Skip to Content

British Spy Agency Chief Says Tech Companies Should Provide a Way Around Encryption

The director of Britain’s GCHQ intelligence agency wants to get data off encrypted devices without broadly undermining computer security.

The head of the British intelligence agency GCHQ says he hopes technology companies and academic researchers will find ways to let government investigators get into encrypted devices without creating broad “back doors” that undermine computer security.

In a speech to about 150 people at the Internet Policy Research Initiative at MIT, GCHQ director Robert Hannigan said Monday that law enforcement and intelligence officials want only targeted ways to stop what he called “abuse of encryption” by ISIS and other terrorists and criminals.

“It should be possible for technical experts to sit down together and work out solutions,” he said. “I am not in favor of banning encryption. Nor am I asking for mandatory back doors. … Not everything is a back door, still less a door which can be exploited outside a legal framework.”

Hannigan’s stand on encryption meshes with the Investigatory Powers Bill, an act pending in the British Parliament that would affirm the legality of a wide range of surveillance practices. It also aligns with statements that the U.S. Secretary of Defense and other top officials have made in recent weeks amid the Apple-FBI controversy.

This suggests that officials have learned the lessons of past fights over encryption. In the 1990s, the National Security Agency had to give up on asking companies to secure everything using a component called the Clipper Chip, to which it retained a master key, after a researcher showed the system was deeply flawed.

But computer security practitioners say they still don’t see how companies can ensure law enforcement access to encrypted data without opening up dangerous new security holes. Apple and Google routinely helped investigators get data off smartphones before the companies tightened encryption practices in 2014, but there is little appetite in the industry to roll back security to the state of the art of two years ago.

GCHQ director Robert Hannigan thinks companies can help government investigators get around encryption without crippling it.

“I think the highlight of what Hannigan said is that back doors are not the answer,” said Daniel J. Weitzner, a former White House technology policy officer who heads the Internet Policy Research Initiative and worked on an influential encryption report published last year. “Dumbing down the whole infrastructure is not the way to go. The question, then, is what do you do?”

Weitzner and Hannigan both suggested that the answer will lie in vulnerabilities that are inherent even in encrypted phones—like the pathway the FBI is asking Apple to open in the phone used by San Bernardino shooter Syed Rizwan Farook. “I’m not sure it is certain that [companies] will construct systems that make it impossible,” Hannigan said in an interview. “Not least because their own users will then have huge problems, won't they?"

Getting evidence off an encrypted phone is surely much more challenging for a local police department than for a powerful intelligence agency such as GCHQ or the NSA. (Asked whether his experts could crack the San Bernardino phone even without Apple’s help, Hannigan laughed and said: “I would be crazy to go there.”)

Nonetheless, Hannigan—making just his second appearance in a public forum since taking the helm of GCHQ in 2014—said tech companies should work more closely with governments to try to come up with ways to give law enforcement what it wants. “The perception that there is nothing but conflict between governments and the tech industry is a caricature,” he said in his speech. “In reality, companies are routinely providing help within the law, and I want to acknowledge that today.”

He acknowledged, however, that there is unlikely to be a way to allow for easy, broad access. “The security tail shouldn’t wag the dog,” he said. “And of course sometimes there will be nothing we can do and we will have to accept that. But those surely should be the exceptions.”

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.