Transcription

Nick James:

Hello. My name is Nick James, and I’m the founder and event director of #RISK, a significant series of in-person events starting in London in November, 2022. Organizations are now not only faced with IT risks, people risks, growing cyber risks, but also we are now facing a public health crisis, a geopolitical crisis, and a climate change crisis. #RISK will deal with all of these and more, because we believe that risk is now everyone’s business. I’m joined today by Annie Machon, on one of our speakers at #RISK, former MI5 intelligence officer and whistleblower, and currently a director of the World Ethical Data Foundation. Annie, welcome.

Annie Machon:

Hello, Nick, and my pleasure to be here. Thank you for inviting me.

Nick James:

So during your time as an intelligence officer, you were responsible for investigating political and terrorist targets and then resigned to blow the whistle on the crimes, incompetence, and lack of accountability of the spies, which is fascinating in itself. The big question that I picked out of that, and I read that you’ve said, is that you described whistleblowers as the regulators of the last resort for truth and for justice. Do you think that a whistleblower’s motive must always be pure?

Annie Machon:

I think a whistleblower’s motives are inherently pure because if you are in a situation where you are… I mean, it can be in any sector, it doesn’t have to be coming out of the spy agencies. It could be health, it could be finance, it can be industry, it could be transport, and you see something going so badly wrong that is putting other people’s wellbeing or financial welfare or even their lives at risk, and you try and change things from within and you are always told just to shut up and just follow orders, then sometimes it becomes imperative to take that step. Now, I would say that this is never done without a great deal of soul searching, because coming out of any sector, you’ll automatically turn your lives inside out and upside down because you’ll lose your professional reputation, you’ll probably lose your job, despite certain laws in place that are supposed to protect whistleblowers.

Annie Machon:

And in the case of people coming out of central government or the military diplomacy or the intelligence agencies, you’ll probably lose your liberty too, and go to prison for breaking the terms of something like the Official Secrets Act. So this is never a decision to ever take likely and people do it because they feel that they cannot not do it, and they want to do it to help their fellow citizens. I would put in one caveat to that, though, that most whistleblowers face all these risks. Those coming out of the financial sector, however, do you have a certain legal protection. And this is something that is an American act called the Dodd Frank Act of 2010. And this basically has legal and global powers that anyone coming out of any major financial industry or financial company that blows the whistle, and that company is therefore reformed or money is recouped by the government or whatever it is, the financial whistleblower will get a 10% cut of whatever is retrieved.

Annie Machon:

So there have been some huge payouts across the planet to financial whistleblowers. I think the biggest one has been to date 120 million, which is astonishing. So in that sense, perhaps the motivation is less pure, but for most people, they don’t get anything, but they risk losing everything. So yes, I think whistleblowing is a pure activity. It would be nice to be in a position today where people didn’t have to. Where there were meaningful channels where evidence of malfeasance could be submitted and properly investigated and reforms made and criminals held to account. But as usual it’s the whistleblower that takes the fall.

Nick James:

Soul searching indeed. I mean, particularly if, as in your case, you potentially lose your liberty, which is not the ultimate sacrifice, but the next one down, I guess. Annie, you now focus on technology, digital civil liberties, security, and surveillance. Can I focus on surveillance, which is now almost an accepted part of our daily lives, and ask you how Orwellian do you think our world currently is?

Annie Machon:

If you’re using the word Orwellian as a sense of living in the dystopian reality of the novel 1984, we are pretty much there already. So I of course specialized in intelligence surveillance models, but I’ve since then evolved into looking at how these intersect with corporate surveillance and the harvesting and farming of our personal data for private profit, and also how there is an intersection between the spies and the criminal hackers. So most people, when they think about their privacy online, if they do, tend to be more worried, more concerned about criminals hacking into their finances or their mental health or medical records or whatever it is. But there is a huge intersection between these three sectors that puts us all at risk.

