FTFY
"...there was an ethical problem presented by encryption money, cars and oxygen and it was necessary for industry's technical experts to help them work out a solution on its use by criminals."
Robert Hannigan, director of UK spy agency GCHQ, has said this week there is an ethical problem presented by encryption. The snoop-boss, speaking to an audience at the Massachusetts Institute of Technology in the US, said the industry's technical experts should help intelligence analysts crack crypto used by criminals. …
..we invented public key crypto, a technology that enabled so many things in the modern world. Yet we didn't tell anyone, that would have allowed potential security gains for UK citizens and potentially have given economic benefits to UK industry.
Sounds like the don't care very much about the security of UK citizens data, they just want in.
But everything we learned from Snowden's leak was that the intelligence agencies cooperate to subvert provisions specifcally written into law to protect the people from unreasonable oversight.
I think the major features of this speech were that so-called smart people actually sat through it and that the speaker managed to keep a straight face throughout.
Explain once more how listening to my phone calls combats terrorism.
Then explain how we may employ sheep's bladders in the prevention of earthquakes.
"From traditional protection of military communications, through personal privacy online – including identity verification for Government digital services – through the security of domestic “smart” power meters – where the design principle is that homeowners are in control of their data – to the security of the nuclear firing chain, we understand the importance of encryption for the economy and for the individual."
Erm, so they are responsible for the lack of personl privacy online?
And the Government mandated and enforced roll out of smart meters whose data protection regime contains this gem:
"Normally this data will be collected after you have used the energy (ie not in real-time) unless there is a specific querry about your bill."
So, capability for real-time data queries built-in? Thanks for "protecting" me GCHQ.
"That is where we will need goodwill on both sides.”
Fair enough. But that gives him a problem. He and the other agencies have lost that goodwill because they have lost the trust of the public including the tech companies. He and the others need to regain that trust. It's really the most important problem they have and I don't think they have a clue where to start. I can help them with a rather old piece of advice.
When you're in a hole, stop digging.
They need to step back, grasp what the rest of us are saying and then admit that they way they've been going about things is wrong; that for the greater good they need to accept limits. Standing up and giving lectures about how they're right is, in fact, quite wrong. They work for the public. The ethics and morals they adopt should be those the public require of them. It's not their role to try to scare the public into the attitudes they want. And, as someone said in a previous comment thread (and inexplicably got downvoted for it) questions of principle shouldn't be settled by appeals to utility.
Unfortunately just like the Police.
Way back the Police were respected, not feared.
Why has this come about?, well meddling from above, fast track promotions, fixed up evidence,
I spoke with a bobby on the beat (I know, a rarity) a while back, seemed a decent chap, but go higher up the chain where the promotion opportunities are fewer and thats where it all starts to go wrong.
This is human nature, to scrabble to the top of the pile.
The police need less interference, less 'nee naa' and more connecting with the population, then they will regain respect, which is not a given, it has to be earned
If I understood correctly the extracts of Hannigan's speech he is asking for crypto software which falls over if you don't follow a strict procedure, or some such 'human" cause of failure. So you can have your secure crypto but if you ever forget to put in a new password for each message it can be cracked. That way your average crim can have the best crypto but GCHQ can read the plaintext..
On another note, after analysing Hannington's comments I can see why a Classics background might be useful in his job - it must require great linguistic skills to appear to say X in such simple english but actually mean Y.
Big Brother has an overwhelming need to continue watching you, and you, and you ...
"If I understood correctly the extracts of Hannigan's speech he is asking for crypto software which falls over if you don't follow a strict procedure, or some such 'human" cause of failure. So you can have your secure crypto but ..."
They already have everything they need to go after targets. No crypto is secure against endpoint compromise and all the old school spycraft (shoulder surfing, infiltration, honeypots) still works; all the new school spycraft (hidden cams, tempest, decoding audio to narrow down password search spaces) still works; and all the bang-up-to-date spycraft (keyloggers, hardware compromise, certificate compromise, rng tampering) still works.
I totally support them going after targets. I shall totally resist the dragnet.
Fine, resist away and you will be tagged as someone hiding something. I don't suppose that would cause you any problems and I don't suppose the security people would do anything unless you managed to accumulate some other tags, US no-fly list, regularly seen parking outside the Ruritanian embassy or whatever criteria they have for being suspicious.
The point is that the security services keep saying that they are looking for the "unknown unknowns" hence the dragnet and hence their craving for full access to everything. If they can't have that (and I sincerely hope they don't) then they will have to make do with the next best thing, which seems to be looking at everything anyway in the hope that they will be able to get at least something from it.
