The first part of Nafeez Ahmed’s major investigation into the money, men and motivation behind a massive move into medical data.
The COVID-19 public health crisis is enriching a murky nexus of technology surveillance firms linked to senior Government officials – at the expense of people’s lives. The financial adventures of a former MI5 spymaster and the medical fantasies of Boris Johnson’s top advisor point toward an unnerving endgame: an artificially intelligent (AI) corporate super-state, with a special focus on NHS genetic research inspired by eugenics.
The tale begins with Britain’s security services – and ends with Dominic Cummings. It uncovers the extent to which democracy and public health are now under threat from a series of Government failures rooted in a bankrupt ideology, influenced by the modern relics of scientific racism.
On Sunday 12 April, the Government announced that the NHS would be launching a new COVID-19 contact tracing app. Since then, there has been a flurry of analysis and commentary on the urgent privacy questions posed by this development. But, missing from these questions, is a much wider context which throws light on why the Government failed so dramatically to avert an unprecedented public health catastrophe – which has left the UK with the second-highest COVID-19 death toll in the world.
On the same day that the contact tracing app was announced, former MI5 Director-General Lord Jonathan Evans argued that existing technology used in counter-terrorism and organised crime probes could be used to augment the app being developed by NHSX, the NHS subsidiary focused on digital innovation.
Lord Evans, who headed up Britain’s domestic security service from 2007 to 2013, currently leads the Government’s public standards watchdog and is thus a top advisor to Prime Minister Boris Johnson on ethical standards in the public sector.
“Tough surveillance powers are acceptable where there is equally tough oversight and accountability that ensures the powers are applied lawfully, proportionately and only where necessary,” he wrote in the Sunday Times. “This is now the case for anti-terrorism and the same must apply to health.”
More than a week earlier, Health Secretary Matt Hancock had already granted GCHQ access to NHS data, specifically on the grounds of cybersecurity.
What the former spymaster didn’t say is that, just last year, the Investigatory Powers Commissioner’s Office (IPCO) found that MI5 had broken the law in relation to surveillance safeguards designed to limit the sharing and storage of intercepted data. The private data of millions of ordinary citizens could have been shared with foreign governments under opaque and unaccountable ‘national security’ protocols.
Lord Evans is also connected to a burgeoning private cybersecurity industry which has long aimed to exploit the creeping privatisation of the NHS for profits. In fact, he is connected to three giant corporations which are presently profiting from major contracts with the NHS.
From Spy Chief to Lobbyist
Lord Evans’ journey from MI5 Director-General to senior corporate advisor is not particularly unique when compared to the trajectories of his predecessors and successors in the same role. But it provides a window into how the UK’s national security industry is profiting from the piecemeal privatisation of Britain’s public health infrastructure.
According to DeclassifiedUK, an investigative journalism platform focused on British national security issues, Britain’s former spy chiefs have regularly gone on to lobby government for the private sector. This has resulted in the Government investing millions of pounds of taxpayers’ money in ‘national security’ private contractors – which have weakened the state’s pandemic preparedness while prioritising far lesser threats.
The COVID-19 pandemic is now accelerating this process as the Government grants unprecedented power to private technology firms with little transparency.
During his 33 years in Britain’s domestic security service, Lord Evans played a key role in the agency’s counter-espionage and counter-terrorism policies, heading up its counter-terrorism division for the duration of the post-9/11 ‘War on Terror’. In 2009, as deputy head of MI5, he distinguished himself by justifying the agency’s ties to foreign regimes torturing terrorism suspects to provide intelligence to MI5 and MI6.
The same year that Lord Evans retired from MI5 in 2013, the UK Cabinet Office’s National Risk Register warned that a pandemic was “the most significant civil emergency risk” – a higher priority even than catastrophic terrorism or coastal flooding.
Following his MI5 career, Lord Evans became a lobbyist for a private national security industry that largely failed to protect Britain from this risk. He moved rapidly to take up lucrative positions in the financial services industry, including remunerated positions at Accenture, Deloitte and HSBC.
