GCHQ director: Tech companies ‘routinely’ help law enforcement

The impression that there’s no common ground between IT companies and law-enforcement authorities on the issue of encryption is a “caricature”, GCHQ director Robert Hannigan told the Massachusetts Institute of Technology (MIT), emphasising that cooperation between the two sides is in reality “routine”.

In a talk before about 150 people at MIT’s Internet Policy Research Initiative, Hannigan, making only his second appearance at a public forum since he took the role in 2014, argued it’s inevitable that IT companies will continue to aid governments to find ways around security barriers such as encryption.

But he acknowledged that the problem has no straightforward solution, and it will more likely be necessary for law enforcement and government intelligence bodies to resolve issues on a case-by-case basis.

I am not in favour of banning encryption, nor am I asking for mandatory back doors,” he said, according to MIT Technology Review.

Cases such as the current stand-off between Apple and the FBI, in which the US Department of Justice (DOJ) is asking Apple to weaken the password protection on an iPhone belonging to a suspect in the December San Bernardino, California shootings, show that investigators can be provided with tools that have an effective, but limited scope, Hannigan argued.

Not everything is a back door, still less a door which can be exploited outside a legal framework.”

He asserted that it’s likely investigators will always be able to find ways into protected devices and communications, even without access to a “master key”, simply by exploiting weaknesses that already exist in such systems.

Such weaknesses will always exist, in part because they’re necessary to make those systems usable, Hannigan said.

I’m not sure it is certain that [companies] will construct systems that make [access] impossible,” he is quoted as saying. “Not least because then their own users will find it difficult” to use the devices.

His comments echo the findings of a recent study by Harvard’s Berkman Center for Internet & Society, which concluded that, in practice, investigators will always be able to find ways of acquiring the data they need, in part because a certain amount of data must always be exposed in order for communications systems to function and to be usable.

Hannigan made it clear that in spite of appearances, IT companies frequently aided law enforcement officials to access data held on mobile devices before device security policies were tightened two years ago, and they continue to do so now.

The perception that there is nothing but conflict between governments and the tech industry is a caricature,” he said. “In reality, companies are routinely providing help within the law and I want to acknowledge that today.”

Hannigan claimed investigators are by and large targeting only the “abuse of encryption” by criminals and extremists: “It should be possible for technical experts to sit down together and work out solutions. Sometimes there will be nothing we can do and we will have to accept that. But those surely should be the exceptions.”

Apple is currently resisting efforts by the FBI to force its cooperation in the San Bernardino case, and the tangle between the two has helped give the encryption issue a high profile.

The 2012 disclosure of mass surveillance and data-gathering practices by the US’ NSA drew public attention to the privacy issues around digital communications, leading many IT companies to introduce additional layers of security.

The controversial draft Investigatory Powers bill includes provisions on encryption that would oblige companies to assist investigators in the removal of encryption that they themselves have put into place.

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Share
Published by
Antony Savvas

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago