MI5 head wants 'exceptional access' to encrypted communications

Posted:
in General Discussion
The increased use of encryption has made the Internet a "wild west, unregulated, inaccessible to authorities, according to chief of British security agency MI5 Sir Andrew Parker, with the use of end-to-end encryption by Apple and other tech companies continuing to make it nearly impossible for law enforcement officials to monitor online conversations.




In the latest salvo of the ever-ongoing encryption debate, the head of MI5 has urged for tech companies to provide more assistance to agencies and organizations working to protect the public, by granting access to encrypted communications. It is thought plans by Facebook to use end-to-end encryption across all of its social media services was a particular concern to Parker, in part due to its global reach.

Tech firms should "use the brilliant technologists you've got" to solve the problem, Parker said according to The Guardian. "Can you provide end-to-end encryption, but on an exceptional basis - exceptional basis - where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?"

Parker's comments were made as part of an ITV documentary about MI5 itself, one where he advised to government ministers it was not possible for it to halt every terror plot, in part due to the limited ability to see online communications. In the event of an attack, Parker suggests "the very high likelihood is that it will be done by somebody who appears in our records somehow, but there are thousands of them and we cannot - cannot - monitor closely what all those people are doing all the time."

The documentary and the comments arrive shortly before Parker is due to end his statutory term at the domestic intelligence agency in the spring.

This is not the first time British law enforcement agencies have asked for ways to monitor encrypted communications. Apple, Google, Microsoft, and WhatsApp cosigned an open letter in 2019 asking the UK government to abandon a "ghost protocol" initiative to allow intelligence services to read encrypted messages, by effectively secretly copying messages from every user and forwarding them along to a monitoring agency like GCHQ.

The continuing encryption debate has government officials and law enforcement chiefs around the world demanding access to encrypted data, typically by the inclusion of a backdoor. Critics, including Apple, counter that the addition of backdoors weakens encryption as a whole, as they can just as easily be exploited by bad actors along with those having legitimate reasons for access.

As a strong proponent of encryption, Apple has been at the center of some major battles in the debate, most recently involving the FBI's investigation of the Pensacola shooting. While the FBI and US Attorney General William Barr have requested Apple unlock the shooter's iPhone, including Barr's accusation Apple hasn't provided "substantive assistance," Apple has already provided a trove of data it does have access to, while also denying requests to assist in breaking the encryption.
«13

Comments

  • Reply 1 of 45
    Rayz2016Rayz2016 Posts: 6,957member
    "Can you provide end-to-end encryption, but on an exceptional basis - exceptional basis - where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?"

    No, because you'll change the law and the exception will become the norm.
    georgie01lkruppcincyteemacxpressmike1elijahghodarpulseimagesDogpersonlongpath
  • Reply 2 of 45
    Nosy Parker :smiley: 
    argonautwatto_cobra
  • Reply 3 of 45
    People try to change or implement laws using ‘exceptional’ cases, and then those cases become increasingly unexceptional.

    Government agencies just need to get their own act together to figure out ways to exploit these devices and encryption, rather than using laws to make companies do their work for them and make all devices less secure while criminals just switch to other encrypted platforms (making Apple or Facebook create backdoors won’t stop the creation of other services the government can’t control).
    StrangeDaysargonautdysamoriasailorpaultoysandmejony0watto_cobra
  • Reply 4 of 45
    DAalsethDAalseth Posts: 2,783member
    You can't be a little bit pregnant.
    Open is open
    Secure is secure.
    There is no half way.
    If they get a back door to iOS
    By the end of that year EVERYONE will have it.
    lkruppcincyteeDogpersonStrangeDayskurai_kagekuduchabigargonautstompybaconstang
  • Reply 5 of 45
    hexclockhexclock Posts: 1,243member
    Sure, we’ll give you the encryption keys in exchange for all un-redacted files you have on UFO’s.  
    edited February 2020 pulseimagesswat671argonauttoysandmeFileMakerFellerwatto_cobramattinoz
  • Reply 6 of 45
    lkrupplkrupp Posts: 10,557member
    Make all the arguments against it you want to. Be outraged about the concept. Excoriate the government for thinking it will solve their problems. In the end, though, be prepared to see it come to pass. All it will take is another 9/11 style attack and the public will demand it. The public will gladly give up their freedom for the illusion of security and safety. We've given up so many of our freedoms already in the name of social homogeneity. The PC police have restricted our speech. The anti-gun cadre wants to eviscerate the 2nd amendment. We're closer to a surveillance society than ever before. Public facial recognition is on its way. The opposition can hold out only so long before the public forces the issue.