Bagman for GCHQ-Seeded Spy Venture
By September 2013, he went on to join the advisory board of Darktrace, a $1.65 billion AI-based cybersecurity firm which was ‘founded’ by UK intelligence officials earlier that year, and the core technology of which was originally conceived by Britain’s version of the NSA – the electronic surveillance agency GCHQ, which has just obtained unprecedented access to NHS information systems.
According to detailed analysis by DeclassifiedUK, Darktrace has an almost symbiotic relationship with the UK and US intelligence communities, with staff members coming from GCHQ, MI5, MI6, the UK Ministry of Defence, the UK military and special forces.
Documents from the Government’s Advisory Committee on Business Appointments (ACOBA) – which is supposed to regulate conflicts of interest for outgoing government officials – confirm that, at the time of his departure in 2013, Lord Evans was granted approval by then Prime Minister David Cameron “to become personally involved in lobbying the UK Government on behalf of his new employer” – namely Darktrace – after two years of his last day of service.
Matt Hancock is a long-time fan of the GCHQ-seeded company advised by Lord Evans. In 2017, Darktrace was a lead member of a UK trade delegation to Singapore led by Hancock in his capacity as then Digital Minister. That year, it emerged that one of Darktrace’s new clients was “an NHS agency”, which was reportedly protected from the WannaCry malware attack by its ‘Enterprise Immune System’ technology.
In July 2018, Hancock became Health and Social Care Secretary – and Darktrace continued to follow him into the NHS. That month, the firm announced that it had signed a “multi-million dollar contract” with a Government department to deploy its technology to protect “public services and citizens’ data”, without identifying the department. A month later, the company confirmed that the NHS was scaling up its adoption of Darktrace technology “to safeguard systems and patient information, including prescription and blood type data”.
In the wake of the COVID-19 crisis, Darktrace has attempted to consolidate this work, declaring that it would offer its services to the NHS for free.
In the meantime, Lord Evans also acquired a new role as non-executive director to Ark Data Centers, a UK data storage company, in 2015. He replaced his predecessor, the former MI5 chief Baroness Eliza Manningham-Buller. That same year, Ark won a £700 million four-year contract with the Cabinet Office to supply the Government’s entire data centre estate, via its Crown Hosting contract.
By 2018 – the same year that Darktrace began expanding its reach into the NHS – Ark secured a £500 million four-year extension to the Crown Hosting framework, apparently bypassing the usual competitive tender process in the name of avoiding disruption from Brexit. Later that year, NHS trusts began taking up the Ark-backed data storage solution.
All the while, Lord Evans kept himself busy. Just the preceding year, he had taken up another non-executive directorship at the UK-based financial services firm KPMG, to sit on its Public Interest Committee. The latter is responsible for “overseeing the public interest aspects of the decision-making for KPMG LLP (UK) and its related entities – taking into account the legitimate interests of clients and government, among others”.
Yet, KPMG has spearheaded the charge to privatise the NHS – an endeavour in which Lord Evans’ board role implies significant oversight.
KPMG: When GDP Transcends Lives
Back in October 2010, KPMG’s global head of health Mark Britnell – at the time a health advisor to Prime Minister David Cameron – told the Apex Partners Global Healthcare Conference: “In future, the NHS will be a state insurance provider not a state deliverer. The NHS will be shown no mercy and the best time to take advantage of this will be in the next couple of years.”
An Apex Partners brochure further explained the gist of Britnell’s comments: “In future ‘any willing provider’ from the private sector will be able to sell goods and services to the system… The monolithic arm of state control will be relaxed which will provide a huge opportunity for efficient private sector suppliers.”
By 2015, KPMG was among several other financial services firms designated as approved suppliers to some two-thirds of the consortia bidding for the planning and supplying of care to GP commissioners – in effect determining where and how the NHS budget would be spent.
