Amid alleged Chinese spying and Russian hacking, UK must do more to safeguard democracy – Stewart McDonald

The reality is often far more prosaic – and all the more dangerous for it. Last summer, around the same time my emails were targeted by a hacking group whose objectives closely align with those of the Russian government, my researcher was contacted on LinkedIn by an organisation which described itself as an independent think tank. The message said that they were “looking for paid contributors to a non-partisan British publication which aims to raise the profile of the devolved administrations’ political news”, and asked if he would be interested in writing for them. He did not reply.

That message, as the National Cyber Security Centre has stated, is exactly the kind of introduction that hostile foreign states use to cultivate their sources. Rather than bribing or blackmailing some young researcher into handing over their boss’ secret papers, these insidious state-linked actors spend months slowly building relationships with them through flattery and finance, ensuring, all the while, a steady trickle of information.

Most or all of the information gained from some sources will be useless. But there will be some information given by some researchers – such as details of who is meeting with whom or a sketch of someone’s weekly routine – that will make it worth their while. These foreign intelligence agents have deep pockets and think in terms of decades. They can afford to wait for the right fish to bite.

I asked my researcher to look again at the LinkedIn profile that messaged him last year and see who it was connected to: parliamentary researchers, party officials and even government officials. This profile, I have no doubt, is just one among a sea of fronts used to contact and engage with targets.

Yet despite the scale of this challenge, the UK Parliament remains years behind when it comes to dealing with hostile foreign influence. You can barely cast an eye over any flat surface in Westminster without falling upon posters about not sharing passwords, clicking dodgy links or wearing your parliamentary pass outside. There is nothing that I have seen, however, that addresses the threat described above or any of the other insidious ways that hostile states seek to disrupt our democratic processes – despite extensive press coverage and warnings from the intelligence agencies.

The arrest of a parliamentary researcher for allegedly spying for China, which he denies, must be a wake-up call. Parliament must get on the front foot and recognise that every person working on anything – industrial policy, foreign policy or security policy – in the building is a potential person of interest to hostile states, not just those with the letters MP after their name. That means regular, mandatory training on how hostile states seek to penetrate or influence parliamentary democracy, and increased vetting for political staff. But this is by no means all. An entirely new way of thinking about democratic resilience is needed as these threats become more assertive.

Indeed, the only mandatory training that most MPs and staff undertake is called “Valuing Others”, introduced to address the incidents of bullying, harassment and sexual assault that the MeToo movement and the media brought to the surface. Welcome as this initiative was, it remains almost unbelievable it’s parliament’s only universally mandated training.

MPs should receive quarterly training about the nature of the threats they face as a matter of course and information about keeping themselves, their offices and their staff safe. Physical threats against MPs have been a tragically recurring news story of the past few years but the threat picture is bigger and more subtle.

There should be infrastructure in place to allow MPs to undertake due diligence before meeting and engaging with organisations or individuals they’re unsure of, and there must be more support for MPs who fear that they may be or have been targeted by hostile states. In too many cases – as I know from personal experience – it comes only after it is too late. Indeed, in the case of my own hacking, I wasn’t told about it by the parliamentary or security authorities. I had to work it out for myself and later have the authorities confirm it. I was just one person on a list of people associated with me who were targeted in the same way. None of them had any idea until afterwards.

As we move into an intensifying period of geostrategic competition, we cannot continue to be constantly caught on the back foot when it comes to evolving threats to democracy. Any major scandal or tragedy should instigate a sea change in thinking, just as we saw in terms of how we deal with MPs’ personal safety after the tragic murder of Jo Cox in 2016, or the scandals of bullying and harassment in SW1.

With covert operations targeting the offices of MPs, it seems like every actor is aware of the vulnerabilities in the UK’s democratic institutions except the government in London. These actors are patient, think in the long term and are backed by tremendous resources. Our resilience must be underpinned by the same level of ambition.

Next year, Westminster will welcome a raft of new MPs following the general election. Hostile states will already be working out who is worth trying to target or influence. So long as we continue to do the bare minimum, the next parliament is already at risk of its own spying scandal.

Stewart McDonald is SNP MP for Glasgow South