Former Head of GCHQ Warns Of 'Ethically Worse' Kinds Of Spying If Unbreakable Encryption Is Allowed
from the is-that-a-threat? dept
In their attempts to kill off strong encryption once and for all, top officials of the intelligence services are coming out with increasingly hyperbolic statements about why this should be done. Here’s another, this time from a former head of GCHQ, Sir David Omand:
Sir David, who was director of GCHQ from 1996-97, said: “One of the results of Snowden is that companies are now heavily encrypting [communications] end to end.
“Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.”
According to The Bureau of Investigative Journalism, which reported his words from a talk he gave earlier this week, by this he meant things like physical observation, bugging rooms, and breaking into phones or computers. Omand went on:
“You can say that will be more targeted but in terms of intrusion into personal privacy — collateral intrusion into privacy — we are likely to end up in an ethically worse position than we were before.”
That’s remarkable for its implied threat: if you don’t let us ban or backdoor strong encryption, we’re going to start breaking into your homes. And it’s striking that Omand regards eavesdropping on all the Internet traffic flowing in to and out of the UK, or collecting thousands of sexually-explicit webcam pictures, as less reprehensible than a tightly-targeted operation against a few suspects. His framing also implies that he thinks those pesky civil liberties groups will protest more about the latter than the former. In fact, what defenders of privacy and liberty generally want is simply a proportionate response with judicial oversight — something that is straightforward with targeted “close access” work, but impossible with the blanket surveillance currently employed.
The good news here is that Omand has indirectly confirmed that the current strategy of rolling out strong encryption as widely as possible is the right one. Provided it is not derailed by any government moves to weaken crypto, it will increase the cost of online surveillance, and force intelligence services to return to targeted spying — which is what they should have done in the first place.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: david omand, encryption, ethics, gchq, spying, surveillance
Comments on “Former Head of GCHQ Warns Of 'Ethically Worse' Kinds Of Spying If Unbreakable Encryption Is Allowed”
All I got was: “It would be a shame if your kneecaps had to be decrypted.”
Re: Re:
You beat me to it, but I was going to write something about them being forced to torture people for encryption keys.
Re: Re: Re:
Or threatening a persons family via a “QUESTIONABLE” third party regimes’s intelligence service’s……we cant do it here…….but we can deport somewhere they do, unless………
Do you see the average person going around threatening people in order to get them to do things they want……..it takes a special class of people to think nothings out of the ordinary with that, that its ok, we as neighbours INSTINCTIVELY know things would go to hell if we all started doing that to one another, they dont seem to have the sense enough to know that, or i suspect, they think it doesnt apply to them……..to this i’d point out, this is where the end justify the means mantra…….no, because the means are creating a whole different bunch problems now, problems which you should take responsibility for instead of shoving the questionable good thing acts in front of the bad…..sorry, frustrated
Re: Re:
I’d like to present to you, with the, “most perseptive guy in the world”, award.
congratulations
Foot meet mouth
So…exactly which side is Sir David Omand on?
Re: Foot meet mouth
The terrorists of course. In fact, anyone who advocates taking away freedoms and liberties immediately reveals themselves as a terrorist.
Re: Re: Foot meet mouth
Only terrorists would have any use for privacy, free speech and other civil liberties!
Re: Re: Re: Foot meet mouth
They hate us for our freedom!
(The terrorists on the other hand couldn’t care less.)
Re: Re: Re:2 Foot meet mouth
🙂
Re: Re: Re: Foot meet mouth
Ohhhhhh, it all makes sense now 🙂
Re: Foot meet mouth
Sounds like an enemy to me.
Re: Foot meet mouth
Judging by the use of the “Sir” nobiliary rank, he’s on the side of those who consider themselves your superiors, and want make sure you’re reminded of it.
I still think the day will come where use of encryption will be limited to licensed users and unlicensed use will be blocked.
Re: Re:
No, they’ll cheerfully allow everyone to use encryption. They’ll simply add one minor condition:
“Mary had a crypto key, she kept it in escrow,
and everything that Mary said, the Feds were sure to know.”