    Interesting that we never hear about Russian or Chinese officials clamoring for backdoors, probably because they've already got them. 
    edited February 2020 entropysjony0
  • Reply 7 of 45
    gatorguygatorguy Posts: 24,176member
    lkrupp said:
    Make all the arguments against it you want to. Be outraged about the concept. Excoriate the government for thinking it will solve their problems. In the end, though, be prepared to see it come to pass. All it will take is another 9/11 style attack and the public will demand it. The public will gladly give up their freedom for the illusion of security and safety. We've given up so many of our freedoms already in the name of social homogeneity. The PC police have restricted our speech. The anti-gun cadre wants to eviscerate the 2nd amendment. We're closer to a surveillance society than ever before. Public facial recognition is on its way. The opposition can hold out only so long before the public forces the issue.

    Interesting that we never hear about Russian or Chinese officials clamoring for backdoors, probably because they've already got them. 
    +1
  • Reply 8 of 45
    No, No and thrice No. You will have to put an awful lot of the population into jail if you get the sort of laws you want passed. There isn't the space in jail for all of us refuseniks.
    toysandme
  • Reply 9 of 45
    “We’re from the government and we’re here to help.”
    watto_cobra
  • Reply 10 of 45
    I’ll support this request right after all government communications, internal, and between governments, are public.  No more back room deals, quid pro quo, bribe, negotiation, etc. that the public isn’t aware of.

    When you guys chat in the loo, it’s streamed live.  When you have intimate time with your significant other, you’ll be miked up, and we’ll be there.

    You know... we’ll be monitoring you, just in case you do or say something bad.

    Tomorrow we’ll be reviewing your finances Mr. Parker.

    Deal?
    edited February 2020 elijahgFLMusicargonautdysamoriasailorpaultoysandmewatto_cobra
  • Reply 11 of 45
    Why can't companies like Facebook and Apple provide secure End to End communication for US (and/or UK/Canada/etc.) citizens but key-escrowed communication for foreigners (eg, China, Iran, etc.)? All it would take is for Facebook and Apple to write software that determines the nationality of the user. That's a modest technical problem. The problem is primarily that Facebook and Apple actually want to provide secure communications for people who have no such right, and perhaps secondarily also that the government wants key-escrow for nationals who may have a "right" to privacy.

    This solution would be unsatisfactory to Apple and Facebook because SOME of their customers (eg, citizens of Iran, China, Somalia) would be unhappy that their keys were being escrowed. And it would also be unsatisfactory to the governments because SOME of their suspects (eg, citizens of US, Canada, UK) would have keys that are NOT being escrowed. Both sides, government and corporations, aren't willing to settle for a 50% satisfactory solution, which is sad. They both want 100%.

    Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. And most of you are unimaginative enough to figure out how to solve this problem. I could explain how it could be done, technically, but I don't want to argue about technical solutions, I want to argue about whether this approach is a useful and legal approach. Is it legal? Very probably. Is it useful? Probably for many situations. But both sides want it all and aren't willing to compromise.
    gatorguy
  • Reply 12 of 45
    Why can't companies like Facebook and Apple provide secure End to End communication for US (and/or UK/Canada/etc.) citizens but key-escrowed communication for foreigners (eg, China, Iran, etc.)? All it would take is for Facebook and Apple to write software that determines the nationality of the user. That's a modest technical problem. The problem is primarily that Facebook and Apple actually want to provide secure communications for people who have no such right, and perhaps secondarily also that the government wants key-escrow for nationals who may have a "right" to privacy.

    This solution would be unsatisfactory to Apple and Facebook because SOME of their customers (eg, citizens of Iran, China, Somalia) would be unhappy that their keys were being escrowed. And it would also be unsatisfactory to the governments because SOME of their suspects (eg, citizens of US, Canada, UK) would have keys that are NOT being escrowed. Both sides, government and corporations, aren't willing to settle for a 50% satisfactory solution, which is sad. They both want 100%.

    Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. And most of you are unimaginative enough to figure out how to solve this problem. I could explain how it could be done, technically, but I don't want to argue about technical solutions, I want to argue about whether this approach is a useful and legal approach. Is it legal? Very probably. Is it useful? Probably for many situations. But both sides want it all and aren't willing to compromise.
    How are you going to determine if I’m a local good old boy?  If I turn on my VPN it looks like I’m German, when I’m actually in the USA.