During the COVID-19 crisis, KPMG secured a Government contract to oversee the management of the NHS Nightingale hospitals. The firm is also advising the Department for Work and Pensions on its response to the Coronavirus.
Many of the Nightingale hospitals have not been used and this has been hailed by some as a success in freeing up existing capacity. But, staffers at the new hospitals have said that the real bottlenecks have been the lack of appropriately-trained staff, a nationwide shortage of critical care nurses, and lack of kidney dialysis and cardiac support equipment at the hospitals for dealing with multiple organ failures – meaning that they could not be used to treat the sickest patients.
Simultaneously with its influential role as a Government contractor, KPMG appears to be a key voice calling for a need to ‘balance’ the economy with public health priorities.
In an April message to the firm’s 16,000 staff, KPMG’s chairman Bill Michael wrote that “at some point, we run the risk that the economic disaster will transcend the human one”. But he reassured his staff that KPMG is “well-placed” to advise the Government on the “difficult judgement… to strike a balance between the health of our people and our economy”.
Pushing for AI Data Access in the Public Sector
Alongside these multiple business roles, the Government appointed Lord Evans as Chair of the Committee on Standards in Public Life in October 2018, which advises the Prime Minister on ethical standards across the public sector. He had been approached for the post by No. 10 veteran Jonathan Hellewell, currently a special advisor to Boris Johnson on faith communities.
It would seem that Lord Evans was to be the Government’s point-man in sanitising its plans for an AI revolution that would, in effect, privatise the public sector by stealth.
Earlier in 2018, Lord Evans had addressed his colleagues in the House of Lords. Noting that he was an advisor to the UK facial recognition start-up Facewatch, he extolled the benefits of scaling-up the technology comprehensively across society in transport, shops, entertainment, in public spaces, by police, Government and the private sector to “enable pre-emptive action to be taken” for “intelligence purposes” and even, eventually, “evidential” purposes with the right “standards” in place. “It is also important that this should not become a bonanza for the lawyers,” he added, alluding to the problem posed by privacy laws.
During his Facewatch stint, which started in 2014, the company had rapidly expanded its product, “building up a database of alleged wrongdoers, whose images have been submitted by businesses who sign up to its service”. Although, in theory, anyone who suspects that they have been incorrectly added to this database can appeal, as technology journalist Geoff White observes, “to do that, you have to know or suspect that you’re on the database, and since the company doesn’t make it public, that creates a catch-22 situation… your face is now being used to access stores of data about you, who’s controlling those stores? How accurate are they? And how will you ever find out?”
Facewatch runs a crime reporting and intelligence-sharing online platform endorsed by Secured by Design, an official UK police security initiative. It would appear that the system operates as an unaccountable, crowd-sourced blacklist which lacks any due process.
Lord Evans recused himself from his Facewatch position as he took up his new appointment at the UK’s public standards watchdog. In that capacity, he oversaw a landmark report essentially urging the Government to speed ahead with a grand plan to roll-out artificial intelligence (AI) across British society, including in the NHS. While acknowledging that the Government was “failing” on the goal of “openness” in how AI is being used, the report did not advocate any major change in governance models for the public sector.
“Our evidence showed that healthcare and policing currently have the most developed AI programmes, with technology being used, for example, to identify eye disease and to predict reoffending rates, though levels of system maturity differ across NHS trusts and police forces,” the report stated.
The main obstacle to adoption, the report concluded, is data access: “Public policy experts frequently told this review that access to the right quantity of clean, good-quality data is limited, and that trial systems are not yet ready to be put into operation. It is our impression that many public bodies are still focusing on early-stage digitalisation of services, rather than more ambitious AI projects.”
Amidst some welcome recommendations for better regulatory guidance and ethics codes, the report’s overall import was to clear the way for the gradual destruction of democratic process.
