[Note: This item comes from friend David Rosenthal. DLH]
Former GCHQ boss backs end-to-end encryption
Target the target’s device, advises former spy chief
By John Leyden
Former GCHQ director Robert Hannigan has spoken out against building backdoors into end-to-end encryption (e2) schemes as a means to intercept communications by terrorists and other ne’er do wells.
UK Home Secretary Amber Rudd has criticised mobile messaging services such as WhatsApp, that offer end-to-end encryption in the wake of recent terror outages, such as the Westminster Bridge attack, arguing that there should be no place for terrorists to hide.
Hannigan, who led GCHQ between November 2014 and January 2017, struck a different tone in an interview with BBC Radio 4 flagship news programme Today on Monday morning, arguing there’s no simple answer on the national security challenges posed by encryption.
“Encryption is overwhelmingly a good thing,” Hannigan said. “It keeps us all safe and secure. Throughout the Cold War and up until 15 years ago it was something only governments could do at scale.”
The former spy agency boss described the availability of e2e encryption in smartphone apps available to everyone is, broadly, a good thing.
“The challenge for governments is how do you stop the abuse of that encryption by the tiny amount of people who want to do bad things, like terrorists and criminals,” Hannigan said.
“You can’t un-invent end-to-end encryption… you can’t legislate it away,” he added.
The former head of GCHQ favours co-operation between government agencies and private (tech) companies “to find a way around it” rather than passing laws that oblige tech providers to weaken the encryption of their technology or install backdoors.
“I don’t advocate building in backdoors,” Hannigan said. “It’s not a good idea to weaken security for everybody in order to tackle a minority.
The best solution is to “target the people who are abusing” encryption systems and go after the smartphone or laptops they are using.
“Trying to weaken the system, trying to build in backdoors won’t work and is technically difficult,” Hannigan reiterated.
e2e schemes are a subset of encryption in general but present a tougher challenge for law enforcement and government because service provides don’t hold the private keys needed to decipher data.
Not all encryption works end to end. As well as malware implants on end point devices, encryption schemes can be broken through protocol weakness and implementation flaws.