    Besides, you haven’t been paying attention, they want your information just as much as they want foreigners.

    If you think these surveillance problems work, here you go.  Yesterday’s news: (you’ll note the US was spying on there own people)

    NSA spent $100M on phone surveillance program that prompted two unique FBI leads

    https://www.washingtonexaminer.com/news/nsa-spent-100m-on-phone-surveillance-program-that-prompted-two-unique-fbi-leads


    edited February 2020 mailmeofferswatto_cobra
  • Reply 13 of 45
    Why can't companies like Facebook and Apple provide secure End to End communication for US (and/or UK/Canada/etc.) citizens but key-escrowed communication for foreigners (eg, China, Iran, etc.)? All it would take is for Facebook and Apple to write software that determines the nationality of the user. That's a modest technical problem. The problem is primarily that Facebook and Apple actually want to provide secure communications for people who have no such right, and perhaps secondarily also that the government wants key-escrow for nationals who may have a "right" to privacy.

    This solution would be unsatisfactory to Apple and Facebook because SOME of their customers (eg, citizens of Iran, China, Somalia) would be unhappy that their keys were being escrowed. And it would also be unsatisfactory to the governments because SOME of their suspects (eg, citizens of US, Canada, UK) would have keys that are NOT being escrowed. Both sides, government and corporations, aren't willing to settle for a 50% satisfactory solution, which is sad. They both want 100%.

    Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. And most of you are unimaginative enough to figure out how to solve this problem. I could explain how it could be done, technically, but I don't want to argue about technical solutions, I want to argue about whether this approach is a useful and legal approach. Is it legal? Very probably. Is it useful? Probably for many situations. But both sides want it all and aren't willing to compromise.
    How are you going to determine if I’m a local good old boy?  If I turn on my VPN it looks like I’m German, when I’m actually in the USA.

    Besides, you haven’t been paying attention, they want your information just as much as they want foreigners.

    If you think these surveillance problems work, here you go.  Yesterday’s news: (you’ll note the US was spying on there own people)

    NSA spent $100M on phone surveillance program that prompted two unique FBI leads

    https://www.washingtonexaminer.com/news/nsa-spent-100m-on-phone-surveillance-program-that-prompted-two-unique-fbi-leads


    You asked me "how" it would be done. I explicitly wrote I don't want to talk about "how it's done" because that would change the topic to a technical topic rather than a policy topic. The link you sent me was not a key escrow issue, so it's irrelevant to my point. (I get the impression that you don't even understand what key escrow is since you are diverting attention from the topic I raised.) But you admit you don't understand "how" nationality could be determined. Let's ignore how it's done and talk about whether it's a good idea to do this. Ask yourself if this method I've described, if it were possible, would be "legal" and "useful". I said it would be very probably legal and probably useful in many situations. You had nothing to say. I was right when I expected that responses to my message would try to address "how" this could be done rather than whether it's a good idea. As I said, corporations ignore this question because they want all their customers to get the same high grade encryption, while governments ignore this question because they want to be able to view everyone's traffic. 
  • Reply 14 of 45
    Rayz2016Rayz2016 Posts: 6,957member


    Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. 

    You'll ignore it because you're an idiot who's never heard of VPN.
    MissNomermailmeofferstoysandmewatto_cobra
  • Reply 15 of 45
    seanjseanj Posts: 318member
    Let’s be honest, most people’s lives are so humdrum that if the government is spying on them then it’s wasting taxpayers money and probably boring it’s operatives to death in the process  :D

    Can you imagine the next Bond movie - M: “gosh Mrs Brown has messaged her husband to buy some more bread on the way home from the office. Third time this month!  Sounds suspicious to me. Get me Bond please Miss Moneypenny!”

    (Yes I know Bond is MI6 not MI5)
    gatorguyFLMusicFileMakerFellerwatto_cobra
  • Reply 16 of 45
    Why can't companies like Facebook and Apple provide secure End to End communication for US (and/or UK/Canada/etc.) citizens but key-escrowed communication for foreigners (eg, China, Iran, etc.)? All it would take is for Facebook and Apple to write software that determines the nationality of the user. That's a modest technical problem. The problem is primarily that Facebook and Apple actually want to provide secure communications for people who have no such right, and perhaps secondarily also that the government wants key-escrow for nationals who may have a "right" to privacy.

