back to article Brit spy chief: We need trust or we won't have a 'licence to operate in cyberspace'

GCHQ's director-general has called for more public trust in the controversial British spy agency. Jeremy Fleming told the Cyber UK conference in Glasgow this morning that his agency "must have the legal, ethical and regulatory regimes to foster public trust, without which we just don't have a licence to operate in cyberspace …

  1. Semtex451 Silver badge

    "to build security into their products and services at the design stage"

    Is that not a euphemism for backdoor for 'friendly and benign security services'?

    Is it that I'm too cynical, and should take his speech at face value, as some sort of olive branch to the thinking section of British society?

    1. Paul Crawford Silver badge

      Re: "to build security into their products and services at the design stage"

      It could be a "euphemism for backdoor" insertion if you start with the assumption that device manufacturers, IoT purveyors, OS-mongers, ISP router selection, etc, are all made with security as a #1 (or even recognisable) priority.

      Or, cutting them some slack, you could also look at the current pisspoor state of the above and find it might be quite the opposite.

      Tricky one to decide...

    2. macjules Silver badge
      Black Helicopters

      Re: "to build security into their products and services at the design stage"

      And not forgetting,

      the spy agency "will share intelligence with banks to enable them to alert customers to threats in close to real time."

      That just reeks of a get-out for TSB et al to blame a "credible cyberthreat from GCHQ" for their using crap software developers to build leaky apps. It is bad enough that banks already allow access their account management API, supposedly always "with the account holder's permission" .. yeah, tell that one to HMRC.

      Oh, and well done to GCHQ for not mentioning "AI".

      1. Anonymous Coward
        Anonymous Coward

        Re: "to build security into their products and services at the design stage"

        Isn't this done already? It is in other (European) countries.

  2. Will Godfrey Silver badge
    Thumb Down

    A bit of advice for the gentleman

    Trust has to be earned, not demanded.

    What are you doing towards that end?

    1. Anonymous Coward
      Anonymous Coward

      Re: A bit of advice for the gentleman

      Beat me to the post.

      Of course, staying within "the legal, ethical and regulatory regimes" already in place might help foster public trust. Erring a little on the side of caution, gaining an explicit green light before indulging in anything too near the bone, and a readiness to apologise before being publicly dragged over the coals, might help too.

    2. Anonymous Coward
      Anonymous Coward

      History

      "Just ignore all the times in the past where we have abused your trust. Trust us this time."

      Fool me once...

      1. John Smith 19 Gold badge
        Gimp

        "Fool me once..."

        I think you'll find it's rather more than once.

        And yes, trust is earned, not given.

        But data fetishists do not ask for you data. They either demand it as a right (when you actually have a legally enforceable right to refuse) or simply take it if you don't (hello NHS).

        Would he have even bothered to show up here if it was not for Edward Snowden's data dump?

        Would he f**k.

      2. Timarzi

        Re: History

        Can't get fooled again?

      3. Tikimon Silver badge
        Devil

        Re: History

        "his agency "must have the legal, ethical and regulatory regimes to foster public trust, without which we just don't have a licence to operate in cyberspace".

        Translated to read: "We need to change the law to legitimize and extend our ubiquitous state surveillance. Then when people complain about spying we can piously say we're doing nothing illegal. The public will then discard all their objections and happily fall into place behind Big Brother!"

        Sorry you jerks. We know when a law is unjust and that won't make anyone love you. It will make us mistrust you more, watching you removing our rights and using Newspeak to brand your evil acts as beneficial. A Police State by any other name...

    3. N2 Silver badge
      Pint

      Re: A bit of advice for the gentleman

      Agreed, well said.

      How can the public or anyone for that matter, trust any government dpeartment?

    4. Tom 64
      Coffee/keyboard

      Re: A bit of advice for the gentleman

      > "What are you doing towards that end?"

      Sweet F.A, no doubt.

      My only surprise is that the tory government hasn't yet found a way to sell all that data they collect.

      1. macjules Silver badge
        Unhappy

        Re: A bit of advice for the gentleman

        They have, but being the British government they forgot to actually send the invoice for it.

