The claim by parliament’s intelligence and security committee that an unnamed internet company should entirely shoulder the blame for failing to prevent the terrorist murder of soldier Lee Rigby is as outrageous as it is wrong-headed. It really is a case of shooting the messenger.
The accusation by the ISC chairman, Sir Malcolm Rifkind, that the company is providing a “haven for terrorists” because it is not routinely monitoring the content of every exchange that takes place over its networks is not far off a 1920s home secretary blaming the telephone for spreading Soviet Bolshevism.
It is also a dangerous accusation because it jeopardises the undoubted goodwill that exists among overseas internet companies such as Facebook, Twitter, and Google, that the British police and security services rely on for help, especially in emergency situations.
Rifkind complains that none of the major US companies proactively monitors or reviews suspicious content on their systems, but if they were to do so it would immediately open them to the accusation that they were acting as state security agencies. It is one thing for US companies to cooperate with British requests for help but how would Rifkind feel if they start handing over their customers’ confidential data to the Chinese and the Russians as well?
It is not the job of the internet companies to intercept the content of their customers’ emails or other exchanges any more than it was the job of the Post Office to read everyone’s letters. Postal workers did not steam open suspicious letters – that was the job of the police special branch, and the distinction is important.
Only the state can have that power, and up to now most internet companies have shown themselves willing to respond to specific requests to monitor targeted individuals as long as it is backed by a legally enforceable warrant issued by a home secretary and preferably made enforceable by a court order.
But, as the ISC report shows, no such request was made in the Woolwich case because the security services regarded Michael Adebowale, one of the two men convicted for the murder, as a low-level threat and so “intrusive action would not have been justified”. It is hard to see how, if it was not justified for MI5 to take intrusive action to monitor his online activity in order to pick up the threat to kill a British soldier, it could be justified for a US internet company to do so.
Rifkind complains that even if MI5 had asked the internet company to monitor Adebowale they might not have responded. He cites evidence that none of the US internet companies regard themselves as compelled to comply with a British ministerial intercept warrant and that they “appear to accept no responsibility for the services they provide”.
But this was not the evidence taken by the joint parliamentary committee which strongly criticised the “snooper’s charter” or the draft communications data bill. That committee, which included a former cabinet secretary, and former Home Office ministers, reported that while the US companies did not regard themselves as bound by British warrants, there was no lack of goodwill and most have “extremely cooperative professional relationships” that allow UK police and security services to access data, including 24-hour emergency procedures where there is an immediate threat to life.
Facebook even has a team in Dublin handling standard British requests and another dedicated team in California dealing with emergencies. On top of that are procedures under mutual legal aid treaties which are more legally binding but relatively time consuming to implement.
But beneath the bluntness of the Rifkind attack is a more hidden threat. As NSA whistleblower Edward Snowden’s disclosures and the proposals in the “snooper’s charter” reveal, if US companies are not prepared to hand over their customers’ data by the front door, the British government in the shape of GCHQ, are quite prepared to grab it by the back door.
