U.K. Spy Agency Chief Goes Public With Anti-Encryption Appeal To U.S. Tech Companies

In what must be one of the most high profile consequences of last year’s Snowden revelations, which detailed the extent of government dragnet digital surveillance programs, the new chief of U.K. spy agency GCHQ has made a public appeal to U.S. technology companies to co-operate in handing over user data to support its counter terror efforts.

Writing in the Financial Times newspaper, GCHQ’s Robert Hannigan claims that “privacy has never been an absolute right” and warns that the terrorist group ISIS has “embraced the Internet as a noisy channel in which to promote itself, intimidate people, and radicalise new recruits”.

Hannigan’s initial argument focuses on how ISIS is using social media tools such as Twitter and Facebook as propaganda platforms — redirecting the underlying U.S. free speech imperative of these platform makers to power the delivery of its own messages — gaming algorithmic processes to inject fringe messages into mainstream debate (a tactic which, incidentally, we have also seen used in the #Gamergate saga), and applying sophisticated production values to the digital content it produces for dissemination on these platforms, such as beheadings videos which are edited to excise the actual moment of beheading.

“They have realised that too much graphic violence can be counter-productive in their target audience and that by self-censoring they can stay just the right side of the rules of social media sites, capitalising on western freedom of expression,” writes Hannigan, discussing how social media has become a recruitment channel for ISIS.

But after censuring ISIS’ public presence and activity on mainstream technology platforms, Hannigan shifts his argument to their private communications, claiming that the terror group also “differs from its predecessors in the security of its communications” — and dubbing this “an even greater” counter terror challenge. Strong encryption is the target he is taking aim at here.

“Terrorists have always found ways of hiding their operations. But today mobile technology and smartphones have increased the options available exponentially,” he writes. “Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are ‘Snowden approved’. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.”

After referencing the Snowden inspired pro-privacy movement, which has gained momentum since the NSA whistleblower’s revelations pulled back the kimono on the vast, sprawling surveillance industrial complex that had been established in secret across the globe since the 9/11 terror attacks, Hannigan goes on to argue that U.K. spy agencies “cannot tackle these challenges at scale without greater support from the private sector, including the largest US technology companies which dominate the web”.

In other words, he’s confirming what we knew already: that U.S. technology platforms are the key enablers of dragnet government surveillance programs. Which means these commercial entities also have the power to shut down dragnet surveillance-by-default by adopting strong encryption. That makes plain why Hannigan spends so much time pointing the finger at social media platforms’ role in spreading terrorist propaganda — to apply moral pressure to the controllers of these commercial entities to play along with government surveillance programs and not to adopt strong encryption as standard.

“I understand why they have an uneasy relationship with governments,” he writes of U.S. tech firms. “They aspire to be neutral conduits of data and to sit outside or above politics. But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.

“However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us. If they are to meet this challenge, it means coming up with better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now.”

Snowden has consistently called out the U.K.’s spy agencies as the most unfettered in terms of lacking checks and balances, with no written constitution to bolster privacy protections in the country.

This summer details of how GCHQ and its ilk circumvent domestic data protection laws to justify mass snooping on British citizens’ use of digital services emerged — by classing them as ‘external communications’ which do not require a warrant to be intercepted under the UK’s Regulation of Investigatory Powers Act (RIPA).

These details came out in a witness statement made by the Director General of the UK Office for Security and Counter-Terrorism in response to a legal challenge by privacy rights organisations. Late last month additional details emerged on GCHQ’s interpretation of RIPA and the “arrangements” it uses to gain access to mass surveillance data from foreign national security agencies without having to obtain a warrant. So once again by circumventing RIPA.

These secret arrangements — where vast citizen data repositories are able to flow freely between government spy agencies without legal oversight — are evidently coming under pressure, post-Snowden, as the commercial tech firms that had been co-opted into the data harvesting process start to tighten the security screw, most notably by bolstering their own encryption, in order to reassure users they are not the ones abusing privacy.

These tightening security screws are evidently pinching spy agencies. The FT reports British security officials noting it has become “much harder” over the past 18 months for GCHQ to gather intelligence as U.S. tech companies have become less co-operative with foreign intelligence agencies.

What’s most interesting here is that commercial imperatives triggered by Snowden blowing the whistle on secret government agency arrangements with technology platforms are finally forcing a more public debate on privacy — which is exactly what Snowden has always called for — hence the head of the U.K. spy agency putting pen to paper in a national newspaper.

“For our part, intelligence agencies such as GCHQ need to enter the public debate about privacy,” writes Hannigan. “I think we have a good story to tell. We need to show how we are accountable for the data we use to protect people, just as the private sector is increasingly under pressure to show how it filters and sells its customers’ data. GCHQ is happy to be part of a mature debate on privacy in the digital age. But privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions.”

It is especially ironic that this sliver of public debate is only taking place because of the actions of Edward Snowden. Without a whistleblower lifting the lid on government surveillance programs that lack public oversight and legal justification — and which were established in the background purely because the technology tools made it possible and scalable to capture so much data — we would be none the wiser.

“As we celebrate the 25th anniversary of the spectacular creation that is the world wide web, we need a new deal between democratic governments and the technology companies in the area of protecting our citizens. It should be a deal rooted in the democratic values we share. That means addressing some uncomfortable truths. Better to do it now than in the aftermath of greater violence,” concludes Hannigan, evidently without intending his words to express any irony.