China’s digital renminbi, which is being heavily promoted ahead of the Beijing winter Olympics, risks becoming a tool to surveil users and exert control over global currency transactions, the director of UK signals intelligence agency GCHQ has warned.
In an interview with the Financial Times, Sir Jeremy Fleming said that while digital currencies present a “great opportunity” to democratise payment systems, the development of this new technology also poses a threat.
“If wrongly implemented, it gives a hostile state the ability to surveil transactions,” he said. “It gives them the ability . . . to be able to exercise control over what is conducted on those digital currencies.”
The spy chief spoke to the FT earlier this week from the London headquarters of the National Cyber Security Centre, GCHQ’s defensive arm, ahead of the publication of a new cyber strategy.
This document, which is expected later this month, will act as a blueprint for countering digital threats at a time when warfare is moving increasingly into cyber space. Fleming said GCHQ was “a poacher and gamekeeper” in this domain, charged with both protecting the country against attacks and mounting offensive operations against adversaries.
The agency, which has listening stations across Britain and overseas, works alongside its better-known sister services MI5 and MI6, specialising in domestic and overseas intelligence, respectively. However, GCHQ’s digital expertise is in high demand due to what Fleming calls the growing “prominence” of technology in society.
In fact, the threats have changed significantly since the agency’s historic role in the second world war, when GCHQ codebreakers decrypted Nazi communications from draughty huts at Bletchley Park.
He said China was now the “biggest strategic issue” facing the UK, and was expanding its espionage operations and seeking control of digital infrastructure. “China has stolen a march . . . [it’s] investing very heavily, overtly and covertly, and that’s because it is starting to exercise real influence on the way in which the rules of the road are going to operate in a technology and digital context,” Fleming explained. “We have to work out what our response is to all of that.”
The spy chief was keen to stress the importance of the UK remaining open to trade with Beijing and co-operating in areas such as climate change.
But he worried that if other countries gathered large volumes of data on British citizens — how they work, shop, socialise and travel — it would prove “deeply intrusive” and could lead to an “erosion of sovereignty”. Earlier this month Richard Moore, head of MI6, suggested China was exporting technology that allowed it to exert a “web of authoritarian control” around the world and accused Beijing of ensnaring other countries in “data traps”.
Digital currencies could be one such trap, with 140m individuals and businesses already signed up to use the digital renminbi, according to the People’s Bank of China. “In the context of the forthcoming Olympic Games . . . China is taking every opportunity to project their digital currency, and their hope is that foreign visitors will use it in the same way as domestic visitors,” Fleming said.
He hoped Beijing would co-ordinate with international partners in agreeing a system of regulation for online currencies. Some countries and organisations have shown a “real thirst” for a better dialogue on this issue, Fleming said, but noted he was “not seeing that pull yet from China”.
Such understatement is typical of the 54-year-old GCHQ director, who is the most cautious and media-shy of Britain’s three spy chiefs. His 28-year intelligence career started almost by accident when, after working briefly as an accountant in the city, he applied for a job at the Ministry of Defence.
This turned out to be a post at MI5, where he was later involved in the response to the London 7/7 terrorist attacks, and leading security preparations for the 2012 Olympics. He was widely expected to take over as MI5 director-general until the top job at GCHQ fell vacant and he moved agencies to fill the role.
One of Fleming’s key responsibilities is developing Britain’s cyber warfare capabilities. Sparring between states in cyber space is a secretive business, and details of the UK’s own “offensive cyber” capabilities remain highly classified.
Last year ministers announced the creation of a National Cyber Force, led jointly by GCHQ and the MoD, to target adversaries online by blocking terrorists’ phone signals, disrupting servers and hacking enemy weapon systems. Based in a village in Lancashire, the force will be, according to Fleming, “a really important part of our cyber power . . . it’s how states compete”.
Even though Britain has publicly called out countries such as Russia and China for hacking operations, Fleming declined to comment on how the UK fights in the cyber domain. “We have to put a little bit of space between the operations and the conversation,” the spy chief said. “These capabilities are deeply scrutinised and they are properly overseen.”
The only known example of a UK offensive cyber campaign was conducted against Islamic State, at the height of the group’s attempts to form a caliphate across Syria and Iraq. The operation involved suppressing the group’s propaganda by destroying physical IT infrastructure and limiting its strength on the battlefield by disabling drones.
As cyber technologies proliferate, not all threats come directly from traditional adversaries. Last month the US sanctioned NSO Group, an Israeli spyware manufacturer, following accusations that its software had been used by authoritarian governments to surveil the phones of human rights activists and journalists around the world, including the editor of this newspaper.
Fleming described such a deployment of NSO hacking capabilities as “completely beyond the pale”, adding: “My personal view is that countries or companies that promulgate [technology] in an unconstrained way like that are damaging and should not be tolerated.”
The UK has not followed the US by sanctioning NSO but Fleming said he was “sure” that was an issue the government will “want to keep under close review”.
In the short term, GCHQ is focused on dealing with some of consequences of the Covid-19 pandemic, from espionage aimed at stealing vaccine research to a surge in ransomware attacks caused by the increased vulnerabilities from remote working. Nearly 40 per cent of UK businesses have suffered a cyber breach or attack so far this year.
These rising threats have given his agency a much wider remit. “The role of GCHQ is changing very rapidly,” Fleming said, acknowledging that the pace of evolution is among “the fastest . . . in our history”. “Ultimately, you’ve got thousands of technologists in GCHQ whose expertise can be brought to bear on a much broader problem set [than espionage]”, he explained.
Part of this evolution is a recognition that the intelligence agencies cannot do all their work with technology developed in-house. As the FT reported earlier this year, GCHQ has pioneered a new contract with AWS, Amazon’s cloud computing arm, to host classified data for Britain’s spy agencies. While Fleming would not comment on that deal, he seemed open to future collaborations and partnerships with tech companies.
“It’s not a sustainable model for UK intelligence to close itself off from some of the best, most innovative technology in the world, that has security built into it,” Fleming insisted. “The tech world is a global world and we have to play in that space.”