        1. Anonymous Coward
          Anonymous Coward

          Re: A bit of advice for the gentleman

          ahahaha the invoice they didn't send probably only asked for a packet of crisps and sandwich too.

    5. K Silver badge

      "without at least a base of public support" ...

      Que slow sarcastic clap - Clap... 2 second pause... clap... 2 second pause... clap...

      Its great you realised this, but the trust-boat set sail a long time ago, so your going to have to paddle pretty bloody hard to catch it! Of course, you could always try starting with an apology, Mr D Trumps method with suffice (grovel on your hands and knees).

      OK enough of my sarcasm, personally I've a lot of time and respect for the bods at GCHQ and NCSS.. What I don't respect though, is the real lack of oversight and means of recourse, and simple fact, all the overseers need do is wave the magic "National Security" wand and everything disappears!

  3. Anonymous Coward
    Anonymous Coward

    How do these morons get a job ?

    It's hard not to get increasingly bitter at the levels of incompetence in high paid jobs, when I have to hear how my 30 years of experience "doesn't count".

    Anyway, the key here is not the fear of what *this* bunch of crooks get up to with all that power they have. It's what the next bunch do ....

    1. A.P. Veening

      Re: How do these morons get a job ?

      This bunch is already bad enough, if it gets much worse, we will need to emigrate (and Proxima Centauri is still too close at that point).

      1. Glen 1 Bronze badge
        Joke

        Re: How do these morons get a job ?

        That star system gets better reviews than our current one... cus y'know... 3 stars.

    2. Adrian 4 Silver badge

      Re: How do these morons get a job ?

      We always used to say that when poorly-written laws were produced.

      But now DO have the abusive government we worried about. It will take a very long time to earn that trust back.

  4. Marketing Hack Silver badge
    Stop

    They should still split IT security away from the remit of the sigint agencies.

    "Welcome to the farm, Mr. Fox! We're glad to have you onboard. Here's your desk, coffee cup and stapler. Over there is the hen house--you'll be guarding that."

    1. Graham Cobb

      Re: They should still split IT security away from the remit of the sigint agencies.

      This is key.

      I can understand that we need an agency like GCHQ that is trying to monitor as much as possible, intercept as much as possible. That is a sensible precaution to deal with many internal and external threats.

      But don't pretend that that agency needs or expects trust. Or that it should have any role at all in building security.

      We are probably best secured by clever academics and by creating a suspicious and untrusting public who will pay private industry for real security. Of course, this isn't easy (as the non-existence of security in the IoT world illustrates). But we don't need GCHQ pretending to be helpful.

      GCHQ's job is to break security. Fine. But don't whine that we should trust you.

  5. Anonymous Coward
    Anonymous Coward

    GCHQ == STASI

    ....and here we have Jeremy Fleming talking about "trust".

    *

    I suppose he also wants foreign governments to "trust" the UK....say the Belgian government:

    - https://www.theguardian.com/uk-news/2018/sep/21/british-spies-hacked-into-belgacom-on-ministers-orders-claims-report

    *

    ....and that's just one that we know about. And Edward Snowden had some stuff to say about the so called "Five Eyes".

    *

    And finally - GCHQ just can't wait for 5G to be implemented so they can do EVEN MORE spying on 60 million UK citizens. The same Jeremy Fleming is using the current nonsense about China as pure misdirection of the public...

    *

    How much hypocrisy can we take? Pass the sick bag, Alice!

    1. Any other name

      Re: GCHQ == STASI

      You clearly have no idea of what Stasi was, how it operated, and what it routinely and very professionally did to anybody it found not up to the expected standard of behaviour.

      1. Anonymous Coward
        Anonymous Coward

        Re: GCHQ == STASI

        @any_other_name

        You clearly have no idea what is going on in Cheltenham. When you find out, perhaps you can let us know.

        1. T. F. M. Reader Silver badge

          Re: GCHQ == STASI

          I think Mr. or Mrs. Any Other Name is absolutely right about Stasi. I also do not believe GCHQ or MI5 are anywhere in that league. Nor is the current government or any past government of the UK in the same league as that of the former GDR.

