4 Nov 2014

Why GCHQ boss’s comments on internet security are a good thing

Spies aren’t generally famed for their ability to attract attention; which is why yesterday’s FT opinion piece by the incoming head of GCHQ is so surprising.
Barely had Robert Hannigan’s office door closed when he fired off a broadside against some technology companies for being “in denial” about terrorists and other criminals using their networks.

GCHQ building
There are two broad and divergent thrusts to Hannigan’s argument: that terrorists use the internet for publicity, and that they also use it to hide.

The Islamic State group, in particular, is using the internet to publicise its actions and recruit followers, and as Hannigan rightly points out, its videos and social media use are web savvy in the extreme.

Yet it’s the very fact that these communications are public which means that tech companies can and do try to police the content. Twitter shuts down IS accounts, YouTube removes jihadi videos. Perhaps Hannigan believes tech companies can do more, but the balance between free speech and incitement is never easy, and it’s not just Silicon Valley which is struggling to strike it.

Besides, the really criminal stuff (the beheading videos, for example) often appear initially on websites far removed from the mainstream of Google et al, in places where the terrorists have got smarter at using tools to disguise their operations.

Encryption

Which brings us to the second thrust of Hannigan’s argument. Undoubtedly terrorists are taking advantage of encryption to hide their activities.

This, he argues, has led tech companies to become the unwitting “command-and-control” network of those terrorists. This isn’t a new problem: adversaries have always embraced new communications technology, be it radar or the dark web.

And it should be pointed out that it’s not just terrorists who have learned sage lessons from the Snowden leaks: protesters in Hong Kong used the TOR network to enable their democratic right to protest; journalists have begun using PGP encryption to allow whistleblowers to come forward (you can find mine here.)

Such tools present GCHQ with a challenge, and Hannigan wants tech companies to come up with “better arrangements for facilitating lawful investigation”.

Firstly, those arrangements, if they are to be lawful, must be decided not by tech companies but by our elected representatives, and secondly, it’s hard to see how any intelligence agency could have a better arrangement than GCHQ’s Tempora, a “full take”  surveillance programme that gathers both content and metadata (who messaged who, when and where).

Ultimately it comes back the pervasive theme of privacy versus security.

It’s great to hear that Hannigan wants GCHQ to “enter the public debate” on the issue. In public is precisely the place where these matters should be decided: not in the secrecy of the Cheltenham doughnut, nor the obscurity of Silicon Valley’s boardrooms.

Follow @geoffwhite247 on Twitter