When somebody as important as GCHQ director Robert Hannigan praises the anonymous network Tor (calling it a ‘brilliant invention’) you know that something fishy is going on. That is because Hannigan, who is in charge of the UK’s spy agency GCHQ, is not as keen on strong encryption as he would like everyone to believe.
That particular comment was one of many that Hannigan made during a speech at MIT this week. During which he touched upon some important issues that are currently simmering away in the public consciousness. Surveillance, encryption, and the ethical balance between the two that governments must carefully manoeuvre through to provide adequate national security (he tells us).
This, of course, is a perfectly timed speech that fits right into the current discourse about whether technology companies should have a moral obligation to give government agencies (such as his own) access to encrypted devices. According to Hannigan, Tor is a perfect example of the ‘ethical problem’ that comes along with encryption – a problem that he describes in the following words:
‘Tor is the most topical example: a brilliant invention that is still invaluable to those who need high degrees of anonymity, notably dissidents, human rights advocates and journalists, but an invention that is these days dominated in volume by criminality of one sort or another.’
Right away, we get a flavour of the brand of snake oil that the director of GCHQ is going to be selling in his speech. What Hannigan wants us to believe, is that while it would be acceptable for ordinary people (with good intentions) to use encryption, the problem is that criminals also get caught up in the encrypted safety that makes Tor ‘brilliant’.
For Hannigan (and his IP Bill comrades in the UK government) this is an ‘ethical problem’ of the highest order because to allow any strong encryption to exist unchecked inevitably also means allowing the crooks to run around unchecked. Tor is an encryption Wild West – and the government can’t allow that to exist with a clear conscience – now can they?
‘I am not in favour of banning encryption. Nor am I asking for mandatory backdoors. I am puzzled by the caricatures in the current debate, where almost every attempt to tackle the misuse of encryption by criminals and terrorists is seen as a ‘backdoor’,’ said Hannigan during his rather lengthy speech at MIT.
Speaking confidently, he tells us that he is not in favour of the very thing that he does prefer – as if we know nothing about MIKEY-SAKKE – the encryption protocol designed by CESG under his leadership at GCHQ. That protocol is being brandished as a new industry standard for encryption in the UK and is being encouraged for uptake by technology companies. The reason? A pre-designed backdoor that allows the government (or whomever it extends the master key to) to crack the protocol with ease. Well, that is no surprise, is it?
With one breath Hannigan claims that backdoors are not an issue and that the term itself is an oversimplification of the real problems. The obvious reality, however, is that those comments are smoke and mirrors. After all, the art of being a great spy is to appear trustworthy, calm and reasonable, and this something that Hannigan knows too well as he stands on the stage making throwaway comments about backdoors being ‘an over-used metaphor or at least misapplied in many cases’.
Sadly, despite all the hot air coming out of Hannigan’s mouth, the truth remains that GCHQ is only interested in encryption that it can break into. The type of encryption, in effect, that is useless; because what is true is that if encryption is weak enough to be broken by one party, then it can be broken by another. Whether they be “authorised” or from a foreign intelligence agency (or cybercriminals working for private interests) – what is certain – is that any encryption that can be cracked by one person can, and will be broken by another.
Hannigan explains that the UK government is attempting to rectify the ‘ethical’ problem with encryption by creating more specific legislation. The draft Investigatory Powers Bill, he explains, will help to tackle the harmful issue of information that is obscured well enough to escape his agencies prying eyes. Do not be fooled, this is what the ethical problem is – he needs to see it all – and the only thing that is brilliant about Tor is that it is a brilliant adversary.
No matter how much the FBI, Theresa May, or the French National Assembly try to tell us that encryption must be penetrable so that they can protect us from criminals and terrorists. The fact remains that the government is supposed to work for the people, and not the other way around.
If the police were allowed to break through our walls whenever they felt that it was necessary, people would soon start complaining that the police had unfairly come barging into their house. This is exactly why we have search warrants, and why the police must have an inkling of what they expect to find (just cause) before they come barging in through the front door.
For some reason, however, governments these days are convinced that despite the electorate being against having their devices broken into; they should be allowed to anyway. In his speech, Hannigan sells us the same old lie: that there is no other way. That it is not about weakening encryption but simply about making it transparent enough to catch the dangerous criminals that we should be afraid of.
In fact, he and the government are completely wrong. If an electorate is strongly against the measures within legislation like the IP Bill, then, whether they like it or not, governments should do as they are told and find different ways to convict people. Ones that the electorate do agree with.
Take France as an example. Just this week we have seen a massive shift in the way that members of the French Assembly have voted on this critical issue. After the Charlie Hebdo attack, there was still a belief within the French Parliament that digital privacy was necessary for its citizens. After the Paris attacks on November 13, 2015, however, the urgency to give up that privacy became more acceptable, so much so, that this week French lawmakers voted 474 to 32 in favour of new legislation. In reality, the little time it has taken to get from the Paris attacks to a vote in favour of the incarceration of senior tech executives (for refusing to decrypt devices in the way that Apple is) is shocking.
A point that neatly brings us to what could, quite easily, be the single most important question of our generation: Are we beating the terrorists? If we allow them to completely take away our right to privacy? Or, have we, in fact, allowed the terrorists to terrorise us completely?