– Sam Simpson, 1998
Re: Re:
I still think the day will come where use of encryption will be limited to licensed users and unlicensed use will be blocked.
Then the rest of us will have to use steganography.
They canna change the laws of mathematics.
Re: Re: Re:
Steganography explains lots of the meme posts on Facebook.
Re: Re:
Limiting encryption would backfire. Criminals won’t obey a no-encryption policy, and the social forces behind increased government snooping will eventually spur everyday innocent citizens to civil disobedience to protect their rights.
When the government is making direct threats like this, then doesn’t it imply that we should now see the government as a terrorist organization?
Use encryption, and well, we may have to act more unethically than we are now – not only does this completely undermine their legitimacy, it seemingly is declaring war on its own people.
Re: Re:
Agent 1
“HEY, JOHNNY”
Agent 2
“YEAH!?”
Agent 1
“COME O’VER ERE, this guys being a wise guy! You being a wiseguy punk?!”
3 year old
???
That is not as bad as it seems, as limitations on man power mean that it will be targeted intrusions, affecting far fewer innocent people than drag net surveillance.
Re: Re:
Yes, it makes sense. That is what they are supposed to be doing.
Re: Re:
Assuming they actually stop, and dont continously exploit tragedies to bring it back
Perfect
That’s exactly what we’ve been asking for – target the people you need to target and leave the rest of us alone. We really don’t want to protect the privacy of people who you have a legitimate reason to target. It’s everyone else’s privacy we’re worried about. Surprised that you haven’t yet cottoned on to that.
Re: Perfect
” target the people you need to target and leave the rest of us alone.”
You missunderstand what he is saying. They will be going after the bad guys. But how do you know if someone is a bad guy? Right, you spy on them. And if they can’t spy on everyone because of encryption? Well, they have to get close access… to everyone.
f.e. mandatory cam and mic in the tv with fines for putting tape over it. Gaming consoles might be given out free by the state because those have the hardware already.
If you think that is crazy then I ask you this: Do you think they will give up the power to know (nearly) everything about everyone?
Re: Perfect
They want to target the union organizers, protest organizers, and advocacy groups like the EFF, which becomes hard to do if they can use unbreakable encryption. Being caught doing a black bag job on such people and groups would also be a problem for the government.
Re: Re: Perfect
If anybody gave enough of a damn, yeah.
Re: Perfect
I dont agree with the modifying of somebodies property without their consent………a non permanant attachment that is THEIR property……i dont know, maybe, deffinatly the THEIR bit, so long as the property is “ethical”…….and throw that out the window if even ONE sign of misuse……..i cant think of a better detterent to misuse then that, or a stronger drive to, actually, put strong measures in place to stop misuse in the first place
This is a feature, not a bug
They will have to get closer to the bad guys. I predict we will see more close access work.
Good. Get off your lazy asses, stop spying on millions of people, and get out into the field where the bad guys are.
Yes, some of you will be caught. Yes, some of you will be held hostage and/or tortured and/or killed, probably brutally. I don’t see this as a problem: if you don’t want to take those risks, then don’t sign up for them.
let's see if I have this straight
Let me see if I follow the ‘logic’:
Premise: The terrorist organizations’ main goals are to drive us to give up our way of life, including our protected freedoms and privacy. Thus, we are in conflict and must fight to keep our protections.
1) In order to protect our guaranteed rights, we must undermine those rights.
2) Thus, the terrorists score a victory.
3) If we don’t want for them to achieve a greater victory, we must give them a greater victory by giving up more rights.
Do I have this correct? Now, let’s get back to the definition of a terrorist organization. They use fear (terror) to cow the masses into giving up the way of life that we in the west have protected and guaranteed in the way our governments are structured (at least on paper). If we don’t give up those rights, then they use the threat of an attack. Here, the threat of an attack is used to intimidate us into giving up more rights.
Which flavor of terrorist do you prefer? Coke or Pepsi?
