Find a Security Clearance Job!


Operations - Security Service MI5

Each year the Security Service submits its analysis of the various threats and, thus, its priorities and plans for the future, for scrutiny and validation by an inter-departmental Whitehall committee. This committee, known as SO(SSPP), also reviews the Service's performance against the previous year's plans. It is a sub-committee of the Official Committee on Security (SO), 'SSPP' standing for 'Security Service Priorities and Performance'. Its terms of reference include the review of the Service's performance against plans and objectives, and examination of future Security Service priorities. The committee is chaired by the Home Office and its membership comprises senior officials drawn from a range of departments with particular knowledge of the Service's work in countering threats.

The Security Service is not the only organisation with responsibilities bearing on national security, or involved in collecting intelligence about security threats. Others play important roles within their own specific functions, notably the Secret Intelligence Service (SIS), Government Communications Headquarters (GCHQ), Departments of State and the law enforcement agencies. The Security Service works as an integral part of the UK's overall intelligence effort, alongside SIS and GCHQ. The three agencies assist one another in the pursuit of their functions. The Service is in close contact with relevant departments in its work, particularly the Home Office, Foreign and Commonwealth Office, Ministry of Defence and Northern Ireland Office. There is a close operational relationship between the Service and UK police forces, who are responsible for taking many of the actions arising from the Service's work. The Service also cooperates closely with other UK law enforcement bodies, such as HM Customs and Excise, and with the armed services. Overseas, the Service receives assistance from a wide range of foreign security and intelligence services (nearly 100 in all). These productive relationships are key to the Service's ability to tackle threats to UK interests internationally.

The particular role of the Security Service is to:

  • investigate - to obtain and then to collate, analyse and assess secret intelligence about threats;
  • counter - to act, and enable others to act, to counter specific threats;
  • advise - to keep Government, and others as appropriate, informed of the threats, and to advise on the response, including protective security measures;
  • assist - to provide relevant assistance to other agencies, organisations and departments.

In its approach to its work the Service aims to achieve a strategic advantage over the 'targets' of its investigations. Over time, the Service seeks to build up a detailed body of knowledge about target organisations, their key personalities, infrastructure, plans and capabilities. This enables the Service to assess the level and nature of the threat they pose which, in turn, informs the further deployment of intelligence resources to counter their activities. This is a cyclical process involving adjustments being made continually on the basis of new intelligence or events.

The assessment of threats is thus a central and distinctive component of the Service's work and provides the basis of decisions about resource allocation, counter-action and protective measures. The Service's judgments about the magnitude of the various threats to national security, and hence the distribution of the Service's efforts, are subject to scrutiny and validation by a senior inter-departmental committee (SO(SSPP)) and then by Ministers. Similarly the Service's judgments on its priorities are adjusted in the light of the national requirements for intelligence drawn up by the Joint Intelligence Committee (JIC) which are also approved by Ministers.

Sources of Intelligence

In carrying out its statutory functions the Service draws on the following principal sources of secret intelligence:

  • the interception of communications;
  • eavesdropping, which involves covertly monitoring the speech of targets under investigation;
  • surveillance (following and observing); and
  • agents within target organisations.

In Security Service terminology an 'agent' is a human source working within or close to a target organisation, who provides intelligence in secret to the Service. Agents are not members of the Service.

At any one time the Service may be conducting many investigations, but only a few will draw on the full range of techniques. In planning deployments, the Service aims to operate with the minimum of intrusion and expense, and in proportion to the threat. In complex investigations, several different techniques will be used in combination, and much of the skill lies in deciding the most effective blend.

Organisations which pose a threat to national security often go to considerable lengths to prevent and detect efforts to investigate their activities. The Security Service aims to gather intelligence while ensuring that the targets under investigation remain unaware of the Service's interest in them. Clearly there is a need to prevent the compromise of a potentially successful investigation while it is running, but the Service also needs to look to the future. Keeping secret the details of intelligence methods is important if the Service is to retain them for use in future intelligence operations. Secrecy is also vital to ensure the safety of individuals, including agents.

The Security Service Act makes the Director General responsible for ensuring that there are effective arrangements within the Service to control the acquisition and disclosure of information. A major aspect of this control is a structure of internal mechanisms designed to ensure that the Service responds only to genuine threats, and does so with proper regard for the law, proportionately to the threat, and with appropriately senior authorisation for intrusive measures. These essential safeguards are also designed to allow fast-moving investigations to proceed swiftly, with proper authorisation, but without being hampered by unnecessary bureaucracy.

