back to article GCHQ: Crypto's great, we're your mate, don't be like that and hate

Robert Hannigan, director of UK spy agency GCHQ, has said this week there is an ethical problem presented by encryption. The snoop-boss, speaking to an audience at the Massachusetts Institute of Technology in the US, said the industry's technical experts should help intelligence analysts crack crypto used by criminals. …

  1. wolfetone Silver badge

    Privacy is an ethical problem now is it? Makes me think that the PR guru or policy maker for GCHQ worked in Germany between 1939 - 1945.

    1. The Man Who Fell To Earth Silver badge
      Black Helicopters

      Yes, just as free speech is an ethical problem. You know, bad people might say bad things, so free speech must be stamped out. Its for your own good, and who better to trust than Law Enforcement? <\sarcasm>

      1. Anonymous Coward
        Stop

        Ethical problems

        I am not sure GCHQ is in a position to lecture the rest of us on ethics.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ethical problems

          I feel that GCHQ, like a lot of organizations suffer from meddling from the politicos, and in the main the majority are hard working highly motivated people. Unfortunately these people aren't the ones making the dumb decisions,such as lowering the bar, thats the politicos who have more to fear from the masses.

          Yes we need them to protect us from the nasties out there, but no we don't need them, and I suggest they would agree, to their talents being utilised checking Mrs Scroggins isn't trying to fiddle the school entry rules.

    2. Anonymous Coward
      Anonymous Coward

      The Era of the Warrant is Over

      Fuck all law enforcement.

  2. Duncan Macdonald
    Mushroom

    Goodwill GCHQ ?

    WTF???

    When has GCHQ ever had goodwill (or even honesty)??

    1. phuzz Silver badge
      Meh

      Re: Goodwill GCHQ ?

      When it was still based at Bletchley Park? (the goodwill, not the honesty)

      1. Long John Brass

        Re: Goodwill GCHQ ?

        Goodwill?

        <voice=blade_runner_narrator>

        The various government organs have burned through whatever little goodwill they had left

        Overreaching councils snooping on your bins or police "just checking up" on neighbours, ex wives/husbands. Security agencies drag-netting all cell & internet comms (but its ok cuz it only meta data)

        All because the ${badGuys} and ${boogyMen} will get us.... Won't somebody think of the ${emotionalHotButton}

        </voice>

        Mines the one with the meds in the pocket

  3. Andy Non Silver badge
    Facepalm

    These people just don't seem to understand encryption.

    Communications are either cryptographically secure or they are not. There is no magical half-way point where law enforcement or "friendly" governments can have some means to access the encrypted data without that same means being available to hackers, unfriendly governments, criminals or others.

    1. Dan 55 Silver badge

      Re: These people just don't seem to understand encryption.

      They are not addressing backdoors because it's bad PR and it's what China and Russia do. Instead looking at France and the UK, laws are made which threaten heavy fines and jail sentences so that end-to-end encryption or devices with encryption that is too difficult to break are designed-out at the design stage.

      1. Anonymous Coward
        Anonymous Coward

        Re: These people just don't seem to understand encryption.

        so that end-to-end encryption or devices with encryption that is too difficult to break are designed-out at the design stage

        The release of those papers is supposed to assure us that GCHQ are becoming more transparent and to demonstrate they are really, really clever people. So let's run with that for a moment.

        Either through backdoors that aren't called backdoors, or simply through banning too-difficult to break security, GCHQ will know as the rest of do that the really organised crims, paedoterrorists and the like who are (supposedly, hah!) the real targets will quickly and readily find alternative communications tactics. Denying these people the ability to do business on an Android phone or Windows/Apple computer isn't going to stop them, and the inconvenience is going to be marginal when they are already always looking over their shoulders. In many cases they will happily continue to use these systems, because they rely on idiot codes - as did SOE very effectively during WW2. In that case GCHQ won't even have caused these people modest inconvenience.

        Then again, Hannigan's a typical civil servant, having studied "Classics" at Oxford, so we shouldn't be surprised. Can you imagine the chortling amongst the Bullingdon chums: "Binky Hannigan's moaning that he's cleverer than Sherlock Holmes again because he studied Classics, and we all did PPE. So I'm going to call his bluff by putting him in charge of the most technical most secret agency the government has!"