Re: let's see if I have this straight
governments vs terrorist
Two extremes from different sides on a two sided coin
Sir David, who was director of GCHQ from 1996-97, said: “One of the results of Snowden is that companies are now heavily encrypting [communications] end to end.
Which companies are they talking about? They make it sound as if they are all around us already. Can he at least give us a list of all the companies that use “unbreakable end to end encryption”? You know…for science.
Re: Re:
and really, its not because of snowden; but because of what he revealed.
I think punk david knows this as well
Re: Re:
NSA support
“Thankyou for your question, after deliberations we can assure you that the one thing we cant hack is plain text passwords”.
On a scale of one to ten, how would you rate our service?
Ethically worse?
I totally don’t understand what he means by this. Both kinds of spying are about equally intrusive, but one is much targeted more precisely than the other. In what sense is the more targeted version ethically worse?
Re: Ethically worse?
Which do you think they’re more likely to do:
1) Due to more widespread encryption, cut down on widespread data collection, and move back to targeted collection.
Or
2) Due to more widespread encryption, ramp up the attempts to crack it and/or insert security holes, while they pay even less attention to any collateral damage, all the while continuing mass data collection.
Sure he may seem to be implying that they’ll focus more on targeted collection, but a) when has anyone working at one of the spy agencies ever been considered trustworthy? and b) what makes you think they would ever give up the mass spying they’re so addicted to?
Re: Ethically worse?
I think I figured it out. He’s saying that they’re going to continue mass surveillance, but are going to use “close access” techniques to do it. Given their limited manpower, the only way both blanket and targeted methods can be brought into agreement is by drastically reducing the non-GCHQ population of the world.
Conservation of Spying Law
Your computer _will_ get hacked, so it will be better for all of us if you let us hack it.
In an unrelated story, GCHQ plans to put a bomb on every airplane so that the bomb is under their control.
So, Sir David…
… what’s in YOUR (password) wallet?
In layman’s terms: “Come on guys, don’t make us do actual work!”
If you won't willingly give me a kiss,
I’ll have to rape you.
Better idea for CIA/NSA/FBI/GCHQ, et al
How about this GCHQ – when you think you have a case, ask for a warrant, then go looking.
If you cannot make a case without illegally searching via ethically worse means, then you have no case and cannot ask for a warrant.
Warrants cannot be applied for with reasoning like “I strenuously object!!!” when the judge bitch slaps you in the face for your dumbass logic.
The 5eyes already do whatever the fuck they want, how much more ‘ethically’ perverse can they get?
Re: Re:
Apparently, “medi-evil on your ass”, is on the table
Sir David Douchebag
has confirmed that the UK government is indeed a terrorist organization which has declared war upon its citizens.
It is the haystack vs targeted. The “gentle” non-profiling, less intrusive vs. “brutal” profiled and very intrusive methods.
I can see his point so far as, when they are surveilling the wrong people, they will be far less affected if targetted dragnet is used as a first step towards surveillance-escalation.
While the dragnet is less intrusive it hits that many more innocents as to be problematic on its own in terms of information concentration (needed security), unnecessary information (search time) and statistical artifacts (type I and II errors). Because of these effects of dragnet it is not in the interest of the people from the effected countries, particularly if they “have nothing to hide”. Irony for us all!
Re: Re:
I suppose that my problem is that I don’t see the targeted surveillance as being more intrusive than the blanket surveillance. In fact, I lean a bit toward the blanket surveillance being more intrusive since it happens all the time, forever. Targeted surveillance only happens for a limited period of time.
Bang on the Mark
“force intelligence services to return to targeted spying — which is what they should have done in the first place.”
If this is the results of encryption then it seems clearly to be a benefit.
Mandatory key disclosure
The UK is already supposed to have ‘solved’ the problem by legislating that you will go to jail for failing to disclose your encryption key to the government.
So what Sir David Omand’s comment implicitly reveals is that the government can’t crack properly implemented consumer encryption and that even compelling key disclosure by law does not work when and where the targets observe good OPSEC.
