Former Head of GCHQ Warns Of 'Ethically Worse' Kinds Of Spying If Unbreakable Encryption Is Allowed

from the is-that-a-threat? dept

In their attempts to kill off strong encryption once and for all, top officials of the intelligence services are coming out with increasingly hyperbolic statements about why this should be done. Here’s another, this time from a former head of GCHQ, Sir David Omand:

Sir David, who was director of GCHQ from 1996-97, said: “One of the results of Snowden is that companies are now heavily encrypting [communications] end to end.

“Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.”

According to The Bureau of Investigative Journalism, which reported his words from a talk he gave earlier this week, by this he meant things like physical observation, bugging rooms, and breaking into phones or computers. Omand went on:

“You can say that will be more targeted but in terms of intrusion into personal privacy — collateral intrusion into privacy — we are likely to end up in an ethically worse position than we were before.”

That’s remarkable for its implied threat: if you don’t let us ban or backdoor strong encryption, we’re going to start breaking into your homes. And it’s striking that Omand regards eavesdropping on all the Internet traffic flowing in to and out of the UK, or collecting thousands of sexually-explicit webcam pictures, as less reprehensible than a tightly-targeted operation against a few suspects. His framing also implies that he thinks those pesky civil liberties groups will protest more about the latter than the former. In fact, what defenders of privacy and liberty generally want is simply a proportionate response with judicial oversight — something that is straightforward with targeted “close access” work, but impossible with the blanket surveillance currently employed.

The good news here is that Omand has indirectly confirmed that the current strategy of rolling out strong encryption as widely as possible is the right one. Provided it is not derailed by any government moves to weaken crypto, it will increase the cost of online surveillance, and force intelligence services to return to targeted spying — which is what they should have done in the first place.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Former Head of GCHQ Warns Of 'Ethically Worse' Kinds Of Spying If Unbreakable Encryption Is Allowed”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re:

Or threatening a persons family via a “QUESTIONABLE” third party regimes’s intelligence service’s……we cant do it here…….but we can deport somewhere they do, unless………

Do you see the average person going around threatening people in order to get them to do things they want…… takes a special class of people to think nothings out of the ordinary with that, that its ok, we as neighbours INSTINCTIVELY know things would go to hell if we all started doing that to one another, they dont seem to have the sense enough to know that, or i suspect, they think it doesnt apply to them…… this i’d point out, this is where the end justify the means mantra…….no, because the means are creating a whole different bunch problems now, problems which you should take responsibility for instead of shoving the questionable good thing acts in front of the bad…..sorry, frustrated

Anonymous Coward says:

When the government is making direct threats like this, then doesn’t it imply that we should now see the government as a terrorist organization?

Use encryption, and well, we may have to act more unethically than we are now – not only does this completely undermine their legitimacy, it seemingly is declaring war on its own people.

Anonymous Coward says:

“Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.”

That is not as bad as it seems, as limitations on man power mean that it will be targeted intrusions, affecting far fewer innocent people than drag net surveillance.

Chris Brand says:


That’s exactly what we’ve been asking for – target the people you need to target and leave the rest of us alone. We really don’t want to protect the privacy of people who you have a legitimate reason to target. It’s everyone else’s privacy we’re worried about. Surprised that you haven’t yet cottoned on to that.

Anonymous Coward says:

Re: Perfect

” target the people you need to target and leave the rest of us alone.”

You missunderstand what he is saying. They will be going after the bad guys. But how do you know if someone is a bad guy? Right, you spy on them. And if they can’t spy on everyone because of encryption? Well, they have to get close access… to everyone.

f.e. mandatory cam and mic in the tv with fines for putting tape over it. Gaming consoles might be given out free by the state because those have the hardware already.

If you think that is crazy then I ask you this: Do you think they will give up the power to know (nearly) everything about everyone?

Anonymous Coward says:

Re: Perfect

I dont agree with the modifying of somebodies property without their consent………a non permanant attachment that is THEIR property……i dont know, maybe, deffinatly the THEIR bit, so long as the property is “ethical”…….and throw that out the window if even ONE sign of misuse……..i cant think of a better detterent to misuse then that, or a stronger drive to, actually, put strong measures in place to stop misuse in the first place

Anonymous Coward says:

This is a feature, not a bug

They will have to get closer to the bad guys. I predict we will see more close access work.

Good. Get off your lazy asses, stop spying on millions of people, and get out into the field where the bad guys are.

Yes, some of you will be caught. Yes, some of you will be held hostage and/or tortured and/or killed, probably brutally. I don’t see this as a problem: if you don’t want to take those risks, then don’t sign up for them.

mcinsand (profile) says:

let's see if I have this straight

Let me see if I follow the ‘logic’:

Premise: The terrorist organizations’ main goals are to drive us to give up our way of life, including our protected freedoms and privacy. Thus, we are in conflict and must fight to keep our protections.

