UK's new spy chief accuses web giants of being “in denial” over role in terrorism

Profile picture for user ddpreez By Derek du Preez November 3, 2014
Robert Hannigan has written a hard hitting piece in the Financial Times that has sparked new debate about the role of tech companies and GCHQ – how right is he?

Most people at least take a few weeks to settle into their new job before they start causing any significant disruption – not Robert Hannigan, the new chief

© kentoh -
of the UK's electronic intelligence agency, GCHQ. Just six days into his role, Hannigan has come out all guns blazing by writing a less than subtle piece in the Financial Times about the role of the internet giants in fighting terrorism and extremism.

With comments that technology companies are “in denial” about the misuse of their services, that they have become the “command-and-control networks of choice” for terrorists and that privacy has “never been an absolute right”, Hannigan was obviously trying to cause a stir.

GCHQ, and spy agencies in the US, have obviously had a tougher time of it since Edward Snowden blew the whistle on surveillance activities carried out by government agencies, which have not only impacted the level of trust between the public and the NSA and GCHQ, but have also worsened the relationship between government officials and tech companies.

And whilst technology companies in the US – including the likes of Facebook, Google, Twitter and What's App – are still responding to requests from US agencies, they have been less than cooperative with international organisations. According to the Financial Times, one UK security official said: “The UK has had the most to lose [from Snowden]”. Hannigan also comments that “there is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years”.

This is all coming at a time when violent jihadist activity appears to be at an all-time high and terrorist organisations, such as Isis, have become sophisticated and prolific users of all popular social networks in order to not only promote their extremist beliefs, but to also recruit users.

Robert Hannigan notes that Isis is the first terrorist group to have “grown up on the internet”.

Unsurprisingly, the sound-bites from Hannigan's piece are springing up all over the web and everyone is going to have an opinion on this very sensitive topic – and rightly so. There is still just public anger at the way that governments were monitoring web activity and there is still a significant lack of trust within the tech community – the response has been to lock down as much as possible.

However, I am not convinced that Hannigan's piece is being received as it was intended - I don't see how a person asking for an open dialogue is asking for a fight. Take a look at some of the opinion pieces that have emerged so far.

Gordon Corera, the BBC's security correspondent, argues that this a 'ferocious attack' from the new GCHQ director and implies that he is looking for a fight. He said:

This is a hard-hitting article from the new GCHQ director in his first move on taking up the role. His aim is clear - to pressure tech companies to work more with government.

Following the Edward Snowden disclosures last year, some of those companies have been less willing to share data with intelligence and law enforcement and more inclined to encrypt it - making it harder for authorities to gain access.

Tech companies may be surprised by the ferocity of the attack. And they - and privacy activists - may also argue that the spies started this fight with the scale of their intelligence collection and by hacking into some of those companies.

But Robert Hannigan has wasted no time in wading into the debate over security and privacy and making clear he will not shy away from a fight.

Whilst James Ball at the Guardian – the paper that led the publication of the Edward Snowden leaks – writes that Hannigan's article does little to promote engagement between the various stakeholders that are involved in this debate on privacy. He said:

The message may prove a winner to many people who hear it, who share the view that further powers are needed to tackle the extremist threats faced by the UK at home and abroad. But to those who in the aftermath of the surveillance revelations of the past year hoped for serious engagement and debate, there seemed little to clutch to in this.

“Hannigan may be thumping the table harder than his predecessors, but the content of his message remains almost entirely the same.”

Equally, the reaction on Twitter has been less than favourable:

However, if we look at the two core paragraphs of Hannigan's article, I think there is actually a half decent message there that should be built upon. Firstly he highlights the role that tech companies play in the communication of extremist activity and calls for support from industry. He said:

GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, cannot tackle these challenges at scale without greater support from the private sector, including the largest US technology companies which dominate the web. I understand why they have an uneasy relationship with governments. They aspire to be neutral conduits of data and to sit outside or above politics. But increasingly their services

Edward Snowden
not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.

However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us. If they are to meet this challenge, it means coming up with better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now.

Secondly, he notes that the likes of GCHQ need to have a more constructive and informative debate with the public about their role in monitoring activity online – and most importantly, he recognises the need to educate on how they are doing it. He said:

For our part, intelligence agencies such as GCHQ need to enter the public debate about privacy. I think we have a good story to tell. We need to show how we are accountable for the data we use to protect people, just as the private sector is increasingly under pressure to show how it filters and sells its customers’ data. GCHQ is happy to be part of a mature debate on privacy in the digital age. But privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions.

My take

My instinct is to side with the likes of the Guardian and the privacy advocates and to be outraged about the likes of GCHQ and the NSA snooping on my personal data. Equally, I am no security expert. I would also like to add that I'm the last person to trust government authorities, which is evident from a lot of my writing on diginomica. However, when I read Hannigan's piece I found myself largely agreeing with him.

Although I don't want spy agencies to have untethered access to all of my data, I do recognise that they may require some access to important information that is held by technology companies in order to prevent terrorist activity. And whilst I admire that technology companies are trying their best to protect my data, I recognise that actually companies and government agencies could work together to find a workable solution.

Hannigan is right that we need a public debate about privacy and we need to find a solution that works for everybody – stone walling data within tech companies isn't the solution, but neither is a back door where GCHQ gets access to whatever it wants. Systems need to be put in place, with independent checks carried out, and the only way we are ever going to feel comfortable with this is if all of us know exactly how agencies can get access to our data.

What needs to happen is that we need to move away from this headline grabbing, scaremongering approach to the security debate – and come up with a solution that is fit for the digital age. Am I comfortable with GCHQ's mass surveillance? No. Am I comfortable with them doing their job without access to the information they need? No.

There has to be a middle ground and until we regulate an approach that everyone is comfortable with, I'm sure spy agencies will just find a way to work around the current system.

That being said, security expert Tom Fox-Brewster, and a friend of mine whom I trust on this subject, seems to think that GCHQ is pushing its luck. So maybe I am naive and am putting too much trust in the authorities and GCHQ's new director to handle this proportionately...