          That, however, has very little bearing on the issue of trust. Point is, our security and privacy policies and mechanisms absolutely must foresee the possibility that the Security Services may become like Stasi at some point, with the corresponding transformation of the political system as well. No, I do not trust that it will not happen in my time or my children's time, and therein lies the limit of the trust that the Services may get from me. The trust is constrained by the spectrum of Stasi a lot more than the known or even unknown historical actions of the Services. That's just basic risk management, IMHO.

  6. Anonymous Coward
    Anonymous Coward

    Yeah best of luck there...

  7. fidodogbreath Silver badge
  8. Christoph Silver badge

    He wants to "foster public trust" so he can "extend UK.gov's surveillance and control"

    Does anyone else think there's some tiny kind of, you know, discrepancy there? Some trifling hint of batshit insanity?

    1. A.P. Veening

      There is, but only for a specific definition of small, like about 27 cubic miles.

    2. DropBear Silver badge

      Nope, none at all. It makes perfect sense, actually: they're the good guys. It's for your own protection. /s

  9. Drew Scriver

    "We will work with ISPs to enhance the security of internet-connected devices in the home"

    Riiiiiight...

    Good thing for the GCHQ that he didn't read from the other internal memo, "We will work with ISPs to place internet-connected surveillance devices in every home".

    1. Teiwaz Silver badge

      Good thing for the GCHQ that he didn't read from the other internal memo, "We will work with ISPs to place internet-connected surveillance devices in every home".

      Not required, Google are only too happy to collect everything in the room of one of their devices Facebook and the gullible public are only to happy to shell out for them in exchange for the ability to play music without pushing a button.

  10. amanfromMars 1 Silver badge

    Defenders of the Indefensible are as Puppets on a String ......

    Whilst I think we've made a good start, the next stage of our strategy is even more critical. It'll need a national effort if it's to succeed." .... Jeremy Fleming, GCHQ director-general

    Christ, ... what is it in the UKGBNI water that allows the likes of a Jeremy Fleming to spout so much of the same rabid garbage as a Mark Carney does for the Old Lady of Threadneedle Street?

    The word NOT on the street, is critical cyberspace strategies proceed best and always succeed with private and/or pirate internetional efforts. You know, ye olde worlde off-the-books type covert missions with benefits rewarding the serially smart clandestine renegade rogue elements whom one has to buy into in order to avail oneself of a quite unbelievable advantage which permits the free radical remote exercise of a more universal command and virtual control of fielded assets ..... for the mainstream doesn't lead whenever all IT ever does is follow the counsel of media hosting muppets.

    And although that be a tad harsh, such is nevertheless perfectly true and a crying shame for Cheltenham to presently bear.

    1. A.P. Veening

      Re: Defenders of the Indefensible are as Puppets on a String ......

      Christ, ... what is it in the UKGBNI water that allows the likes of a Jeremy Fleming to spout so much of the same rabid garbage

      It isn't in the water, it is in the name. I am rather surprised nobody made that link yet. However, I am pretty sure one Ian Fleming would like to disown him.

      1. Anonymous Coward
        Anonymous Coward

        Re: Defenders of the Indefensible are as Puppets on a String ......

        You're responding to a bot. It isn't reading your reply, and wasn't asking a question. It just really likes Markov chains.

        1. amanfromMars 1 Silver badge

          Defenders of the Indefensible are as Puppets on a String with Practically Worthless Liabilities

          You're responding to a bot. It isn't reading your reply, and wasn't asking a question. It just really likes Markov chains. .... Anonymous Coward

          Crikey, AC, you got everything spectacularly wrong with that comment. Bravo, Sir or Madam. Don't call us, we'll call you if we need nothing of value.

  11. Anonymous Coward
    Anonymous Coward

    foster public trust

    They spy on me, they claim it's for my own good and now they want me to trust them too? Fuck no.

  12. Duncan Macdonald Silver badge
    Black Helicopters

    Trust GCHQ ???

    Who in their right mind would trust them - they have proven themselves to be completely untrustworthy.

