British Spy Chief Blasts U.S. Tech Sector

Accuses Tech Giants of Enabling Crime, Terrorism
British Spy Chief Blasts U.S. Tech Sector
Robert Hannigan, director of GCHQ

The new director of Britain's eavesdropping agency, Government Communications Headquarters, has blasted U.S. technology firms, arguing that - intentionally or not - they're facilitating crime, terrorism and child abuse.

See Also: 2016 Annual Worldwide Infrastructure Security Update

"However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us," says Robert Hannigan, writing in the Financial Times. "Increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism."

Hannigan's broadside against the U.S. technology industry arrived Nov. 3, the same day that he took charge of GCHQ, which is Britain's equivalent to the U.S. National Security Agency. Hannigan previously advised the U.K.'s prime minister on counterterrorism, intelligence and security policies, and was also responsible for creating the United Kingdom's five-year Cyber Security Strategy, which launched in 2011.

Now, Hannigan is calling on "the largest U.S. tech companies which dominate the Web" to - in effect - redeem themselves by not creating products or services that put people's data beyond the reach of a court order or intelligence agency's surveillance apparatus. "If they are to meet this challenge, it means coming up with better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now," he says.

Facebook, Google, Microsoft and Twitter all declined to comment on Hannigan's remarks.

After the leaks by former NSA contractor Edward Snowden about that agency's surveillance policies, of course, many Western intelligence agencies have faced a backlash over the extent to which they regularly intercept, record and analyze individuals' communications. Without referencing that state of affairs, Hannigan proposes that U.K. intelligence agencies - including GCHQ, domestic intelligence service MI5, and the Secret Intelligence Service, better known as MI6 - "enter the public debate about privacy," and make their case. But he argues that "privacy has never been an absolute right."

Responding to Hannigan's comments, Richard Barrett, former director of counterterrorism at MI6, says the debate isn't just about privacy, but also technical capabilities, and the ability of law enforcement agencies to access any type of data, with a court order. "Is it right that there should be a key, an encryption if you like, that is completely beyond the technical capability of the authorities to decipher?" Barrett asks in an appearance on BBC Newsnight.

Privacy Experts Criticize GCHQ

But Hannigan's comments fail to acknowledge all of the surveillance capabilities - and programs - that intelligence services already have in place, Eva Galperin, global policy analyst for U.S.-based privacy rights group Electronic Frontier Foundation, tells BBC Radio 4 Today. "If GCHQ wants the cooperation of American Internet companies in the course of their work, they have many, many avenues through which to do so, including a variety of surveillance tools and a number of legal tools," she says. "GCHQ, in fact, is responsible for what has come out in the Snowden files as the largest and most boundless Internet surveillance program that we have found to date, which is called Tempora. Their powers are already immense. I think that asking for more is really quite disingenuous."

Tempora is the code name for GCHQ's program for tapping 200 transatlantic fiber-optic cables, which was rolled out in 2011 and has access to an estimated 21 petabytes of data per day, according to the Guardian, which first published related details about the program.

Some U.K. privacy advocates also suggest that the country's intelligence services have already lost the privacy debate. "If tech companies are becoming more resistant to GCHQ's demands for data, it is because they realize that their customers' trust has been undermined by the Snowden revelations," says Jim Killock, executive director of London-based Open Rights Group, which campaigns for civil liberties. "If Hannigan wants a 'mature debate' about privacy, he should start by addressing GCHQ's apparent habit of gathering the entire British population's data, rather than targeting their activities toward criminals."

He also argues that it's inappropriate for U.K. intelligence services to attempt to set public policies on privacy. "It should be down to judges, not GCHQ nor tech companies, to decide when our personal data is handed over to the intelligence services," he says.

Crypto Wars 2.0

The U.K. debate parallels similar discussions in the United States, where law enforcement agency chiefs have been waging an aggressive lobbying campaign against tech firms, such as Apple, that offer default encryption capabilities (see FBI Director Ignites Encryption Debate). Last month, in the wake of Apple introducing its iPhone 6, FBI director James Comey called on Congress to consider updating U.S. surveillance laws to require technology manufacturers to add surveillance back doors that could be accessed by the country's law enforcement and intelligence agencies.

But numerous U.S. lawmakers have signaled that the FBI faces an uphill battle over what's being called "Crypto Wars 2.0," following similar debates over encryption in the 1990s. "I'd be surprised if more than a handful of members would support the idea of backdooring Americans' personal property," Sen. Ron Wyden, D-Ore., says in a statement, noting that he opposes the FBI's request.

Cryptography and information security experts have also weighed in, noting that the technical carte blanche being demanded by law enforcement and intelligence agencies could be easily abused by others. "The notion that it's not a backdoor; it's a front door - that's just wordplay," information security expert Bruce Schneier, who's a fellow at the Berkman Center for Internet & Society at Harvard University, and chief technology officer for incident response firm Co3 Systems, tells The Hill. "It just makes no sense."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network