        So, knowing that this won't affect the real villains, the only logical rationale for GCHQ's ambitions to give themselves unlimited prying rights is that it nothing to do with serious criminals, and everything to do with spying on workaday criminals (which I doubt) or is purely to support Theresa May's dystopian vision of universal surveillance of the population by the state.

        And another thing, Mr Hannigan: If you want things to be different, and to be held in higher esteem, and to have some support, why are you spouting off to MI-fucking-T in Merkinland? If you want to get some support in the UK from people other than Big State enthusiasts, write something for the Reg (I'm sure they'd be delighted) and join us down here in the dirt of the Commentariat, if that's not too common for you?

        1. Anonymous Coward
          Anonymous Coward

          Re: These people just don't seem to understand encryption.

          Dirt? How very dare you.

          Also, I need to understand what you mean by classics at Oxford.

          Are you referring to shoes, marmalade and dictionaries?

          If so this chap needs to get a proper education, that knowledge is useless in his position. Frightful.

      2. Dan 55 Silver badge
        Unhappy

        Re: These people just don't seem to understand encryption.

        Just realised that that's why the Internet Connection Record is so nebulous too. Scare the ISPs and they'll hand as much as they can over and there's no dirty law which says we want it all on a plate.

        1. Peter2 Silver badge

          Re: These people just don't seem to understand encryption.

          As a thought exercise, if GCHQ/NSA actually had the ability to break encryption at will what would they be saying and doing publicly at the moment?

      3. Alan Brown Silver badge

        Re: These people just don't seem to understand encryption.

        > laws are made which threaten heavy fines and jail sentences

        The UK has had a standard approach to this for years - if a judge directs you to provide decrypted data for the court and you fail to do so, it's contempt and gets punished as such.

        If anything the laws reduce your exposure - you can be held almost indefinitely on contempt charges.

  4. Anonymous Coward
    Anonymous Coward

    Threat model

    Everybody who isn't Bob or Alice is Mallory.

    GCHQ is Mallory. "Lawful authorities" are Mallory.

    1. allthecoolshortnamesweretaken

      Re: Threat model

      Bob is an idiot anyway:

      http://www.theregister.co.uk/2016/03/07/verity_alice_bob_and_verity_too/

      1. phuzz Silver badge
        Black Helicopters

        Re: Threat model

        Unless you mean Bob Howard.

        (Middle names; Oliver Francis)

  5. Gray
    Facepalm

    Goodwill?

    "That is where we will need goodwill on both sides.”

    Given the repeated violations of trust and transparency by GCHQ and NSA, how can goodwill possibly exist in a climate of distrust?

    1. Graham Cobb Silver badge

      Re: Goodwill?

      That is what I said to someone I know who works at GCHQ just after the Snowden leaks. GCHQ have, by their actions over the last 20-30 years, voided our trust. They will never again be allowed, by my generation, to have the same power again.

      Until those of us who remember their crimes are gone they can beg, whine, scream, threaten or corrupt as much as they like but they will be fighting the population.

      The abuse had been going on since the 70s: completely illegal and dis-proportionate abuse of powers to monitor legitimate political parties (including the Labour party!) and trade unions. Later, helping the police to drive towards a police state for anyone who dares to protest (see the John Catt case). Finally their "climate of fear" pushing of a serious but very infrequent crime (terrorism) as if it was a serious threat to life or liberty.

      The actual threat to liberty is the abuse of extremely dangerous powers which should be being used maybe once a year, not on the whim of a politician or police officer.

      1. Doctor Syntax Silver badge

        Re: Goodwill?

        "That is what I said to someone I know who works at GCHQ just after the Snowden leaks."

        What was their reply? Or is that classified?

        1. Graham Cobb Silver badge

          Re: Goodwill?

          They were surprised by the vehemence of my concern and by my proposed solution: massive budget cuts to bring them under proper control and focus their minds on the things that are really important. Needless to say, they did not agree. Not that they were in a position to do anything about it anyway (as far as I know, of course).

      2. Mark 85

        Re: Goodwill?

        Until those of us who remember their crimes are gone they can beg, whine, scream, threaten or corrupt as much as they like but they will be fighting the population.

        Let's not give the powers that be any ideas, shall we? I can see here in the US that the "purge/gulag" mentality is rising. It appears to be that getting way in Blighty, also. Not too many countries that aren't pushing things that direction in the name of "security".