Annie Machon:

So for example, the intelligence agencies, as we now know from Edward Snowden, built back doors, either wittingly or unwittingly, into all the major tech corporations that we use on a day to day basis in America, generally. And this allowed them to snoop on what the information we were giving to them voluntarily was, and to try and keep track of us. Also on the intelligence front, particularly organizations like the CIA and the NSA in America, NSA is the electronic snooping post, built up a cache of cyber weapons and zero day hacks and all sorts of other vulnerabilities that they could have passed on to the corporations, but they chose to keep them secret in case they wanted to use them in the future going forward.

Annie Machon:

And as we know from the WikiLeaks Vault 7 disclosures from a few years ago, the CIA cyber cache of weapons was leaked and went out into the public. And the NSA had a similar cache of weapons that was hacked, apparently, and then fell into the hands of cyber criminals. And this is where we are seeing certain attack vectors coming from, I think, particularly ransomware. Things like WannaCry that held the NHS to hostage a few years ago, and more militarized versions. So that vulnerability, even the the cutting edge intelligence agencies cannot keep these sort of weapons safe and secret and out of criminal hands, and even the major corporations that we take for granted in our day to day lives, living online in this post COVID world can’t protect our data as we give it to them for free, then we all need to be aware of this triangulation of threats. It’s not just the criminals. There’s this three pointed attack vector that we all need thinking about.

   Pre-register for #RISK

#RISK   will be the place that business leaders meet, learn, knowledge share and understand how the lines between cybersecurity, privacy, risk management, and compliance that were once straight and delineated are now blurred and merging.

FIND OUT MORE

Annie Machon:

So going back to the Orwellian point, because the corporations keep wanting to push more and more product at us, we now have these shiny little smartphones, which can be remotely hacked. I mean, there was a case last year called Pegasus, developed by an Israeli corporate intelligence company, and this basically, without any of us having to click anything on our phones, could infest our phones using popular apps like WhatsApp. And then that means that they can hoover up all our information, they can remotely switch on our cameras, remotely switch on our microphones, all the rest of it. So that is a clear surveillance hack.

Annie Machon:

The other thing is that we voluntarily give up our privacy by buying in things like Alexa and using Siri and things like that. And more and more information has come out about that as well. These little smart devices in our homes can be switched on remotely, our conversations around it can be recorded, and the companies that develop this say, “Oh, we’re just doing it to improve our product, to make the voice recognition better, or the language understanding better.” That’s how they justify it. So we voluntarily bring these little spy devices into our homes.

Annie Machon:

And just one final point when it comes to the Orwellian idea was the idea that you couldn’t have any privacy in your home in 1984. And this also meant that you had a TV screen which was spying on you. Now, how many of us… I don’t, but how many of us have actually voluntarily bought smart TVs that do have cameras that can again be hacked and be switched on remotely? So in terms of that dystopian surveillance, I think we’re pretty much there in terms of capability. It’s whether the will is there and whether the accountability is there to try and push back against these sort of measures.

Nick James:

Very, very somber, isn’t it? I mean, on a similar theme, do you agree with the sentiment that the new powers to restrict protests in the UK in particular mean that we’re in dark days for democracy?

Annie Machon:

Absolutely, yes. Because if we don’t have the right to protest or we don’t have the right to protest freely to ingest the information we need to educate ourselves in order to get the desire to protest in the first place, without feeling that we’re being snooped on, without feeling that we’re being sped on by police or by CCTV cameras and remote facial recognition, AI, which are notoriously dodgy when they’ve been trialed by police in the UK, particularly in Cardiff and London, yes, it will inhibit people’s protest and their right to protest within a democracy going forward. Now, for example, I mean, this started way back. I mean, I don’t know if you remember the Occupy movement in 2010, 2011, global frustration about the financial meltdown and capitalism. And even then these powers were being trialed.

Annie Machon:

So for example, you might want to object to war, the Russian invasion of Ukraine. You might be a peace activist. You might want to support Black Lives Matter or climate change radicalism or something like that. At the moment, it is all legal under the UK constitution and European constitutions. However, if for example there is another form of societal meltdown, and you mentioned the risks of climate change and financial meltdowns and war and all that thing, if that were to lead to new laws being pushed through by our national governments or by international organizations that crack down on our right to protests, crack down on our freedom of expression, we might find that because we have been recorded protesting now about something which is legal to protest against now, we might then in the future have this information which has been held used against us because we will no longer be activists or protestors, we might be recategorized as domestic extremists or terrorists.

