The Daily Telegraph reports that former the MI6 employee Daniel Houghton, who is being tried under the Theft Act and the Official Secrets Act, for ineptly trying to sell alleged MI6 and MI5 "intelligence gathering technique) secrets to undercover UK counter intelligence agents, used DVD / CD and USB flash memory technology to smuggle out and store the alleged top secret and secret documents:
Spycatchers trap MI6 man 'trying to sell secrets'
A former MI6 spy has been accused of trying to sell "top secret" intelligence files to a foreign government for £2m.
By Duncan Gardham, Security Correspondent
Published: 5:12PM GMT 03 Mar 2010Daniel Houghton, 25, was caught in a sting operation after allegedly approaching a foreign intelligence agency offering to sell them information he had collected while working for the Secret Intelligence Service, known as MI6.
The files, which belonged to the domestic security service MI5, allegedly related to the capabilities of the security and intelligence services and the techniques they have developed to gather intelligence, sources said, and were labeled "top secret" and "secret."
Houghton, who worked for MI6 between September 2007 and May 2009, allegedly telephoned the foreign intelligence service three months after leaving MI6 to try and arrange a deal.
He telephoned a "foreign intelligence service" and expected not to alert the UK counter-intelligence units ??
But undercover MI5 officers, known as "spy catchers", met him in February to view the material on his laptop and allegedly negotiated a price of £900,000, while recording the meeting with hidden listening devices.
If the alleged "top secret" documents really deserved that level of classification, then some people and organisations would be willing to pay much more than that.
Houghton allegedly told them he had downloaded the information onto a number of CDs and DVD disks which he then copied onto a secure digital memory card of the type used in cameras.
He also allegedly told the undercover MI5 officers that he had copied material onto a second memory card which he had hidden at his mother's home in Devon.
They arranged to meet him again at a central London hotel where he allegedly showed them the material on a laptop and then handed over two memory cards and a computer hard drive.
Sources said he was allowed to leave the hotel room with £900,000 in a suitcase before he was arrested as he waited for a hotel lift by plain clothes officers from the Metropolitan Police Counter Terrorism Command.
It is understood Houghton told them: "You've got the wrong man."
Police have conducted a series of raids since the arrest on Monday at Houghton's shared flat in Hoxton, east London and at his mother's home, a farm house in Holne, near Newton Abbot in Devon.
They are understood to be looking for any copies of the material he may have downloaded and any other material he may have stolen.
Sources said they had found additional hard copies of material marked "top secret," "secret" and "restricted."
[...]
According to The Press Association etc
The two detailed charges he is facing are: Between September 1, 2007 and May 31, 2009 within the jurisdiction of the Central Criminal Court he stole property, namely a number of electronic files containing techniques for intelligence collection, belonging to the British Security Service. Contrary to section 1(1) Theft Act 1968.
The other charge is that on March 1, 2010 within the jurisdiction of the Central Criminal Court, being a person who has been a member of the security and intelligence services, without lawful authority he disclosed articles relating to security or intelligence, namely a number of electronic files containing techniques for intelligence collection, which were in his possession by virtue of his position as a former member of the British Secret Intelligence Service. Contrary to section 1(1) Official Secrets Act 1989.
- Does this imply that the authorities have no proof as to exactly when Houghton is alleged to have stolen the secret and top secret documents and have just bracketed his entire period of employment with MI6 ?
This case shows that trusted employees, even of MI6 the Secret Intelligence Service, can use easily concealed USB flash memory devices to smuggle out secret documents from supposedly heavily guarded buildings or computer networks.
This should be of interest to other, more honourable and less corrupt whistleblowers - see our Hints and Tips for Whistleblowers Technical Hints and Tips for protecting the anonymity of sources for Whistleblowers, Investigative Journalists, Campaign Activists and Political Bloggers etc.
However, this case also shows a lack of professionalism by the wannbe corrupt spy, who seems to have revealed rather too much personal information about himself and his family to his supposed "foreign intelligence agency" customers. Meeting them in person a hotel room in London (rather than in a foreign country), not making use of Dead Letter Drops or encryption and expecting to simply walk away with £900,000 in cash in suitcase (without being robbed or murdered) after handing over the secrets , seems rather arrogant, naive, and obviously illegal.
