back to article GCHQ: Crypto's great, we're your mate, don't be like that and hate

Robert Hannigan, director of UK spy agency GCHQ, has said this week there is an ethical problem presented by encryption. The snoop-boss, speaking to an audience at the Massachusetts Institute of Technology in the US, said the industry's technical experts should help intelligence analysts crack crypto used by criminals. …

Page:

  1. Pen-y-gors

    FTFY

    "...there was an ethical problem presented by encryption money, cars and oxygen and it was necessary for industry's technical experts to help them work out a solution on its use by criminals."

  2. simpfeld

    We aren't against strong crypto but...

    ..we invented public key crypto, a technology that enabled so many things in the modern world. Yet we didn't tell anyone, that would have allowed potential security gains for UK citizens and potentially have given economic benefits to UK industry.

    Sounds like the don't care very much about the security of UK citizens data, they just want in.

    1. Anonymous Coward
      Anonymous Coward

      Re: We aren't against strong crypto but...

      Indeed. They're only following orders...

  3. Stevie

    Bah!

    But everything we learned from Snowden's leak was that the intelligence agencies cooperate to subvert provisions specifcally written into law to protect the people from unreasonable oversight.

    I think the major features of this speech were that so-called smart people actually sat through it and that the speaker managed to keep a straight face throughout.

    Explain once more how listening to my phone calls combats terrorism.

    Then explain how we may employ sheep's bladders in the prevention of earthquakes.

  4. Justicesays
    Facepalm

    Wow - so much bullshit

    "From traditional protection of military communications, through personal privacy online – including identity verification for Government digital services – through the security of domestic “smart” power meters – where the design principle is that homeowners are in control of their data – to the security of the nuclear firing chain, we understand the importance of encryption for the economy and for the individual."

    Erm, so they are responsible for the lack of personl privacy online?

    And the Government mandated and enforced roll out of smart meters whose data protection regime contains this gem:

    "Normally this data will be collected after you have used the energy (ie not in real-time) unless there is a specific querry about your bill."

    So, capability for real-time data queries built-in? Thanks for "protecting" me GCHQ.

  5. Doctor Syntax Silver badge

    "That is where we will need goodwill on both sides.”

    Fair enough. But that gives him a problem. He and the other agencies have lost that goodwill because they have lost the trust of the public including the tech companies. He and the others need to regain that trust. It's really the most important problem they have and I don't think they have a clue where to start. I can help them with a rather old piece of advice.

    When you're in a hole, stop digging.

    They need to step back, grasp what the rest of us are saying and then admit that they way they've been going about things is wrong; that for the greater good they need to accept limits. Standing up and giving lectures about how they're right is, in fact, quite wrong. They work for the public. The ethics and morals they adopt should be those the public require of them. It's not their role to try to scare the public into the attitudes they want. And, as someone said in a previous comment thread (and inexplicably got downvoted for it) questions of principle shouldn't be settled by appeals to utility.

    1. Anonymous Coward
      Anonymous Coward

      Unfortunately just like the Police.

      Way back the Police were respected, not feared.

      Why has this come about?, well meddling from above, fast track promotions, fixed up evidence,

      I spoke with a bobby on the beat (I know, a rarity) a while back, seemed a decent chap, but go higher up the chain where the promotion opportunities are fewer and thats where it all starts to go wrong.

      This is human nature, to scrabble to the top of the pile.

      The police need less interference, less 'nee naa' and more connecting with the population, then they will regain respect, which is not a given, it has to be earned

      1. Primus Secundus Tertius

        Re: ...just like the police

        No, they were not respected by the plebs (e.g. my grandparents, on one side at least). It is a middle class delusion to say the police were respected - and they lost that respect after everyone bcame a motorist.

    2. Someone_Somewhere

      Re: questions of principle shouldn't be settled by appeals to utility.

      Jeremy Bentham might disagree with you: https://en.wikipedia.org/wiki/Utilitarianism

      ;)

  6. Uffish
    Big Brother

    How to crack unbreakable crypto.

