of the National Intelligence Community, Commonwealth of Australia, Canberra. Richmond, B 2019, A day in the life of data, Consumer Policy Research Centre, Melbourne. Rid, T 2020, Active measures: the secret history of disinformation and political warfare, Farrar, Straus and Giroux, New York. Savage, A 2016, Leaks, whistleblowing and the public interest the law of unauthorised disclosures, Edward Elgar Publishing, Northampton, MA. Scharre, P 2019, ‘Killer apps: the real dangers of an AI arms race’, Foreign Affairs, vol. 98, no. 3, pp. 135–144. Sloot, BVD & Groot, AD 2018, The handbook of privacy studies: an interdisciplinary introduction, Amsterdam University Press, Amsterdam. Strang, KD & Sun, Z 2017, ‘Big data paradigm: what is the status of privacy and security?’, Annals of Data Science, vol. 4, no. 1, pp. 1–17. Taddeo, M & Floridi, L 2018, ‘Regulate artificial intelligence to avert cyber arms race’, Nature, vol. 556. van Dijck, J, Poell, T & de Waal, M 2018, The platform society: public values in a connective world, Oxford University Press, New York. Van Puyvelde, D 2018, ‘Qualitative research interviews and the study of national security intelligence’, International Studies Perspectives, vol. 19, no. 4, pp. 375–391. Vandepeer, C 2018, ‘Intelligence and knowledge development: what are the questions intelligence analysts ask?’, Intelligence and National Security, vol. 33, no. 6, pp. 785–803. Véliz, C 2021, ‘Privacy and digital ethics after the pandemic’, Nature Electronics, vol. 4, no. 1, pp. 10–11. Verdegem, P 2022, ‘Dismantling AI capitalism: the commons as an alternative to the power concentration of Big Tech’, AI & Society, pp. 1–11. Vimalachandran, P, Liu, H, Lin, Y, Ji, K, Wang, H & Zhang, Y 2020, ‘Improving accessibility of the Australian My Health Records while preserving privacy and security of the system’, Health Information Science and Systems, vol. 8, no. 1, p. 31. Vrist Rønn, K 2016, ‘Intelligence ethics: a critical review and future perspectives’, Inter­ national Journal of Intelligence and CounterIntelligence, vol. 29, no. 4, pp. 760–784. Walsh, PF 2011, Intelligence and intelligence analysis, Routledge, London. Watts, T 2020, Democracy and the authoritarian challenge, Lowy Institute, Canberra, https://myaccount.lowyinstitute.org/events/2020-npc-tim-watts. Whittaker, M 2021, ‘The steep cost of capture’, Interactions, XXVIII, no. 6, pp. 50–56. Zuboff, S 2019, The age of surveillance capitalism: the fight for a human future at the new frontier of power, Profile Books, London.

Appendices

Appendix Table A: Australian NIC Agencies Agency

Role

Similar overseas agencies

Office of National Intelligence (ONI)

Coordinates Australia’s intelligence enterprise, which includes foreign intelligence activities. Produces all-source intelligence assessments on international political, strategic and economic developments for the Prime Minister, senior government members and department officials. ONI also collects and analyses open-source intelligence.

United States: Office of the Director of National Intelligence (ODNI) United Kingdom: National Security Secretariat (NSS)

Australian Security Intelligence Organisation (ASIO)

Australia’s security service. It collects and assesses intelligence on security threats to Australians and Australian interests at home and overseas. ASIO provides security assessments and protective security advice to the government.

United States: Federal Bureau of Investigation (FBI) United Kingdom: Security Service (MI5)

Australian Secret Intelligence Service (ASIS)

Obtains and distributes secret intelligence from human sources about the capabilities, intentions and activities of individuals or organisations outside Australia. ASIS also undertakes counterintelligence activities which protect Australia’s national security, foreign relations and national economic well-being.

United States: Central Intelligence Agency (CIA) United Kingdom: Secret Intelligence Service (SIS/MI6)

Australian Signals Directorate (ASD)

Defends Australia from global threats and advances national interests through foreign signals intelligence, cyber security and offensive cyber operations. This includes including supporting Australian Defence Force operations, law enforcement and criminal intelligence activity, and responding to serious cyber incidents against Australian networks.

