MI5 head wants 'exceptional access' to encrypted communications
The increased use of encryption has made the Internet a "wild west, unregulated, inaccessible to authorities, according to chief of British security agency MI5 Sir Andrew Parker, with the use of end-to-end encryption by Apple and other tech companies continuing to make it nearly impossible for law enforcement officials to monitor online conversations.
In the latest salvo of the ever-ongoing encryption debate, the head of MI5 has urged for tech companies to provide more assistance to agencies and organizations working to protect the public, by granting access to encrypted communications. It is thought plans by Facebook to use end-to-end encryption across all of its social media services was a particular concern to Parker, in part due to its global reach.
Tech firms should "use the brilliant technologists you've got" to solve the problem, Parker said according to The Guardian. "Can you provide end-to-end encryption, but on an exceptional basis - exceptional basis - where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?"
Parker's comments were made as part of an ITV documentary about MI5 itself, one where he advised to government ministers it was not possible for it to halt every terror plot, in part due to the limited ability to see online communications. In the event of an attack, Parker suggests "the very high likelihood is that it will be done by somebody who appears in our records somehow, but there are thousands of them and we cannot - cannot - monitor closely what all those people are doing all the time."
The documentary and the comments arrive shortly before Parker is due to end his statutory term at the domestic intelligence agency in the spring.
This is not the first time British law enforcement agencies have asked for ways to monitor encrypted communications. Apple, Google, Microsoft, and WhatsApp cosigned an open letter in 2019 asking the UK government to abandon a "ghost protocol" initiative to allow intelligence services to read encrypted messages, by effectively secretly copying messages from every user and forwarding them along to a monitoring agency like GCHQ.
The continuing encryption debate has government officials and law enforcement chiefs around the world demanding access to encrypted data, typically by the inclusion of a backdoor. Critics, including Apple, counter that the addition of backdoors weakens encryption as a whole, as they can just as easily be exploited by bad actors along with those having legitimate reasons for access.
As a strong proponent of encryption, Apple has been at the center of some major battles in the debate, most recently involving the FBI's investigation of the Pensacola shooting. While the FBI and US Attorney General William Barr have requested Apple unlock the shooter's iPhone, including Barr's accusation Apple hasn't provided "substantive assistance," Apple has already provided a trove of data it does have access to, while also denying requests to assist in breaking the encryption.
In the latest salvo of the ever-ongoing encryption debate, the head of MI5 has urged for tech companies to provide more assistance to agencies and organizations working to protect the public, by granting access to encrypted communications. It is thought plans by Facebook to use end-to-end encryption across all of its social media services was a particular concern to Parker, in part due to its global reach.
Tech firms should "use the brilliant technologists you've got" to solve the problem, Parker said according to The Guardian. "Can you provide end-to-end encryption, but on an exceptional basis - exceptional basis - where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?"
Parker's comments were made as part of an ITV documentary about MI5 itself, one where he advised to government ministers it was not possible for it to halt every terror plot, in part due to the limited ability to see online communications. In the event of an attack, Parker suggests "the very high likelihood is that it will be done by somebody who appears in our records somehow, but there are thousands of them and we cannot - cannot - monitor closely what all those people are doing all the time."
The documentary and the comments arrive shortly before Parker is due to end his statutory term at the domestic intelligence agency in the spring.
This is not the first time British law enforcement agencies have asked for ways to monitor encrypted communications. Apple, Google, Microsoft, and WhatsApp cosigned an open letter in 2019 asking the UK government to abandon a "ghost protocol" initiative to allow intelligence services to read encrypted messages, by effectively secretly copying messages from every user and forwarding them along to a monitoring agency like GCHQ.
The continuing encryption debate has government officials and law enforcement chiefs around the world demanding access to encrypted data, typically by the inclusion of a backdoor. Critics, including Apple, counter that the addition of backdoors weakens encryption as a whole, as they can just as easily be exploited by bad actors along with those having legitimate reasons for access.
As a strong proponent of encryption, Apple has been at the center of some major battles in the debate, most recently involving the FBI's investigation of the Pensacola shooting. While the FBI and US Attorney General William Barr have requested Apple unlock the shooter's iPhone, including Barr's accusation Apple hasn't provided "substantive assistance," Apple has already provided a trove of data it does have access to, while also denying requests to assist in breaking the encryption.
Comments
No, because you'll change the law and the exception will become the norm.
Government agencies just need to get their own act together to figure out ways to exploit these devices and encryption, rather than using laws to make companies do their work for them and make all devices less secure while criminals just switch to other encrypted platforms (making Apple or Facebook create backdoors won’t stop the creation of other services the government can’t control).
Open is open
Secure is secure.
There is no half way.
If they get a back door to iOS
By the end of that year EVERYONE will have it.
Interesting that we never hear about Russian or Chinese officials clamoring for backdoors, probably because they've already got them.
When you guys chat in the loo, it’s streamed live. When you have intimate time with your significant other, you’ll be miked up, and we’ll be there.
You know... we’ll be monitoring you, just in case you do or say something bad.
Tomorrow we’ll be reviewing your finances Mr. Parker.
This solution would be unsatisfactory to Apple and Facebook because SOME of their customers (eg, citizens of Iran, China, Somalia) would be unhappy that their keys were being escrowed. And it would also be unsatisfactory to the governments because SOME of their suspects (eg, citizens of US, Canada, UK) would have keys that are NOT being escrowed. Both sides, government and corporations, aren't willing to settle for a 50% satisfactory solution, which is sad. They both want 100%.
Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. And most of you are unimaginative enough to figure out how to solve this problem. I could explain how it could be done, technically, but I don't want to argue about technical solutions, I want to argue about whether this approach is a useful and legal approach. Is it legal? Very probably. Is it useful? Probably for many situations. But both sides want it all and aren't willing to compromise.
Besides, you haven’t been paying attention, they want your information just as much as they want foreigners.
If you think these surveillance problems work, here you go. Yesterday’s news: (you’ll note the US was spying on there own people)
NSA spent $100M on phone surveillance program that prompted two unique FBI leads
https://www.washingtonexaminer.com/news/nsa-spent-100m-on-phone-surveillance-program-that-prompted-two-unique-fbi-leads
You'll ignore it because you're an idiot who's never heard of VPN.
Can you imagine the next Bond movie - M: “gosh Mrs Brown has messaged her husband to buy some more bread on the way home from the office. Third time this month! Sounds suspicious to me. Get me Bond please Miss Moneypenny!”
(Yes I know Bond is MI6 not MI5)
Let’s say Apple is ordered to create a back door, and they do it. How many people will take part in its creation? There will be committee’s discussing committees both with the government and within Apple. How many programmers will touch the project? How many security consultants? After it’s created, who’s going to manage, maintain, and update it. Where’s the budget? When the administration comes in will it get the same attention? What happens when the expert that created it retires, and the next guy got the job on low bid? The point is every security system, protocol, etc. (SSL, TSL... whatever) becomes obsolete because it’s no longer secure.
There’s so many issues with backdoors (including your suggestion) it’s laughable. Backdoors by definition aren’t secure.
Your key escrow will fail either because a. The key isn’t secured b. The key isn’t secure c. The implementation isn’t secure (Etc)
So far, nation states have been hands off in attacking financial systems because of their interconnectedness. Your key escrow will be open season. It will fail. It’s only a matter of when.
Only with Android phones which comes from the factory with security holes in them which will never be patched because the telcom company doesn't support the phone 6 months after they start selling it.