    Lying is their stock in trade - even the name is a lie GCHQ - Government Communications Headquarters which tries to give the impression that it is used for this government's communications whereas its actual job is to spy on other peoples communications.

    When there is a suitably long record of them behaving ethically and following the rules (100 years should suffice!!!) then people might start to believe them - until then they have even less credibility than a politician.

  13. Nick Kew Silver badge

    Public Trust

    I wonder.

    Could GCHQ potentially build some bridges if they were to head-hunt one or two respected privacy advocates, with a remit something like UN weapons inspectors? Someone with authority and not afraid to ruffle feathers.

    Any big organisation will contain a certain mix of good and bad. If you have an image problem like GCHQ it may be hard to recruit People who Care, so you'd need to kick-start something. Microsoft have recruited some great folks in their turnaround: maybe GCHQ could learn from them, and create an Advocatus Diabolus role for someone who would be their natural critic?

    p.s. is this Fleming any relation of the famous Ian?

    1. SMITCH79

      Re: Public Trust

      "Could GCHQ potentially build some bridges if they were to head-hunt one or two respected privacy advocates, with a remit something like UN weapons inspectors? Someone with authority and not afraid to ruffle feathers."

      No. Ask David Nutt.

  14. Anonymous Coward
    Anonymous Coward

    As someone who has worn a target on them most of his life, trust? Not happening.

  15. John Smith 19 Gold badge
    Coat

    Ethics?

    It's a British county East of London.

  16. CAPS LOCK Silver badge

    Trust in GCHQ?

    I think I''l tie up my connection instead.

  17. illuminatus

    GCHQ is...

    a government agency. It remit and its activity is regulated by government. And therein lies the problem. While there may be many competent and ethically upstanding people inside the service, the people setting the parameters for its activity are anything but. What GCHQ provides is used by both the Home and Foreign Office (at least) and is, therefore within the remit of the secretaries of state. Now consider that in recent time that list of political no marks in those posts has included Amber Rudd, Theresa May, Boris Johnson and Jeremy Hunt*, you begin to see the problem. In theory there is parliamentary oversight, but in reality things are much murkier (and sometimes for sensible reasons).

    I am always wary of organisation with large amounts of power that are subject to direct political control, so my trust is in very very short supply, I'm afraid.

    * and yes, I remember the bad old days of Jack Straw too, so it's not entirely party political.

    1. genghis_uk

      Re: GCHQ is...

      When was the last time we had a Home Secretary that was not a total sociopath? I think being an overbearing nutter is part of the job description. It certainly has been for the last 30 or so years.

      (Lloyd George maybe? Way before my time)

  18. UberMunchkin

    Of course we don't trust them, they lie for a living. That is what spies do.

    All of that is of course seperate to the fact that any sane person is going to completely reject backdooring of encryption by governments as any exploit at all is a total exploit.

  19. phuzz Silver badge
    Coat

    Conincidence?

    GCHQ's director-general [...] Jeremy Fleming

    Any relation to Ian Fleming?

    1. Anonymous Coward
      Anonymous Coward

      Re: Conincidence?

      Joke's on you sunny jim. Fake name, fabricated history.

  20. artiebucco

    Here's my requirement for trust

    If GCHQ commit to NEVER buying exploits on the commercial market, except to provide the details to vendors to fix their products, then I may start to trust them.

  21. Xenu

    We want to backdoor all your chat apps... but we also want you to trust us.

  22. Roland6 Silver badge

    Keep your friends close and your (potential) enemies closer...

    Continuing a low-key theme that has been growing over the past few years, he also called for more public acknowledgement of GCHQ's own hacking capabilities

    Suspect this - maintaining and developing GCHQ's own hacking abilities - has bearing on the UK security establishment's view of Huawei.

    Regardless on what may or may not be the case, having Huawei equipment in the UK and hence in our sandbox, then we are better placed to 'play' with the kit and to monitor for any backdoors/side channels. Then that knowledge is available to explore other huawei deployments...

  23. Anonymous Coward
    Anonymous Coward

    Screw trusting them. We cant get DNS over HTTPS fast enough.

