Former Head of GCHQ Warns Of 'Ethically Worse' Kinds Of Spying If Unbreakable Encryption Is Allowed
from the is-that-a-threat? dept
In their attempts to kill off strong encryption once and for all, top officials of the intelligence services are coming out with increasingly hyperbolic statements about why this should be done. Here's another, this time from a former head of GCHQ, Sir David Omand:
Sir David, who was director of GCHQ from 1996-97, said: "One of the results of Snowden is that companies are now heavily encrypting [communications] end to end.
According to The Bureau of Investigative Journalism, which reported his words from a talk he gave earlier this week, by this he meant things like physical observation, bugging rooms, and breaking into phones or computers. Omand went on:
"Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.""You can say that will be more targeted but in terms of intrusion into personal privacy -- collateral intrusion into privacy -- we are likely to end up in an ethically worse position than we were before."
That's remarkable for its implied threat: if you don't let us ban or backdoor strong encryption, we're going to start breaking into your homes. And it's striking that Omand regards eavesdropping on all the Internet traffic flowing in to and out of the UK, or collecting thousands of sexually-explicit webcam pictures, as less reprehensible than a tightly-targeted operation against a few suspects. His framing also implies that he thinks those pesky civil liberties groups will protest more about the latter than the former. In fact, what defenders of privacy and liberty generally want is simply a proportionate response with judicial oversight -- something that is straightforward with targeted "close access" work, but impossible with the blanket surveillance currently employed.
The good news here is that Omand has indirectly confirmed that the current strategy of rolling out strong encryption as widely as possible is the right one. Provided it is not derailed by any government moves to weaken crypto, it will increase the cost of online surveillance, and force intelligence services to return to targeted spying -- which is what they should have done in the first place.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: david omand, encryption, ethics, gchq, spying, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Do you see the average person going around threatening people in order to get them to do things they want........it takes a special class of people to think nothings out of the ordinary with that, that its ok, we as neighbours INSTINCTIVELY know things would go to hell if we all started doing that to one another, they dont seem to have the sense enough to know that, or i suspect, they think it doesnt apply to them........to this i'd point out, this is where the end justify the means mantra.......no, because the means are creating a whole different bunch problems now, problems which you should take responsibility for instead of shoving the questionable good thing acts in front of the bad.....sorry, frustrated
[ link to this | view in chronology ]
Re:
congratulations
[ link to this | view in chronology ]
Foot meet mouth
[ link to this | view in chronology ]
Re: Foot meet mouth
[ link to this | view in chronology ]
Re: Re: Foot meet mouth
[ link to this | view in chronology ]
Re: Re: Re: Foot meet mouth
(The terrorists on the other hand couldn't care less.)
[ link to this | view in chronology ]
Re: Re: Re: Re: Foot meet mouth
[ link to this | view in chronology ]
Re: Re: Re: Foot meet mouth
[ link to this | view in chronology ]
Re: Foot meet mouth
[ link to this | view in chronology ]
Re: Foot meet mouth
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
"Mary had a crypto key, she kept it in escrow,
and everything that Mary said, the Feds were sure to know."
- Sam Simpson, 1998
[ link to this | view in chronology ]
Re:
Then the rest of us will have to use steganography.
They canna change the laws of mathematics.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Use encryption, and well, we may have to act more unethically than we are now - not only does this completely undermine their legitimacy, it seemingly is declaring war on its own people.
[ link to this | view in chronology ]
Re:
"HEY, JOHNNY"
Agent 2
"YEAH!?"
Agent 1
"COME O'VER ERE, this guys being a wise guy! You being a wiseguy punk?!"
3 year old
???
[ link to this | view in chronology ]
That is not as bad as it seems, as limitations on man power mean that it will be targeted intrusions, affecting far fewer innocent people than drag net surveillance.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Perfect
[ link to this | view in chronology ]
Re: Perfect
You missunderstand what he is saying. They will be going after the bad guys. But how do you know if someone is a bad guy? Right, you spy on them. And if they can't spy on everyone because of encryption? Well, they have to get close access... to everyone.
f.e. mandatory cam and mic in the tv with fines for putting tape over it. Gaming consoles might be given out free by the state because those have the hardware already.
If you think that is crazy then I ask you this: Do you think they will give up the power to know (nearly) everything about everyone?