1) In order to protect our guaranteed rights, we must undermine those rights.

2) Thus, the terrorists score a victory.

3) If we don’t want for them to achieve a greater victory, we must give them a greater victory by giving up more rights.

Do I have this correct? Now, let’s get back to the definition of a terrorist organization. They use fear (terror) to cow the masses into giving up the way of life that we in the west have protected and guaranteed in the way our governments are structured (at least on paper). If we don’t give up those rights, then they use the threat of an attack. Here, the threat of an attack is used to intimidate us into giving up more rights.

Which flavor of terrorist do you prefer? Coke or Pepsi?

Anonymous Coward says:

Sir David, who was director of GCHQ from 1996-97, said: “One of the results of Snowden is that companies are now heavily encrypting [communications] end to end.

Which companies are they talking about? They make it sound as if they are all around us already. Can he at least give us a list of all the companies that use “unbreakable end to end encryption”? You know…for science.

That One Guy (profile) says:

Re: Ethically worse?

Which do you think they’re more likely to do:

1) Due to more widespread encryption, cut down on widespread data collection, and move back to targeted collection.


2) Due to more widespread encryption, ramp up the attempts to crack it and/or insert security holes, while they pay even less attention to any collateral damage, all the while continuing mass data collection.

Sure he may seem to be implying that they’ll focus more on targeted collection, but a) when has anyone working at one of the spy agencies ever been considered trustworthy? and b) what makes you think they would ever give up the mass spying they’re so addicted to?

Anonymous Coward says:

Re: Ethically worse?

I think I figured it out. He’s saying that they’re going to continue mass surveillance, but are going to use “close access” techniques to do it. Given their limited manpower, the only way both blanket and targeted methods can be brought into agreement is by drastically reducing the non-GCHQ population of the world.

DigDug says:

Better idea for CIA/NSA/FBI/GCHQ, et al

How about this GCHQ – when you think you have a case, ask for a warrant, then go looking.

If you cannot make a case without illegally searching via ethically worse means, then you have no case and cannot ask for a warrant.

Warrants cannot be applied for with reasoning like “I strenuously object!!!” when the judge bitch slaps you in the face for your dumbass logic.

Anonymous Coward says:

It is the haystack vs targeted. The “gentle” non-profiling, less intrusive vs. “brutal” profiled and very intrusive methods.

I can see his point so far as, when they are surveilling the wrong people, they will be far less affected if targetted dragnet is used as a first step towards surveillance-escalation.

While the dragnet is less intrusive it hits that many more innocents as to be problematic on its own in terms of information concentration (needed security), unnecessary information (search time) and statistical artifacts (type I and II errors). Because of these effects of dragnet it is not in the interest of the people from the effected countries, particularly if they “have nothing to hide”. Irony for us all!

Anonymous Coward says:

Mandatory key disclosure

The UK is already supposed to have ‘solved’ the problem by legislating that you will go to jail for failing to disclose your encryption key to the government.

So what Sir David Omand’s comment implicitly reveals is that the government can’t crack properly implemented consumer encryption and that even compelling key disclosure by law does not work when and where the targets observe good OPSEC.

I wonder how many have actually been sentenced under RIPA § 49 for failing to disclose their encryption keys.

I suspect the number of cases where the government has been able to prove the crime under § 49 is exceedingly small, and something it doesn’t want to talk about.

Terrorists willing to engage in the preparation of crimes carrying lifetime imprisonment as possibility don’t care about extra jail time.

JP Jones (profile) says:

Re: Mandatory key disclosure

This is one of the reasons that forcing someone to reveal their password isn’t foolproof. There’s no guarantee that what is revealed is everything in the encrypted volume, and (to my knowledge) there’s no way to identify the difference between encrypted free space and a hidden volume.

This is pretty common for individuals living in oppressive countries; they fill an encrypted volume with personal, but not necessarily dangerous, information (bank information, personal photos, etc.) and then a hidden drive with the actual dangerous stuff (dissenting articles, banned books, etc.). If forced to give up their password, they can comply using the outer drive password, and there’s no technical way to determine that they are lying (unless they were sloppy and left evidence of the encrypted files on unencrypted parts of the system, like having “FreeTibet.doc” in their Word history with the document saved on the hidden drive…it would make it obvious there’s more file available).