It dismissed the idea of an AI regulator and carefully avoided Lord Evans’ bugbear: new AI laws. The approach flew in the face of the recognition by General Data Protection Regulation (GDPR) architect Paul Nemitz, that “not regulating these all pervasive and often decisive technologies by law would effectively amount to the end of democracy”.
Lord Evans’ report was published in February 2020 as the COVID-19 pandemic was rapidly picking up steam. It received minimal scrutiny – despite having just given the green light to a new AI era that will weaken Britain’s democratic checks and balances.
The NHS as the Centerpiece of the AI Revolution
Though Lord Evans’ report acknowledged that some of the UK’s most developed AI programmes are being activated in the NHS, it overlooked their wide-ranging ramifications.
In fact, the NHS has quietly been at the forefront of the Government’s most ambitious AI drive yet. This is because the privatisation and transformation of the NHS is seen by the Government’s top officials as the linchpin of a national biological strategy to out-compete rival economies. Sound bizarre? It is.
Two years before the public standards watchdog released its report, Matt Hancock set out his vision of “preventative, predictive and personalised care”, premised on a comprehensive digital transformation of the NHS in which patient data would be funnelled into the creation of new “healthtech” apps and services. One of the services he promoted was a smartphone app to facilitate video consultations with GPs created by start-up Babylon Health, which now sells the service to the NHS. Former Vote Leave architect Dominic Cummings was also previously a paid consultant to Babylon until July 2018, and continued to advise the company until September that year.
On 4 September 2019, No. 10 hosted a ministerial roundtable with Health Secretary Matt Hancock on life sciences and technology, inviting key private sector leaders. Attendees at the meeting included Babylon, Lord Evans’ Darktrace, NHS England and other firms such as Google’s Deepmind, and Faculty.
Like Babylon, Faculty is intimately connected to Cummings, having serviced the Vote Leave campaign’s electoral modelling work. The firm’s CEO, Mark Warner, is the brother of one of Cummings’ top technology aides in No. 10, Ben Warner. All three have sat in on meetings of the Scientific Advisory Group on Emergencies (SAGE), which is set up to provide the Government with independent scientific advice during the COVID-19 pandemic.
Instead of responding as rapidly as possible based on public health best-practice to the novel Coronavirus, the Government has sped ahead with its ambitions for digital privatisation of the NHS. However, there is an extraordinarily dark vision behind these ambitions, which has not been fully understood.
On 13 March, the day after the Government abandoned contact tracing – and as a spate of Government science advisors publicly confirmed that it was adopting a policy of ‘herd immunity’ – Faculty announced that it had “partnered with NHSX to build its new AI lab to help drive digital transformation and the use of AI in the NHS… Faculty will be helping NHSX to use and deploy cutting-edge artificial intelligence techniques”.
This was just a month after Lord Evans issued his committee’s report that largely rubber-stamped the ubiquitous spread of AI across British society.
Last year, both Faculty and Darktrace senior executives were part of a wider cohort of British AI luminaries feeding into Applied AI 1.0, a nationwide growth programme for start-ups supported by the Government’s Office for Artificial Intelligence.
Faculty is the same firm which helped to “configure” the parameters for an Oxford University model that would form the basis for the NHSX contact tracing app. Faculty and Oxford University have denied that Faculty is working directly on the development of the app and would access the app’s data. But, Faculty is simultaneously working with US big data giant Palantir on a massive data-mining exercise to process large volumes of confidential UK patient information in a centralised Government database.
According to a damning analysis by Dr Michael Veale, a data protection expert at University College London, under UK law, the NHSX app currently being trialled in the Isle of Wight does not preserve anonymity, can enable users to be personally identified, and is designed to systematically monitor publicly accessible spaces – despite the Government’s denials. Users can neither erase nor access their own data in the system.
Which all begs the question: what is this new push for mass health surveillance actually for? Read Part Two of this investigation for some possible answers.
Lord Jonathan Evans and Dominic Cummings were contacted for this article, but are yet to reply.