I wonder how many have actually been sentenced under RIPA § 49 for failing to disclose their encryption keys.
I suspect the number of cases where the government has been able to prove the crime under § 49 is exceedingly small, and something it doesn’t want to talk about.
Terrorists willing to engage in the preparation of crimes carrying lifetime imprisonment as possibility don’t care about extra jail time.
Re: Mandatory key disclosure
http://en.wikipedia.org/wiki/Disk_encryption_software#Hidden_volumes
This is one of the reasons that forcing someone to reveal their password isn’t foolproof. There’s no guarantee that what is revealed is everything in the encrypted volume, and (to my knowledge) there’s no way to identify the difference between encrypted free space and a hidden volume.
This is pretty common for individuals living in oppressive countries; they fill an encrypted volume with personal, but not necessarily dangerous, information (bank information, personal photos, etc.) and then a hidden drive with the actual dangerous stuff (dissenting articles, banned books, etc.). If forced to give up their password, they can comply using the outer drive password, and there’s no technical way to determine that they are lying (unless they were sloppy and left evidence of the encrypted files on unencrypted parts of the system, like having “FreeTibet.doc” in their Word history with the document saved on the hidden drive…it would make it obvious there’s more file available).
Anyway, I think the real issue they have with encryption is not that it’s unhackable but that it takes time. Given enough time and resources, you can hack any encryption in existence. The problem is that it takes time and resources; you can’t skip that step. Therefore they lose out their “mass data” strategy because they can’t just aggregate tons of unsecured data; they’d have to dramatically cut down their data sources.
Encryption is literally a locked door. A locked door can be used for all sorts of things, from protecting your valuables to illegal activity. Any locked door, no matter how much armor you build into it, can be broken through eventually. The intelligence agencies want people to leave their doors unlocked and or at least give them the key so they can quickly stop at each location and glance inside to make sure there’s nothing juicy in there.
People, on the other hand, are rightfully uncomfortable with this, which is why they kept their “peeking” a secret. Now everyone is locking their doors, and it’s made the process much harder.
So apparently their solution is “well, if you’re going to lock all your doors, we may end up smashing yours down.”
if you refuse to let us victimize you were going to hurt you even more.
Re: Re:
know your place pHeasant
The Rockford files predicted the spying
Somewhere, there was a prescient writer ….
http://io9.com/jim-rockford-warned-us-about-google-and-facebook-back-i-1681231028/+matthardigree
Brits want to spy on U.S. Media
The was an article in the paper the other day. I believe it was the Wallstreet Journal. I’m sorry, but I no longer have it, but the article had to do with the British Prime Minister wanting to have access to the accounts of U.S. citizens in order to fight terrorism. I’m surprised Techdirt missed that one. I don’t have time right now to do a complete search for the article but here is one related to it:
http://www.socialmediafrontiers.com/2014/06/british-government-want-to-spy-on-your.html
I’ll look for it tomorrow when I get time and edit this post.
Re: Brits want to spy on U.S. Media
Sorry, thought I could find it on their site, but you know…paywall and all that. If anyone can find the article it was from this week.
Re: Brits want to spy on U.S. Media
So? As long as the NSA reads everything, you(the USA) aren’t allowed to complain when another country does the same to you (the USA). Besides if the UK would do that then one reason would be because it would look bad if the NSA did it directly. That way they can login to the GCHQ “spy-wiki” and look at US data without thinking about local law. From a pure Sigint point of view it would be a win-win.
Re: Re: Brits want to spy on U.S. Media
Wasn’t the point of the story something like the NSA could scan everything but what was posted on American Soil so they had the Brits scan American data for them.
But Sir David, you already have a backdoor; a correctly written warrant. Simples!
Other types of even more illegal, illegal spying, i mean “questionably ethical” spying?
Backdoors?
Hardware manipulation?
CCTV in every home?
Government Virus/malware/trojans?
A punch in the face?
An authoritarian speech?
