The new chief of Britain’s electronic spying agency, GCHQ, has accused US technology companies of becoming “the command and control networks of choice” for terrorists in a broadside against Silicon Valley in his first week in office.
In an article for the Financial Times, Robert Hannigan, the new director of GCHQ, accuses some US tech companies of being “in denial” about the misuse of their services even as he calls for them to work more closely with intelligence agencies.
“However much they may dislike it, they have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us.”
Most internet users, he adds, “would be comfortable with a better and more sustainable relationship between the [intelligence] agencies and the tech companies”.
His remarks underscore growing tensions in the western intelligence community as internet companies have moved to protect their brands one year after the revelations by the whistleblower Edward Snowden. His dispersal of a vast trove of classified intelligence material exposed mass electronic US and UK surveillance activities to the world in June last year.
“The challenge to governments and to the intelligence agencies is huge,” Mr Hannigan writes, describing the post-Snowden digital tactics used by jihadis such as the Islamic State of Iraq and the Levant (known as Isis) as a milestone in the development of the internet.
GCHQ and its sister agencies MI5 and SIS (the UK’s domestic and international intelligence agencies) “cannot tackle these challenges at scale without greater support . . . including [from] the largest US tech companies which dominate the web.”
An eruption of extremist jihadi material online as well as evermore sophisticated methods of encrypting and disguising important communications between terrorists have left western intelligence agencies scrambling to maintain their surveillance capabilities amid the most worrisome rise in violent jihadism since the World Trade Center attacks.
Isis fighters are prolific users of dozens of different social media platforms: from the well known such as Twitter and YouTube to the more specialised such as JustPaste.it or Russia’s VKontakte. Many modish communications platforms, such as the free text-messaging service WhatsApp, have become an integrated part of the Isis command structure: the app is one of several used by anonymous military commanders of Isis to disseminate instructions to its fighters in the field.
Many large internet companies have continued to adhere to requests for information from US spymasters, particularly the National Security Agency, according to security officials. But GCHQ’s intelligence-collection abilities have become “much harder” in the past 18 months, British security officials say, as US technology companies have become less co-operative with foreign intelligence agencies, even those such as the UK that work intimately with US authorities.
Three UK security officials said that US technology companies such as Google and Facebook have curbed the ability of UK intelligence to tap valuable electronic data in the wake of the Snowden leaks. “The UK has had the most to lose [from Snowden],” said one.
The UK government’s position has shifted substantially over the past year: six months ago politicians ruled out new legislation to compel internet companies to grant GCHQ access, but now many in Westminster are minded to draft new laws.
Mr Hannigan’s decision to go public with his critique will be seen as reflecting the intensity of the government’s concern. GCHQ has long been known as the most secretive of the UK’s three intelligence agencies. Sir Iain Lobban, Mr Hannigan’s predecessor, became the first director to speak publicly when he testified before parliament in the wake of the Snowden leaks last year.
Technology industry insiders expressed alarm at the idea of creating “better arrangements” to share user information – as Mr Hannigan calls for in his opinion piece.
One senior executive at a US tech group said any agreement to circumvent the current process, which requires law-enforcement groups to seek a court order before a company hands over data, would be “eliminating due process and that could be a dangerous situation”.
“What should we do if the Saudi or Russian government also demanded information be handed over on the spot?” he said.
Another industry insider said it was for the government to legislate on the rules for internet surveillance, rather than for the UK intelligence groups to “cajole” tech companies into handing over sensitive information. “We don’t believe in creating back doors,” they said.
Companies including Google, Yahoo, Facebook and Microsoft have consistently denied they have granted access to their systems to intelligence services, in response to revelations that US and UK security agencies were able to tap into the internal networks of America’s leading tech companies.
Many have also released transparency reports showing how many times they have received requests for user data from governments around the world. Executives said that these show that, in the UK, tech groups have been complying with official requests for data in greater numbers than ever before.
In other areas tech companies have enhanced co-operation with British authorities in tackling extremist content online, too.
Google’s video-sharing site YouTube allows its “community” of users to flag inappropriate content – including videos of beheadings conducted by Isis – in order for them to be taken down. The Home Office has been granted permissions as a “trusted flagger” of YouTube videos, allowing civil servants to request clips be taken down en masse, one of the reasons that it is rare to find graphic videos of beheadings on the site.
Google, Facebook, Twitter and Microsoft declined to comment.
This article has been re-edited since publication