[ link to this | view in chronology ]
Re: Perfect
[ link to this | view in chronology ]
Re: Re: Perfect
[ link to this | view in chronology ]
Re: Perfect
[ link to this | view in chronology ]
This is a feature, not a bug
Good. Get off your lazy asses, stop spying on millions of people, and get out into the field where the bad guys are.
Yes, some of you will be caught. Yes, some of you will be held hostage and/or tortured and/or killed, probably brutally. I don't see this as a problem: if you don't want to take those risks, then don't sign up for them.
[ link to this | view in chronology ]
let's see if I have this straight
Premise: The terrorist organizations' main goals are to drive us to give up our way of life, including our protected freedoms and privacy. Thus, we are in conflict and must fight to keep our protections.
1) In order to protect our guaranteed rights, we must undermine those rights.
2) Thus, the terrorists score a victory.
3) If we don't want for them to achieve a greater victory, we must give them a greater victory by giving up more rights.
Do I have this correct? Now, let's get back to the definition of a terrorist organization. They use fear (terror) to cow the masses into giving up the way of life that we in the west have protected and guaranteed in the way our governments are structured (at least on paper). If we don't give up those rights, then they use the threat of an attack. Here, the threat of an attack is used to intimidate us into giving up more rights.
Which flavor of terrorist do you prefer? Coke or Pepsi?
[ link to this | view in chronology ]
Re: let's see if I have this straight
Two extremes from different sides on a two sided coin
[ link to this | view in chronology ]
Which companies are they talking about? They make it sound as if they are all around us already. Can he at least give us a list of all the companies that use "unbreakable end to end encryption"? You know...for science.
[ link to this | view in chronology ]
Re:
I think punk david knows this as well
[ link to this | view in chronology ]
Re:
"Thankyou for your question, after deliberations we can assure you that the one thing we cant hack is plain text passwords".
On a scale of one to ten, how would you rate our service?
[ link to this | view in chronology ]
Ethically worse?
[ link to this | view in chronology ]
Re: Ethically worse?
1) Due to more widespread encryption, cut down on widespread data collection, and move back to targeted collection.
Or
2) Due to more widespread encryption, ramp up the attempts to crack it and/or insert security holes, while they pay even less attention to any collateral damage, all the while continuing mass data collection.
Sure he may seem to be implying that they'll focus more on targeted collection, but a) when has anyone working at one of the spy agencies ever been considered trustworthy? and b) what makes you think they would ever give up the mass spying they're so addicted to?
[ link to this | view in chronology ]
Re: Ethically worse?
[ link to this | view in chronology ]
Conservation of Spying Law
In an unrelated story, GCHQ plans to put a bomb on every airplane so that the bomb is under their control.
[ link to this | view in chronology ]
... what's in YOUR (password) wallet?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If you won't willingly give me a kiss,
[ link to this | view in chronology ]
Better idea for CIA/NSA/FBI/GCHQ, et al
If you cannot make a case without illegally searching via ethically worse means, then you have no case and cannot ask for a warrant.
Warrants cannot be applied for with reasoning like "I strenuously object!!!" when the judge bitch slaps you in the face for your dumbass logic.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Sir David Douchebag
[ link to this | view in chronology ]
I can see his point so far as, when they are surveilling the wrong people, they will be far less affected if targetted dragnet is used as a first step towards surveillance-escalation.
While the dragnet is less intrusive it hits that many more innocents as to be problematic on its own in terms of information concentration (needed security), unnecessary information (search time) and statistical artifacts (type I and II errors). Because of these effects of dragnet it is not in the interest of the people from the effected countries, particularly if they "have nothing to hide". Irony for us all!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Bang on the Mark
If this is the results of encryption then it seems clearly to be a benefit.
[ link to this | view in chronology ]
Mandatory key disclosure
So what Sir David Omand's comment implicitly reveals is that the government can't crack properly implemented consumer encryption and that even compelling key disclosure by law does not work when and where the targets observe good OPSEC.
I wonder how many have actually been sentenced under RIPA § 49 for failing to disclose their encryption keys.
I suspect the number of cases where the government has been able to prove the crime under § 49 is exceedingly small, and something it doesn't want to talk about.
Terrorists willing to engage in the preparation of crimes carrying lifetime imprisonment as possibility don't care about extra jail time.
