A View from the CT Foxhole: Robert Hannigan, Former Director, GCHQ.

• Author: Pantucci, Raffaello

CTC: Shortly after you were appointed the director of GCHQ (Government Communications Headquarters) in 2014, the Islamic State declared a caliphate after taking control of large swaths of Iraq and Syria. When you retired as director in 2017, the group was well on the path to territorial defeat in Syria and Iraq. How would you describe the contribution GCHQ made to the global campaign against the Islamic State and protecting the United Kingdom from the group's terrorism? How did GCHQ evolve to focus on the Islamic State threat, and what were the lessons learned?

Hannigan: There were two things in particular about ISIS that made it different. One was obviously the geographical hold: the fact that it had territory in northern Syria and northern Iraq--whether you want to call it a caliphate or not--which made it almost inaccessible from the ground in practice.

The other thing that made it different was generational. This was a group that understood the power of media, and particularly new media, in a way that previous Islamist extremist groups had not. Those were two big challenges. From GCHQ's point of view, counterterrorism was at that stage the biggest single mission. There were, of course, lots of other missions, too, but [CT] was a huge investment of resources, for obvious reasons. To some extent, GCHQ was using the lessons it had learnt in Afghanistan, which had been a very strong counterinsurgency/counterterrorism effort where GCHQ had been embedded with the military. It was building on those lessons, but of course the SIGINT environment in Syria and Iraq was very different.

In Afghanistan, essentially the Allies owned the communications space, just as they owned the air space. That wasn't the case in northern Syria, so it was a different kind of challenge. But a lot of the techniques and international cooperation had been well exercised in Afghanistan. To some extent, the first part was a traditional mission of 'how do you disrupt and destroy a terrorist organization from its leadership downwards,' but the second bit was genuinely new in the sense that ISIS was obviously trying to project attacks back, as well as recruit heavily from the West to travel into the caliphate. Both of those ISIS objectives, which were interconnected, were things which we needed to disrupt, and so a lot of the task was about understanding how ISIS media worked and trying to disrupt that. I cannot say how this was done from a U.K. perspective, but there is a great deal of media reporting and academic work on this available in the U.S.

ISIS were doing two things through their media campaigns. One was inspiring people and then actively grooming those they had inspired to either come to join the group or launch attacks. And both of the stages really needed disrupting. Disrupting global ISIS media was a much broader challenge, of course, but trying to prevent individual grooming and attack planning was traditional MI5 territory, supported by GCHQ. It would not be right to go into the details of how it was done, but I do not think there was anything conceptually different about how we went about doing that from disrupting traditional recruitment and attack planning. The big difference was that it was all at one remove.

I think there were two advantages [for ISIS] to having territory: one was the propaganda value and the fact that you can present, as you saw endlessly in Dabiq and the other glossy publications, what life in the caliphate was like. That gave them a romantic propaganda advantage to be able to say, 'Here we have built this wonderful land for you, where you can live a religiously pure life.' But it also gave them a safe place from which to mount operations, and all they needed apart from connectivity was the understanding of how to do that: How do you inspire, radicalize, and then manipulate people? So in a sense, it was a psychological campaign as much as a physical one.

CTC: How would you describe the counterterrorism cooperation between GCHQ and U.S. agencies such as the NSA as well as other members of the Five Eyes (a) and European allies?

Hannigan: It is incredibly close and always has been, in particular with the NSA. But I think what happened over the ISIS campaign was that counterterrorism really drove the cooperation between SIGINT agencies in Europe. Cooperation amongst European partners has always been good on particular cases, but I think the pressures of terrorism really drove that in a very constructive way. So now the SIGINT agencies are [working] closer together, probably more than they have ever been as a result of terrorism, and there was very active cooperation right through the attacks in Europe and beyond, as well as cooperation with other services around the world.

Fortunately, with European partners, Brexit did not make much of a difference in terms of maintaining cooperation, partly because of the threat of terrorism; these joint efforts were too important to be damaged. Different Five Eyes partners will have slightly different relationships with different European countries. But for the U.K., the French and German relationships, for example, were very important. And the U.K.'s traditional military and intelligence relationships with the Scandinavian countries have remained very strong and strengthened in the context of Russia.

CTC: What for you have been the key lessons learned in balancing democratic liberties with intelligence gathering in counterterrorism in the 21 years since 9/11?

Hannigan: It's always been a balance. Access to data is the key for SIGINT in particular, but probably for all the agencies, and what's changed is that there's been an exponential rise in the amount of data being produced by the private sector on citizens. This gives undemocratic states new possibilities to do surveillance, and it's right that in a democratic society you need to have an active and constant debate about whether you've got the balance right. In the U.K., the [2016] Investigatory Powers Act was an attempt to do that after the revelations by Edward Snowden, though I think the legislation was coming anyway at the time, probably accelerated a bit by Snowden. In the U K context, that legislation seems to strike a balance that people are comfortable with.

It's quite interesting that very quickly after the Snowden revelations, the debate moved on, because terrorism, then the resurgence of Russian aggression, and what the tech companies were doing with data really made what governments had access to seem quite secondary. Of course, it is very important that government should be held to a higher standard, and I think that it is a debate that needs to be had all the time, particularly as data processing and data holding in the private sector changes. But it does feel like the public debate has moved on, moved on to what companies like Facebook/Meta and the other tech companies are doing.

So I think the lesson for the intelligence community is not to be afraid of the public debate. Probably one of the mistakes made towards the end of the last century, and at the beginning of this one as the internet became available widely, was not to have that debate openly enough. Because consent is crucial to intelligence operations in democratic countries, and I think there was probably an assumption that everyone understood what was happening within this context and I am not sure people did. So one of the lessons is to get better at having that debate more often, especially as it is not a static thing and you are never going to come to a conclusion on the issue, rather it has to be a dynamic debate. Ultimately, we want the minimum necessary powers for agencies. But as the technology evolves, you have to evolve in response.

CTC: If we could pull on a few threads there, what was the impact of Edward Snowden's revelations on counterterrorism capability, and how responsible do you think the social media platforms have been in keeping terrorists and extremist content off their platforms?

Hannigan: There was a clear reaction from terrorist groups and hostile states in particular, to the revelations, and yes, there were specific counterterrorism consequences, which at the time my predecessor Iain Lobban and his counterpart at the NSA Keith Alexander talked about. (b) There were things going dark that probably wouldn't have gone dark otherwise.

With the tech companies, things have changed, but when I came into the job in 2014 I had a go at the companies (1) (something that was unusual at the time). I thought they were at that point being irresponsible, and we were in a slightly ridiculous position where the agencies were having to ask a company's permission effectively to help on particular...