    2. SolidSquid

      Re: Goodwill?

      He's pretty much mirroring Clinton's comments that "the government is not your enemy" to companies like Google who had their inter-datacentre links tapped by the NSA. That kind of comment is intended to frame the argument for the general public as a "these people are being unreasonable too, and even though we're making an effort now they're still refusing to budge!". It's a PR stunt, nothing more, which is probably why he did it in another country where people are less familiar with what's going on with GCHQ

    3. Anonymous Coward
      Anonymous Coward

      Re: Goodwill?

      Is that the same king of UK State goodwill that Turing experienced?

    4. Anonymous Coward
      Anonymous Coward

      Re: Goodwill?

      He must mean the definition described in George Orwell's 1984:

      “There will be no loyalty, except loyalty toward the Party. There will be no love, except the love of Big Brother".

      If you want a vision of the future, imagine a boot stamping on a human face - forever.

  6. DropBear
    WTF?

    And what gave you that idea?

    Well I for one DO WANT the same level of protection as nuclear submarines have in my communications with _everything_. I may not _need_ it and I may not be prepared to jump through all the hoops needed in order to use it, but I sure as hell do _want_ it!

    1. Anonymous Coward
      Black Helicopters

      Re: And what gave you that idea?

      It's like the film industry with their erroneous use of tech jargon. "It uses military grade encryption!"

      Eh no. We just use the same cutting edge crypto suites for everything.

      1. Doctor_Wibble
        Joke

        Re: And what gave you that idea?

        > "It uses military grade encryption!"

        Yes, thank god for that, otherwise we would never get in!

  7. Warm Braw

    The importance of encryption for the economy and for the individual.

    identity verification for Government digital services ... the security of domestic “smart” power meters

    If these are so important, and both fall within programmes mandated by government and presumably open to advice from GCHQ, why are the implementations so unfit for purpose?

    1. scrubber
      Big Brother

      Re: The importance of encryption for the economy and for the individual.

      The government are mandating permanently connected devices be installed in every house in the country, capable of monitoring temperature, energy use ... and sound? ... and reporting back to some centralised server somewhere. Why? To save the planet, of course, and stop looking too closely, it saves you money too. Squirrel.

      1. Anonymous Coward
        Big Brother

        Re: The importance of encryption for the economy and for the individual.

        The Register actually ran a story 2-3 years back about how outsiders can use intercepted telemetry from your smart meter to tell what you are watching. Apparently, the subtle changes in power consumption reported through the telemetry can allow others to figure out whether you are watching Star Wars, Citizen Kane or SpongeBob Squarepants.

        http://www.theregister.co.uk/2012/01/09/smart_meter_privacy_oops/

        As I recall, my solution was to leave your second TV set to high-brow costume dramas, the arts and news programs, while using a portable generator to power your big TV off the grid, where you actually watched bikini-babe movies and sports.

        1. Anonymous Coward
          Angel

          Re: The importance of encryption for the economy and for the individual.

          No No, the other way around - they are not concerned about bikini-babe viewers as they never have dangerous ideas

  8. tiggity Silver badge

    chutzpah

    "For nearly 100 years we have been intimately involved in strengthening encryption."

    (My edit: Strengthening for use by us & our friends but not for the general public).

    Said in the same breath as finally revealing Ellis documents & GCHQ would doubtless have been very happy if Diffie, Hellman & Merkle had not published on public key encryption.

    1. Anonymous Coward
      Anonymous Coward

      chutzpah indeed

      Some more:

      > For those of us in intelligence and law enforcement, the key question is not which door to use, but whether entry into the house is lawful at all.

      Note the use of "house" singular. The problem the public has with you, Mr. Hannigan, is that while you stand up and say "house", singular, at conferences, your employer has legislation going through Parliament at this very moment which says "houses", plural, in fact every single household in the land, and beyond.

      This is the reason why no one trusts you.

      1. John H Woods Silver badge

        Re: chutzpah indeed

        "legislation going through Parliament at this very moment which says "houses", plural, in fact every single household in the land, and beyond." --- 2+2=5

        More to the point, they were already doing it even before legislation was proposed, let alone passed, that they should be able to do so.

    2. Anonymous Coward
      Anonymous Coward

      Re: chutzpah

      Supposedly there was some pressure applied to Diffie et al to not publish, luckily they did not give in or we'd all be struggling with unwieldly secret key encryption.