- Did Houghton work on a joint MI6 Secret Intelligence Service and MI5 Security Service operation ?
- if not how did he have access to MI5 secrets when working for MI6 ?
- Why did he leave the employment of MI6 last year ?
At the age of 25, he must have started stealing secrets only a year after leaving the University of Birmingham. Given the six months or more it can take for recruitment and Developed Vetting (DV) security vetting clearance, he must have started stealing secret stuff almost immediately that he had access to it.
According to the Daily Mail: Ex-MI6 agent appears in court charged with trying to sell top secret files 'for £2million'
Born in Holland, Houghton has dual British-Dutch nationality and is fluent in English and Dutch. Educated at Dartmouth Community College in Devon where his family live in nearby Holne, Houghton studied graphic design at Exeter College.
At Birmingham University, he studied computer interactive systems, achieving top marks which brought him to the attention of the security services
- Did he hack in to their supposedly secure computer systems from the inside ?
We doubt that Daniel Houghton was employed as an "agent" or as a "spy" i.e. a Covert Human Intelligence Source (usually foreign but also within the UK) as the mainstream media headlines claim.
- Was he employed as an Intelligence Officer or was he employed to work on their Information Technology systems ?
- Which "foreign intelligence agency" did he think that he was betraying and selling the secrets to ? There really is no good reason for keeping that a secret from the British public.
- Was he working alone, or did he have accomplices ?
Why the Theft Act 1968 but not the Terrorism Act 2000 section 58 Collection of information ?
- The Official Secrets Act 1989 section 1 (1) carries a penalty(defined in section 10 Penalties of "only" up to 2 years in prison and / or a fine (per offence), is obviously applicable to a former member of MI6.
- Unless Houghton was stupid enough to steal and to hand over the original CDs, DVDs or the computer hard disk, which physically belonged to his former employer MI6, then how does the Theft Act 1968 apply ?
There would be no need for all the civil Copyright legal cases, if somehow, a mere digital copy of information or data could be misinterpreted as Theft as defined by the Theft Act 1968 section 1
(1)A person is guilty of theft if he dishonestly appropriates property belonging to another with the intention of permanently depriving the other of it;
[...]
This cannot apply to digital copies of the information or documents - it can only apply to the originals or master copies on physical media or hardware.
The theoretical maximum of up to 7 years in prison is for major thefts of property or money.
- Why is Daniel Houghton not also facing a Terrorism Act 2000 section 58 Collection of information charge, which attracts a penalty of up to 10 years in prison ?
Surely "top secret" MI5 "intelligence gathering techniques" is obviously "information of a kind likely to be useful to a person committing or preparing an act of terrorism" ?
This is a catch all offence which does not require proof of any actual terroristic intent, only knowledge of the fact of its potential usefulness to terrorists.
These documents, if accurately reported above, would be much more useful to terrorists, than the stuff which several people are in currently in prison for, which they downloaded from the internet.
Anonymous briefing before Court Reporting Restrictions apply
It is also worth questioning why the authorities seem to have anonymously briefed Duncan Gardham, the Security Correspondent of the Daily Telegraph in so much detail ?
This report (and our blog analysis of it) comes before any media reporting restrictions have been ordered, as Daniel Houghton is not yet facing trial by jury.
This seems to be a feature of recent national security trials - the accused is found guilty in the mainstream media, well before he faces an Judge and Jury, on the basis of anonymous leaks from nameless Whitehall bureaucrats, given to selected, favoured mainstream media journalists.
N.B. if the UK Government or legal system authorities want bloggers not to comment on a trial in progress, then they will have to inform us directly via email or through a comment posting, or through a prominent online public announcement that there are actually reporting restrictions in place and the details of exactly what they cover. We are reasonably intelligent, but not psychic.
Those of you taking an interest in this, or similar cases, should download and save your own copies of any relevant newspaper or blog articles to your own (secure and encrypted ?) computer systems, since the online versions could easily be be censored through secret injunctions or takedown notices, or just the threat of expensive legal action.
What a dumb schmuck. I guess he deserves points for managing to acquire sensitive information without triggering alarm bells, but then agreeing to an in-person meeting and confessing to where he'd stashed his loot?
This kind of thing causes me grave worry over who is supposedly guarding our national interests.
