Last month, Robert Hannigan, the director of GCHQ, a British intelligence agency, wrote an opinion piece in the Financial Times castigating tech companies for being “in denial” about abuses of their platforms by criminals and terrorists and calling on them to develop better arrangements for facilitating lawful government investigations. While there is certainly much room for improved cooperation between government and the private sector, the first step for reform should be for intelligence agencies like GCHQ to take a hard look in the mirror.
Hannigan’s arguments contain three fallacies.
First, he fails to grasp that by engaging in mass surveillance, the intelligence community has shattered the trust the public has in both technology companies and government itself, and at the same time seriously damaged the ability of firms to sell their products to foreign customers. Because of this distrust, technology companies are justifiably reluctant to work closely with the government, even when doing so would be in everyone’s interest. For example, intelligence agencies like the National Security Agency (NSA) have some of the world’s foremost cryptographers and security experts on their payrolls and should be offering technical assistance to tech companies, but doing so in today’s environment would likely drive away customers. Until the government reforms its own behavior, it should not expect the private sector to be a willing partner in efforts to expand its reach.
Second, the GCHQ director falsely suggests that the tech industry is morally agnostic when he writes that these companies “aspire to be neutral conduits of data and to sit outside or above politics.” On the contrary, most tech companies have always aimed to operate according to a set of ethical principles, while also recognizing that their global presence means they must comply with competing national laws. For example, the microblogging service Twitter explicitly bans a number of actions on its platform, including impersonating others, making threats and infringing on copyrights, while also abiding by country-specific restrictions such as banning anti-Semitic tweets in France.
Third, Hannigan blurs the line between voluntary data collection by the private sector and covert, mass surveillance by the intelligence community. He conflates these two by saying, “[GCHQ needs to] show how we are accountable for the data we use to protect people, just as the private sector is increasingly under pressure to show how it filters and sells its customers’ data.” Hannigan fails to appreciate the distinction between the private sector and government: Google does not arrest users based on their search queries; Facebook does not imprison dissidents for their status updates. Perhaps most importantly, there is no “opt-out” button for government surveillance.
While all stakeholders in the Internet ecosystem should be working to promote safety and lawfulness online, the intelligence community should recognize that natural improvements in security will inevitably mean that traditional communication networks will “go dark.” Rather than demand that tech companies roll back security features to create hacker-friendly products and services, intelligence agencies like the NSA and GCHQ should find practical alternatives, such as analysis of other data sources, to solve and prevent crimes.
Moreover, law enforcement and intelligence agencies in both the United States and the United Kingdom should prioritize rebuilding the trust of the private sector by admitting to and curtailing the spying practices that exceed public expectations and laws, as well as committing themselves to real reform. For example, in the United States, it is time for the president and Congress to make clear that the policy of the U.S. government is to improve online security, not weaken it, such as by notifying companies of vulnerabilities it has discovered in this process, as well as adopt the recommendations offered by the President’s Review Group on Intelligence and Communications Technologies. As the White House has noted in the past, “Trust is essential to maintaining the social and economic benefits that networked technologies bring to the United States and the rest of the world.” It is imperative that policymakers around the world work to repair this trust. The root problems associated with mass, covert surveillance by the intelligence community — which generated the mistrust in the first place — have to be resolved. Then, and only then, will a meaningful dialogue begin with the tech industry.
Daniel Castro is a senior analyst with the Information Technology and Innovation Foundation (ITIF). Alan McQuinn is a research assistant with ITIF.
This story, "Intelligence Community Must Get its Own House in Order" was originally published by Computerworld.