United States: National Security Agency (NSA) United Kingdom: Government Communications Headquarters (GCHQ)

Appendices

193

Agency

Role

Similar overseas agencies

Australian Geospatial Intelligence Organisation (AGO)

Collects and analyses geospatial and imagery intelligence in support of Australia’s defence and national interests.

United States: the National Geospatial-Intelligence Agency (NGA) / National Reconnaissance Office (NRO) / National Imagery and Mapping Agency (NIMA)

Defence Intelligence Organisation (DIO)

The Department of Defence’s all-source intelligence assessment agency, DIO produces timely and independent intelligence assessments on countries and foreign organisations relevant to Australia’s security and strategic environment. This includes military capabilities, weapons systems, cyber threats and defence-related technologies.

United States: Defence Intelligence Agency (DIA) United Kingdom: Defence Intelligence (DI)

Australian Criminal Intelligence Commission* (ACIC)

Australia’s national criminal intelligence agency. Works with law enforcement partners – including state and territory, national and international partners – on investigations and collects intelligence to respond to crime impacting Australia.

United States: Federal Bureau of Investigation (FBI) United Kingdom: National Crime Agency (NCA)

Australian Federal Police* (AFP)

Australia’s national law enforcement organisation, with an investigative and operational focus on counter-terrorism; national and transnational crime; and national security. AFP’s intelligence functions aim to provide a single picture of the criminal threats relevant to AFP activities, enabling investigators to anticipate, prevent, disrupt and detect criminal activity.

United States: Federal Bureau of Investigation (FBI) United Kingdom: National Crime Agency (NCA)

Australian Transaction Reports and Analysis Centre* (AUSTRAC)

Australia’s financial intelligence agency with regulatory responsibility for anti-money laundering and counter-terrorism financing.

United States: Department of Treasury’s Office of Intelligence and Analysis United Kingdom: National Fraud Intelligence Bureau (NFIB)

Department of Home Affairs* (HA)

Brings together Australia’s federal law enforcement, national and transport security, criminal justice, emergency management, multicultural affairs and immigration, and border-related functions and agencies. Home Affairs’ intelligence functions support strategic and operational decision-making around resource allocation and countering border threats.

United States: Department of Homeland Security’s Office of Intelligence and Analysis / Department of Energy’s Office of Intelligence and Counterintelligence United Kingdom: Office for Security and CounterTerrorism (OSCT)

194 Appendices Agency

Role

Similar overseas agencies

InspectorGeneral of Intelligence and Security (IGIS)

Assists ministers in the oversight and review of the legality and propriety of the activities of the Australian intelligence agencies (especially ONI, ASIO, ASIS, ASD, AGO and DIO), and ensures their activities are consistent with human rights. The IGIS has extensive powers that can be used to obtain information and documents.

United States: Inspector General of the Intelligence Community (IC IG) United Kingdom: Investigatory Powers Commissioner (IPC)

* Not subject to the same legislative restrictions as AIC agencies.

Appendices Appendix Table B: Types of Intelligence Type of intelligence / discipline

Subcategories

Definitions

Australian agencies

Human intelligence is derived from human sources. HUMINT remains synonymous with espionage and clandestine activities; however, HUMINT collection can be performed by overt collectors such as military attaches (NASEM 2019, p. 26). Historically, HUMINT was the primary source of intelligence (NASEM 2019, p. 26).

ASIS, ASIO

SIGINT as an

umbrella term

Signals intelligence is derived from signal intercepts comprising all communications intelligence (COMINT), electronic intelligence (ELINT), and foreign instrumentation signals intelligence (FISINT) (NASEM 2019, p. 26). Signals intelligence can be derived from signals transmitting voice and internet-based communications, or the electromagnetic emissions from foreign radar and weapons systems (De 2013; Lowenthal 2012).

ASD

ELINT Electronic intelligence

A class of satellites produce signals intelligence (SIGINT) and electronic intelligence (ELINT) by monitoring radio and electronic signals (Dupont 2003, p. 17).

COMINT Communications intelligence

Signals intelligence comprising communications intelligence (NASEM 2019, p. 26).

FISINT Foreign instrumentation sig­ nals intelligence

Signals intelligence comprising foreign instrumentation signals intelligence (NASEM 2019, p. 26).