It never ceases to amaze me that the intelligence services and other government departments don't take the simple precaution of disabling or removing the USB ports from desktop computers.
Looks like his American flatmate, Kimberly Peterson, may have been a spook too:
http://thecityherald.com/author/kimberlykae/
@ Ka - that link proves nothing of the sort.
Whilst being a journalism student might be useful cover for a foreign intelligence agent, surely the chances of two inept spooks, from different countries, sharing a flat together are improbably high ?
Presumably MI6 ran a background check on Kimberly Peterson when Houghton was still employed by them, so your theory seems very unlikely.
Surely she would have been tipped off about any Metropolitan Police raid on her flat and would have been absent, if she was actually a US intelligence agent ?
@ The Laughing Cavalier - there is software available and in use in parts of the Ministry of Defence, which enforces a policy of either disabling all use of USB and CD / DVD devices and / or logging any permitted usage to a centralised audit system.
Whether or not MI6 also use this or something similar is a secret.
If he had legitimate use of a laptop computer, then perhaps they forgot to physically disable the Firewire port, which is impossible to secure through software alone, as, by design it gives Direct Memory Access.
See also our Hints and Tips for Whistleblowers section on CD-ROMs and DVDs and USB flash memory media
Why did Daniel Houghton reportedly also hand over a "computer hard drive" ?
What was the capacity of this driver ? Hundreds of Gigabytes ?
Just how many thousands of documents was he trying to sell ?
@ David - it is puzzling.
MI6 will presumably claim that he left their employment after only a couple of years at most and was therefore either not fully trained, or simply not up to scratch in some way.
The Daily Telegraph's anonymously briefed report includes this detail:
Will Daniel Houghton or his lawyers attempt to claim that it was all an entrapment operation which went wrong, where he was approached by the counter-intelligence team posing as a "foreign intelligence agency" and that he only went along with it to expose them to his former bosses at MI6, who are now betraying him to the inflexible British (in)justice system ?
Remember the other recent cases involving either "top secret" documents left on a train, or involving CDs and phone calls / email to foreign military / intelligence officials
Spy Blog: Official Secrets Act prosecutions and media spin - Richard Jackson has been treated more leniently than Corporal Daniel James
Daniel Houghton is my elder half-brother, I myself born and living in Holland. I cannot believe he did this and am hoping that he was framed or something of the kind. I dread thinking about him in jail. Although I must admit that contact was very infrequent and mostly shallow of nature.
Id also like to add a few things to this article;
Firstly Daniel hardly speaks any dutch, so fluent as stated is quite wrong.
Obviously this all happening is very shocking and hard news for us all. Id like to ask all of you to not only think of what Daniel might or might not have done but also take a moments time to think about his family who were all oblivious to him being an ex-agent and thus tone down your reaction a bit.
Regards,
@ O. Wilde - thanks for using Tor protect the privacy of your computer's IP address when posting your comment - that is exactly what it is intended for.
On the face of it, if the mainstream media reports about being caught red handed, with a suitcase full of cash after handing over physical evidence, which will be full of forensic proof, Daniel Houghton looks very guilty.
Spy Blog appreciates the stresses and strains which a high profile criminal case involving secret Government departments and the mainstream media puts on the family and friends of the accused - see the Gary McKinnon computer hacking / extradition to the USA case - FreeGary.org.uk blog.
Notwithstanding what we have written above, Daniel Houghton is innocent until proven guilty, beyond reasonable doubt, on actual evidence and the testimony of witnesses, in a proper UK Court of law.
what abou the impact that would have had on spies at MI6/5 though? what about the information that could have been leaked about their operations and therefore put their lives at risk - these are british citizens remember, working for the good of our country. he could have put our country at danger if he hadnt been caught!
@O Wilde - seriously, I know he's your "brother" but he must have known the risks of what he was doing when and before he did it!
If he only worked at MI6 for a short amount of time, he must have been getting the info from pretty much as soon as he started working there, which makes you wonder, did he plan on this from the very beginning? Did he seek out MI6 when at uni and send in his CV in order to get a job there and sell their secrets?
@ girlygirl - if the secret documents are to do with Methods of intelligence gathering, then they are not very likely to put MI5 or MI6 personnel or their Covert Human Intelligence Sources in immediate physical danger.
