So, we weren't too impressed with previous GCHQ (the UK equivalent of the NSA) boss, Sir Iain Lobban, who insisted that GCHQ didn't
do "mass surveillance" so long as you defined "mass" and "surveillance" the way he does (and not the way the English language does). This statement was made just days before it was revealed that the GCHQ (contrary to its own claims) gets access to NSA data without a warrant
New GCHQ boss Robert Hannigan has taken to the potentially pay-walled pages of the Financial Times to convince the world that he's a complete nutjob
in charge of one of the most powerful spy agencies in the world. His message: basically "terrorists use technology, and because you hate terrorists, we should all be happy to have tech companies share all your private data with us to catch terrorists." Or something like that. Hannigan honestly seems to believe that the public is really on the government's side against the tech companies they use every day. That seems like rather large miscalculation of his audience.
Hannigan's pitch relies on (of course) spreading as much FUD as possible, starting with ISIS:
Terrorists have long made use of the internet. But Isis’s approach is different in two important areas. Where al-Qaeda and its affiliates saw the internet as a place to disseminate material anonymously or meet in “dark spaces”, Isis has embraced the web as a noisy channel in which to promote itself, intimidate people, and radicalise new recruits.
The extremists of Isis use messaging and social media services such as Twitter, Facebook and WhatsApp, and a language their peers understand. The videos they post of themselves attacking towns, firing weapons or detonating explosives have a self-conscious online gaming quality. Their use of the World Cup and Ebola hashtags to insert the Isis message into a wider news feed, and their ability to send 40,000 tweets a day during the advance on Mosul without triggering spam controls, illustrates their ease with new media. There is no need for today’s would-be jihadis to seek out restricted websites with secret passwords: they can follow other young people posting their adventures in Syria as they would anywhere else.
Got it? Terrorists use the same services you and I do, and they're really, really mean. So, why is the public so upset that GCHQ wants to snoop on what everyone's doing on those services? For bonus points, he also tosses in some child porn fears as well.
GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, cannot tackle these challenges at scale without greater support from the private sector, including the largest US technology companies which dominate the web. I understand why they have an uneasy relationship with governments. They aspire to be neutral conduits of data and to sit outside or above politics. But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism. However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us. If they are to meet this challenge, it means coming up with better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now.
Then, finally, he blames the tech companies for not recognizing that by spying on everyone, GCHQ is just trying to protect the free and open society we all love, and assumes that the public is really on his side:
To those of us who have to tackle the depressing end of human behaviour on the internet, it can seem that some technology companies are in denial about its misuse. I suspect most ordinary users of the internet are ahead of them: they have strong views on the ethics of companies, whether on taxation, child protection or privacy; they do not want the media platforms they use with their friends and families to facilitate murder or child abuse. They know the internet grew out of the values of western democracy, not vice versa. I think those customers would be comfortable with a better, more sustainable relationship between the agencies and the technology companies.
There are lots of things that facilitate murder and child abuse that plenty of people are still fine using. I drive a car. Cars kill lots of people. I use a camera. Cameras are often key to child porn. Phones are frequently used in crimes. Yet, I'm not so ridiculous as to blame any of these tools for the scummy people who use them for bad purposes. And it bothers me that the head of the UK's technology spying effort doesn't seem to understand that distinction. Actually, it doesn't just bother me, it frightens me.
As we celebrate the 25th anniversary of the spectacular creation that is the world wide web, we need a new deal between democratic governments and the technology companies in the area of protecting our citizens. It should be a deal rooted in the democratic values we share. That means addressing some uncomfortable truths. Better to do it now than in the aftermath of greater violence.
Note what Hannigan left out: what's wrong with the existing deal? What's wrong with making a specific case for why you need specific information to a court and then getting a warrant? Why do we need a "new deal" that involves giving a government increasingly broad access to all that data -- especially when the very same intelligence community that has that data has a rather long history of abusing it, violating human rights
, stifling free speech
and criticism and harassing
those who oppose it?
In a companion article, the Financial Times notes that, with US tech companies hardening their networks against the intelligence community, the UK has been locked out
from the easy access it used to have, which explains some of Hannigan's exasperation. I'm sure it must suck when you used to be able to sift broadly through a variety of private information without everyone realizing it. And having that treasure trove of private data ripped away must not be much fun. But privacy
is, in fact, a democratic ideal, contrary to Hannigan's belief that the public is willing to give it up just to stave off some bad guys thousands of miles away. Besides, as the article notes, when the UK government demands access, where should US companies draw the line:
One senior executive at a US tech group said any agreement to circumvent the current process, which requires law-enforcement groups to seek a court order before a company hands over data, would be “eliminating due process and that could be a dangerous situation”.
“What should we do if the Saudi or Russian government also demanded information be handed over on the spot?” he said.
It seems that the intelligence community and the surveillance state has gotten somewhat fat and lazy in the last few years, with so much access to so much data. Back in the old days, they had other ways to get what they needed without
violating everyone else's privacy. It's time they learned how to get back to that sort of system that fits much better with our basic ideals of democracy and freedom than this desire to have access to absolutely everything does.