Hannigan’s and GCHQ’s abiding problem, and it is certainly not confined just to them in Blighty for others abroad have also the same enigmatic quandary to ponder, is the correct answer to the question of whether they be working for the right employer, or whether they be just making fools of themselves believing the boss programs and active agents they are targeted to protect and propagate, are worthwhile.
After all, who is ultimately to blame for the likes of the dodgy Iraq dossier if it wasn’t a lack of intelligence and crappy leadership in key players which wasn’t kicked into touch and destroyed by the greater Intelligence Community.
Such doesn’t bode well for prosecution of the belief that they have anything worth listening to, whenever the whole system is so easily perverted and corrupted to roll over and act as a captive lapdog and fluffer to fools who then are allowed to move on into probably lucrative fields without the glare of media attention and parliamentary oversight, although both of those themselves are toothless wonders too, are they not?
To most people in "law enforcement" , everyone is a probable criminal, and they see it as their job to find out what laws you have broken. Presumption of innocence is long gone.
"Law enforcement" has now come to mean "Circumvention of law (for police benefit)". It's a 180-degree switch from their stated purpose, so why do they wonder that we don't trust them with anything?
A couple of decades old, and NSA specific, but still a classic tome for anyone interesting or interested in the command and control of both the intelligent and the stupid in practically every field virtually available? ...... https://www.nsa.gov/public_info/_files/directors_misc/Directors_Work_Plan.pdf
The snoop-boss, speaking to an audience at the Massachusetts Institute of Technology in the US, said the industry's technical experts should help intelligence analysts crack crypto used by criminals.
Another barrel of bilge from the ministry of misnomers.
I suppose none of the 'Technical experts' are above a bit of blackmail I fully expect to read shortly that one of them is found to be a criminal also, can they resign or do they just disappear, who will these technical experts be?... Oh, they're employed by the government, well that's ok then, ....we can expect all the backdoors to be left on a memory stick on the London tube.
What a Fu** wit
"The level of security I want to protect the privacy of my communications with my family is high, but I don’t need or want the same level of security applied to protect a nuclear submarine’s communications, and I wouldn’t be prepared to make the necessary trade-offs."
Take this statement in conjunction with the Nat West article. It would be wrong to see such things as affecting just individuals - as in his family's communications. If you take all the Nat West users together, or all of the other individuals who might be affected by some other issue, each time you can add up what's a risk and discover that it's a sizeable chunk of the economy. Does that move it a bit closer to a nuclear submarine in terms of significance?
Well Mr. Hannigan, there is also an ethical problem presented by agencies that are supposed to be under the control of the people spending their time hoovering (or "Herbert Hoover-ing") up the communications of those same people, based on secret interpretations of law or identification of legal gray areas that don't specifically stop large-scale interception. And then these agencies lie to the people about the extent of that surveillance or its existence at all.
Democracy and secret law are incompatible. Figure out which side you are on (though you probably already have and it's not on the side of democracy).
And trotting out the Enigma-busting effort is a red herring. I'm fine with the sigint agencies cracking codes and encryption, especially against a hostile nation-state. You aren't going after Nazi Germany with this encryption fight--you're going after communication systems that I rely on to pay my way in this world and communicate. I can't stop someone hiring an army to try to brute force every possible access code to get onto my smart phone, and I can only hope that criminal organizations will seldom have those resources. I am not fine with the vulnerabilities being created so that anyone who buys, blackmails, cajoles or gets promoted to a certain level of access can log into their workstation to see what citizen Marketing Hack is up to today.
We all associate the Enigma machine with codes and codebreaking but in reality the machine was just part of the secure communications process and never yielded to direct attack. The trick was to figure out the settings, and this was only possible because the procedure for setting up the machine was manual and so left openings for attack. This is analogous to spearphishing attacks being used to penetrate networks -- the human's always the weak link.
Apple's risen to prominence because they've taken the human weak link out of their encryption process which has made that process very, very, difficult to crack. I don't see how the security services are going to be able to put that particular genie back in the bottle; they seem to be trying a charm offensive in the UK designed to tell people that its OK to have just a little encryption, that's all you need.
