I think there is a real question here about responsibility for those who carry this information. Some of the social media companies operate arrangements for their own purposes under their codes of practice which cause them to close accounts sometimes because of what’s carried. I think there’s then a question about why not come forward. If it’s something that concerns terrorism or concerns child sex exploitation or some other appalling area of crime, then why would a company not come forward?
It’s a familiar refrain from the intelligence agencies. The notion that big technology platforms have an “ethical responsibility” because of their reach and quantity of user data to help security services combat terrorism and serious crime by doing more to pass on information on their users — and ultimately, by implication, to eschew strong encryption to ensure continued access to user communications.
Brits heard this point of view again this morning, from Andrew Parker, the head of the MI5 domestic intelligence agency, who was giving a live broadcast interview on BBC Radio 4’s Today program — the first ever such live interview by a standing head of any of the U.K.’s intelligence agencies.
Parker’s public turn on the airwaves comes at a time when the U.K. government is in the midst of overhauling surveillance legislation, with the forthcoming Investigatory Powers Bill due to be debated by MPs this autumn. So his appearance is clearly timed to apply pressure on the coming debate.
The government’s previously stated priorities for the new legislation are plugging what it terms “capability gaps” in law enforcement and intelligence agencies’ abilities to combat terrorism and serious crime. Prime Minister David Cameron has repeatedly spoken out against strong encryption — arguing it should always be possible for intelligence agencies to access data “in extremis”.
Like Cameron, Parker lobbied for improved ‘visibility’, arguing more surveillance powers are needed as modern technology continues to evolve. “If we’re to find and stop the people who mean us harm MI5 and others need to be able to navigate the Internet to find terrorist communication, we need to be able to use datasets where we can join the dots to be able to find and stop the terrorists who mean us harm before they’re able to bring plots to fruition,” he said, adding: “It’s becoming more difficult to do it as technology changes faster and faster, and encryption comes in.”
As noted above, he also called specifically for more co-operation from Internet companies — without specifically citing particular companies or specifically calling for encryption-perforating backdoors. Although the surface rhetoric is increasingly being framed as ‘access vs encryption’ — so the political pressure against consumer services adopting strong encryption coming from the surveillance state is clear.
Wider co-operation is needed too under legal warrant.
“I think there is a real question about whether companies holding [communications] information… under what arrangements they should come forward to the authorities and share and report it,” said Parker. “But it’s only one of the issues in this realm where wider co-operation is needed too under legal warrant.
“Most of the time the question is if I know and have reason to believe who a terrorist is, I know what communications means that they use, we have a warrant signed by the Home Security to obtain it , the question then is can we actually obtain those communications from that company?”
Parker went on to argue that “international agreement and arrangements” are needed to ensure domestic intelligence agencies can gain access to communications when the Internet companies in question might well be based overseas.
“I think it is important into the future that no only there is a framework of clear law in countries like Britain… but also that there is international agreement and arrangements whereby companies have a confident basis on which to co-operate with agencies like mine and with the police in order to protect society and of course their customers from people who might do them harm,” he said.
There’s plenty that’s problematic with this argument — if you view it as a push to formalize a requirement for Internet companies to act as outsourced state intelligence-gathering apparatus. Spying should be the business of spies, not social media companies surely? Although the drive by commercial entities to gather vast amounts of user data to power their businesses has arguably got them into this tricky bind. If you can’t see and/or don’t retain user data there’s little point in the government knocking on your door asking for a backdoor key.
Another key area the interview touched on was surveillance oversight. The U.K.’s forthcoming Investigatory Powers Bill is set to address oversight of surveillance powers — with existing legislation in this area having has been roundly condemned as lacking clarity and transparency. Several independent reviews of existing legislation, including QC David Anderson’s report published this June, have also called for surveillance warrants to be signed off by the judiciary, rather than (as is currently the case) by government ministers.
Parker was asked specifically by the Today program’s Mishal Husain whether MI5 would support a shift to judicial sign-off for intercept warrants — but he declined to give a view on this, saying it is for “ministers to propose and parliament to decide”.
He also claimed MI5 does not have “population-scale monitoring”, saying rather it focuses resources on “the people who mean us harm”, adding: “We are not about browsing through the private lives of citizens of this country.”
Which of course entirely sidesteps the core criticism of mass surveillance (aka ‘bulk interception’) — since bulk interception does not discriminate in the data that is gathered. Yet the intelligence agencies claim they are discriminating in the data they choose to pull out of the dragnet. An argument that can be summed up as: ‘trust us’.
Anderson’s report did support the use of bulk interception by the U.K.’s intelligence agencies. However he argued such expansive capabilities must be “subject to strict additional safeguards” — such as having judges sign off interception warrants. So only with an additional check and balance (judges) that is currently not there. Nor is it yet clear whether the U.K. government will follow Anderson’s recommendation on this point.
Without adequate oversight the security services’ ‘trust us’ rings rather hollow — especially in light of the revelations of the extent of surveillance infrastructure disclosed by NSA whistleblower Edward Snowden.
Earlier this year, for instance, prior data-sharing activities between the U.K.’s GCHQ and the U.S.’s NSA were ruled illegal by the court that oversees the U.K. security services — the first such ruling against the agencies in the court’s 15 year history. The court has also confirmed GCHQ used its surveillance powers to spy on human rights organizations — including Amnesty International.
Safe to say, there have been a lot of firsts since Snowden blew the whistle.
On the other side of the coin, Parker claimed today there have been six terrorist “attempts” in the U.K. which have been foiled by intervention from the intelligence agencies in the past 12 months. “That is the highest number I can recall in my 32-year career. Certainly the highest number since 9/11,” he said, going on to argue that digital technologies have changed the “shape” of the terrorism threat.
“Because of the Internet and the way terrorists use social media — including from Syria — and the way we all live our lives with smartphones in our pockets, the terrorists do the same and they’re using secure apps and Internet communication to try to broadcast their message, and to incite and direct terrorism amongst people who live here, who are prepared to listen to their message,” he added.
If you’re in the U.K. — or have access to BBC iPlayer — you can listen to the full interview with Parker here, for the next 29 days.