Former Head Of GCHQ Says Don't Backdoor End-To-End Encryption, Attack The End Points

from the putting-an-end-to-the-end-to-end-debate dept

When he was head of GCHQ, Robert Hannigan said some pretty clueless things about the Internet and encryption. For example, in 2014, he accused tech companies of 'facilitating murder', and joined in the general demonization of strong crypto. Last year, he called for technical experts to work more closely with governments to come up with some unspecified way around encryption. Nobody really knew what he meant when he said:

"I am not in favor of banning encryption. Nor am I asking for mandatory back doors. … Not everything is a back door, still less a door which can be exploited outside a legal framework."

Now, speaking to the BBC, he has clarified those remarks, and revealed how he thinks governments should be dealing with the issue of end-to-end encryption. As he admits:

"You can't uninvent end-to-end encryption, which is the thing that has particularly annoyed people, and rightly, in recent months. You can't just do away it, you can't legislate it away. The best that you can do with end-to-end encryption is work with the companies in a cooperative way, to find ways around it frankly."

He emphasized that backdoors are not the answer:

"I absolutely don't advocate that. Building in backdoors is a threat to everybody, and it's not a good idea to weaken security for everybody in order to tackle a minority."

So what is the solution? This:

"It's cooperation to target the people who are using it. So obviously the way around encryption is to get to the end point -- a smartphone, or a laptop -- that somebody who is abusing encryption is using. That's the way to do it."

As Techdirt reported earlier this year, this is very much the approach advocated by top security experts Bruce Schneier and Orin Kerr. They published a paper describing ways to circumvent even the strongest encryption. It seems that Hannigan has got the message that methods other than crypto backdoors exist, some of which require cooperation from tech companies, which may or may not be forthcoming. It's a pity that he's no longer head of GCHQ -- he left for "personal reasons" at the beginning of this year. But maybe that has given him a new freedom to speak out against stupid approaches. We just need to hope the UK government still listens to him.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Bergman (profile), 10 Jul 2017 @ 4:07pm

    Or, phrased another way...

    "It's cooperation to target the people who are using it. So obviously the way around encryption is to get to the end point -- a smartphone, or a laptop -- that somebody who is abusing encryption is using. That's the way to do it."

    Do exactly what law enforcement and espionage agents have done since the dawn of time. The ability to quickly crack encryption on a level much below a government spy agency is a relatively new development, after all.

    reply to this | link to this | view in thread ]

  2. icon
    orbitalinsertion (profile), 10 Jul 2017 @ 4:09pm

    Re: Or, phrased another way...

    Or, conversely, attack all the endpoints, all of the time, so we may maintain our indiscriminate hoovering practices and work around encryption.

    reply to this | link to this | view in thread ]

  3. icon
    frank87 (profile), 10 Jul 2017 @ 4:13pm

    He's a lot easier to convince, now he's not payed to believe in back doors.

    reply to this | link to this | view in thread ]

  4. icon
    Anonymous Anonymous Coward (profile), 10 Jul 2017 @ 4:24pm

    Re: Re: Or, phrased another way...

    And along the lines of 'mine is bigger' they continue to add to their 'library', but never read any of it, or so small a portion that they miss...everything.

    One could almost think 'no porn no read', but that might be disingenuous to those that try but are told not to or led to 'more important' leads.

    reply to this | link to this | view in thread ]

  5. identicon
    CHRoNo§§, 10 Jul 2017 @ 4:52pm

    microsoft windows ten has the gchq covered

    nuff said..just back door the end point thats the operating system

    what could go wrong there you idiot

    last time they tried it the sony root kit got leaked to the idiots at sony after us hackers had it for 3 years already

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, 10 Jul 2017 @ 5:25pm

    What exactly is your point here? -- Yay, intelligence agency will try getting around end point encryption?

    Probably a better bet. But the efforts aren't exclusive.

    And perhaps they just pretend focus changed. They alarmed the little bunnies only to get them used to being spied on, now time to calm and distract. At best, given the nature of "intelligence agencies", they're lying somehow. They're ALWAYS lying, it's definitional. But Techdirt just laps it up, doesn't question the statements at all, just assumes are true, kind of crowing about a victory for common sense, and never mentions the daily actuality that we now live in surveillance states. -- With the colorful front of helpful Google, which gives NSA "direct access", Snowden said.

    reply to this | link to this | view in thread ]

  7. icon
    stderric (profile), 10 Jul 2017 @ 6:02pm

    The best that you can do with end-to-end encryption is work with the companies in a cooperative way, to find ways around it frankly.