If such Methods are revealed to an enemy, or to the public they might diminish the effectiveness of some, but not all, intelligence gathering operations, depending on how much technical detail there is in these alleged top secret documents.
What such documents do not mention, might be as valuable to an enemy intelligence analyst, as what they specifically cover.
Nevertheless, it is still very wrong to try to sell them to a potential enemy of the United Kingdom.
it was a set up
@ daniel - a setup by whom e.g. MI6 or MI5 or the Met Police ? Why ?
Surely Daniel Houghton was remanded into custody and is still awaiting the delayed bail hearing before the senior Magistrate , Judge Timothy Workman, this coming Thursday 25th March 2010 ? Or is he free on Police Bail ?
The Press Association (via Google) reports:
The Mirror reports "details of 300 British operatives" and a tip off from the Netherlands, perhaps from the Algemene Inlichtingen- en Veiligheidsdienst (AIVD) (General Intelligence and Security Service)
N.B. that does not necessarily mean that the undercover counter-intelligence "sting" team in the London hotel, were posing as Dutch intelligence agents. it may only signify that perhaps the initial phone call to the alleged foreign intelligence agency was intercepted by, say the Netherlands AIVD.
If he was trying to sell actual details of "300 British operatives" then surely these are the wrong charges i.e. not serious enough ?
With regard to the Theft Act, I would imagine that "permanently depriving" someone of an item by unlawfully retaining that item could very well apply in this case, because to have passed details of operational methods for which the Security Service has a valid claim to intellectual property rights (IPR) to unauthorised parties may well have deprived them of their ability to use those techniques for which they held IPR in the future.
@ Leitmotif - No ! Intellectual Property Rights infringements are a civil tort, not a criminal offence, despite the hype and propaganda about, for example, so called music or video "piracy" .
Not even large scale commercial music or video "pirates" are charged under the Theft Act, unless someone catches them red handed with physically stolen audio recording Master Tapes or film or video reels nicked from an editing suite etc.
If the CD's or USB memory devices, or the hard disk or the laptop computer mentioned in the press reports, were actually MI5 or MI6 property, rather than belonging to the accused, then perhaps the Theft Act could be made to apply, but only for the commercial value of the the media / storage device.
There is no commercial market valuation possible for national security classified "Secret" or "Top secret" information - that is why the Official Secrets Act exists.
How does knowing that the intelligence agencies do actually use techniques such as, for example, mobile phone Communications Data, to gather intelligence on who contacts whom, where and when, prevent them from continuing to do so in the future ?
Even under the wretched new Digital Economy Act, the copyright holders would have to prove that they actually held the original copyright - supposing some of the "intelligence gathering techniques" had actually been copied or stolen from Foreign Intelligence Agencies, as is very likely ?
@wtwu: you're right that IPR infringement is a civil tort, and not a criminal offence, in and of itself. However, I raised the issue of IPR only to establish that the Security Service has a strong claim to the ownership of the (intellectual) property that was allegedly stolen in this case (which is important only in so much as you must own something before it can be meaningfully stolen from you). My main point is that the Theft Act may well apply in this case because, unlike in the case of simple copyright infringement of commercially-available non-secret intellectual property, if it can be established that the Security Service would have been deprived of using the items for which they held IPR in the future, then that would be permanent denial of the (intellectual) property in question, and therefore theft, rather than mere copyright infringement. The main difference between the two types of infringement that raises one above the other in terms of severity of culpability is that selling/using a pirate film or music album doesn't prevent the owners of those media from having the opportunity to use the media for which they own IPR in the future; selling/using techniques developed covertly by the security and intelligences services, however, may well prevent them from using the techniques for which they can lay claim to IPR in the furture, escalating the issue to theft. It's the permanence (actual or potential) of the loss incurred that makes the difference.
PS: in answer to your question "How does knowing that the intelligence agencies do actually use techniques such as, for example, mobile phone Communications Data, to gather intelligence on who contacts whom, where and when, prevent them from continuing to do so in the future ?", the answer is that the efficacy of many of the techniques we the public are still unaware of undoubtedly depends on the people they are being used upon remaining ignorant of them. For years, GCHQ and other agencies were able to listen in to the telephone communications of criminal gangs in Europe and elsewhere, until it became widely known that Skype and other VoIP services could not be surveilled in the same way as easily or as widely. There was fairly extensive media coverage of the Mafia switching en masse to that medium of communication when this fact became widely known a few years ago. Similar countermeasures would undoubtedly be used by the targets of today's intelligence-gathering techniques, if only they knew what to hide from.
