Skip to Content

British Spy Agency Chief Says Tech Companies Should Provide a Way Around Encryption

The director of Britain’s GCHQ intelligence agency wants to get data off encrypted devices without broadly undermining computer security.

The head of the British intelligence agency GCHQ says he hopes technology companies and academic researchers will find ways to let government investigators get into encrypted devices without creating broad “back doors” that undermine computer security.

In a speech to about 150 people at the Internet Policy Research Initiative at MIT, GCHQ director Robert Hannigan said Monday that law enforcement and intelligence officials want only targeted ways to stop what he called “abuse of encryption” by ISIS and other terrorists and criminals.

“It should be possible for technical experts to sit down together and work out solutions,” he said. “I am not in favor of banning encryption. Nor am I asking for mandatory back doors. … Not everything is a back door, still less a door which can be exploited outside a legal framework.”

Hannigan’s stand on encryption meshes with the Investigatory Powers Bill, an act pending in the British Parliament that would affirm the legality of a wide range of surveillance practices. It also aligns with statements that the U.S. Secretary of Defense and other top officials have made in recent weeks amid the Apple-FBI controversy.

This suggests that officials have learned the lessons of past fights over encryption. In the 1990s, the National Security Agency had to give up on asking companies to secure everything using a component called the Clipper Chip, to which it retained a master key, after a researcher showed the system was deeply flawed.

But computer security practitioners say they still don’t see how companies can ensure law enforcement access to encrypted data without opening up dangerous new security holes. Apple and Google routinely helped investigators get data off smartphones before the companies tightened encryption practices in 2014, but there is little appetite in the industry to roll back security to the state of the art of two years ago.

GCHQ director Robert Hannigan thinks companies can help government investigators get around encryption without crippling it.

“I think the highlight of what Hannigan said is that back doors are not the answer,” said Daniel J. Weitzner, a former White House technology policy officer who heads the Internet Policy Research Initiative and worked on an influential encryption report published last year. “Dumbing down the whole infrastructure is not the way to go. The question, then, is what do you do?”

Weitzner and Hannigan both suggested that the answer will lie in vulnerabilities that are inherent even in encrypted phones—like the pathway the FBI is asking Apple to open in the phone used by San Bernardino shooter Syed Rizwan Farook. “I’m not sure it is certain that [companies] will construct systems that make it impossible,” Hannigan said in an interview. “Not least because their own users will then have huge problems, won't they?"

Getting evidence off an encrypted phone is surely much more challenging for a local police department than for a powerful intelligence agency such as GCHQ or the NSA. (Asked whether his experts could crack the San Bernardino phone even without Apple’s help, Hannigan laughed and said: “I would be crazy to go there.”)

Nonetheless, Hannigan—making just his second appearance in a public forum since taking the helm of GCHQ in 2014—said tech companies should work more closely with governments to try to come up with ways to give law enforcement what it wants. “The perception that there is nothing but conflict between governments and the tech industry is a caricature,” he said in his speech. “In reality, companies are routinely providing help within the law, and I want to acknowledge that today.”

He acknowledged, however, that there is unlikely to be a way to allow for easy, broad access. “The security tail shouldn’t wag the dog,” he said. “And of course sometimes there will be nothing we can do and we will have to accept that. But those surely should be the exceptions.”

Keep Reading

Most Popular

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.