Annie Machon:

Now, if this sounds fanciful, I want to loop back to the London Occupy movement in 2010 and 11 in the city of London. And it was basically a bunch of tents of protestors who squatted outside St. Paul’s Cathedral for a few weeks. Most of them were smoking a bit of pot and it was all a bit of fun. But a letter went out, and it was leaked, a letter went out from the city of London police to all the big financial organizations based in that area, and they actually said that they should be wary of these protestors because they were indeed deemed be, and this is going back a decade, domestic extremist/terrorists. So even back then what you were doing legally then can now be held potentially in the future against you. And this is how a democracy spirals down into a police state. And we all need to be very wary of that, not just from the technological side and surveillance side, but also from the legalistic side and laws that parliaments bring in. And I think that’s something that needs to be folded in together as we go forward assessing risk.

Nick James:

Thank you. You talked about… Well, we both talked about technology and obviously digital innovation has accelerated unbelievably quickly over the last couple of years. I’d like to ask you about tech for good. Do you think technology can improve the wellbeing of society? And if so, how?

Annie Machon:

I absolutely do. I mean, this was the utopian ideal of the early tech developers when the internet was nascent, when the world wide web was being developed. And this is exactly how those developers saw technology being used for the common wealth globally, for the common good globally. And this is what’s been hijacked, you see by all these surveillance powers and by these monopolistic corporations that harvest our data for private profit, but it can be used for good, and we can still take back some of that power. Now one of the things that I find fascinating, and I’ve been an advocate for this for well over a decade now, I think 15 years, is open source technology, rather than relying on closed proprietary software. I won’t name names, but I think we all know which of the two big corporations that have sold this technology, the software around the planet, and they are monopolistic and they are closed, which means we don’t know what’s going on under the hood.

Annie Machon:

We can’t see the code. We can’t see if there are any nasty back doors that might have been placed in there by one, hackers, or criminals, or the surveillance agencies, the intelligence agencies. But if you move on to open source software, Linux of any flavor, and I would advise this not just for individual users and people who want to protect their families, but also for corporations and governments, it means that all the code is out there in the open, so a global community of open source developers will keep checking this code, checking for nasty back doors, checking for attacks from criminals, checking for intelligence attacks. And that means that these vulnerabilities can be immediately eradicated rather than having to wait for some security update or patch from any of the big corporations. So I think that is a very good technological thing that we can do both individually and societally.

Annie Machon:

The other problem, though, when we’re talking about this, is the hardware. So you can protect your software as much as you want, but in terms of the hardware, there are problems there too, because we know, again, through Edward Snowden’s disclosures way back at the end of 2013, that all hardware made since 2008 has back doors built into it. And we’re not just talking about computers or the phones, we’re talking down to USB cable, for example, that can be used to hack and attack. So one of the things I’m seeing now, because one of the areas I’m getting very interested in is tech sustainability. So yes, it’s good to look at the software, but also these companies are now looking at ethically sourced, renewable, but also protected hardware. And I think companies such as those need to be supported and this area needs to be investigated much more thoroughly by all of us who are interested in our online security.

Annie Machon:

Finally, I would mention, you said very kindly in your introduction that I’m director of the World Ethical Data Foundation, and we do a lot of research and development into these sorts of areas too. So one of our projects is… The working title is Freedoms Index, which is to develop a new way of allowing access and storage, future proof storage, for anyone around the world, in any language to access information about human rights and human rights abuses as they happen. So this is a huge subject that we are trying to grapple with, and we have got the technological solutions now sorted out, and this will be a tool that can future proof any sort of information going forward, but we want to start off with human rights.

Annie Machon:

So if you’re a female journalist of Afghanistan, now in swathes again in a burka, you can still document potentially information that might be relevant and important when it comes to the human rights debate and put it on the system, it won’t be lost. Or we can pull together various silos of discrete information so people can cross reference and learn and become activists or campaigners or lobby their governments without having to redefine the wheel every time and thereby make the same mistakes as previous pressure groups have, but can move forward much more quickly.

