US tech companies "the command and control networks of choice for terrorists and criminals"

GCHQ's Robert Hannigan says tech firms 'in denial' on extremism.


US technology companies have become "the command and control networks of choice for terrorists and criminals", the new head of GCHQ has said.

Writing in the Financial Times, Robert Hannigan said some internet firms were "in denial" about how their services were being misused by groups such as Islamic State.
He called for greater co-operation with security services from the companies.
None of the major tech firms have yet responded to Mr Hannigan's comments.

Mr Hannigan said Islamic State used the internet as a "noisy channel in which to promote itself" by using "messaging and social media services such as Twitter, Facebook and WhatsApp, and a language their peers understand", he said.
And the "security of its communications" added another challenge to agencies such as GCHQ, he said - adding that techniques for encrypting messages "which were once the preserve of the most sophisticated criminals or nation states now come as standard".

GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, could not tackle these challenges "at scale" without greater support from the private sector, including the largest US technology companies which dominate the web, he wrote.
"They aspire to be neutral conduits of data and to sit outside or above politics", he wrote.
"But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.
"However much they may dislike it, they [US technology companies] have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us."

The challenge was to come up with "better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now", he said.

-------------------------------------------------------------------------------------------------


Analysis
Leo Kelion, technology desk editor
One of GCHQ's key concerns is the shift to encryption becoming the default option for many leading internet services.
As Mr Hannigan puts it, techniques to digitally scramble messages and make their creators anonymous were once the preserve of nation states, but "now come as standard".
Both Apple and Google recently switched to making encryption opt-out rather than opt-in in their mobile operating systems iOS8 and Android Lollipop. Apple said it wanted to provide "security and privacy", while Google said the move was intended to protect data from "thieves and snoops".

Other tech firms have taken similar steps, with Yahoo promising "end-to-end" encryption of its Mail service by 2015, while Microsoft has pledged to ensure customer content uploaded to its data servers would be encrypted by default by the end of this year to prevent what it termed "government snooping".
The firms compare the moves to safes being built with locks, and note that the authorities still have ways to obtain records. For example, Google can still pass on documents and calendars if they have been backed up from a smartphone to its cloud services.

But the companies says that while they are willing to co-operate, government surveillance must occur under a legal framework and with oversight, and they have pushed to be allowed to reveal more details about the amount of data they have handed over to government agencies.
This is not purely for altruistic reasons. In a post-Snowden world the companies know that both members of the public and enterprises will only pay for their cloud services if they have a measure of trust that their data is secure.
Mr Hannigan calls for a "mature debate" on just how much privacy these firms should offer, but has yet to be specific on what restrictions he proposes.

-------------------------------------------------------------------------------------------------


The debate about whether security agencies should be allowed to access personal data was brought to the fore in 2013 after Edward Snowden leaked details of alleged internet and phone surveillance by US intelligence.
Mr Snowden, who has been granted temporary asylum in Russia, faces espionage charges over his actions.

Earlier in the year, an investigation by the Guardian revealed how IS was using popular hashtags - including ones used during the Scottish referendum - to boost the popularity of its material on Twitter.
This is a hard-hitting article from the new GCHQ director in his first move on taking up the role. His aim is clear - to pressure tech companies to work more with government.
Following the Edward Snowden disclosures last year, some of those companies have been less willing to share data with intelligence and law enforcement and more inclined to encrypt it - making it harder for authorities to gain access.

Tech companies may be surprised by the ferocity of the attack. And they - and privacy activists - may also argue that the spies started this fight with the scale of their intelligence collection and by hacking into some of those companies.
But Robert Hannigan has wasted no time in wading into the debate over security and privacy and making clear he will not shy away from a fight.


Brent Hoberman, founder of lastminute. .com, said he thought there should be a compromise.
He said: "We need more trust in the security services, I agree, and there were too many people that had access to the Snowden files - 800,000 people or something - that's too many for high-level security.
"But if we had enough confidence that they were only under due process with a warrant that was specific in limited cases - I want the security services to be able to get into my phone."

Rachel O'Connell, a former chief security officer at social networking site Bebo, said the security services were taking a "polarised position".
She said this was the case "particularly post-Snowden, where we were realising that there was a suspicion, in some cases substantiated, that the security services have total access to whatever is happening online."

Security minister James Brokenshire recently met representatives from technology companies - including Google, Microsoft and Facebook - in Luxembourg to discuss ways to tackle online extremists.
The government's Counter Terrorism Internet Referral Unit (CTIRU), set up in 2010, has removed more than 49,000 pieces of content from the internet that "encourage or glorify acts of terrorism" - 30,000 of which have been removed since December 2013.

Scotland Yard's head of counter-terrorism, Assistant Commissioner Mark Rowley, has previously said that officers are removing more than 1,000 online postings a week, including graphic and violent videos and images.

Link:
http://www.bbc.co.uk/news/uk-29891285