  9. Zippy's Sausage Factory

    Same ethical problem as hammers

    Hammers can be used as a weapon by criminals, yet we all still enjoy their ability to put nails into walls, a process which generally speaking prevents our houses falling down.

    Ethical dilemma? Right. Spook friendly PR...

  10. Primus Secundus Tertius

    Wedges with thin ends

    Once upon atime, the activities of GCHQ and the other security services were limited to thwarting the efforts of states and other groups that were hostile or unsympathetic to us as a country. But since the "end of the Cold War" and the advent of the glorious "peace dividend", their activites have been extended to counter ordinary "serious crime". That's what happens when we are ruled by bean counters.

    We are told they work against "organised crime", i.e. gangsters, and against child molesters. If they say so, perhaps; but meanwhile don't recycle too many goody-goody recyclables into the plain old black bag, and be careful what address you choose to get your child into a good school (*).

    I would like to see the remit of the security services firmly reset to its old position of thwarting the Queen's enemies.

    (*)When my old grammar school was made comprehensive, it was relocated to the most expensive suburb of that city, where my parents could never have afforded to live.

    1. Mystic Megabyte
      Headmaster

      Re: Wedges with thin ends

      >(*)When my old grammar school was made comprehensive, it was relocated to the most expensive suburb of that city, where my parents could never have afforded to live.

      Owen's?

      1. Primus Secundus Tertius

        Re: Wedges with thin ends

        No, sir, not Owen's.

        I guess my old place is not the only one now restricted to the rich.

  11. allthecoolshortnamesweretaken

    Hannigan added: “But what the history of our cryptology teaches me above all is that the enduring problems in the debate over privacy and security are essentially moral rather than technical.”

    Okay, that covers* morals. What about ethics?

    *okay, 'mentions morals'

    1. nijam Silver badge

      > Okay, that covers* morals. What about ethics?

      Morals and ethics are apparently (given the substantial divergence from person to person, let alone nation to nation) are little more than personal opinion, sadly.

  12. Destroy All Monsters Silver badge
    Holmes

    "Holocaust", "Turing would have this and that" and a "Moral Questions"??

    The button-pushing (if not retconning) is strong in this one...

    1. Dan 55 Silver badge
      Big Brother

      Re: "Holocaust", "Turing would have this and that" and a "Moral Questions"??

      I'm sure Turing would have loved his superiors being able to call up the details of everybody's private life.

      1. Adam 52 Silver badge

        Re: "Holocaust", "Turing would have this and that" and a "Moral Questions"??

        I occasionally ponder how many of the WW2 "heroes" would have had their security clearances pulled had their private correspondence been known.

        We quite possibly would have no GCHQ and no atomic bomb, leading to a very different outcome. We should learn from history and make sure we're not in that position the next time.

  13. Anonymous Coward
    Anonymous Coward

    Due process

    If a criminal commits a crime, you serve him with a warrant, approved by a court, he is compelled to unlock the device or can challenge the warrant. Why should GCHQ have a backdoor into encryption to bypass that judicial process?

    If he's already dead, tough luck, you can't arrest him anyway. Anyone he talked to is a phone billing record away, go after them instead.

    What you're actually trying here is to strip the judicial and privacy rights from Britain.

    Once GCHQ were code breakers breaking ENEMY codes. Now they do a full take on BRITISH comms, they help conceal PRISM surveillance of Britain from Parliament, and here they want British encryption back-doored. You lot in the donut are the biggest threat to the UK.

    It was revealed that Obama gets a briefing on governmental secrets. It was revealed that the 5-eyes-no-spy agreement was ignored if the information was useful to the US. It was revealed that "The Wilson Doctrine" is worthless, you hoover up all Parliaments and government ministers internet data along with everyone elses. Today its Obama, tomorrow it will be Chancellor Trump who gets his briefing if our secrets. Secrets that largely come from your Full Take data.

    We need compulsory encryption to protect our government and Parliament's private communications from you. That encryption needs to be GCHQ proof. Because you lot have lost the plot.

    1. Pedigree-Pete
      Meh

      Re: Due process

      GCHQ: Here's an encryption tool you can use that we can't crack, honest guv.

