Robert Hannigan spoke out for this first time this week in his new position as GCHQ-chief. And what he said – or wrote, in a piece for the Financial Times – is not exactly surprising but certainly alarming. Actually, “alarming” doesn’t begin to cover it. “Outrageous” would be the more appropriate term.
Privacy has never been an absolute right, Hannigan writes. US technology companies are becoming “the command and control networks of choice” for terrorists, “facilitate[ing] murder and child abuse”. They are “in denial” about how new technology is helping terrorist networks like ISIS.
To argue, as Julian Huppert does, that this approach is counter-productive is putting it lightly. Bashing technology companies will do little to encourage those same companies – who “responded with irritation to Hannigan’s suggestions” – to give GCHQ et al the support Mr Hannigan thinks they need.
Interestingly, Hannigan also writes that the intelligence agencies “need to show how [they] are accountable for the data [they] use to protect people.” That much is true. The agencies do need to be accountable for the data they collect – and the public and parliament need to be able to hold them accountable. What is more, the agencies need to prove how exactly the data they collect and store helps them keep people safe, rather than to expect us to take their assurances at face value. So far, there is little evidence that mass data collection works to protect people or foil terrorist attacks – a point that has been made several times before and which ACLU lawyer Ben Wizner recently reiterated. As to the threat of ISIS in particular, John Naughton – who seems as “puzzled” by Hannigan’s shenanigans as I am – asks a very relevant question:
How come that GCHQ and the other intelligence agencies failed to notice the rise of the Isis menace until it was upon us? Were they so busy hoovering metadata and tapping submarine cables and “mastering the internet”… that they didn’t have time to see what every impressionable Muslim 14-year-old in the world with an internet connection could see?
Then there is the question of proportionality and control that needs to be asked more insistently. Especially in a week when it has emerged that the UK intelligence agencies have been snooping on privileged conversation between lawyers and their clients. One possible consequence of this breech of attorney-client privilege could be that “[h]istoric convictions [are] quashed in serious cases, including terrorism cases.” Talk about the EU making it harder for British courts to deport terrorists.
In light of this and everything else that has been revealed, I am not sure that any “ordinary user” – as Hannigan calls them – in their right mind would be “comfortable” with “a new deal” between “democratic governments” intelligence agencies and technology companies – even if it were “routed in the democratic values that we share.”
And anyway, I’m confused. First of all, what do the agencies need a deal for? As Jillian York from the EFF points out:
Law enforcement can conduct open source intelligence on publicly-posted content on social networks, and can already place legal requests with respect to users.
Or, as Martha Lane Fox put it:
If you have reasonable suspicion, there is a court process by which you can demand all sorts of things. The security services’ reach is enormous.”
So then, a deal as Hannigan envisions it – again, without explicitly saying so – “must include more, not less, access to information for GCHQ spies.”
Again, it seems questionable that they would need such a deal. As Cole Peters points out in this very remarkable article (what he writes about Hannigan’s characterisation of tech firms and the “depressing end of behaviour on the internet” is particularly noteworthy):
Hannigan doesn’t need technology companies to “co-operate” at all — this suggestion is entirely about blame-shifting and justifying bulk surveillance programmes. The NSA and GCHQ have proven time and time (and time) again that they are more than willing to create their own back doors into technology and communications companies’ data, even when the front door has already been held open for them.
Second of all, by “democratic values”, does Hannigan mean those same values that didn’t stop the agencies from building a “sophisticated apparatus of mass surveillance” that “monitor[s] communications at a scope and scale unimaginable not long ago, from the wholesale siphoning of internet traffic from submarine cables to the collection of millions of webcam images from users unsuspected of any connection to terrorism”? All of this with minimum oversight, while keeping “parliamentarians in the dark”? I suppose that whatever democratic values underlie these practices also justify the government’s and agencies’ avoidance of a debate on surveillance? Not sure the rest of us really do share those values. Not sure they are democratic values either.
The again, it may be our own fault that our governments and spooks aren’t happy to talk to us.
“GCHQ is happy to be part of a mature debate on privacy in the digital age,” Hannigan writes. “But… the debate about this should not become a reason for postponing urgent and difficult decisions.”
What Hannigan seems to be suggesting is that the existing debate on privacy in the digital age “which his agency has spent the last year and a half determinedly avoiding” isn’t mature, and that we all have more urgent and difficult things to worry about than a childish row over something that isn’t an absolute right: “A global debate on privacy is all very well, but the serious (and real) threats facing the country must take priority.”
One, perhaps not an absolute but certainly a “heavily qualified” right under the European Convention (and enshrined in the Human Rights Act), surely there has to be a discussion about whether privacy should be easily sacrificed for the sake of security. Why, if GCHQ is willing to talk, has it not long since joined us in that discussion?
Two, what are those urgent and difficult decisions that should take precedence over a debate about the violation of one of our basic rights? What are those serious and real threats that must take priority?
Short answer: terrorists and technology. For while “[t]errorists have always found ways of hiding their operations…mobile technology and smartphones have increased the options available exponentially.”
One of these options being bad, worse, Snowden-approved encryption:
Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are ‘Snowden approved’. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.
Echoing FBI director James Comey’s comments in October that encryption helps criminals, what Mr Hannigan isn’t saying of course is that “technology…can be used for productive as well as destructive purposes.” The same encryption Hannigan and Comey say helps terrorists, is also protecting us from the prying eyes of their own agencies whose “
dirty games – forcing companies to handover [sic] their customers’ data under secret orders, then secretly tapping the private fibre optic cables between the same companies’ data centres anyway – have lost GCHQ the trust of the public.
What Hannigan is also conveniently omitting is that the intelligence agencies have, by building backdoors into encryption, “managed to weaken our security as well as invade our privacy – the exact opposite of what we want to see.”
What these significant omissions highlight is that, as this Guardian editorial points out:
Mr Hannigan’s late-in-the-day call for GCHQ to get engaged appears unattached to any real willingness to reflect on whether the blanket snooping which caused such outrage around the world last year needs to be modified, or even subjected to a more testing standard of accountability.
The intelligence agencies are right, Hannigan says, the rest of us are wrong. Encryption only protects criminals. Therefore, it is bad and we must not use it. Technology companies should work with the agencies rather than provide better security for their users (the majority of whom aren’t terrorists). Far from real willingness for reflection and debate, it seems that Mike Harris, campaign director of Don’t Spy On Us, is right to suspect that Hannigan’s suggestions really are
the intelligence agencies getting on the front foot seeking new powers and wanting to put some of the programmes Snowden uncovered on a legal footing.
And still Hannigan’s “message may prove a winner to many people who hear it, who share the view that further powers are needed to tackle the extremist threats faced by the UK at home and abroad.”
Powers which, if expanded, will certainly come at the expense of our sadly undervalued right to privacy, and, if Theresa May has her wish, at the expense of our mobile coverage as well. As to the latter, over to the wonderful David Mitchell who says all there is to say on May and her own outrageous views.