(Incidentally, returning to Engima there's something I'm fascinated with but can't find any information on. Just as BP was exploiting procedural weaknesses there were similar teams in German intelligence doing the same thing -- they were looking for procedural gaffes and changing code settings as soon as they discovered one. I'd like to know more; my guess from their inadequate reaction speed is that it was just a handful of people who knew the dangers, were chronically underfunded because "management knows that Enigma is bulletproof" -- the usual stuff. Had the Germans even an inkling of the industrial scale of BP then they might have been taken more seriously.)
The idea of asking tech companies to engineer backdoors into their products so government can access encrypted communications, or gain control of a device, is asinine.
Because there is nothing stopping someone else from using that. Say that that is what happens, I firmly believe that:
Within a day of it going live, hostile government actors will have the backdoor, assuming they don't even have it BEFORE it goes live.
Within a week of it going live, hostile NGOs - the likes of, say, ISIL, al Qaeda, etc - will have it.
Within a month, organized crime will have it - the mafia, Nigerian 418 scammers, etc.
Six months, and criminals of every level will have it just by Googling it. (And I may be being generous by giving this one six months, cynically, I'd say more like two.)
In the name of making things secure, those who want to engineer stuff like this are going to make things VERY insecure. But I think that's the point.
I guess he is really trying to stiffen the moral of the more hard-line mandarins and provide some cover against their more moderate colleagues. The way he sees it, any reason, however implausible, for the mentality of mass spying is becoming a dire necessity, but I think they are trying to hide behind their fingers.
How is it possible that they still don't seem to 'get it'? Either encryption is secure, or it isn't. Refusing to call a backdoor a backdoor doesn't change anything.
Their argument now seems to be a continued rehash of what we've heard before: "Oh we agree everything should be totally secure, but sometimes we just have to get in when the real bad guys are involved."
Utter nonsense. People who know absolutely nothing about the simple mathematical principles trying to legislate their way into total surveillance freedom by deception is getting old.
Don't you think that all this is essentially the begining of the fall of Civlilisation as it exists today. The lights are going out all over the World (was Europe in WWII) and we shall not see their re-lighting in our lifetimes (or several generations).
The barbarians are not at the gate, they have control of the gate.
To be a barbarian does not mean you are not highly intelligent or educated (not the same thing) its all about attitude; to others and civilisation. We have barbarians in government and its support agencies.
Murdoch the Robber Baron was a warning.
Standing clear amongst all the misrepresentations and evasions is one huge problem: this all assumes that those with the ability to decrypt our private data are, and always will remain, unimpeachably ethical, weighing each and every decision to deploy their intrusive abilities and only doing so where there is the greatest of needs.
I say this is the big problem because it still exists EVEN IF you assume, as our governments and agencies want us to, that what they want is actually possible and that it won't result in other parties exploiting these not-backdoors.
Hard experience shows that nothing could be further from the truth.
"All this talk of backdoors, we dont know what they're talking about?" Maybe you do not Mr Hannigan but the programmers who have are even now examining the Microcode inside that Intel Managment Engine are only too well aware that ACPI stands for "Absolute Crap Produced By Intel" and they're also only too well aware that whale.lsub.org is what other people code name Pinwhale. We welcome these new backdoors for the benefit of all insider traders everywhere, coraid running it's own Nix kernel, backdoor's galour and not a shred of Blowfish left in the OpenSSL libraries anywhere!
We dont hate you, we despise you, big differance!
<sarcasm>I am encouraged to see the Head of GCHQ proposes that because *some* criminals use encryption to attempt to conceal their intentions [despite the amount of publicity these actions are gaining, despite the fact that Osama Bin Laden was sufficiently careful to not even have a phone line in his compound and despite the fact that there is more than enough evidence to show that the meta-data alone - i.e. the list of who sends messages to whom] ... that we should therefore simply give up our privacy and permit the state to eavesdrop. This distinction ["Because some bad people ... then we must..."] can be usefully applied elsewhere, and I await with baited breath the following proclamations from both sides of the Atlantic:-
1. Because some guns are used to kill people, *all* privately held firearms will immediately be declared illegal and must be destroyed.
2. Because some motor vehicles are used by joy-riders and speeders in ways that result in the deaths of innocent by-standers, *all* motor vehicles will immediately be declared illegal and crushed.
3. Because some Members of Parliament have been caught fiddling their expenses, all second homes will be banned, to be replaced by the conversion of spare loft space in Whitehall buildings into hotel-style rooms that can be booked in advance, with meals served at Westminster...
What's that you say? My additional examples simply won't work? Too extreme? Driven by hysteria and hyperbole? Exactly my point... </sarcasm>
This post has been deleted by its author