      Us: Great, thanks a lot, that's that settled then. :)

  14. Anonymous Coward
    Anonymous Coward

    All this mention of Turing

    Has anyone pointed out he was one of their victims in the end?

  15. Adair Silver badge

    He's right it is a 'moral' question...

    '...stated he was “puzzled by the caricatures in the current debate, where almost every attempt to tackle the misuse of encryption by criminals and terrorists is seen as a ‘backdoor’.”'

    When people have been lied to by state agents, and when those agents have seen fit to act regardless of 'just cause' or actual 'evidence', is it any wonder that said 'people' are just a tad cynical about any subsequent 'promises' and 'explanations', even when they are made in good faith. That's what happens when you lose trust---people don't trust you. Quelle suprize!

    The 'moral' question is: What can our state agents do to convince us that they will act with integrity and good faith towards 'the people' whose lives and livelihoods they are charged to protect?

    In reality there is probably nothing they can do; they've blown it. They blew it years (hundreds of years) ago. The only thing that has changed is the extent of their reach and the time-frame of their reach---longer reach, and much faster. Apart from that it really is business as usual, and hoping that there are always enough 'good' people in the system to mitigate the worst tendencies of those who are motivated by greed, power, and fear.

    The best we can probably hope for is some kind of Mexican stand-off, between the state agents, the criminals, and the rest of us. The graveyard scene in 'The Good, the Bad, and the Ugly', comes to mind, but without a resolution.

  16. Pen-y-gors

    FTFY

    "...there was an ethical problem presented by encryption money, cars and oxygen and it was necessary for industry's technical experts to help them work out a solution on its use by criminals."

  17. simpfeld

    We aren't against strong crypto but...

    ..we invented public key crypto, a technology that enabled so many things in the modern world. Yet we didn't tell anyone, that would have allowed potential security gains for UK citizens and potentially have given economic benefits to UK industry.

    Sounds like the don't care very much about the security of UK citizens data, they just want in.

    1. Anonymous Coward
      Anonymous Coward

      Re: We aren't against strong crypto but...

      Indeed. They're only following orders...

  18. Stevie

    Bah!

    But everything we learned from Snowden's leak was that the intelligence agencies cooperate to subvert provisions specifcally written into law to protect the people from unreasonable oversight.

    I think the major features of this speech were that so-called smart people actually sat through it and that the speaker managed to keep a straight face throughout.

    Explain once more how listening to my phone calls combats terrorism.

    Then explain how we may employ sheep's bladders in the prevention of earthquakes.

  19. Justicesays
    Facepalm

    Wow - so much bullshit

    "From traditional protection of military communications, through personal privacy online – including identity verification for Government digital services – through the security of domestic “smart” power meters – where the design principle is that homeowners are in control of their data – to the security of the nuclear firing chain, we understand the importance of encryption for the economy and for the individual."

    Erm, so they are responsible for the lack of personl privacy online?

    And the Government mandated and enforced roll out of smart meters whose data protection regime contains this gem:

    "Normally this data will be collected after you have used the energy (ie not in real-time) unless there is a specific querry about your bill."

    So, capability for real-time data queries built-in? Thanks for "protecting" me GCHQ.

  20. Doctor Syntax Silver badge

    "That is where we will need goodwill on both sides.”

    Fair enough. But that gives him a problem. He and the other agencies have lost that goodwill because they have lost the trust of the public including the tech companies. He and the others need to regain that trust. It's really the most important problem they have and I don't think they have a clue where to start. I can help them with a rather old piece of advice.

    When you're in a hole, stop digging.

    They need to step back, grasp what the rest of us are saying and then admit that they way they've been going about things is wrong; that for the greater good they need to accept limits. Standing up and giving lectures about how they're right is, in fact, quite wrong. They work for the public. The ethics and morals they adopt should be those the public require of them. It's not their role to try to scare the public into the attitudes they want. And, as someone said in a previous comment thread (and inexplicably got downvoted for it) questions of principle shouldn't be settled by appeals to utility.

    1. Anonymous Coward
      Anonymous Coward

      Unfortunately just like the Police.

      Way back the Police were respected, not feared.

      Why has this come about?, well meddling from above, fast track promotions, fixed up evidence,

      I spoke with a bobby on the beat (I know, a rarity) a while back, seemed a decent chap, but go higher up the chain where the promotion opportunities are fewer and thats where it all starts to go wrong.

