Shortly after Robert Hannigan took over the British signals-intelligence agency GCHQ in 2014, he implored technology companies to do more to facilitate investigations of criminals and terrorists. “To those of us who have to tackle the depressing end of human behavior on the Internet, it can seem that some technology companies are in denial about its misuse,” Hannigan wrote in an op-ed in the Financial Times.
Today Hannigan appears to regret how he said it—he acknowledges that the comments “were widely seen as an attack on the tech industry” when in fact “companies are routinely providing help within the law.” But while his tone has softened, his argument remains. Echoing the FBI’s position in its standoff with Apple, Hannigan insists that intelligence and law enforcement agencies are often stymied without technical assistance from Silicon Valley (see “British Spy Agency Chief Says Tech Companies Should Provide a Way Around Encryption”). Here are highlights from an interview he gave to MIT Technology Review after a speech at MIT this week.
Secret agencies can do clever things because they’ve got clever mathematicians and they’re good at crypto and they’ve been doing it for years. Well, yes, but it still doesn’t really get around the day-to-day problem for law enforcement. We can do all sorts of clever target discoveries, as we call it, and use data in clever ways, but they have to prosecute and produce evidence. That’s a big difference. And for them it’s not about long-term signals intelligence; it’s about your 14-year-old girl who’s gone missing, and the parents expect law enforcement to know where they are. I don’t disagree that long term, there might be all sorts of ways of using data and other sorts of surveillance to do what can’t be done through a handset anymore. But that looks some way off. That doesn’t help them now.
The debate around encryption is shadowed by a lack of trust in the government. Do you regret things that your counterparts at NSA did or your predecessors at GCHQ did that Edward Snowden revealed?
I certainly think you’re right that it has contributed to the lack of trust. Clearly it did. One of the damages that it did was to poison the relationship, make it very difficult for the tech sector to sit down with government at all. I think that’s changed, it’s softened over time—partly because of the threats, partly because of the passage of time. But you’re right, it did poison the relationship. Do I regret? The truth is that despite all the allegations and all the stuff in the press, successive court cases in the U.K. have said that what we did was lawful, and therefore proportionate and necessary. And if any society then decides it wants to change that—well, they can change it.
Doesn’t the fact that we know about the existence of certain surveillance programs only because of those leaks imply that they had been kept secret because of doubts over whether they were appropriate?
Well, I don’t think it follows that they were secret because they were not appropriate. They were secret because to be effective, they needed to be secret. And obviously, revealing them damages their effectiveness. My general thought, though, on the pre-Snowden [era], if you like, is that it would have been so much easier if we had been much more open about a lot of this stuff. We should have said more in the past about what we did … and make clear how it’s controlled, how it’s proportionate, what it’s for, which we’ve tried to do recently. The difficulty is, I suppose, is that secret agencies just by default don’t tend to publish stuff.