Writing in the Financial Times, the new head of UK spy agency GCHQ, Robert Hannigan, uses the spectre of ISIS (and an unspecified threat of “greater violence” ahead) to argue for a “new deal” between intelligence agencies and tech companies. Indeed, he puts companies on notice that he expects them to make “better arrangements” to “facilitate” the work of the GCHQ.
It is unclear what “better arrangements” Hannigan wants for access to our personal data – GCHQ already can and does use secret orders to force companies to hand over the user data of hundreds of millions of people, and taps into fibre-optic cables to siphon internet traffic directly.
He hints that weakening encryption may be GCHQ’s next aim, saying that the enhanced privacy now being offered by online service providers “presents an even greater challenge to agencies such as GCHQ”. This is misguided. Outlawing or compromising encryption for ordinary law-abiding users will not stop criminals and terrorists using such tools, and could push them back onto the “dark web” where they are far harder for law enforcement and security agencies to track.
Hannigan implies that it’s irresponsible at best, unpatriotic at worst, for tech companies to remain “neutral conduits of data” who “sit outside or above politics”. But the alternative – a world in which tech companies are not allowed to be neutral and must have a “special arrangement” with the security forces – does not appeal to us. Indeed, it sounds eerily like the system already in place in Russia and China, which has been roundly condemned by the UK and its allies.
“Deals” between tech companies and intelligence agencies are not the way to decide who gets to spy on whom and how. The power to spy on people is necessary – for all the good reasons that Hannigan cites – but it is also a truly formidable power. If we value our democratic liberties, it cannot be left to tech companies or to spies to be the arbiters of how it is used. It is the courts who should decide this – not companies, and certainly not the spies themselves.
More broadly, it is the people themselves, represented by Parliament – the UK’s supreme legal authority – who need to set necessary and proportionate limits on police and intelligence powers, and hold such agencies accountable for observing them.
As the former UN Special Rapporteur Frank LaRue observed, once we start trading off democracy against national security, we are in grave danger of losing both.
With that in mind, we welcome Hannigan’s call for a “mature debate on privacy in the digital age”. As we, and other civil society organisations have been saying for over a year, this debate should take the form of an independent review of UK surveillance powers and oversight, with full public participation and government commitment to follow up with legal reform. In this vital area, this important public discussion can’t start soon enough.
 For a cogent analysis of earlier UK government proposals to undermine encryption, see Bowden, C., & Akdeniz, Y., “Cryptography and Democracy: Dilemmas of Freedom,” in Liberty eds., Liberating Cyberspace: Civil Liberties, Human Rights, and the Internet, London: Pluto Press, 1999, 81-125. http://www.cyber-rights.org/reports/yacb.pdf