      This is human nature, to scrabble to the top of the pile.

      The police need less interference, less 'nee naa' and more connecting with the population, then they will regain respect, which is not a given, it has to be earned

      1. Primus Secundus Tertius

        Re: ...just like the police

        No, they were not respected by the plebs (e.g. my grandparents, on one side at least). It is a middle class delusion to say the police were respected - and they lost that respect after everyone bcame a motorist.

    2. Someone_Somewhere

      Re: questions of principle shouldn't be settled by appeals to utility.

      Jeremy Bentham might disagree with you: https://en.wikipedia.org/wiki/Utilitarianism

      ;)

  21. Uffish
    Big Brother

    How to crack unbreakable crypto.

    If I understood correctly the extracts of Hannigan's speech he is asking for crypto software which falls over if you don't follow a strict procedure, or some such 'human" cause of failure. So you can have your secure crypto but if you ever forget to put in a new password for each message it can be cracked. That way your average crim can have the best crypto but GCHQ can read the plaintext..

    On another note, after analysing Hannington's comments I can see why a Classics background might be useful in his job - it must require great linguistic skills to appear to say X in such simple english but actually mean Y.

    Big Brother has an overwhelming need to continue watching you, and you, and you ...

  22. John H Woods Silver badge

    "If I understood correctly the extracts of Hannigan's speech he is asking for crypto software which falls over if you don't follow a strict procedure, or some such 'human" cause of failure. So you can have your secure crypto but ..."

    They already have everything they need to go after targets. No crypto is secure against endpoint compromise and all the old school spycraft (shoulder surfing, infiltration, honeypots) still works; all the new school spycraft (hidden cams, tempest, decoding audio to narrow down password search spaces) still works; and all the bang-up-to-date spycraft (keyloggers, hardware compromise, certificate compromise, rng tampering) still works.

    I totally support them going after targets. I shall totally resist the dragnet.

    1. Uffish

      Re: "resist the dragnet."

      Fine, resist away and you will be tagged as someone hiding something. I don't suppose that would cause you any problems and I don't suppose the security people would do anything unless you managed to accumulate some other tags, US no-fly list, regularly seen parking outside the Ruritanian embassy or whatever criteria they have for being suspicious.

      The point is that the security services keep saying that they are looking for the "unknown unknowns" hence the dragnet and hence their craving for full access to everything. If they can't have that (and I sincerely hope they don't) then they will have to make do with the next best thing, which seems to be looking at everything anyway in the hope that they will be able to get at least something from it.

  23. amanfromMars 1 Silver badge

    Methinks he doth protest too much. A new broom is needed, FFS ASAP.

    Hannigan’s and GCHQ’s abiding problem, and it is certainly not confined just to them in Blighty for others abroad have also the same enigmatic quandary to ponder, is the correct answer to the question of whether they be working for the right employer, or whether they be just making fools of themselves believing the boss programs and active agents they are targeted to protect and propagate, are worthwhile.

    After all, who is ultimately to blame for the likes of the dodgy Iraq dossier if it wasn’t a lack of intelligence and crappy leadership in key players which wasn’t kicked into touch and destroyed by the greater Intelligence Community.

    Such doesn’t bode well for prosecution of the belief that they have anything worth listening to, whenever the whole system is so easily perverted and corrupted to roll over and act as a captive lapdog and fluffer to fools who then are allowed to move on into probably lucrative fields without the glare of media attention and parliamentary oversight, although both of those themselves are toothless wonders too, are they not?

  24. Anonymous Coward
    Anonymous Coward

    "all must cooperate"

    is it a threat, or a formal request? ;)

  25. Tikimon
    FAIL

    To a cop, everyone is a criminal

    To most people in "law enforcement" , everyone is a probable criminal, and they see it as their job to find out what laws you have broken. Presumption of innocence is long gone.

    "Law enforcement" has now come to mean "Circumvention of law (for police benefit)". It's a 180-degree switch from their stated purpose, so why do they wonder that we don't trust them with anything?

  26. Paul

    And in other news, GCHQ has found a way to make horses run backwards into the stables they bolted from, so that they can retrospectively lock the stable door.

  27. amanfromMars 1 Silver badge

    Some essential GCHQ bedtime reading in the field facing terrorism?