    If I understood correctly the extracts of Hannigan's speech he is asking for crypto software which falls over if you don't follow a strict procedure, or some such 'human" cause of failure. So you can have your secure crypto but if you ever forget to put in a new password for each message it can be cracked. That way your average crim can have the best crypto but GCHQ can read the plaintext..

    On another note, after analysing Hannington's comments I can see why a Classics background might be useful in his job - it must require great linguistic skills to appear to say X in such simple english but actually mean Y.

    Big Brother has an overwhelming need to continue watching you, and you, and you ...

  7. John H Woods

    "If I understood correctly the extracts of Hannigan's speech he is asking for crypto software which falls over if you don't follow a strict procedure, or some such 'human" cause of failure. So you can have your secure crypto but ..."

    They already have everything they need to go after targets. No crypto is secure against endpoint compromise and all the old school spycraft (shoulder surfing, infiltration, honeypots) still works; all the new school spycraft (hidden cams, tempest, decoding audio to narrow down password search spaces) still works; and all the bang-up-to-date spycraft (keyloggers, hardware compromise, certificate compromise, rng tampering) still works.

    I totally support them going after targets. I shall totally resist the dragnet.

    1. Uffish

      Re: "resist the dragnet."

      Fine, resist away and you will be tagged as someone hiding something. I don't suppose that would cause you any problems and I don't suppose the security people would do anything unless you managed to accumulate some other tags, US no-fly list, regularly seen parking outside the Ruritanian embassy or whatever criteria they have for being suspicious.

      The point is that the security services keep saying that they are looking for the "unknown unknowns" hence the dragnet and hence their craving for full access to everything. If they can't have that (and I sincerely hope they don't) then they will have to make do with the next best thing, which seems to be looking at everything anyway in the hope that they will be able to get at least something from it.

  8. amanfromMars 1 Silver badge

    Methinks he doth protest too much. A new broom is needed, FFS ASAP.

    Hannigan’s and GCHQ’s abiding problem, and it is certainly not confined just to them in Blighty for others abroad have also the same enigmatic quandary to ponder, is the correct answer to the question of whether they be working for the right employer, or whether they be just making fools of themselves believing the boss programs and active agents they are targeted to protect and propagate, are worthwhile.

    After all, who is ultimately to blame for the likes of the dodgy Iraq dossier if it wasn’t a lack of intelligence and crappy leadership in key players which wasn’t kicked into touch and destroyed by the greater Intelligence Community.

    Such doesn’t bode well for prosecution of the belief that they have anything worth listening to, whenever the whole system is so easily perverted and corrupted to roll over and act as a captive lapdog and fluffer to fools who then are allowed to move on into probably lucrative fields without the glare of media attention and parliamentary oversight, although both of those themselves are toothless wonders too, are they not?

  9. Anonymous Coward
    Anonymous Coward

    "all must cooperate"

    is it a threat, or a formal request? ;)

  10. Tikimon
    FAIL

    To a cop, everyone is a criminal

    To most people in "law enforcement" , everyone is a probable criminal, and they see it as their job to find out what laws you have broken. Presumption of innocence is long gone.

    "Law enforcement" has now come to mean "Circumvention of law (for police benefit)". It's a 180-degree switch from their stated purpose, so why do they wonder that we don't trust them with anything?

  11. Paul

    And in other news, GCHQ has found a way to make horses run backwards into the stables they bolted from, so that they can retrospectively lock the stable door.

  12. amanfromMars 1 Silver badge

    Some essential GCHQ bedtime reading in the field facing terrorism?

    A couple of decades old, and NSA specific, but still a classic tome for anyone interesting or interested in the command and control of both the intelligent and the stupid in practically every field virtually available? ...... https://www.nsa.gov/public_info/_files/directors_misc/Directors_Work_Plan.pdf

  13. Major_Variola

    I'm sure the audience was immensely empathetic

    Not

    Just observing an early 21st century freak show. He talks funny too.

  14. PaulAb

    Whos watching the watchers watching watchers

    The snoop-boss, speaking to an audience at the Massachusetts Institute of Technology in the US, said the industry's technical experts should help intelligence analysts crack crypto used by criminals.