MASINT Measurement and signature intelligence

Measurement and signature intelligence is technically derived intelligence data other than SIGINT and IMINT. The data results in intelligence that locates, identifies or describes distinctive characteristics of targets. Its collection employs a broad group of disciplines, including nuclear, optical, radio frequency, acoustics, seismic and materials sciences. Examples might be the distinctive radar signatures of specific aircraft systems or the chemical composition of air and water samples (NASEM 2019, p. 26). A class of satellites is equipped with sensors that measure seismic, acoustic, chemical and biological signatures. Known as measurement and signature intelligence, or MASINT, these satellites and can detect evidence of chemical and biological warfare agents or clandestine nuclear tests (Dupont 2003, p. 17).

HUMINT Human intelligence

SIGINT Signals intelligence

195

196 Appendices Type of intelligence / discipline

Subcategories

Definitions

Australian agencies

GEOINT Geospatial intelligence

Geospatial intelligence is the product of the analysis and visual representation of security-related activities on the earth. It is produced through an integration of imagery, imagery intelligence and geospatial information (NASEM 2019, p. 26).

AGO

OSINT Open-source intelligence

Open-source intelligence is publicly available information appearing in print or electronic form, including radio; television; newspapers; journals; the internet; commercial databases; and videos, graphics and drawings (NASEM 2019, p. 26).

ONI OSC Many agencies undertake some form of OSINT to support their operations.

ACIC AFP State and territory police

CRIMINT Criminal intelligence

* Not a universally accepted discipline.

There is no commonly agreed definition of ‘criminal intelligence’, but an Australian parliamentary inquiry settled on information that is ‘collected about crime and criminals and evaluated, analysed and disseminated’ (Parliamentary Joint Committee on Law Enforcement 2013, p. 5). Its sources are many but include electronic intercepts, open-source data analysis, human sources and special coercive examinations. CRIMINT is distinct from evidence, but it contributes (or should contribute) to important law enforcement activities such as policy making, priority setting and investigation (Kowalick & Connery 2016). This includes information obtained by what the AFP and ACIC call covert human sources.

IMINT Imagery intelligence

* Not a universally accepted discipline.

Imagery intelligence includes representations of objects reproduced electronically or by optical means on film, electronic display devices or other media. Imagery can be derived from visual photography, radar sensors and electro-optics (NASEM 2019, p. 26).

FININT

* Not a universally accepted discipline.

Financial intelligence.

AUSTRAC

CYBINT

* Not a universally accepted discipline.

Cyber intelligence is the products and processes across the intelligence cycle of assessing the capabilities, intentions and activities – technical and otherwise – of potential adversaries and competitors in the cyber domain (Intelligence and National Security Alliance 2015).

ASD / ACSC

SOCMINT

* Not a universally accepted discipline.

Social media can be used by police and intelligence agencies to generate and use social media intelligence – ‘SOCMINT’ – in the interests of safety and security (Omand, Bartlett & Miller 2012).

Most agencies use some form of SOCMINT to support their operations.

Appendices Type of intelligence / discipline

Subcategories

Definitions

Australian agencies

ALL SOURCE

All source intelligence answers are produced by combining component parts of ‘all sources’ – or collection disciplines (Hamilton & Kreuzer 2018). This fusion process is usually undertaken in strategic intelligence agencies.

ONI DIO

ASSESSMENT

Assessment agencies are proscribed in Australia by legislation. Some form of analysis occurs during most intelligence functions. For example, collectors are often collated with analysts who perform processing and exploitation and pass the results to all-source analysts. For example, photo-interpreters can find evidence of missiles, underground nuclear facilities or mass graves in imagery that may appear as simply disturbed earth to the untrained eye (Intelligence and National Security Alliance 2015).