Operations under Interception and 'Property' Warrants

Operations to intercept mail and communications on the public telecommunications network must be specifically authorised by a warrant signed by the Secretary of State under the Interception of Communications Act 1985 (IOCA). Interception warrants may only be issued if the Secretary of State considers that the warrant is necessary in the interests of national security, or for the purpose of safeguarding the economic well-being of the UK against threats from overseas, or in order to prevent or detect serious crime.

The Intelligence Services Act 1994 provides for the issue of 'property' warrants by the Secretary of State. The effect of a property warrant is to authorise otherwise unlawful entry into, or interference with, someone's property - for example, for the purpose of eavesdropping or conducting a clandestine search. Property warrants may only be issued if the Secretary of State is satisfied that the proposed action is necessary on the grounds that it is likely to be of substantial value in assisting the Service to fulfil its functions, and that what the action seeks to achieve cannot reasonably be achieved in another way. It is usually the Home Secretary who issues interception and property warrants for the Security Service.

All intended operations of this sort are subject to extensive scrutiny both within the Service and outside, for example at the Home Office. Final authorisation is a matter for the Secretary of State and is only given on the basis of a formal submission which contains a detailed account of why the warrant is required. The submission also sets out the nature of the threat, the intelligence background, and confirms that the scope of the operation falls within the statutory functions of the Service. Applications for warrants must be approved by senior managers within the Service, and are then scrutinised by senior officials before submission to the Secretary of State. Arrangements are in place for the most urgent cases to be processed quickly.


Agents represent one of the most important sources of secret intelligence. Agent operations are run by specially trained officers and can last for long periods, sometimes for many years. The Service attaches particular importance to ensuring that its agents - many of whom are inevitably at risk through their work for the Service - are managed securely. Management arrangements for agent operations are also designed to make sure that the case is kept under proper control, drawing on advice from the Service's legal advisers as necessary. For instance, a key objective is to avoid placing the agent in the role of agent provocateur, by enticing those on whom he or she is reporting to commit criminal acts which they would not otherwise have committed.

The Service pays close attention to the personal welfare of its agents, both during their agent career and after their active work for the Service has ended.


Surveillance operations involve the covert observation of targets under investigation in order to obtain intelligence about their movements and the identities of those with whom they are in contact. Surveillance is carried out by highly skilled, specialist officers who may work in vehicles, on foot or from fixed observation posts. The Service's surveillance section is practised at operating in concert with others, particularly the police.

Information Management and Record-keeping

Intelligence operations rely on high quality record-keeping and information management systems. Some intelligence leads are too fragmentary or imprecise to be of immediate value. Nevertheless, small details - for example, of the membership and modus operandi of target organisations - are important because they provide the raw material on which the assessment of individual threats is based, against which new intelligence is judged, and from which further investigations can be developed. The Service's record-keeping is central to supporting the capacity for sustained, integrated research and analysis which underpins all of the Service's work.

The Service's records include both paper files and computer records. Paper files remain for the present the main working documents of the Service, but computer-based documents are becoming increasingly important. The Service also makes extensive use of computer systems for the indexing and retrieval of its records. No government department or other agency has access to the Service's databases, although the relevant authorities will be given access as necessary to specific information for the purpose of court cases. Within the Service there are additional controls which limit access to particularly sensitive data relating to the Service's operations and investigations. Detailed criteria govern the opening of files on individuals and organisations. These criteria specify the circumstances in which opening a file and initiating enquiries are justified within the terms of the Service's statutory functions. They are kept under continual review and are formally checked for currency, relevance and propriety on an annual basis. In his report to Parliament for 1991, the Commissioner under the Security Service Act described in detail the Service's controls on its files.

The Service currently holds in total about 440,000 files which have been opened at some time since its establishment in 1909. Of these, approximately 35,000 files relate to Service administration, policy and staff, and 40,000 concern subjects and organisations studied by the Service. About 75,000 files relate to people or groups of people who have never been investigated by the Service such as those who have received protective security advice. This leaves about 290,000 files which relate to individuals who, at some time during the last 90 years, may have been the subject of Security Service enquiry or investigation. Of this 290,000 some 40,000 have been reduced to microfilm and placed in a restricted category to which Security Service staff have access only for specific research purposes. A further 230,000 files are closed so that staff may use them where necessary in the course of their current work, but may not make enquiries about the subjects of the files.

