GCHQ: IT Companies Routinely Help Law Enforcement

[vibranium]

Security services don't need a master pass-key for all encrypted communications, but IT companies should do their bit argues GCHQ's Robert Hannigan.

 

The impression that there's no common ground between IT companies and law-enforcement authorities on the issue of encryption is a "caricature", GCHQ director Robert Hannigan told the Massachusetts Institute of Technology (MIT), emphasising that cooperation between the two sides is in reality "routine".

 

In a talk before about 150 people at MIT's Internet Policy Research Initiative, Hannigan, making only his second appearance at a public forum since he took the role in 2014, argued it's inevitable that IT companies will continue to aid governments to find ways around security barriers such as encryption.

 

But he acknowledged that the problem has no straightforward solution, and it will more likely be necessary for law enforcement and government intelligence bodies to resolve issues on a case-by-case basis.

 

"I am not in favour of banning encryption, nor am I asking for mandatory back doors," he said, according to MIT Technology Review.

 

Cases such as the current stand-off between Apple and the FBI, in which the US Department of Justice (DOJ) is asking Apple to weaken the password protection on an iPhone belonging to a suspect in the December San Bernardino, California shootings, show that investigators can be provided with tools that have an effective, but limited scope, Hannigan argued.

 

"Not everything is a back door, still less a door which can be exploited outside a legal framework."

 

He asserted that it's likely investigators will always be able to find ways into protected devices and communications, even without access to a "master key", simply by exploiting weaknesses that already exist in such systems.

 

Such weaknesses will always exist, in part because they're necessary to make those systems usable, Hannigan said.

 

"I'm not sure it is certain that [companies] will construct systems that make [access] impossible," he is quoted as saying. "Not least because then their own users will find it difficult" to use the devices.

 

...

 

Hannigan made it clear that in spite of appearances, IT companies frequently aided law enforcement officials to access data held on mobile devices before device security policies were tightened two years ago, and they continue to do so now.

 

"The perception that there is nothing but conflict between governments and the tech industry is a caricature," he said. "In reality, companies are routinely providing help within the law and I want to acknowledge that today."

 

FULL ARTICLE