    Another barrel of bilge from the ministry of misnomers.

    I suppose none of the 'Technical experts' are above a bit of blackmail I fully expect to read shortly that one of them is found to be a criminal also, can they resign or do they just disappear, who will these technical experts be?... Oh, they're employed by the government, well that's ok then, ....we can expect all the backdoors to be left on a memory stick on the London tube.

    What a Fu** wit

  15. Doctor Syntax Silver badge

    "The level of security I want to protect the privacy of my communications with my family is high, but I don’t need or want the same level of security applied to protect a nuclear submarine’s communications, and I wouldn’t be prepared to make the necessary trade-offs."

    Take this statement in conjunction with the Nat West article. It would be wrong to see such things as affecting just individuals - as in his family's communications. If you take all the Nat West users together, or all of the other individuals who might be affected by some other issue, each time you can add up what's a risk and discover that it's a sizeable chunk of the economy. Does that move it a bit closer to a nuclear submarine in terms of significance?

  16. Anonymous Coward
    Big Brother

    "there is an ethical problem presented by encryption"

    Well Mr. Hannigan, there is also an ethical problem presented by agencies that are supposed to be under the control of the people spending their time hoovering (or "Herbert Hoover-ing") up the communications of those same people, based on secret interpretations of law or identification of legal gray areas that don't specifically stop large-scale interception. And then these agencies lie to the people about the extent of that surveillance or its existence at all.

    Democracy and secret law are incompatible. Figure out which side you are on (though you probably already have and it's not on the side of democracy).

    And trotting out the Enigma-busting effort is a red herring. I'm fine with the sigint agencies cracking codes and encryption, especially against a hostile nation-state. You aren't going after Nazi Germany with this encryption fight--you're going after communication systems that I rely on to pay my way in this world and communicate. I can't stop someone hiring an army to try to brute force every possible access code to get onto my smart phone, and I can only hope that criminal organizations will seldom have those resources. I am not fine with the vulnerabilities being created so that anyone who buys, blackmails, cajoles or gets promoted to a certain level of access can log into their workstation to see what citizen Marketing Hack is up to today.

  17. Graham Marsden
    Holmes

    "the industry's technical experts...

    "... should help intelligence analysts crack crypto used by criminals."

    Because the crypto used by criminals is *completely different* from every other sort of encryption, isn't it...???

  18. martinusher Silver badge

    Enigma was more about social engineering

    We all associate the Enigma machine with codes and codebreaking but in reality the machine was just part of the secure communications process and never yielded to direct attack. The trick was to figure out the settings, and this was only possible because the procedure for setting up the machine was manual and so left openings for attack. This is analogous to spearphishing attacks being used to penetrate networks -- the human's always the weak link.

    Apple's risen to prominence because they've taken the human weak link out of their encryption process which has made that process very, very, difficult to crack. I don't see how the security services are going to be able to put that particular genie back in the bottle; they seem to be trying a charm offensive in the UK designed to tell people that its OK to have just a little encryption, that's all you need.

    (Incidentally, returning to Engima there's something I'm fascinated with but can't find any information on. Just as BP was exploiting procedural weaknesses there were similar teams in German intelligence doing the same thing -- they were looking for procedural gaffes and changing code settings as soon as they discovered one. I'd like to know more; my guess from their inadequate reaction speed is that it was just a handful of people who knew the dangers, were chronically underfunded because "management knows that Enigma is bulletproof" -- the usual stuff. Had the Germans even an inkling of the industrial scale of BP then they might have been taken more seriously.)

  19. ShadowDragon8685

    The idea of asking tech companies to engineer backdoors into their products so government can access encrypted communications, or gain control of a device, is asinine.

    Because there is nothing stopping someone else from using that. Say that that is what happens, I firmly believe that:

    Within a day of it going live, hostile government actors will have the backdoor, assuming they don't even have it BEFORE it goes live.

    Within a week of it going live, hostile NGOs - the likes of, say, ISIL, al Qaeda, etc - will have it.