Therefore the great majority of the Service's file holdings do not relate to individuals who may be under current investigation by the Service. The number of files which fall within that category is around 20,000. Of that number, about one third relate to foreign nationals - typically members or associates of foreign intelligence services or terrorist groups, leaving approximately 13,000 active files on UK citizens.

Retention and Destruction of Files

The Service must take account of a number of potentially conflicting factors when considering the long-term retention of files which are no longer of current interest. There are some specific legal requirements. First, the Service has a responsibility to provide the Security Service Tribunal with any details it requires of enquiries made about a complainant, or of any disclosure made for vetting purposes, since the Security Service Act came into force in December 1989; relevant records must therefore be retrievable. The Service must also comply with the requirements of the Public Records Act 1958 in identifying records of historical interest for permanent retention and eventual transfer to the Public Record Office. In practice, this means retaining files for future release that would otherwise have been destroyed as obsolete. The Service receives advice from the Public Record Office in judging which files to retain on historical grounds.

In November 1997 the Service transferred to the Public Record Office the first tranche of its own historical archives: its surviving records from the First World War. In considering the release of historical papers, the Service must take account of the need to protect former staff and agents. It remains a fundamental principle that the identities of agents must be protected. Privacy issues are also important. The Service must consider carefully whether it is proper to release into the public domain intelligence records which may reflect adversely on an individual who was suspected of criminality (for example, as a possible spy) but was never tried in court. Aside from these specific requirements, the general principle underlying the Service's file retention policy is that it seeks to retain only those records which will assist it in fulfilling its functions under the Security Service Act. The Service therefore keeps under review whether it might need its older records to fulfil its functions at a later time, such as for future investigations prompted by new intelligence. There is a balance to be struck between the possible intelligence value of retaining files and the need to ensure that files are not kept unnecessarily.

In the period between the Service's formation in 1909 and the early 1970s, large numbers of files (well over 175,000) were destroyed as they became obsolete or following a major contraction in the Service, most notably after the two World Wars. This sometimes caused problems, for example in the late 1960s when the Service faced difficulties investigating some spy cases because relevant records had been destroyed. It therefore became the Service's policy to retain records indefinitely. However, in the early 1990s, following the collapse of Soviet communism and the associated decline in the threat from subversion, the review and destruction process was reinstated. Since then, more than 110,000 files have been destroyed or earmarked for destruction. The files under review for possible destruction have included those opened for counter-subversion reasons, and retained because Soviet and Warsaw Pact intelligence services had in the past sought to recruit spies from within certain subversive groups.

Intelligence as Evidence and the Law of Disclosure

Since 1992 the Service's work has led to its becoming increasingly engaged in the criminal justice process. Intelligence material has been either adduced in evidence, or disclosed to the defence as 'unused material'. This has happened principally in the context of the Service's counter-terrorist work. Security Service officers gave evidence at nine trials between 1992 and April 1998, all of which led to convictions. The duty of prosecutors to make material available to the defence in criminal cases is set out in the Criminal Procedure and Investigations Act 1996. The Act recognises that the duty of disclosure must accommodate the need to protect sensitive information, the disclosure of which could damage important aspects of the public interest, such as national security. However, it is the courts - not the Service or the Government - that ultimately decide what must be disclosed in particular cases.

When planning and carrying out intelligence investigations that may lead to a prosecution, the Service has constantly in mind the requirements of both the law of evidence and the duty of disclosure. Security Service officers, working closely with members of law enforcement agencies, seek to ensure that operations are properly coordinated with a view to the possible use of the intelligence as evidence in court. For these reasons, as well as to ensure proper internal controls, the Service keeps detailed records of its operations, including all meetings with agents, eavesdropping, search and surveillance operations.

Where an investigation leads to a prosecution, the defence must be provided with material as required by the 1996 Act. Prosecuting counsel considers the Service's records and advises which of them are disclosable. If disclosure would cause real damage to the public interest by, for example, compromising the identity of an agent or a sensitive investigative technique, the prosecutor may apply to the judge for authority to withhold the material. Such applications take the form of a claim for public interest immunity (PII).

