We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.


British Spy Agency Chief Says Tech Companies Should Provide a Way Around Encryption

The director of Britain’s GCHQ intelligence agency wants to get data off encrypted devices without broadly undermining computer security.

The head of the British intelligence agency GCHQ says he hopes technology companies and academic researchers will find ways to let government investigators get into encrypted devices without creating broad “back doors” that undermine computer security.

In a speech to about 150 people at the Internet Policy Research Initiative at MIT, GCHQ director Robert Hannigan said Monday that law enforcement and intelligence officials want only targeted ways to stop what he called “abuse of encryption” by ISIS and other terrorists and criminals.

“It should be possible for technical experts to sit down together and work out solutions,” he said. “I am not in favor of banning encryption. Nor am I asking for mandatory back doors. … Not everything is a back door, still less a door which can be exploited outside a legal framework.”

Hannigan’s stand on encryption meshes with the Investigatory Powers Bill, an act pending in the British Parliament that would affirm the legality of a wide range of surveillance practices. It also aligns with statements that the U.S. Secretary of Defense and other top officials have made in recent weeks amid the Apple-FBI controversy.

This suggests that officials have learned the lessons of past fights over encryption. In the 1990s, the National Security Agency had to give up on asking companies to secure everything using a component called the Clipper Chip, to which it retained a master key, after a researcher showed the system was deeply flawed.

But computer security practitioners say they still don’t see how companies can ensure law enforcement access to encrypted data without opening up dangerous new security holes. Apple and Google routinely helped investigators get data off smartphones before the companies tightened encryption practices in 2014, but there is little appetite in the industry to roll back security to the state of the art of two years ago.

GCHQ director Robert Hannigan thinks companies can help government investigators get around encryption without crippling it.

“I think the highlight of what Hannigan said is that back doors are not the answer,” said Daniel J. Weitzner, a former White House technology policy officer who heads the Internet Policy Research Initiative and worked on an influential encryption report published last year. “Dumbing down the whole infrastructure is not the way to go. The question, then, is what do you do?”

Weitzner and Hannigan both suggested that the answer will lie in vulnerabilities that are inherent even in encrypted phones—like the pathway the FBI is asking Apple to open in the phone used by San Bernardino shooter Syed Rizwan Farook. “I’m not sure it is certain that [companies] will construct systems that make it impossible,” Hannigan said in an interview. “Not least because their own users will then have huge problems, won't they?"

Getting evidence off an encrypted phone is surely much more challenging for a local police department than for a powerful intelligence agency such as GCHQ or the NSA. (Asked whether his experts could crack the San Bernardino phone even without Apple’s help, Hannigan laughed and said: “I would be crazy to go there.”)

Nonetheless, Hannigan—making just his second appearance in a public forum since taking the helm of GCHQ in 2014—said tech companies should work more closely with governments to try to come up with ways to give law enforcement what it wants. “The perception that there is nothing but conflict between governments and the tech industry is a caricature,” he said in his speech. “In reality, companies are routinely providing help within the law, and I want to acknowledge that today.”

He acknowledged, however, that there is unlikely to be a way to allow for easy, broad access. “The security tail shouldn’t wag the dog,” he said. “And of course sometimes there will be nothing we can do and we will have to accept that. But those surely should be the exceptions.”

Keep up with the latest in Privacy at EmTech Digital.
Don't be left behind.

March 25-26, 2019
San Francisco, CA

Register now
GCHQ director Robert Hannigan thinks companies can help government investigators get around encryption without crippling it.
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.