In defence of GCHQ

Two former directors stand their ground
November 14, 2013

Read Chris Huhne on why we've been a soft target for spies

Privacy is not an unqualified right

GCHQ, to its great discomfort, is front page news. Its longstanding relationship with the US’s National Security Agency (NSA) is being challenged following disclosures from documents stolen by Edward Snowden. I once heard a grizzled American intelligence officer explain transatlantic differences by saying that Government Communications Headquarters (GCHQ) employs natural herbivores, NSA prefers carnivores and the Central Intelligence Agency are simply omnivores. Recent revelations seem to bear this out. After media accusations that GCHQ used the NSA to get round UK legal restrictions, it has been shown to comply strictly with domestic law. Nor has it been engaging in the legal boundary testing (and politically risky) interceptions that US intelligence seems to have been.

But—the question prompted by the Snowden revelations—can it be considered ethical? Does it conform to a code of decent behaviour over personal privacy considered correct by society today?

Having spent most of my working career in UK defence and intelligence, fighting totalitarianism as part of the Cold War, I have no wish to live under the internet age equivalent—the so-called surveillance state. The Panopticon of the all-seeing state has no attraction for me, nor my old colleagues at GCHQ. They would all accept that respect for privacy is essential for maintaining trust in society and are reassured that privacy is now incorporated as a human right in domestic law, governing all their work. They know, however, that privacy is not an unqualified right. It has to be balanced against other rights, such as our right to justice as detectives investigate crime, and our rights to security for person and property as the activities of terrorists and criminals are uncovered by GCHQ.

The purpose of intelligence is to improve the quality of decision-taking. Intelligence is usually fragmentary and can sometimes be wrong. But used consistently it delivers public value. Most of the information needed can be obtained from open sources, but there are circumstances when the value of secret information in protecting society can be considerable; information that others are determined to keep from you, and that you usually do not want them to know you have, so that they cannot adapt their plans. The supply of relevant digital information about the communications, location, contacts, spending and beliefs of suspects is of great interest to the security authorities.

GCHQ is by statute primarily a foreign intelligence agency. At the end of the Cold War, in search of a so-called peace dividend, thoughts turned to giving the task of domestic warranted interception to GCHQ, on behalf of MI5 and the police. Sensibly, government left things as they were.

Meanwhile, the police have found that the use of communications data (information about the who, when and where of communications but not their contents) is an invaluable tool in tackling crime, and less intrusive than interception. Authorised enquiries are served on the telecoms companies when the police need such information. But the advent of broadband, with video calling and social media, means the number of companies involved has increased and they no longer have a commercial need to keep detailed customer records for billing. The communications data bill attempts to give service providers a duty to keep records, and to provide the authority to pay them to do it out of the public purse.

Although the Joint Committee and Intelligence Services Committee that scrutinised the bill recognised the importance of such data to the police, it was in its first form too sweeping for parliament’s taste. Following the recent allegations, some have suggested the bill is not necessary as GCHQ is already gathering all the domestic data the police might need. This is not the case, and would be neither legal nor desirable. The long-term answer is legislation on the lines of an amended bill, since the sensible way to investigate crimes in the internet age is for the police to obtain information they need direct from the internet service providers.

A more informed debate is overdue. To achieve that, it was not necessary for Snowden to steal and publicise details of intelligence sources and methods, nor is that a proportionate response to the issue of balancing our needs for privacy and security. The tragedy is that as a result we will, for some time to come, know less about those who are the real enemies of society.

David Omand is the former Security and Intelligence Coordinator in the Cabinet Office, and a former Director of GCHQ


Let GCHQ do its job

GCHQ is a secret intelligence agency. Its job under statute is to intercept the communications of those who would harm national security or commit serious crime. It is good at its job because it has always stayed at the forefront of technological development—from Bletchley Park to the present day.

The days when the communications networks of our adversaries were distinct from our own or from those of the ordinary citizen are long gone. The overwhelming majority of such communications, whether we’re talking about terrorists, proliferators or top-level criminals, are carried in a myriad of ways on the internet. It would be strange indeed if GCHQ did not try to find ways of tracking down these tiny needles hidden in a vast and growing electronic haystack and allowed the bad guys to have free rein in cyberspace.

But that technological capability has to be exercised responsibly, and the UK has clear and comprehensive arrangements for oversight and audit. This includes legislation (the Regulation of Investigatory Powers Act was drafted specifically to be technology neutral and compliant with the European Convention on Human Rights), a recently strengthened Intelligence and Security Committee, and the interception and intelligence commissioners. These oversight groups are not poodles of the establishment: they probe deeply into the details of GCHQ’s activities. That they do so mostly in secret does not mean they are ineffective.

And it goes further than regulation, oversight and audit. GCHQ staff are public servants whose job is to protect national security. The culture of compliance with the law runs very deep in the workforce. I know they would be shocked at the implication that they evade the law or abuse their position to snoop on innocent citizens.

By all means have a debate about the balance between security and privacy in the internet age, but let’s start by recognising that the UK’s security and intelligence agencies have a job to do, given to them by parliament and the government, to protect national security. They are not there to carry out mass surveillance of innocent people.

Kevin Tebbit is a former Director of GCHQ