    It's cooperation to target the people who are using it. So obviously the way around encryption is to get to the end point -- a smartphone, or a laptop -- that somebody who is abusing encryption is using. That's the way to do it.

    My reading comprehension ain't honed to a razor-sharp edge, so I'm uncertain about something here. I get the good old-fashioned idea of attacking the endpoints in general, but the 'working with companies in a cooperative way' still sounds a bit creepy. If he means that investigators should contact companies on a case-by-case basis for help finding goof-ups in a particular suspect's security measures, OK... but his statement sounds like he's talking about globally preemptive measures; these may not be backdoors, but they're definitely 'backdoor shaped objects.'

    He's not head of GCHQ anymore, so playing word-games would be silly. Still, I can't help but want to read between the lines when anyone changes his tune and seems to say something sensible. Anyone else get this feeling, or should I bust out my Reynolds Wrap?

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 10 Jul 2017 @ 6:18pm

    Re: What exactly is your point here? -- Yay, intelligence agency will try getting around end point encryption?

    Better watch out they are coming for you filthy TOR pirates.

    reply to this | link to this | view in thread ]

  9. identicon
    Anonymous Coward, 10 Jul 2017 @ 6:23pm

    Root them all.

    Root everyone's devices. All of them. That's basically what he seems to be promoting. Not only will it give them access to everyone's communications, but all their files, or electronic "papers", as well.

    I'm feeling safer already.
    /s

    reply to this | link to this | view in thread ]

  10. icon
    orbitalinsertion (profile), 10 Jul 2017 @ 6:46pm

    Re: What exactly is your point here? -- Yay, intelligence agency will try getting around end point encryption?

    Yeah lol no one questions these things. If nothing is noteworthy, why pay attention to anything?

    What is the benefit of the imaginary world you live in?

    Sure, some people are entirely for maximum government spying. Some people couldn't care in the course of their everyday lives. But do go ahead and invent things to claim superiority over and insult people with here. As if we don't know spooks don't go beyond what is publicly known and legal on their already extremely long and loose leashes. And this time just because it is reported that one of the "security" talking heads changed his tune and undermined the idiotic "adult conversation" antics of his peers. (Whether he means it or not is largely irrelevant.)

    So if you ever get anywhere near an actual point, go ahead and make it.

    reply to this | link to this | view in thread ]

  11. identicon
    Shilling, 10 Jul 2017 @ 7:48pm

    I like the phrase 'abusing encryption'. How does one know encryption is being abused when you do not know whats in the encrypted part of data. To me this sounds like everyone who uses encryption is a suspect which I assume is everyone.

    If everyone is a suspect then all the endpoints need to be breached and in that circumstance end-to-end encryption becomes the next step in the security theater and makes it almost useless.

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, 10 Jul 2017 @ 11:27pm

    Looks better.... at first glance

    But you all know that they are never going to be satisfied with just the cooperation of companies in giving them access to a single device or on a case-by-case basis.
    If they don't just come out right at the beginning and demanding it, they are sure as heck going to bring it up later that they need full access, all the time. Like the data collection we see going on now, they are also going to escalate its use to lesser and lesser crimes.
    Also let us not forget the current state of affairs with where they can just find a friendly judge and then get a free-for-all warrant that covers just about anything.
    Like someone else wrote earlier, it will then be much worse because they would probably have access to everything and just just communications.

    The problem hasn't changed, because they are still not leashed or watched enough to consider giving them any access.
    They need a lot of proof that they have improved in these areas before anyone should even consider anything of this sort.

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, 11 Jul 2017 @ 1:33am

    Re:

    Bit of a stretch isn't it? He's a member of the security services not a politician, I don't believe he's ever been paid to promote back doors.

    reply to this | link to this | view in thread ]

  14. identicon
    Yes, I know I'm commenting anonymously, 11 Jul 2017 @ 3:59am

    quote: "But maybe that has given him a new freedom to speak out against stupid approaches."
    In other words: he is no longer pwned.

    reply to this | link to this | view in thread ]

  15. identicon
    Anonymous Coward, 11 Jul 2017 @ 4:29am

    Re:

    I like the phrase 'abusing encryption'.

    Is 'abusing encryption' kind of like 'abusing window blinds'?

    reply to this | link to this | view in thread ]

  16. icon
    Ninja (profile), 11 Jul 2017 @ 5:43am

    So you want to go after those who abuse encryption? How fast will this devolve into anybody that uses more than the Govt would consider enough for the average Jane/Joe?

    Words can be very deceiving.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.