The BBC reports
http://news.bbc.co.uk/1/hi/england/london/8623616.stm
@ Leitmotif - we are unlikely to ever discover in Court, to what extent, if any, the alleged documents actually disclose any specific details regarding the "intelligence gathering techniques" e.g. about their efficacy, or the scarcity of the necessary technical equipment or human resources.
Foreign Intelligence Officers and Agents, Serious Organised Criminals and Terrorists etc. have not stopped using mobile phones, even though they do know about the possibilities of Communications Data analysis and Interception of electronic communications - they take a calculated risk.
Whether the public will ever find out the details of the techniques that Daniel Houghton was allegedly trying to sell to a foreign intelligence agency is a moot point; the prosecution need only establish that for him to have successfully sold them in the way that they allege he intended would have resulted in the techniques being permanently denied to the Security Service. By the same token, if a car thief steals a vehicle, and the police manage catch them before they manage to succeed in selling it on, that still constitutes theft, whether or not the loss of the item stolen was prevented from being rendered permanent by the timely intervention of the authorities. It's the intent and likely outcome of an alleged offender's actions had intervention not taken place that's considered by the courts, not the actual effect of the offender's actions. The fact that the Security Service / Police managed to stop this alleged offence before it caused permanent loss isn’t of any relevance when considering culpability.
Regarding your hypothetical assumption that foreign intelligence officers etc have not stopped using mobile phones in the light of the developments in VoIP technology that I mentioned; I'm not sure why you feel that's relevant to the present case, even if you could establish it were true.
@ Leitmotif - I agree with
However, I am puzzled by
How much proof do you want that Foreign Intelligence Agencies and Serious Organised Criminals have not stopped using mobile phones ?
e.g. the 25 CIA agents who have been tried in absentia, by the Italian authorities, for their part in an alleged kidnapping and "extraordinary rendition" case, who were tracked down and identified by their mobile phone Communications Data patterns, e.g. see Wired magazine In Italy, CIA Agents Are Undone by Their Cell Phones Politics
The vague reports and figures published by the Interception of Communications Commissioner only show annual increases, not declines in the numbers of mobile phone intercepts and communications data requests.
The relevance to the Daniel Houghton case is that "intelligence gathering techniques", such as those involving mobile phones, are simply not the exclusive property of MI5 and there is no question of them being "permanently deprived" of them (i.e.Theft Act 1968 section 1), no matter how many copies of the alleged documents have been lost or betrayed.
Any temporary, tactical, operational secrets about "intelligence gathering techniques" would be covered under the Official Secrets Acts 1989, or as pointed out above, the Terrorism Act 2000 section 58 collection of information (which has not yet been invoked) , but not the Theft Act 1968, unless, as stated above, the electronic media e.g. CDs, DVDs, USB flash memory devices etc. for sale were actually originals owned by MI5, rather than copies made and owned by Houghton himself.
@wwtu (sic – I’m not sure if that’s a typo in your last comment; I assume you’re the same person as commented previously, on which occasion you were called “wtwu” )
You raised interesting points in your last post. I’ve been doing some reading on The Theft Act, and it appears from what I can tell that you’re correct – Intellectual Property / Trade Secrets do indeed appear not to be considered ‘property’ for the purposes of that Act. There was a consultation on this apparent loophole conducted by the Law Commission in 1997 (see here: http://www.lawcom.gov.uk/misuse_trade.htm), where a new law, concerning the Misuse of Trade Secrets, was proposed. I couldn’t find any definitive information on what the outcome of that consultation was, but it does at least appear to unambiguously be the case that Intellectual Property doesn’t come under the Theft Act. To quote directly from the article referenced above “At present trade secrets cannot be stolen as they do not constitute "property" for the purpose of the Theft Act 1968”.
In addition to the above abstract discussion of the relevant law, I read a piece of case law that discussed a University student who, in the 1970’s, had obtained an advance copy of an exam paper, had read same, had returned the physical piece of paper to the place they took it from, then sat and passed the test. Upon being caught, it was found not to be possible to prosecute them under the Theft Act, even though the way they obtained the information was argued at the time to be ‘theft’.