    A couple of decades old, and NSA specific, but still a classic tome for anyone interesting or interested in the command and control of both the intelligent and the stupid in practically every field virtually available? ...... https://www.nsa.gov/public_info/_files/directors_misc/Directors_Work_Plan.pdf

  28. Major_Variola

    I'm sure the audience was immensely empathetic

    Not

    Just observing an early 21st century freak show. He talks funny too.

  29. PaulAb

    Whos watching the watchers watching watchers

    The snoop-boss, speaking to an audience at the Massachusetts Institute of Technology in the US, said the industry's technical experts should help intelligence analysts crack crypto used by criminals.

    Another barrel of bilge from the ministry of misnomers.

    I suppose none of the 'Technical experts' are above a bit of blackmail I fully expect to read shortly that one of them is found to be a criminal also, can they resign or do they just disappear, who will these technical experts be?... Oh, they're employed by the government, well that's ok then, ....we can expect all the backdoors to be left on a memory stick on the London tube.

    What a Fu** wit

  30. Doctor Syntax Silver badge

    "The level of security I want to protect the privacy of my communications with my family is high, but I don’t need or want the same level of security applied to protect a nuclear submarine’s communications, and I wouldn’t be prepared to make the necessary trade-offs."

    Take this statement in conjunction with the Nat West article. It would be wrong to see such things as affecting just individuals - as in his family's communications. If you take all the Nat West users together, or all of the other individuals who might be affected by some other issue, each time you can add up what's a risk and discover that it's a sizeable chunk of the economy. Does that move it a bit closer to a nuclear submarine in terms of significance?

  31. Anonymous Coward
    Big Brother

    "there is an ethical problem presented by encryption"

    Well Mr. Hannigan, there is also an ethical problem presented by agencies that are supposed to be under the control of the people spending their time hoovering (or "Herbert Hoover-ing") up the communications of those same people, based on secret interpretations of law or identification of legal gray areas that don't specifically stop large-scale interception. And then these agencies lie to the people about the extent of that surveillance or its existence at all.

    Democracy and secret law are incompatible. Figure out which side you are on (though you probably already have and it's not on the side of democracy).

    And trotting out the Enigma-busting effort is a red herring. I'm fine with the sigint agencies cracking codes and encryption, especially against a hostile nation-state. You aren't going after Nazi Germany with this encryption fight--you're going after communication systems that I rely on to pay my way in this world and communicate. I can't stop someone hiring an army to try to brute force every possible access code to get onto my smart phone, and I can only hope that criminal organizations will seldom have those resources. I am not fine with the vulnerabilities being created so that anyone who buys, blackmails, cajoles or gets promoted to a certain level of access can log into their workstation to see what citizen Marketing Hack is up to today.

  32. Graham Marsden
    Holmes

    "the industry's technical experts...

    "... should help intelligence analysts crack crypto used by criminals."

    Because the crypto used by criminals is *completely different* from every other sort of encryption, isn't it...???

  33. martinusher Silver badge

    Enigma was more about social engineering

    We all associate the Enigma machine with codes and codebreaking but in reality the machine was just part of the secure communications process and never yielded to direct attack. The trick was to figure out the settings, and this was only possible because the procedure for setting up the machine was manual and so left openings for attack. This is analogous to spearphishing attacks being used to penetrate networks -- the human's always the weak link.

    Apple's risen to prominence because they've taken the human weak link out of their encryption process which has made that process very, very, difficult to crack. I don't see how the security services are going to be able to put that particular genie back in the bottle; they seem to be trying a charm offensive in the UK designed to tell people that its OK to have just a little encryption, that's all you need.

    (Incidentally, returning to Engima there's something I'm fascinated with but can't find any information on. Just as BP was exploiting procedural weaknesses there were similar teams in German intelligence doing the same thing -- they were looking for procedural gaffes and changing code settings as soon as they discovered one. I'd like to know more; my guess from their inadequate reaction speed is that it was just a handful of people who knew the dangers, were chronically underfunded because "management knows that Enigma is bulletproof" -- the usual stuff. Had the Germans even an inkling of the industrial scale of BP then they might have been taken more seriously.)

  34. ShadowDragon8685

    The idea of asking tech companies to engineer backdoors into their products so government can access encrypted communications, or gain control of a device, is asinine.