DIO ONI ASIO

197

References De, R 2013, ‘The NSA and accountability in an era of big data’, Journal of National Security Law & Policy, vol. 7, pp. 301–310. Dupont, A 2003, ‘Intelligence for the twenty-first century’, Intelligence and National Security, vol. 18, no. 4, pp. 15–39. Hamilton, SP & Kreuzer, MP 2018, ‘The big data imperative’, Air & Space Power Journal, Spring, pp. 4–20. Intelligence and National Security Alliance 2015, Cyber intelligence: preparing today’s talent for tomorrow’s threats, Intelligence and National Security Alliance, Arlington, VA. Kowalick, P & Connery, D 2016, Opportunities abound abroad: optimising our crim­ inal intelligence system overseas, Australian Strategic Policy Institute, Canberra, Australia. Lowenthal, MM 2012, Intelligence: from secrets to policy, 5th edn, Sage/CQ Press, Los Angeles, CA. NASEM (National Academies of Sciences, Engineering, and Medicine) 2019, A dec­ adal survey of the social and behavioral sciences: a research agenda for advancing intelligence Analysis, National Academies Press, Washington, DC. Omand, D, Bartlett, J & Miller, C 2012, ‘Introducing social media intelligence (SOCMINT)’, Intelligence & National Security, vol. 27, no. 6, pp. 801–823. Parliamentary Joint Committee on Law Enforcement 2013, Inquiry into the gathering and use of criminal intelligence, Commonwealth of Australia, Canberra, Australia.

Index

abundance of data see data abundance accountability 143–4, 158; for building trust 174; see also legitimacy active measures 72 aggregation effect 120 algorithms 141 analysts see intelligence analyst anonymised data see identification Artificial Intelligence (AI) 25, 54–5, 73, 109, 148 assessments see intelligence analysis asymmetric 36, 69; see also power attack surface 58; see also cyber vulnerabilities augmented decision-making: definition 136 Australian Criminal Intelligence Commission 7–8, 15n1, 140; role 193 Australian Federal Police 7–8, 151, 163–5, 169; role 193 Australian Geospatial-Intelligence Organisation 7–8, 96, 124; role 193 Australian National Intelligence Community 7–9, 192–4; acquisitions 55; budget 8; distinction between AIC and NIC agencies 105–6, 123, 139–141, 161–5, 173–5, 186; integration 106; legislation 48–51; principles 9; see also intelligence types; Joint Capability Fund; jurisdiction Australian Privacy Principles 120, 122; see also The Privacy Act 1988 Australian Secret Intelligence Service 7–8, 124; role 192 Australian Security Intelligence Organisation 7–8, 165, 169, 176; role 192

Australian Signals Directorate 7–8, 46, 50, 124, 140; role 192 Australian Transaction Reports and Analysis Centre 7–8, 100, 163; role 193 authoritarian states 55, 71 automation 95, 134–6; of data ingestion 100; see also augmented decision-making bias 90; in automated algorithmic decision-making 143; bias at scale 144; and culture 145; in decision-makers receiving intelligence 92; definition 152; and incomplete data sets 148–150; in intelligence 145–152; in intelligence ethics 146–7; see also cognitive bias; data bias big data 3, 22, 58; definition 3–4, 23; 5Vs 3, 23, 75; future access 120; paradoxes 141; 3Vs 3, 23; see also bulk collection big data landscape 23–5; see also data abundance; digital connectivity; ubiquitous technology borders see jurisdiction bulk collection 96–7 Cambridge Analytica 75 Chinese Social Credit System 71 civic 74–5; see also democracy; elections classification 105–6; see also security clearance clearance see security clearance cognitive bias 146–8; see also data bias collection see intelligence as knowledge communication see information sharing compartmentalisation 56–7

Index compliance 124–7; see also accountability compute 35, 36, 67; data centres 35,

38n2, 55–6; data storage as part of

intelligence collection 95; geographic

concentration 36, 57; see also power

criminal intelligence 95

cyber vulnerabilities 58; see also security vulnerabilities cyber-attack 60

data abundance 23, 25–30, 66, 83, 87,

100; access 100–1, 166; digitisation 26,

45; impact on intelligence analysis

89–90; relation to trust and

transparency 174; see also

datafication; big data landscape

data bias 144, 146–8; in intelligence collection 150–2 data brokers 27, 65–6 data ethics: big data ethics 134; definition 133; see also bias; ethics data ingestion 100; see also automation data literacy 96, 100

data: anonymisation 27, 120; data

uncertainty 90; de-identification 120;