[ link to this | view in chronology ]
Re: Mandatory key disclosure
This is one of the reasons that forcing someone to reveal their password isn't foolproof. There's no guarantee that what is revealed is everything in the encrypted volume, and (to my knowledge) there's no way to identify the difference between encrypted free space and a hidden volume.
This is pretty common for individuals living in oppressive countries; they fill an encrypted volume with personal, but not necessarily dangerous, information (bank information, personal photos, etc.) and then a hidden drive with the actual dangerous stuff (dissenting articles, banned books, etc.). If forced to give up their password, they can comply using the outer drive password, and there's no technical way to determine that they are lying (unless they were sloppy and left evidence of the encrypted files on unencrypted parts of the system, like having "FreeTibet.doc" in their Word history with the document saved on the hidden drive...it would make it obvious there's more file available).
Anyway, I think the real issue they have with encryption is not that it's unhackable but that it takes time. Given enough time and resources, you can hack any encryption in existence. The problem is that it takes time and resources; you can't skip that step. Therefore they lose out their "mass data" strategy because they can't just aggregate tons of unsecured data; they'd have to dramatically cut down their data sources.
Encryption is literally a locked door. A locked door can be used for all sorts of things, from protecting your valuables to illegal activity. Any locked door, no matter how much armor you build into it, can be broken through eventually. The intelligence agencies want people to leave their doors unlocked and or at least give them the key so they can quickly stop at each location and glance inside to make sure there's nothing juicy in there.
People, on the other hand, are rightfully uncomfortable with this, which is why they kept their "peeking" a secret. Now everyone is locking their doors, and it's made the process much harder.
So apparently their solution is "well, if you're going to lock all your doors, we may end up smashing yours down."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The Rockford files predicted the spying
http://io9.com/jim-rockford-warned-us-about-google-and-facebook-back-i-1681231028/+matthardigree
[ link to this | view in chronology ]
Brits want to spy on U.S. Media
http://www.socialmediafrontiers.com/2014/06/british-government-want-to-spy-on-your.html
I'll look for it tomorrow when I get time and edit this post.
[ link to this | view in chronology ]
Re: Brits want to spy on U.S. Media
[ link to this | view in chronology ]
Re: Brits want to spy on U.S. Media
[ link to this | view in chronology ]
Re: Re: Brits want to spy on U.S. Media
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Backdoors?
Hardware manipulation?
CCTV in every home?
Government Virus/malware/trojans?
A punch in the face?
An authoritarian speech?
Corporate spy departments?
Threaten someone into an informant?
Rendition?
"Precision" bombing?
"Ethical laws"?
Lieing?
What?......what are the "good" guys threatening now?
By WHOSE authority, seriously please dont tell me our "ethical" spy departments have no accountability to what they create, please dont tell me they have free reighn to create whatever under "national security", and THEN tell the proper authorities AFTER, or have you guys invented the time machine.......or maybe you DID have an ounce of morals to MAYBE not create that thing you considered but realised was to far.........i.e. trust
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If we're talking about the encryption that Apple and Android have started doing by default and that is causing various LEOs to have a hissy fit, then the answer is no. It only encrypts the data on the device itself and has no effect on transmitted data.
[ link to this | view in chronology ]
NSA/GCHQ dual spokesperson says agency has made a breakthrough in hacking the string and two cups communication.......one agent is quoted as saying, "we are very happy now we can spy on kids"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
His moral compass has flipped and he's now confused.
I disagree - It's not that he's making a threat, it's that his moral compass is so flipped that he sees the better, fairer and more civilly just route as the more pernicious option.
I'd hazzard a guess that this is the shape one's morals take when both budget efficiency and blame culture is allowed to permiate your soul.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
How on earth did he get to be spy-boss with this huge lack of insight?
[ link to this | view in chronology ]
Evolution of Evil
Answer: A political party.
---
[ link to this | view in chronology ]
Nuf said
https://xkcd.com/538/
[ link to this | view in chronology ]
Dkhead
If you try to cover up we'll rape you in the anus some more. Nice.
[ link to this | view in chronology ]
They can never block encryption...
[ link to this | view in chronology ]
Encryption can be unbreakable
[ link to this | view in chronology ]
"Intelligence agencies are not going to give up trying to get the bad guys.
So companies are the bad guys now and the citzens.
[ link to this | view in chronology ]
[ link to this | view in chronology ]