In his first public statement since becoming Director of GCHQ, Robert Hannigan yesterday described the likes of Facebook, Twitter, Google and Apple as, "the command-and-control networks of choice for terrorists and criminals", and called on them to give "greater co-operation" to the intelligence services. It is a surprising challenge to these companies, given how much GCHQ relies on them for our data.
Edward's Snowden's revelations that the NSA and GCHQ were monitoring our personal calls, texts, emails and webchats did not just damage the credibility of the US and UK governments, but also the tech companies who had been complicit in sharing our data. But even when they weren’t handing data over, the TEMPORA programme meant that information from their networks was hoovered up anyhow through the tapping of fibre-optic cables.
Companies responded by encrypting data in transit. By doing this, they are forcing our intelligence agencies to use court orders to make requests for data. To our knowledge, tech companies don't refuse these requests when they are made legally – so when Hannigan calls for "better arrangements" it is unclear what he really means.
In any case, the debate over acquisition of data, in which politicians like to talk of the Internet “going dark”, takes place in a world where data and records of our phones, flights, emails, photos, movements and heartbeats are proliferating. We should be highly skeptical of claims that data is difficult to get hold of.
There are at least five ways that GCHQ can acquire data to investigate terrorists (plus foreign governments, companies, climate change negotiators, human rights activists and EU officials). Firstly, they can collect all the data off the wires. As we noted, this is becoming harder, as encryption is more common.
Secondly, they can weaken our encryption methods, by adding backdoors, so they can always decrypt things. The problem with that is it means organised crime can find the backdoor, and they can steal our credit card details, passwords, and everything else that we want to keep safe. The Snowden documents suggested that the NSA and GCHQ have tried this, which, if true, is deeply irresponsible.
Thirdly, they can find ways to break into computers, phones and routers. They find this a lot easier than you might think and invest a lot of money in it.
Fourthly, they can seize your computer and demand any passwords.
Finally, they can go to a company like Google or Facebook with a legal order or warrant.
The problem is that GCHQ and the NSA don’t want personal security to get in the way of them looking at our data: they want banks of computers to check on everyone, to make sure you don’t pose a threat to them. That is what bulk collection and analysis means, though they daren’t spell it out that way. Instead, they talk of “needles” being separated from “innocent hay”.
They will claim that they need to find every criminal and terrorist at the press of a button, and to do this, they must break encryption, and seize all of our data secretly. Even if that were true, the cost is enormous. It threatens the personal security of our online activity and leaves us vulnerable to criminal activity. It also gives the intelligence services unrestricted powers to monitor our communications continuously. Perfect surveillance is a kind of omniscience that most people would not trust ordinary mortals with.
Hannigan is right: privacy is not an absolute right but that does not mean it should be down to GCHQ or tech companies to decide just how much privacy we are entitled to. That should be down to our courts and judges. We expect that GCHQ will nearly always be able to get what they ask the courts for. This may not be everything they want to get hold of but democracy and freedom mean that government agencies don’t get to have all of the information, all of the time.
Jim Killock is the Executive Director of Open Rights Group www.openrightsgroup.orgReuse content