Corporate spy departments?
Threaten someone into an informant?
Rendition?
“Precision” bombing?
“Ethical laws”?
Lieing?
What?……what are the “good” guys threatening now?
By WHOSE authority, seriously please dont tell me our “ethical” spy departments have no accountability to what they create, please dont tell me they have free reighn to create whatever under “national security”, and THEN tell the proper authorities AFTER, or have you guys invented the time machine…….or maybe you DID have an ounce of morals to MAYBE not create that thing you considered but realised was to far………i.e. trust
My question is, if encrypting your info on your phone, is that info still encrypted when its stored on a cloud service? If so, could that be partlywhy their having a hissy fit, because i can see cloud storage as their wet dream, centralized data, few access points needed, alot of info in one place? Just a theory, assuming im correct in my assumption that its uploaded encrypted too
Re: Re:
“My question is, if encrypting your info on your phone, is that info still encrypted when its stored on a cloud service?”
If we’re talking about the encryption that Apple and Android have started doing by default and that is causing various LEOs to have a hissy fit, then the answer is no. It only encrypts the data on the device itself and has no effect on transmitted data.
News just in
NSA/GCHQ dual spokesperson says agency has made a breakthrough in hacking the string and two cups communication…….one agent is quoted as saying, “we are very happy now we can spy on kids”
What was it that Charlie Chan once said? “A closed mouth gathers no foot.” Sir David should take heed.
His moral compass has flipped and he's now confused.
“That’s remarkable for its implied threat: if you don’t let us ban or backdoor strong encryption, we’re going to start breaking into your homes”
I disagree – It’s not that he’s making a threat, it’s that his moral compass is so flipped that he sees the better, fairer and more civilly just route as the more pernicious option.
I’d hazzard a guess that this is the shape one’s morals take when both budget efficiency and blame culture is allowed to permiate your soul.
They could have also meant methods like those developed by dr frey in the united states and other researchers in other countries. Those methods are favorites of totalitarian regimes.
He is basically telling the public: If you won’t let us do what we want, we’ll go and do what you want!
How on earth did he get to be spy-boss with this huge lack of insight?
Evolution of Evil
Question: What do you call a gang of criminals once they have become organized, mega-wealthy, and control a huge part of a city, as private territory.
Answer: A political party.
—
Nuf said
Some officials got addicted to xkcd:
https://xkcd.com/538/
Dkhead
Shorter Dkhead:
If you try to cover up we’ll rape you in the anus some more. Nice.
They can never block encryption...
Because encryption can be inserted into messages without them even knowing it. If the NSA/MI6 continues on the current trashing of civil liberties and “bans” encryption, I can picture a day when email communication is toast and people just post random photos on their facebook walls etc. Those photos can be embedded with messages right in the random bits used in the photo compressing algorithms. It would be completely impossible to PROVE someone was using encryption unless one had the key to decrypt it, which would be shared secretly between individuals. Try your key against each Facebook picture posted to see if that was meant for you. It is called steganography, and I suggest everyone learns about it before these tyrants make good on their threats to ban our rights to real encryption technology.
Encryption can be unbreakable
By the way I disagree with this statement above ” Any locked door, no matter how much armor you build into it, can be broken through eventually.” in terns if applying it to encryption. There are certain algorithms PROVEABLY unbreakable, such as one time pads. Breaking code is much harder than the average TV show would let you believe. Even IF the government has quantum computers, there are theoretical limits to what they can do. As cryptosystems improve in the future it will become virtually impossible for the spooks to break it outside of compromising the software/hareware itself (keyloggers etc.), and I bet they would find it nearly impossible even today to crack most encrypted traffic, particularly if no public key exchange is involved.
Sir David, who was director of GCHQ from 1996-97, said: “One of the results of Snowden is that companies are now heavily encrypting [communications] end to end.
“Intelligence agencies are not going to give up trying to get the bad guys.
So companies are the bad guys now and the citzens.
Why is an English fascist using American fascist term like “bad guys”?