With regard to the recently-convicted CIA officers and their sloppy use of mobile phones, that’s also in itself interesting. I imagine they must have thought that they’d never need to face investigation or prosecution by the authorities themselves. That’s perhaps more indicative of the arrogance of the people involved, than how people with an equal awareness of the same investigatory techniques but who harboured more concern of being investigated/prosecuted might have behaved in similar circumstances.
Getting back to the present case, with regard to the possibility that Daniel Houghton may have stolen physical property from the Security Service, I suppose that is feasible. I know from personal experience that it’s possible to take electronic media through the doors at Vauxhall Cross. Visitors to the building are asked to leave any mobile phones and laptops in the foyer (there are lockers there for storing prohibited items in the lobby, and security gives you a key if you need to leave anything bigger than a mobile phone there). You do need to go through a ‘circlelock’ door to get past the foyer into the main building (also known as an ‘orthotube’ – they look exactly like the ‘pods’ on Spooks), which you access using a proximity badge and a personal PIN number. Unlike Spooks, though, there’s no technical wizardry or electronic scans going on within those secure double-doors; it’s really just a physical measure to ensure that interlopers don’t ‘tailgate’ legitimate entrants into the building, as more than one person trying to pass through on one card/PIN would be detected. You’re not meant to take any form of electronic media through, but I did inadvertently take a MicroSD card through once, and no klaxons or flashing red lights went off. I imagine you could also take something larger like a CD through if so minded. I’ve never visited Thames House, but I’m sure their security procedures are similar.
@ Leitmotif - you are correct - "wtwu" stands for the sub-title of this blog - Watching Them, Watching Us.
If the Theft Act 1968 section 1 could have been applied to intellectual property, then surely there would have been lots of cases by now involving music and video "piracy" ? There would have been no need for the controversial internet disconnection penalties for "file sharing" under the wretched new Digital Economy Act 2010 either.
The CIA team tried and convicted in absentia in Italy were obviously breaking the local laws and must have known this. If they were being professional, then any mobile phones they used during the operation would not have been traceable directly to them. It was arrogant and complacent of them to assume that nobody was tracking them - it could have been another foreign intelligence agency or an organised crime syndicate, not just the Italian government authorities.
That case also illustrates that mobile phone based intelligence gathering is a technique practised by many other law enforcement and intelligence agencies around the world, so MI5 cannot realistically claim exclusive "ownership" of it. The same is probably true of almost all of the other "intelligence gathering techniques" which they use and which might have been described in the documents mentioned in the charges against Daniel Houghton.
Regarding of the CircleLockTM doors -
the main usefulness of such turnstile entrances is that the building management computer system can then actually tell, reasonably accurately, how many people are inside the the building, when it is evacuated for a fire or bomb threat drill.
The Cabinet Office at 70 Whitehall has similar full height turnstile doors, but they also seem to have retained the loophole known as "the Minsiters' entrance", with no individual, one at a time turnstile mechanism. This therefore does allow "tailigating" by indeterminate numbers aides, bodyguards and political apparatchiki etc. or other pompous people who revel in their "special" status, to whom the normal rules are not applied as they should be, even for "security" or for "health and safety" reasons.
There are some high security environments e.g. those involving diamonds, where in addition to turnstiles, everybody and everything is physically weighed (trivially easy to do these days with electronic strain guages) in and out.
If Daniel Houghton was authorised, as part of his job with MI6, to carry a laptop computer or camera etc. then preventing him, as a trusted insider, from smuggling out Gigabytes of data would have been impossible, since electronic storage media weighs the same whether or not it contains secret or top secret data.
hello it is my first post on this website and to start with I would like to thank for the great quality information, which I were able to find in this and all previous posts , it really helped me a lot. I will definitely add this blog on my google reader ;) Also, I would like to ask - don't you mind if I will quate some information from your website since I am writing articles for the Associated Content, Ezine and other articles directories (this is my part time job)? It would really help me with some of mine articles. Of course, I will mention your blog name or URL (not all articles directories allows URL's , so I can't 100% promise that you will get a direct link to your blog).
As you know, you should carefully take under advisement the cost of.