Claims for PII in relation to Security Service material are made by a certificate signed by the Home Secretary. In deciding whether a claim is appropriate, the Home Secretary carries out a careful balancing exercise between the competing public interests in the due administration of justice and the protection of national security. This exercise takes account of detailed advice from prosecuting counsel as to the relevance of the material to the issues in the case. If the Home Secretary considers that the balance comes down in favour of non-disclosure, a claim for PII will be made. But the decision on a PII claim is one for the judge alone. If a claim is successful, the judge will keep the decision under review throughout the proceedings.


The Service's direct access to a network of national and international links is fundamental to its work. The Service liaises closely with a range of organisations and government departments both in the UK and overseas.

The Director General is appointed by the Home Secretary, in consultation with the Prime Minister, and the Service therefore has regular dealings with officials at the Home Office. The Service also has close links with the Foreign and Commonwealth Office, the Cabinet Office, the Northern Ireland Office, the Department of Trade and Industry and the Ministry of Defence, and advises all government departments and agencies on protective security matters. The central mechanisms for the coordination and resourcing of the UK's intelligence agencies are based in the Cabinet Office.

For GCHQ and SIS, the Joint Intelligence Committee (JIC) agrees the intelligence requirements and tasking to be laid upon them and these are submitted to Ministers for approval. These requirements are then reviewed annually in a process managed by the Intelligence Coordinator, and performance against them is reviewed at the end of each year by the JIC and by Ministers. The Director General is a member of the JIC. The Security Service contributes intelligence on some of the JIC's requirements, such as those relating to terrorism, but its overall priorities are determined not by the JIC but by its statutory remit to counter threats. In recognition of this, the Service's plans and priorities are validated and its performance reviewed annually by a separate Cabinet Office inter-departmental committee established for the purpose, called 'SO(SSPP)'.

Intelligence Agencies

The Security Service works closely with both SIS and GCHQ, whose statutory basis derives from the Intelligence Services Act 1994. The three agencies have different but related functions. The range of mutual assistance is wide, and is based on a closeness of relationship that promotes cooperation when a particular result can be achieved more effectively or more efficiently with another's help. For example, Security Service and SIS resources are shared in some support areas to avoid duplication. More formally, the Security Service is one of the many departments that place tasking on SIS and GCHQ through the JIC machinery to collect certain categories of intelligence. In the Service's case, this is intelligence relevant to the Service's functions to add to its own collection efforts. The Service is a major customer for intelligence produced by SIS and GCHQ in areas such as terrorism.

Police and other Law Enforcement Agencies, and the Armed Services

The Service also works closely with the UK's 55 police forces, particularly their Special Branches, and with other law enforcement agencies, such as HM Customs and Excise, and the National Criminal Intelligence Service. The Service receives assistance from the police in many areas of its work, provides information and assessments to them on the current threats, and collaborates closely with them in investigations which may result in criminal proceedings.

The Service provides support to the police in two main areas: in the field of serious crime, the Service works exclusively in support of the police and other law enforcement agencies; and in Northern Ireland the Service provides support to the Royal Ulster Constabulary, which has the lead role for intelligence work on terrorism related to Northern Ireland. (The Service has the equivalent role for all aspects of terrorism outside Northern Ireland.) The Service also works with the armed services on a range of security matters.

With Foreign Security and Intelligence Services Although the Service is charged with protecting national security as it relates to UK interests both in the UK and overseas, its primary focus is domestic and most of its staff are based in London. In many areas of its work it in consequence relies heavily on the support of SIS and seeks assistance from foreign security and intelligence services. To this end, the Service has links with nearly 100 services worldwide.

Executive Powers

The Security Service is a civilian organisation and its officers have no executive powers, such as the authority to detain or arrest people. It is not a 'secret police force'. Security Service investigations are shared with the police or other law enforcement agencies when there is a prospect of the arrest of people who are committing or planning criminal offences. In recent years, the Service has developed and applied procedures which enable its intelligence to be admitted as evidence in criminal proceedings. In addition, the Service may recommend to the Home Office or to the Foreign Office that known terrorists or foreign intelligence officers, for example, be refused entry to the UK, or be deported or expelled. However, the decision whether to do so lies outside the Service.

The Geographical Remit of the Security Service

Media reporting sometimes reveals confusion about the geographical scope of the Service's work. Threats to national security often come from abroad - for example, from foreign intelligence services or from foreign terrorist groups. Moreover, the scope of national security extends beyond the British Isles: British interests worldwide include diplomatic premises and staff, British companies and investments, and British citizens living or travelling abroad. Security threats to British interests anywhere in the world fall within the scope of the Service's functions as set out in the Security Service Act. In dealing with security threats overseas the Service cooperates closely intelligence agencies.