fragmentation 90; re-identification

120–1; provenance 149; secondary

uses 122; see also big data; bulk

collection

datafication 26–9, 69, 74–5; see also data abundance dataveillance 70, 78

de-identification see data decision-makers 5, 102–3; as ethical

judgement 135, 137; overwhelming

information 91; private sector in

national security context 57–9; tactical

decisions 92; see also bias; ethics;

ethics at scale; psychological influence

declassification 46–7; see also intelligence Defence Intelligence Organisation 7–8;

role 193

democracy 74–6, 156, 172; see also

elections

The Department of Home Affairs 7–8;

role 193

digital connectivity 23, 30–2, 49, 173;

devices connected to the internet

31 digital footprint 67, 87, 173; see also

identification; personal data

digital service providers 58, 65–8; see also decision-makers; power

199

digital surveillance 68–72; see also surveillance disinformation 72–4: definition 72; modality 74; see also influence operations; misinformation elections 48, 75–6

emerging technologies 22, 25, 89, 141–2;

see also digital connectivity

ethical dilemma 133, 137; see also ethics

ethics at scale 141–5; definition 141–2

ethics: definition 131–2; ethical

boundaries 133, 134; in decision-

making 136–141; of intelligence 132;

see also augmented decision-making;

automation; bias; data ethics

facial recognition 53

Fingar, T 6

Five Eyes 103

5Vs see big data

geospatial intelligence 95, 108–9, 125

Gill, P 2; bulk collection 96–7

Gordon, S 38n1, 47–8, 58; on

disinformation 74, on intelligence as knowledge 84

grey zone 60–1, 76

grounded theory 10

harms assessment see threat assessment

harms see social harms

human intelligence 87, 95, 97

identification 27, 67, 110, 120, 141; see

also aggregation effect; Australian

Privacy Principles

indicators: definition 100; partnering with private-sector firms 101–2 industry engagement by intelligence agencies 170–1

influence operations 48, 61, 72, 74–7

information environment 76, 184

information flows 34–6, 58, 67

information sharing 57, 103; by digital

means 103, 105–7; see also

decision-makers

information warfare 72, 184;

definition 74; see also influence

operations

information: accuracy 84, 85–8, 89; levels or kinds 88; presentation to

200 Index decision-makers 90–1; unknown knowns 88; verification 73; visual presentation 92–3; see also privacy innovation 51–6 Inspector-General of Intelligence and Security: public engagement 167, 169, 174; role 194 instrumentarianism 76 intelligence activities 93; as collection 94–8; see also intelligence analysis; intelligence analysts intelligence agencies: definition 2; and ethics 139–140; and privacy 123; stakeholder engagement 102; values 141; see also intelligence as an organisation; trust intelligence analysis 89–90, 98; definition 98; manual analysis 99–100; probability 89, second-order effects 89; using indicators 100; see also data uncertainty; decision-makers; intelligence analysts intelligence analysts 107–110; analyst-centric model 107; complete removal of 109; transformed role to ‘higher-level’ analysis 108; see also automation intelligence cycle 38n3, 85–6, 93–4, 104, 136 intelligence organisations see intelligence agencies intelligence product see intelligence as an activity intelligence: as an activity 86, 93–104; as an organisation 104–9; as knowledge 83–9; definition 5–6; practices and principles 9, 45–6; purpose 84–8, 139, 174–7; role of secrecy 46–8, 85, 97, 172, 182; SIGINT for Jesus 86; types 9, 195–7; verification 73; see also compartmentalisation; declassification interference operations 47–8, 61, 72–7; see also disinformation; misinformation Internet of Things see digital connectivity intrusive collection: democratisation of 68; see also digital surveillance; microtargeting; targeting; tracking Joint Capability Fund 54–5 jurisdiction 9, 48–51, 60, 95–6, 123–4, 182; domestic mandate 126; foreign

mandate 124–6; and trust 161–2,

174–7; see also nationality;