Anyway, I think the real issue they have with encryption is not that it’s unhackable but that it takes time. Given enough time and resources, you can hack any encryption in existence. The problem is that it takes time and resources; you can’t skip that step. Therefore they lose out their “mass data” strategy because they can’t just aggregate tons of unsecured data; they’d have to dramatically cut down their data sources.

Encryption is literally a locked door. A locked door can be used for all sorts of things, from protecting your valuables to illegal activity. Any locked door, no matter how much armor you build into it, can be broken through eventually. The intelligence agencies want people to leave their doors unlocked and or at least give them the key so they can quickly stop at each location and glance inside to make sure there’s nothing juicy in there.

People, on the other hand, are rightfully uncomfortable with this, which is why they kept their “peeking” a secret. Now everyone is locking their doors, and it’s made the process much harder.

So apparently their solution is “well, if you’re going to lock all your doors, we may end up smashing yours down.”

Name says:

Brits want to spy on U.S. Media

The was an article in the paper the other day. I believe it was the Wallstreet Journal. I’m sorry, but I no longer have it, but the article had to do with the British Prime Minister wanting to have access to the accounts of U.S. citizens in order to fight terrorism. I’m surprised Techdirt missed that one. I don’t have time right now to do a complete search for the article but here is one related to it:

I’ll look for it tomorrow when I get time and edit this post.

Anonymous Coward says:

Re: Brits want to spy on U.S. Media

So? As long as the NSA reads everything, you(the USA) aren’t allowed to complain when another country does the same to you (the USA). Besides if the UK would do that then one reason would be because it would look bad if the NSA did it directly. That way they can login to the GCHQ “spy-wiki” and look at US data without thinking about local law. From a pure Sigint point of view it would be a win-win.

Anonymous Coward says:

Other types of even more illegal, illegal spying, i mean “questionably ethical” spying?

Hardware manipulation?
CCTV in every home?
Government Virus/malware/trojans?
A punch in the face?
An authoritarian speech?
Corporate spy departments?
Threaten someone into an informant?
“Precision” bombing?
“Ethical laws”?

What?……what are the “good” guys threatening now?
By WHOSE authority, seriously please dont tell me our “ethical” spy departments have no accountability to what they create, please dont tell me they have free reighn to create whatever under “national security”, and THEN tell the proper authorities AFTER, or have you guys invented the time machine…….or maybe you DID have an ounce of morals to MAYBE not create that thing you considered but realised was to far………i.e. trust

Anonymous Coward says:

My question is, if encrypting your info on your phone, is that info still encrypted when its stored on a cloud service? If so, could that be partlywhy their having a hissy fit, because i can see cloud storage as their wet dream, centralized data, few access points needed, alot of info in one place? Just a theory, assuming im correct in my assumption that its uploaded encrypted too

John Fenderson (profile) says:

Re: Re:

“My question is, if encrypting your info on your phone, is that info still encrypted when its stored on a cloud service?”

If we’re talking about the encryption that Apple and Android have started doing by default and that is causing various LEOs to have a hissy fit, then the answer is no. It only encrypts the data on the device itself and has no effect on transmitted data.

Noan says:

His moral compass has flipped and he's now confused.

“That’s remarkable for its implied threat: if you don’t let us ban or backdoor strong encryption, we’re going to start breaking into your homes”

I disagree – It’s not that he’s making a threat, it’s that his moral compass is so flipped that he sees the better, fairer and more civilly just route as the more pernicious option.

I’d hazzard a guess that this is the shape one’s morals take when both budget efficiency and blame culture is allowed to permiate your soul.

Chris says:

They can never block encryption...

Because encryption can be inserted into messages without them even knowing it. If the NSA/MI6 continues on the current trashing of civil liberties and “bans” encryption, I can picture a day when email communication is toast and people just post random photos on their facebook walls etc. Those photos can be embedded with messages right in the random bits used in the photo compressing algorithms. It would be completely impossible to PROVE someone was using encryption unless one had the key to decrypt it, which would be shared secretly between individuals. Try your key against each Facebook picture posted to see if that was meant for you. It is called steganography, and I suggest everyone learns about it before these tyrants make good on their threats to ban our rights to real encryption technology.

Chris says:

Encryption can be unbreakable

By the way I disagree with this statement above ” Any locked door, no matter how much armor you build into it, can be broken through eventually.” in terns if applying it to encryption. There are certain algorithms PROVEABLY unbreakable, such as one time pads. Breaking code is much harder than the average TV show would let you believe. Even IF the government has quantum computers, there are theoretical limits to what they can do. As cryptosystems improve in the future it will become virtually impossible for the spooks to break it outside of compromising the software/hareware itself (keyloggers etc.), and I bet they would find it nearly impossible even today to crack most encrypted traffic, particularly if no public key exchange is involved.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...