Pages

11 November 2014

Memo to NSA and GCHQ: Sending encrypted emails doesn’t make you a criminal

John Naughton
November 9, 2014
Yes, Isis exploits technology. But that’s no reason to compromise our privacy





The Guardian

Isis fighters in Syria. ‘How come GCHQ failed to notice the rise of the Isis menace until it was upon us?’ Photograph: Alamy/Zuma Press Inc

A headline caught my eye last Tuesday morning. “Privacy not an absolute right, says GCHQ chief”, it read. Given that GCHQ bosses are normally sensibly taciturn types, it looked puzzling. But it turns out that Sir Iain Lobban has retired from GCHQ to spend more time with his pension, to be followed no doubt, after a discreet interval, with some lucrative non-exec directorships. His successor is a Foreign Office smoothie, name of Robert Hannigan, who obviously decided that the best form of defence against the Snowden revelations is attack, which he mounted via an op-ed piece in the Financial Times, in the course of which he wrote some very puzzling things.

Much of his piece is a rehearsal of how good Isis has become at exploiting social media. Its members “use messaging and social media services such as Twitter, Facebook and WhatsApp, and a language their peers understand. The videos they post of themselves attacking towns, firing weapons or detonating explosives have a self-conscious online gaming quality. Their use of the World Cup and Ebola hashtags to insert the Isis message into a wider news feed, and their ability to send 40,000 tweets a day during the advance on Mosul without triggering spam controls, illustrates their ease with new media. There is no need for today’s would-be jihadis to seek out restricted websites with secret passwords: they can follow other young people posting their adventures in Syria as they would anywhere else.”

All of which is spot-on. From the very beginning, Isis fanatics have been up to speed on this stuff. Which raises an interesting question: how come that GCHQand the other intelligence agencies failed to notice the rise of the Isis menace until it was upon us? Were they so busy hoovering metadata and tapping submarine cables and “mastering the internet” (as the code name of one of their projects puts it) that they didn’t have time to see what every impressionable Muslim 14-year-old in the world with an internet connection could see?

Having neatly deflected attention from an apparent agency failure, Mr Hannigan then switches tack in vintage I-say-Biggles-these-fiends-are-devilishly-clever mode. Bad guys have always been able to hide their evil communications, but “today mobile technology and smartphones have increased the options available exponentially. Techniques for encrypting messages or making them anonymous, which were once the preserve of the most sophisticated criminals or nation states, now come as standard.” Wow! Who knew?

But the fiends would not be able to wreak their havoc without the tacit assistance of the big internet companies, which “aspire to be neutral conduits of data and to sit outside or above politics. But increasingly, their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism. However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals.”

Eh? If US companies are hosting extremist videos or child porn, then the US, UK and other governments have well-tried legal avenues for addressing the problem (subject to the vagaries of the US constitution, of course). It’s the “command and control networks” bit I don’t get. That sounds to me like a pretty specialised adaptation of general web services, unless all Mr Hannigan means is that the bad guys are using Flickr for steganography and encrypting their Gmail, in which case it’s difficult to see how the companies could help.

In his peroration, the new head spook moves into statesmanlike mode. “GCHQ,” he intones, “is happy to be part of a mature debate on privacy in the digital age.” “But” – there’s always a “but” in these orations – “privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions.”

Leaving aside the hubris of a non-elected official lecturing us on our rights, there is the small difficulty that the state of which Mr Hannigan is a servant is a signatory of the European convention on human rights, article 8 of which says that “everyone has the right to respect for his private and family life, his home and his correspondence”. And, with nicely coincidental timing, it just so happens that some interesting – and user-friendly – tools for encrypting one’s electronic communications, such as Cryptocat and ShadowCrypt, are finally becoming available.

So if Mr Hannigan really wants to have a “mature” debate about this stuff, a good place to start would be with an assurance that citizens who use these tools simply to ensure that their private, lawful communications remain private will not be targeted for surveillance by his new subordinates. In an insecure world, cryptography is a tool for everyone.

No comments:

Post a Comment