    Within a month, organized crime will have it - the mafia, Nigerian 418 scammers, etc.

    Six months, and criminals of every level will have it just by Googling it. (And I may be being generous by giving this one six months, cynically, I'd say more like two.)

    In the name of making things secure, those who want to engineer stuff like this are going to make things VERY insecure. But I think that's the point.

  20. Adam Inistrator

    fig leaves

    I guess he is really trying to stiffen the moral of the more hard-line mandarins and provide some cover against their more moderate colleagues. The way he sees it, any reason, however implausible, for the mentality of mass spying is becoming a dire necessity, but I think they are trying to hide behind their fingers.

  21. dddandan

    Baffled

    How is it possible that they still don't seem to 'get it'? Either encryption is secure, or it isn't. Refusing to call a backdoor a backdoor doesn't change anything.

    Their argument now seems to be a continued rehash of what we've heard before: "Oh we agree everything should be totally secure, but sometimes we just have to get in when the real bad guys are involved."

    Utter nonsense. People who know absolutely nothing about the simple mathematical principles trying to legislate their way into total surveillance freedom by deception is getting old.

  22. Anonymous Coward
    Devil

    EOC

    Don't you think that all this is essentially the begining of the fall of Civlilisation as it exists today. The lights are going out all over the World (was Europe in WWII) and we shall not see their re-lighting in our lifetimes (or several generations).

    The barbarians are not at the gate, they have control of the gate.

    To be a barbarian does not mean you are not highly intelligent or educated (not the same thing) its all about attitude; to others and civilisation. We have barbarians in government and its support agencies.

    Murdoch the Robber Baron was a warning.

  23. dan1980

    Standing clear amongst all the misrepresentations and evasions is one huge problem: this all assumes that those with the ability to decrypt our private data are, and always will remain, unimpeachably ethical, weighing each and every decision to deploy their intrusive abilities and only doing so where there is the greatest of needs.

    I say this is the big problem because it still exists EVEN IF you assume, as our governments and agencies want us to, that what they want is actually possible and that it won't result in other parties exploiting these not-backdoors.

    Hard experience shows that nothing could be further from the truth.

    1. secop
      Devil

      No backdoor

      "All this talk of backdoors, we dont know what they're talking about?" Maybe you do not Mr Hannigan but the programmers who have are even now examining the Microcode inside that Intel Managment Engine are only too well aware that ACPI stands for "Absolute Crap Produced By Intel" and they're also only too well aware that whale.lsub.org is what other people code name Pinwhale. We welcome these new backdoors for the benefit of all insider traders everywhere, coraid running it's own Nix kernel, backdoor's galour and not a shred of Blowfish left in the OpenSSL libraries anywhere!

      We dont hate you, we despise you, big differance!

  24. Sproggit

    What's Good For The Goose

    <sarcasm>I am encouraged to see the Head of GCHQ proposes that because *some* criminals use encryption to attempt to conceal their intentions [despite the amount of publicity these actions are gaining, despite the fact that Osama Bin Laden was sufficiently careful to not even have a phone line in his compound and despite the fact that there is more than enough evidence to show that the meta-data alone - i.e. the list of who sends messages to whom] ... that we should therefore simply give up our privacy and permit the state to eavesdrop. This distinction ["Because some bad people ... then we must..."] can be usefully applied elsewhere, and I await with baited breath the following proclamations from both sides of the Atlantic:-

    1. Because some guns are used to kill people, *all* privately held firearms will immediately be declared illegal and must be destroyed.

    2. Because some motor vehicles are used by joy-riders and speeders in ways that result in the deaths of innocent by-standers, *all* motor vehicles will immediately be declared illegal and crushed.

    3. Because some Members of Parliament have been caught fiddling their expenses, all second homes will be banned, to be replaced by the conversion of spare loft space in Whitehall buildings into hotel-style rooms that can be booked in advance, with meals served at Westminster...

    What's that you say? My additional examples simply won't work? Too extreme? Driven by hysteria and hyperbole? Exactly my point... </sarcasm>

  25. This post has been deleted by its author

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like