Nick James:

Thank you. I’m moving now to the more corporate environment, and according to a recent survey by Deloitte geopolitics has become the top risk facing chief financial officers in particular at the UK’s largest companies. Do you think these risks now eclipse Brexit and the pandemic?

Annie Machon:

Absolutely. Yes. I mean, geopolitics has always cast a spanner in the works of any forward planning for any big globalized corporation, but the world is so unstable at the moment because it’s not just the the Russian invasion of Ukraine or what might be going on with China or what might be going on in the Middle East or new terrorist groups that might be popping up or whatever it is, but that causes massive instability to the markets. And I think also because there was so much faith put into the idea of cryptocurrencies being the palliative to all these woes, it would provide stability and it would ensure continuity, and that of course is tanking at the moment as we speak. So that is a problem, I think, for any financial officer of any big corporation.

Annie Machon:

But I think the key problems are war and terrorism of whatever flavor of between whichever countries. We all talk about Russia and Ukraine, but the war in Yemen and across great swathes of the Middle East and North Africa and Central Asia continue to this day since the War on Terror started way back in 2001, but also the imposition of massive sanctions. I mean, what Russia has done is egregious, but the massive sanctions are destabilizing and impoverishing not just Russians and Russia, but of course all these service corporation, service companies and service sectors that have been servicing the Russian oligarchs and Russian wealth across the West over the last 20 years. So that is destabilizing too. So sanctions are a never foreseen problem until a country does something stupid.

Annie Machon:

And also I think finally the supply chain issue is a huge problem, too. Wars destabilize that. They make it increasingly difficult. And there are shortages across every sector now, not just food and things, but up to and including Silicon chips. So you hear horror stories about big car corporations buying washing machines in bulk to strip out the chips in the washing machines and just dumping them so they can put in their cars, otherwise they can’t sell the car. So the supply chain issue as well, I think is a huge headache. So I have huge sympathy for any chief financial officer in any big globalized corporation because they are going hit one way or another.

Nick James:

So as I said at the beginning, our strap line for #RISK is risk is now everyone’s business, and one topic that keeps coming up is that the departments and functions still operate in organizational silos, and these silos can, as we all know, easily lead to poor decision making or even decision fatigues. In your experience, how do we or how should we combat this?

Annie Machon:

Yank everyone out of their silos. Simple answer. This is one of the things we do at the World Ethical Data Foundation as well with the forum too, is to bring a mash up of different subject areas that wouldn’t necessarily even be aware that they should be talking to each other, and to allow them the chance to talk in good faith and come up with creative solutions in good faith. And I think people like to get stuck into their expert comfort zone, the silos, and it becomes a bit of an echo chamber. People always complain about Twitter being an echo chamber, which it is, but that also applies in any sector, be it law, be it journalism, be it finance, business, whatever. So you might go out and you might network and you might meet interesting people, but they are generally going to be within your field, and you don’t get the chance to meet people who you might perceive to be antagonistic and have a chance just to talk through and find common ground and common human understanding about the problems and come up with the creative solutions.

Annie Machon:

And I think also… And I speak as someone who’s been doing a lot of media interviews for the last 25 years across all sorts of different media across the world. You also get an expectation, usually culturally, that when you appear in order to get the viewing rates, in order to get the clicks on the internet, you are expected to be antagonistic and headbutt because that makes for good media, they think. I totally disagree. I completely like the idea of having a chance to meet interesting people, even if they might be in a completely different trajectory from me, and just talking to them and finding out why they think their position is right, why do I think my position is right and trying to find a common ground in order to move forward productively.

Annie Machon:

So I think it’s always good to have organizations like yours and like mine trying to breach those silos and trying to get people to think differently. So for example, you might be a tech journalist, have a chance to talk to a philosopher about tech ethics or something like that. It’s just broadening your horizons rather than feeling too safe. This is something I’ve had to learn the hard way over the last 25 years since the whistleblowing, but I never regret it and I’ve met some amazing people and built up some amazing networks. So it’s always fun to do that and get yourself out of comfort zone.

Nick James:

I think that would’ve been an equally good strap line for us, yanking people out of their silos.

