The language Robert Hannigan, the new head of GCHQ, uses in his opening statement is well considered in his appeal to openness, democratic values, and the need for corporate responsibility towards helping the security services.
“I understand why they have an uneasy relationship with governments”, he writes:
They aspire to be neutral conduits of data and to sit outside or above politics. But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.
It’s an important part of the on-going debate about privacy and security, but I suspect the piece has been read, tweaked and perfected by many eyes. It is a piece of political public relations. A strategic communications weapon, if you like, from the agency for whom communications – yours, theirs – is what they do.
Certainly Hannigan is right when he writes about misuse of data, and the increasing pressure that companies and governments are under to demonstrate that they handle it properly. Already, firms that directly or indirectly make money from advertising have done so under shady and sometimes illegal premises, such as the court case over Phorm advertising trialed by BT. The commercial application of techniques used to mine people’s electronic data are intrusive, growing in sophistication and poorly understood by the public.
But companies will respond to customer demand. Clearly the growth of privacy-friendly technologies is because customers object to the corporate world’s interest in their data, just as they distrust intelligence services and the national governments that direct them. They are capitalising on a market opening.
Apple and Google introduced encryption for their mobile operating systems because organisations supposedly accountable to democratic oversight abused their position. Citizens’ lack of trust is a correct and proper response to a coterie of intelligence security services conspiring – a sinister word, I know, but accurate – to gather extraordinarily large amounts of data on their citizenry.
In fact the scale of surveillance surprised nearly everyone, from computer scientists, privacy lawyers, industry watchers and critically engaged academics to some politicians themselves.
Hannigan is correct in stating privacy is not an absolute right. He will not find a serious privacy campaigner that disagrees with him, because no one believes that privacy trumps all. This is because, in a liberal democratic society, privacy is a qualified right. The question is whether GCHQ has a good reason for such excessive measures and whether it should be able to do so employ them without oversight.
I believe this is by some margin a step too far, and deeply undemocratic. The task facing society is to build greater public accountability into the system while being able to make best use of relevant intelligence. Demanding surveillance without oversight is not good enough.
It’s important, however, that we do not fall into the habit of casting security services in a cartoon-ish role of sinister organisations. The abuse of surveillance tools is enough concern without adding any excessively dystopian amplification. Recall that security services forced businesses to hand over data under secret orders, tapped privately-owned cables carrying citizens’ communications, and gathered and stored data from telephone calls, internet searches and websites visited to analyse these at will.
This was done without public oversight or consent. As recent revelations in the Investigatory Powers Tribunal highlight, the legality of this is questionable because these activities circumvent UK laws on the need for a warrant to conduct surveillance.
Hannigan’s article makes generous use of appeals to democratic principles, but they are precisely what the powers he would see his agency awarded would undermine.