Who do you trust less? Google or GCHQ?

It is over five years since I first blogged on the theme of whether I would prefer to trust Google or GCHQ with the privacy of my e-mails. Material put into the public domain by the Guardian merely confirmed that for those who are of interest to the US security services it is much the same thing. I suspect that is also why David Miranda was stopped in transit at Heathrow and the Guardian was forced to destroy its UK-based files . But maybe he was also suspected of carrying information about UK espionage, not just counter-espionage, activities. If so, what puzzles me is the use of Anti-Terrorism legislation instead of the Official Secrets Act . I had thought that Sections 5 and 6, like section 7 of the 1920 Act used to convict Erwin Van Haarlem in 1989, applied to Foreign Citizens on UK soil, even if only in transit. I would be grateful for postings from readers as to why this was not appropriate (or for private e-mails)

[It has since been pointed out to me that Section 7 of the 1920 Act was used against “Van Harleem” because it was not known what information he was handling or even who he really was. Another reader thought that the use of anti-terrorism legislation was reasonable because Snowden almost certainly copied information of value to terrorists (as well as to others). Meanwhile the split of public opinion quoted in today’s  Guardian article on the legal controversy is interesting: including support for the destruction of their hard discs – would you trust their ability to keep secure that which they decide not to publish because it was not in the public interest, let alone allow journalists to make such decisions?].  

Given recent revelations of Google’s current privacy policy  and what I have be able to glean over the years regarding the governance structures of GCHQ, including from public sources such as Aldrich’s “Uncensored Story”  , I still have more faith in the governance processes of GCHQ – albeit not necessarily in those of the Home Office and its agencies, whose mindsets appear stuck in the 1880s (when they were fighting Fenian terrorism). I should, however, add that that is not necessarily a criticism. 

Meanwhile the spread of low cost, mass market, encryption tools, from Scrambls to Silent Circle threatens to also destroy the business models of many of those who are so ensthusiastic about Big Data . We live in “interesting times“.  

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Risk is about more than threat it is also about impact.

The potential impact of Google or GCHQ doing something they should not or simply making a mistake are not the same.

It is possible that the impact gap may narrow over time as the ability to live everyday life becomes more dependent on linked systems so that computer says no.

At the moment state based impacts are higher because the power of the state is greater and more pervasive. Concern about the impact of bureaucracy goes back a long way. We do not find out whether Joseph K did anything to justify his treatment. We do know that Lieutenant Kijé never existed and that Archibald Buttle died through a spelling error. It is not the different technologies involved but the behaviours that organisational working generate that tend to escalate impact.

This is a good point but raises the question of whether we have already passed the tipping point and the power of the state is no longer more pervasive. I do not agree that if you nothing to hide, you have nothing to fear but I do believe that the actions and/or mistakes of Google and some of the other major private sector players in the on-line have, in practice, rather more impact on rather more lives than those of GCHQ and its peers. They are also, however, more amenable to "customer pressure" (e.g. consumer boycotts that hurt their advertising or other revenue streams).