    Because there is nothing stopping someone else from using that. Say that that is what happens, I firmly believe that:

    Within a day of it going live, hostile government actors will have the backdoor, assuming they don't even have it BEFORE it goes live.

    Within a week of it going live, hostile NGOs - the likes of, say, ISIL, al Qaeda, etc - will have it.

    Within a month, organized crime will have it - the mafia, Nigerian 418 scammers, etc.

    Six months, and criminals of every level will have it just by Googling it. (And I may be being generous by giving this one six months, cynically, I'd say more like two.)

    In the name of making things secure, those who want to engineer stuff like this are going to make things VERY insecure. But I think that's the point.

  35. Adam Inistrator

    fig leaves

    I guess he is really trying to stiffen the moral of the more hard-line mandarins and provide some cover against their more moderate colleagues. The way he sees it, any reason, however implausible, for the mentality of mass spying is becoming a dire necessity, but I think they are trying to hide behind their fingers.

  36. dddandan

    Baffled

    How is it possible that they still don't seem to 'get it'? Either encryption is secure, or it isn't. Refusing to call a backdoor a backdoor doesn't change anything.

    Their argument now seems to be a continued rehash of what we've heard before: "Oh we agree everything should be totally secure, but sometimes we just have to get in when the real bad guys are involved."

    Utter nonsense. People who know absolutely nothing about the simple mathematical principles trying to legislate their way into total surveillance freedom by deception is getting old.

  37. Anonymous Coward
    Devil

    EOC

    Don't you think that all this is essentially the begining of the fall of Civlilisation as it exists today. The lights are going out all over the World (was Europe in WWII) and we shall not see their re-lighting in our lifetimes (or several generations).

    The barbarians are not at the gate, they have control of the gate.

    To be a barbarian does not mean you are not highly intelligent or educated (not the same thing) its all about attitude; to others and civilisation. We have barbarians in government and its support agencies.

    Murdoch the Robber Baron was a warning.

  38. dan1980

    Standing clear amongst all the misrepresentations and evasions is one huge problem: this all assumes that those with the ability to decrypt our private data are, and always will remain, unimpeachably ethical, weighing each and every decision to deploy their intrusive abilities and only doing so where there is the greatest of needs.

    I say this is the big problem because it still exists EVEN IF you assume, as our governments and agencies want us to, that what they want is actually possible and that it won't result in other parties exploiting these not-backdoors.

    Hard experience shows that nothing could be further from the truth.

    1. secop
      Devil

      No backdoor

      "All this talk of backdoors, we dont know what they're talking about?" Maybe you do not Mr Hannigan but the programmers who have are even now examining the Microcode inside that Intel Managment Engine are only too well aware that ACPI stands for "Absolute Crap Produced By Intel" and they're also only too well aware that whale.lsub.org is what other people code name Pinwhale. We welcome these new backdoors for the benefit of all insider traders everywhere, coraid running it's own Nix kernel, backdoor's galour and not a shred of Blowfish left in the OpenSSL libraries anywhere!

      We dont hate you, we despise you, big differance!

  39. Sproggit

    What's Good For The Goose

    <sarcasm>I am encouraged to see the Head of GCHQ proposes that because *some* criminals use encryption to attempt to conceal their intentions [despite the amount of publicity these actions are gaining, despite the fact that Osama Bin Laden was sufficiently careful to not even have a phone line in his compound and despite the fact that there is more than enough evidence to show that the meta-data alone - i.e. the list of who sends messages to whom] ... that we should therefore simply give up our privacy and permit the state to eavesdrop. This distinction ["Because some bad people ... then we must..."] can be usefully applied elsewhere, and I await with baited breath the following proclamations from both sides of the Atlantic:-

    1. Because some guns are used to kill people, *all* privately held firearms will immediately be declared illegal and must be destroyed.

    2. Because some motor vehicles are used by joy-riders and speeders in ways that result in the deaths of innocent by-standers, *all* motor vehicles will immediately be declared illegal and crushed.

    3. Because some Members of Parliament have been caught fiddling their expenses, all second homes will be banned, to be replaced by the conversion of spare loft space in Whitehall buildings into hotel-style rooms that can be booked in advance, with meals served at Westminster...

    What's that you say? My additional examples simply won't work? Too extreme? Driven by hysteria and hyperbole? Exactly my point... </sarcasm>

  40. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like