Earlier this month, Robert Hannigan, the director of GCHQ, a British intelligence agency, wrote an opinion piece in the Financial Times castigating tech companies for being "in denial" about abuses of their platforms by criminals and terrorists and calling on them to develop better arrangements for facilitating lawful government investigations. While there is certainly much room for improved cooperation between government and the private sector, the first step for reform should be for intelligence agencies like GCHQ to take a hard look in the mirror.
Hannigan's arguments contain three fallacies.
First, he fails to grasp that by engaging in mass surveillance, the intelligence community has shattered the trust the public has in both technology companies and government itself, and at the same time seriously damaged the ability of firms to sell their products to foreign customers. Because of this distrust, technology companies are justifiably reluctant to work closely with the government, even when doing so would be in everyone's interest. For example, intelligence agencies like the National Security Agency (NSA) have some of the world's foremost cryptographers and security experts on their payrolls and should be offering technical assistance to tech companies, but doing so in today's environment would likely drive away customers. Until the government reforms its own behavior, it should not expect the private sector to be a willing partner in efforts to expand its reach.
Second, the GCHQ director falsely suggests that the tech industry is morally agnostic when he writes that these companies "aspire to be neutral conduits of data and to sit outside or above politics." On the contrary, most tech companies have always aimed to operate according to a set of ethical principles, while also recognizing that their global presence means they must comply with competing national laws. For example, the microblogging service Twitter explicitly bans a number of actions on its platform, including impersonating others, making threats and infringing on copyrights, while also abiding by country-specific restrictions such as banning anti-Semitic tweets in France.
Third, Hannigan blurs the line between voluntary data collection by the private sector and covert, mass surveillance by the intelligence community. He conflates these two by saying, "[GCHQ needs to] show how we are accountable for the data we use to protect people, just as the private sector is increasingly under pressure to show how it filters and sells its customers' data." Hannigan fails to appreciate the distinction between the private sector and government: Google does not arrest users based on their search queries; Facebook does not imprison dissidents for their status updates. Perhaps most importantly, there is no "opt-out" button for government surveillance.
While all stakeholders in the Internet ecosystem should be working to promote safety and lawfulness online, the intelligence community should recognize that natural improvements in security will inevitably mean that traditional communication networks will "go dark." Rather than demand that tech companies roll back security features to create hacker-friendly products and services, intelligence agencies like the NSA and GCHQ should find practical alternatives, such as analysis of other data sources, to solve and prevent crimes.
Sign up for Computerworld eNewsletters.