New GCHQ head takes on Google over the terrorist threat

In the FT today, (£) Robert Hannigan now the new head of GCHQ  whom I knew well as the NIO  director of communications,  has opened a new chapter in the debate over privacy versus security in the digital world. He accuses the technology giants of being in denial about the internet as a command and control system for terrorists. Taking a bold initiative in a debate which is bogged down over where to draw the line between privacy and security, he calls for mature debate. Extracts from the freely available Guardian  version of the Hannigan article.

GCHQ is happy to be part of a mature debate on privacy in the digital age. But privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions.”

To those of us who have to tackle the depressing end of human behaviour on the internet, it can seem that some technology companies are in denial about its misuse.

“I suspect most ordinary users of the internet are ahead of them: they have strong views on the ethics of companies, whether on taxation, child protection or privacy; they do not want the media platforms they use with their friends and families to facilitate murder or child abuse

The Guardian version covers another point of view..

Among the advocates of privacy protection who reacted to Hannigan’s comments, the deputy director of Privacy International, Eric King, said:

“Before ( Hannigan) condemns the efforts of companies to protect the privacy of their users, perhaps he should reflect on why there has been so much criticism of GCHQ in the aftermath of the Snowden revelations. GCHQ’s dirty games – forcing companies to handover their customers’ data under secret orders, then secretly tapping the private fibre optic cables between the same companies’ data centres anyway – have lost GCHQ the trust of the public, and of the companies who services we use. Robert Hannigan is right, GCHQ does need to enter the public debate about privacy – but attacking the internet isn’t the right way to do it.”

The debate boiled over with the revelations of the massive extent of state surveillance by the technology consultant Edward Snowden, now a fugitive from US justice holed up in Moscow.  His material has been controversially if selectively released by the Guardian and the New York Times where the data is apparently held. Traitor or whistle blowing hero?  Mainstream commentators  can’t make up their minds. The New York Times has called for “some form of clemency” for Snowden but it’s hard to imagine this happening soon.

Hannigan’s initiative may have been partly prompted  by a shift to encryption by Google and others which means that the e security services cannot hack into them legally or illegally. This analysis  by Leo Kelion,  BBC News Online’s  technology desk editor

 One of GCHQ’s key concerns is the shift to encryption becoming the default option for many leading internet services.

As Mr Hannigan puts it, techniques to digitally scramble messages and make their creators anonymous were once the preserve of nation states, but “now come as standard”.

Both Apple and Google recently switched to making encryption opt-out rather than opt-in in their mobile operating systems iOS8 and Android Lollipop. Apple said it wanted to provide “security and privacy”, while Google said the move was intended to protect data from “thieves and snoops”.

The firms compare the moves to safes being built with locks, and note that the authorities still have ways to obtain records. For example, Google can still pass on documents and calendars if they have been backed up from a smartphone to its cloud services.

But the companies says that while they are willing to co-operate, government surveillance must occur under a legal framework and with oversight, and they have pushed to be allowed to reveal more details about the amount of data they have handed over to government agencies.

The pressures of privacy and security are increasing and a new more transparent deal is surely necessary . Which would you prefer to guard against fraud and identity theft (which I among many have suffered from): the global company or the State? I’d  say the company to provide the  technological protection and the State to back it up with law. And protection against the likes of Isis? The State surely, but not at a cost of blanket access and permissions, whereby access is allowed that is not specifically legally barred.  Terrorists would be  be mad to rely on digital planning for deep dyed conspiracy and there are lots of other ways to seduce the gullible.