Australian National Intelligence

Community

Kent, S 5–6, 84, 105 Kitchin, R: industry and big data 66; profiling 27, 67, 69–70; 3Vs 3, 23 knowledge see information; intelligence as knowledge Lefebvre, S 46 legitimacy 155–8, 163, 174; definition 156; difference when compared with trust 161 Lehdonvirta, V 34–7, 58, 67 Lowenthal, MM: intelligence analysis 98; intelligence as an organisation 104–5; intelligence collection 9; intelligence cycle 38n3; intelligence in practice 6, 86; secrecy 46–7 microtargeting 74–6 misinformation: definition 72; see also disinformation; influence operations moral dilemma see ethical dilemma National Intelligence Community see Australian National Intelligence Community national security 4; definition 4–5; threat 4–5 nationality 48–9, 123–7 Office of National Intelligence 7–8, 162, 169, 192 Omand, D: on ‘access’ 100; data in intelligence and profiling 27–8, 67; defining national security 5; ethics 132, 138; knowledge as intelligence 84; public trust 177; the purpose of intelligence 6; ‘state of trust’ 157–8, 174 open-source intelligence 46, 85, 87, 95–6 oversight 174; see also accountability Peelian Principles 163–4 personal data 58, 67, 116, 117; lack of regulation 118; public concern 118; see also data; privacy; profiling personally identifying information see personal data Phythian, M 2; bulk collection 96–7; data in intelligence and profiling 27–8,

Index 67; ethics 132, 138; intelligence cycle 93–4 polarisation 76 policing 163–4; see also Peelian Principles; Project Stonefish political parties 75; see also civic; elections power 34–7, 57, 70, 141; economic 36; geopolitical 34, 57–8; and legitimacy 156; monopolised 34–5, 182; see also compute; surveillance precision targeting 78; see also microtargeting; profiling privacy 49–51, 114–119, 185; balanced with intelligence needs 116–117; definition 115–116; future intrusions 122; intelligence agencies 123–7; intrusion 68–72, 124; legislation 115; privacy rebound 119; social norms 115–116, 117–118; temporal privacy 119–123; trust 173; see also profiling; surveillance; targeting The Privacy Act 1988 115, 117, 123, 126 private data see personal data private-sector companies 34–7, 65, 68; ability to surveil 69; see also digital service providers; power procedural justice theory 157 profiling 27–8, 68, 70, 74; inferences 110; see also digital surveillance; privacy; surveillance Project Stonefish 151 proportionate response 61 psychological influence 76–7 public engagement: definition 167; examples 169; government and policy led engagement 168; one-directional 168; as part of building trust in intelligence agencies 165–7, 169–170; see also industry engagement public service 15, 166 Richardson, D 8, 124; Review 9, 51, 124, 182 Rid, T see active measures satellite 59 secrecy see intelligence secret police 124 security clearance 56–7, 105

201

security vulnerabilities: breaches 56–7; see also cyber vulnerabilities; intrusive collection; vectors segmenting see compartmentalisation signals intelligence 52, 95–6 ‘small’ data 87, 97; see also human intelligence Snowden 48, 56, 166 social contract 158–162; as the responsibility of government or intelligence agencies 166; in big data 159–162; in intelligence 159 social harms 65, 150, 183; see also intrusive collection; influence operations; security vulnerabilities; surveillance SpaceX 59 structured analytical techniques 146 surveillance capitalism 70 surveillance: democratisation of 68–9; oversight of 71; see also digital surveillance Symon, P 169; on the Australian National Intelligence Community 2 Team Jorge 75 technology companies 68; see also digital service providers threat assessment 59–61 threat vectors see vectors 3Vs see big data transparency 46–9, 141, 172–7; balance with secrecy 172; definition 172; limits 174; see also accountability; legitimacy trust 155–8, 160–172, 187; alignment with purpose 174–7; definition 156–7; in government 156; lost trust 171; in national security agencies 157; in NIC agencies 162–5; in police 163–5; see also legitimacy; public engagement; transparency truth see information 2017 Independent Intelligence Review 7–8, 56 2016 US presidential election 75 ubiquitous technology 23, 32–4 unauthorised disclosure see compartmentalisation

202 Index uncertainty see information vectors 58, 60–1, 76; see also attack surface; cyber vulnerabilities Walsh, PF 8, 174, 184 Zedner, L 4

Zegart, A: cyberspace and national security decision-makers 58; data abundance 25; industry and big data 35; open-source intelligence 46 Zuboff, S: behavioural data 67–9; data abundance 25; industry and big data 35; surveillance capitalism 70; see also instrumentarianism