The Service does not kill people or arrange their assassination. It is subject to the rule of law in just the same way as other public bodies.

The Service's Role in Employment Vetting

The Service's role in the vetting of candidates for employment in sensitive posts is based solely on checks against its records. Decisions on employing staff are the responsibility of the department concerned and the Service does not investigate or interview candidates on their behalf. The Security Service Act stipulates that the Service may only disclose information for use in deciding whether someone should be employed in sensitive work if it does so in accordance with arrangements approved by the Home Secretary. If, on checking, the Service finds that it has a substantial and relevant security record on an applicant, it may provide a summary assessment of the security information. However, the mere existence of a Security Service record does not necessarily mean that an assessment will be made. There is no 'blacklist'.

Whitehall 'Leak' Inquiries

The Service does not carry out inquiries into leaks of information from Government, except where national security may be affected. As part of its protective security role, it does give advice to Government on security policy and practice and its protective security section 39 carries out audits of security arrangements within other departments on request. But it has no 'policing' role.

Trade Unions and Pressure Groups

It has often been alleged that in the past the Service systematically investigated trade unions and various pressure groups, such as the National Union of Mineworkers and the Campaign for Nuclear Disarmament.

The Service has never investigated people simply because they were members or office-holders of trade unions or campaigning organisations. But subversive groups have in the past sought to infiltrate and manipulate such organisations as a way of exerting political influence. To fulfil its function of protecting national security, the Service therefore investigated individual members of bona fide organisations when there were grounds to believe that their actions were "intended to overthrow or undermine parliamentary democracy by political, industrial or violent means". The Service investigated the activities of the subversive groups, but not the organisations they sought to penetrate.

When the Security Service Bill was debated in Parliament in 1988, the then Home Secretary, Douglas Hurd, spelt out the basis for the Service's work in this area:

"It does not matter if . . . people have views on the structure or organisation of Parliament or if they are involved in seeking to change industrial practices in this country or to negotiate a better deal if they are members of trade unions, or if they seek to challenge or change the Government's policies relating to defence, employment, foreign policy or anything else . . . Its [the Service's] sole criterion in relation to a subversive threat is whether there is a deliberate intention to undermine parliamentary democracy and whether that presents a real threat to the security of the nation."

The subversive threat to parliamentary democracy in the UK is now negligible and the Service accordingly has no current investigations in this area.

The Royal Family, Ministers and other Public Figures

The Service is sometimes alleged to be responsible for routinely monitoring the private lives of people because they have a high public profile, including members of the Royal Family, Government Ministers, and Members of Parliament. This is not the case. For example in 1993, the Prime Minister, John Major, confirmed that the Service had had no involvement in any interception of the communications of members of the Royal Family.

The Service only investigates individuals whose activities fall within its statutory remit under the Security Service Act.

The 'Wilson Plot'

In his book Spycatcher, the former Security Service officer Peter Wright claimed that up to 30 members of the Service had plotted to undermine the former Prime Minister Harold Wilson. This allegation was exhaustively investigated and it was concluded, as stated publicly by Ministers, that no such plot had ever existed. Wright himself finally admitted in an interview with BBC1's Panorama programme in 1988 that his account had been unreliable.

Sir Roger Hollis

It was claimed that former Director General of the Security Service, Sir Roger Hollis, was a Russian spy. The Trend inquiry of 1974 cleared Hollis of that accusation. Subsequently, the evidence of the former KGB officer Oleg Gordievsky confirmed this judgment.

Illegal Telephone Tapping

The Service does not tap telephones illegally. In carrying out interception it fully complies with the provisions of the Interception of Communications Act 1985.

Access to Security Service Files

No member of the public is permitted to see any Security Service files, except for historical records which have been declassified and released by the Public Record Office. Confidentiality is essential to protect details of investigational and operational techniques and to maintain the effectiveness of the Service. The dangers that would be posed by, for example, members of terrorist groups or foreign intelligence services embarking on 'fishing expeditions' in the Service's records are obvious. However, under the Security Service Act, anyone who is "aggrieved by anything which he believes that the Service has done in relation to him" may complain to the Security Service Tribunal. The Tribunal has access to any information it requires to adjudicate on a complaint.

Join the mailing list