GCHQ's Robert Hannigan says tech firms 'in denial' on extremism

image copyrightReuters

Web giants such as Twitter, Facebook and WhatsApp have become "command-and-control networks... for terrorists and criminals", GCHQ's new head has said.

Islamic State extremists had "embraced" the web but some companies remained "in denial" over the problem, Robert Hannigan wrote in the Financial Times.

He called for them to do more to co-operate with security services.

However, civil liberties campaigners said the companies were already working with the intelligence agencies.

None of the major tech firms has yet responded to Mr Hannigan's comments.

Encryption challenge

Mr Hannigan said IS had "embraced the web as a noisy channel in which to promote itself, intimidate people, and radicalise new recruits."

The "security of its communications" added another challenge to agencies such as GCHQ, he said - adding that techniques for encrypting - or digitally scrambling - messages "which were once the preserve of the most sophisticated criminals or nation states now come as standard".

GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, could not tackle these challenges "at scale" without greater support from the private sector, including the largest US technology companies which dominate the web, he wrote.


image copyrightReuters

By Leo Kelion, BBC News website technology editor

One of GCHQ's key concerns is over the shift to encryption - techniques to digitally scramble messages and make their creators anonymous - becoming the default option for many leading internet services.

Both Apple and Google recently switched to making encryption opt-out rather than opt-in in their mobile operating systems iOS8 and Android Lollipop. Apple said it wanted to provide "security and privacy", while Google said the move was intended to protect data from "thieves and snoops". Other tech firms such as Yahoo and Microsoft are taking similar steps.

The firms compare the moves to safes being built with locks, and note that the authorities still have ways to obtain records. For example, Google can still pass on documents and calendars if they have been backed up from a smartphone to its cloud services.

The companies say that while they are willing to co-operate, government surveillance must occur under a legal framework and with oversight.

Mr Hannigan calls for a "mature debate" on just how much privacy these firms should offer, but has yet to be specific on what restrictions he proposes.

Snowden leaks

Mr Hannigan wrote: "They [US technology companies] aspire to be neutral conduits of data and to sit outside or above politics.

"But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.

"However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us."

The challenge was to come up with "better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now", he said.

The debate about whether security agencies should be allowed to access personal data was brought to the fore in 2013 after Edward Snowden leaked details of alleged internet and phone surveillance by US intelligence and GCHQ.

Mr Snowden, who has been granted temporary asylum in Russia, faces espionage charges over his actions.

Earlier in the year, an investigation by the Guardian revealed how IS was using popular hashtags - including ones used during the Scottish referendum - to boost the popularity of its material on Twitter.


By Gordon Corera, BBC security correspondent

This is a hard-hitting article from the new GCHQ director in his first move on taking up the role. His aim is clear - to pressure tech companies to work more with government.

Following the Edward Snowden disclosures last year, some of those companies have been less willing to share data with intelligence and law enforcement and more inclined to encrypt it - making it harder for authorities to gain access.

Tech companies may be surprised by the ferocity of the attack. And they - and privacy activists - may also argue that the spies started this fight with the scale of their intelligence collection and by hacking into some of those companies.

But Robert Hannigan has wasted no time in wading into the debate over security and privacy and making clear he will not shy away from a fight.

'Immense powers'

Emma Carr, director of civil liberties group Big Brother Watch, said the companies were co-operating with the authorities.

She said: "It's a very funny way to go about doing this. On one hand he's saying we need the co-operation of the tech companies while at the same time, pretty much on the first day of his new job, pointing the finger at the tech companies and implying that they just aren't co-operating with law enforcement.

"Which we know from these companies' own transparency reports that's simply not true."

Eva Galperin, from internet freedom group Electronic Frontier Foundation, which is part-funded by the technology industry, said Mr Hannigan was going too far.

"If GCHQ wants the co-operation of American internet companies they have many, many avenues through which to do so," she said.

"GCHQ is responsible for what has come out in the Snowden files as the largest internet surveillance programme we have found to date. Their powers are already immense. I think asking for more is really quite disingenuous."

Brent Hoberman, founder of lastminute.com, said he thought there should be a compromise.

He said: "We need more trust in the security services, I agree, and there were too many people that had access to the Snowden files - 800,000 people or something - that's too many for high-level security.

"But if we had enough confidence that they were only under due process with a warrant that was specific in limited cases - I want the security services to be able to get into my phone."

image copyrightPA
image captionMr Hannigan was appointed as the new director of GCHQ in April

Rachel O'Connell, a former chief security officer at social networking site Bebo, said the security services were taking a "polarised position".

She said this was the case "particularly post-Snowden, where we were realising that there was a suspicion, in some cases substantiated, that the security services have total access to whatever is happening online".

Security minister James Brokenshire recently met representatives from technology companies - including Google, Microsoft and Facebook - in Luxembourg to discuss ways to tackle online extremism.

The government's Counter Terrorism Internet Referral Unit (CTIRU), set up in 2010, has removed more than 49,000 pieces of content from the internet that "encourage or glorify acts of terrorism" - 30,000 of which have been removed since December 2013.

Scotland Yard's head of counter-terrorism, Assistant Commissioner Mark Rowley, has previously said that officers are removing more than 1,000 online postings a week, including graphic and violent videos and images.

Related Topics

More on this story