This post was originally published here: post

 

from the putting-an-end-to-the-end-to-end-debate dept

When he was head of GCHQ, Robert Hannigan said some pretty clueless things about the Internet and encryption. For example, in 2014, he accused tech companies of ‘facilitating murder’, and joined in the general demonization of strong crypto. Last year, he called for technical experts to work more closely with governments to come up with some unspecified way around encryption. Nobody really knew what he meant when he said:

“I am not in favor of banning encryption. Nor am I asking for mandatory back doors. … Not everything is a back door, still less a door which can be exploited outside a legal framework.”

Now, speaking to the BBC, he has clarified those remarks, and revealed how he thinks governments should be dealing with the issue of end-to-end encryption. As he admits:

“You can’t uninvent end-to-end encryption, which is the thing that has particularly annoyed people, and rightly, in recent months. You can’t just do away it, you can’t legislate it away. The best that you can do with end-to-end encryption is work with the companies in a cooperative way, to find ways around it frankly.”

He emphasized that backdoors are not the answer:

“I absolutely don’t advocate that. Building in backdoors is a threat to everybody, and it’s not a good idea to weaken security for everybody in order to tackle a minority.”

So what is the solution? This:

“It’s cooperation to target the people who are using it. So obviously the way around encryption is to get to the end point — a smartphone, or a laptop — that somebody who is abusing encryption is using. That’s the way to do it.”

As Techdirt reported earlier this year, this is very much the approach advocated by top security experts Bruce Schneier and Orin Kerr. They published a paper describing ways to circumvent even the strongest encryption. It seems that Hannigan has got the message that methods other than crypto backdoors exist, some of which require cooperation from tech companies, which may or may not be forthcoming. It’s a pity that he’s no longer head of GCHQ — he left for “personal reasons” at the beginning of this year. But maybe that has given him a new freedom to speak out against stupid approaches. We just need to hope the UK government still listens to him.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

  • Read more here: https://www.techdirt.com/articles/20170710/08281937754/former-head-gchq-says-dont-backdoor-end-to-end-encryption-attack-end-points.shtml