  24. Long John Silver
    Pirate

    He would say that, wouldn't he?

    I start from the assumption that Fleming and his staff basically are decent people. That applies also to MI5, MI6, and the plethora of other security/police agencies operating within or beyond the public gaze. Many such people are competent too.

    That said, I don't trust GCHQ or any other UK-linked security/surveillance agency one jot more than absolutely necessary i.e. very little at all. It's no so much existence of these agencies that offends me but rather the creatures within whose purview the agencies fall i.e. their political masters. Politics never has greatly attracted people of intellect, broad education, taste, wisdom, and unbending probity. The quality of personnel in the British legislature's two chambers declined markedly when Blair took office and continues at a level of incompetence and peculation more fitting to the eighteenth and early nineteenth centuries. Observe how these non-entities assiduously proclaim their importance, dignity, and entitlements despite the fact of few possessing merit and those holding executive government posts barely capable of running a whelk stall in Brighton. Watch them in their chambers, particularly the lower one, mired in anachronistic customs and practices, and stuck with speeches, so-called oratory, as means of communication within their Houses.

    That's not to say there weren't in recent times figures of stature. Churchill, Bevan, MacMillan, Wilson, Powell, and Wedgwood-Benn come immediately to mind. Doubtless some genuine talent coupled with personal integrity persists, though unlikely to be found in the Cabinet.

    At one time, people appointed to senior ministerial positions usually had sharp enquiring minds. Ministers, in general, were not placed in charge of departments on the basis of subject matter knowledge and skills; indeed to do so risks blinkered vision and attitudes. It was, perhaps still is, if anyone bothers to think on it, customary to put generalists rather than specialists in charge. Thus, a minister is expected to quickly come up to speed on policy issues. He is not required to master fine detail and associated technologies. Yet, when allocating budgets and preparing legislation he must be fully aware of the consequences of his choices. Only a fool would rely upon receiving accurate and unbiased advice from civil servants and brought-in expertise. Underlings likely are reliable and honest but a minister should give as much due diligence to disbursing public funds as he would when buying a house for himself. Thus, a sharp interrogative mind is required. One able to ask penetrating questions and recognise bullshit when proffered it. By making pertinent enquiry a mind trained in any rigorous discipline is capable of fathoming the most complicated of matters sufficiently to make informed decisions.

    Present day reality departs widely from the ideal. Would-be career politicians are a curse on society. They do the 'right things' such as the almost worthless Oxford PPE (designed to enable dim sons of monied gentlefolk to make contacts in Oxford's social milieu). They proceed to suitable 'stepping stone' employment (if on the 'Right' something in the City, if on the 'Left' office in a trade union, deadbeat lawyers abound too).

    Imagine the likes of these interacting with Jeremy Fleming or the heads of other agencies. With reference to GCHQ there is high likelihood of its overmaster politician at any point in time being a proud mathematical illiterate (read English literature and nothing more) and incapable of grasping the concept of encryption/obfuscation beyond simple letter substitution. Fleming, and colleagues elsewhere, doubtless put forth plans and schemes with sincere intent; regardless of that, there cannot be proper governance unless the minister is capable of formulating penetrating questions.

    The UK is, in effect, ruled on all matters truly important to the 'establishment' by an inner cabal of the Privy Council. This arrogates responsibility for foreign relations, defence, and security. It serves the wishes of its true 'deep state' masters (e.g. political party donors, conglomerate tax avoiders, financiers, and defence equipment manufacturers) using instruments known as royal prerogatives left over from the Act of Settlement. So the position is of ministerial monkeys representing de facto departmental organ grinders on the one body in the land with sufficient power to cock matters up royally.

    GCHQ and similar can earn trust in two ways. First people from government being indisputably capable of policy direction and prudent budget allocation to the agency. Second, considerably lifting unnecessary shrouds of secrecy to enable informed opinion to judge whether agencies deliver that requested of them in cost-effective manner, and don't depart from their remit.

    1. Roopee
      Headmaster

      Re: He would say that, wouldn't he?

      You're in the wrong section - this is the "Comments" section, not the "Essay" section.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019