Annie Machon:

Machon’s elegant language, I know. Sorry.

Nick James:

No, I like it. I like it. And finally, and this and finally question has a number of parts to it, I guess, and it’s a question I’m asking a lot of people. First part is do you think the pandemic has made you better prepared and more resilient or made us better prepared and more resilient to weather unforeseen shocks or has it numbed us? And finally, and on a personal basis… On a business basis, as opposed to a personal basis, what would keep you up at night?

Annie Machon:

Yeah, I think COVID, from my perspective… I’ve worked from home for a couple of decades anyway, so that didn’t make a huge difference. What it did make a difference for me was not being able to travel and network and meet people at different conferences and speak at conferences and things like that. So the lack of human interaction I think was quite difficult. But having said that, with my rather turbulent past of whistleblowing and living in exile and having to go through court cases and face the media and deal with it, keep evolving all the time. I think I’ve always been pretty resilient anyway. So it’s just, yes, another thing to deal with.

Annie Machon:

In terms of societally though, I think it probably has. There was a sense, certainly at the beginning, when it felt like there was this new plague and everyone was locked down and everything, and yet it brought communities together and had people singing across to each other from balconies, and we had the clapping for the NHS and all that sort of stuff. So it began to bring these communities together. And I would hope that sense of support will not ever go away again.

Annie Machon:

I think in terms of tech, that is slightly more problematic because as we all had to work from home, the choice vanished from our lives of which apps we had to use or which we chose to use. So in the past it was down to us. I chose not to use WhatsApp, I didn’t trust it. Other people loved it and that sort of thing. Whereas now I’ve been forced particularly to use Zoom all the time for meetings, and I don’t trust that software either, but I’ve got no choice. So it’s taken that choice out of all our hands. And that’s why I advocate very strongly that everyone should be thinking about the surveillance and the three key threats of surveillance, the criminals, the intelligence, and corporates, because that has made their lives much more easy to predate on all of us. So that would be the key thing. Sorry, what’s the very last point?

Nick James:

The last point is from a business point of view, what would keep you up at night?

Annie Machon:

I think from my perspective, the more I learn about sustainability, and the more I learn about supply chain breakdowns and things like that, and the more I learn about corporate data harvesting, those are the sort of issues that do keep me worried. And this is why I have spent so many years learning about this stuff, speaking out about this stuff, and campaigning around this stuff. So I suppose my brain is always too full of different ideas and the overlaps and the interlocking and everything like that, but I think what I…

Annie Machon:

How I try to cope with that is one, at the political level, where you go and you talk to equally concerned politicians who might be able to nudge the legalities in a little different direction, to talk out and have conversations and speak out and campaign widely on a wide variety of issues to try and nudge the cultural tanker a little bit more so that people can start thinking about these issues rather than just thinking, “Hey, I’ve got a lovely smartphone. I can do whatever I want on it. I can live my life through it, and it’s completely convenient.” Yes, but it’s completely not private sort of aspect.

Annie Machon:

And I think just personally spreading the word and working with so many lovely people across the generations. That is something that I found incredibly satisfying. So I’m in my 50s now, and a lot of my campaigning friends are very expert in these fields might be in their 70s or 80s, and yet I’m now working as well with a number of younger people and interns, even, in their 20s and 30s who don’t have that backstory of back history that, but we can teach that, we can pass that on so that they can learn these lessons going forward, and the lessons of history are not thereby lost. And I think that’s very important for all of us to try and do on a personal level, a corporate level, and societal level, to protect our way way forward, and democratic way forward.

Nick James:

Annie, thank you so much. That’s been fascinating and I’m really, really looking forward to meeting you in person in London in November. Thank you very much, indeed.

   Pre-register for #RISK

With over 200 exhibitors, keynote presentations from experts and thought leaders, panel discussions and breakout sessions #RISK will be the largest gathering of its kind in 2022.

#RISK    will focus on how a   comprehensive GRC programme enables risk leaders, lines of business and the C-suite    to mitigate risks, reduce compliance breaches and improve business performance.

VIEW THE TOPICS & AGENDA

#RISK Founder Nick James in conversation with Annie Machon