    This solution would be unsatisfactory to Apple and Facebook because SOME of their customers (eg, citizens of Iran, China, Somalia) would be unhappy that their keys were being escrowed. And it would also be unsatisfactory to the governments because SOME of their suspects (eg, citizens of US, Canada, UK) would have keys that are NOT being escrowed. Both sides, government and corporations, aren't willing to settle for a 50% satisfactory solution, which is sad. They both want 100%.

    Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. And most of you are unimaginative enough to figure out how to solve this problem. I could explain how it could be done, technically, but I don't want to argue about technical solutions, I want to argue about whether this approach is a useful and legal approach. Is it legal? Very probably. Is it useful? Probably for many situations. But both sides want it all and aren't willing to compromise.
    How are you going to determine if I’m a local good old boy?  If I turn on my VPN it looks like I’m German, when I’m actually in the USA.

    Besides, you haven’t been paying attention, they want your information just as much as they want foreigners.

    If you think these surveillance problems work, here you go.  Yesterday’s news: (you’ll note the US was spying on there own people)

    NSA spent $100M on phone surveillance program that prompted two unique FBI leads

    https://www.washingtonexaminer.com/news/nsa-spent-100m-on-phone-surveillance-program-that-prompted-two-unique-fbi-leads


    You asked me "how" it would be done. I explicitly wrote I don't want to talk about "how it's done" because that would change the topic to a technical topic rather than a policy topic. The link you sent me was not a key escrow issue, so it's irrelevant to my point. (I get the impression that you don't even understand what key escrow is since you are diverting attention from the topic I raised.) But you admit you don't understand "how" nationality could be determined. Let's ignore how it's done and talk about whether it's a good idea to do this. Ask yourself if this method I've described, if it were possible, would be "legal" and "useful". I said it would be very probably legal and probably useful in many situations. You had nothing to say. I was right when I expected that responses to my message would try to address "how" this could be done rather than whether it's a good idea. As I said, corporations ignore this question because they want all their customers to get the same high grade encryption, while governments ignore this question because they want to be able to view everyone's traffic. 
    I never asked you how.  But...

    If you give a key to a 3rd party to unlock a door, you have no idea who that 3rd party is, and if it ends up in some else’s hands.  I can say with absolutely certainty that if that 3rd party is a government, they’re going to lose that key and it will be in someone’s hands shouldn’t have access to it.  All you have to do is read the news to confirm I’m right.  Top Secret information, including government spy tools, have shown up on the dark web.

    Let’s say Apple is ordered to create a back door, and they do it.  How many people will take part in its creation?  There will be committee’s discussing committees both with the government and within Apple.  How many programmers will touch the project?  How many security consultants? After it’s created, who’s going to manage, maintain, and update it.  Where’s the budget?  When the administration comes in will it get the same attention?  What happens when the expert that created it retires, and the next guy got the job on low bid?  The point is every security system, protocol, etc. (SSL, TSL... whatever) becomes obsolete because it’s no longer secure.

    There’s so many issues with backdoors (including your suggestion) it’s laughable.  Backdoors by definition aren’t secure.

    Your key escrow will fail either because a.  The key isn’t secured b. The key isn’t secure c. The implementation isn’t secure (Etc)

    So far, nation states have been hands off in attacking financial systems because of their interconnectedness.  Your key escrow will be open season.  It will fail.  It’s only a matter of when.
    longpathMissNomermailmeofferstoysandme
  • Reply 17 of 45
    mjtomlinmjtomlin Posts: 2,673member
    lkrupp said:
    Interesting that we never hear about Russian or Chinese officials clamoring for backdoors, probably because they've already got them. 

    Seriously doubt Apple provides a backdoor for select governments. 

    Those countries probably already have anti-e2e encryption laws in place. They don’t need a backdoor. 
    StrangeDaysFLMusic
  • Reply 18 of 45
    realisticrealistic Posts: 1,154member
    “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” ― Benjamin Franklin,
    unbeliever2DogpersonlongpathFLMusicentropysbaconstangmailmeofferstoysandmewatto_cobra
  • Reply 19 of 45
    macxpressmacxpress Posts: 5,801member
    lkrupp said:

    Interesting that we never hear about Russian or Chinese officials clamoring for backdoors, probably because they've already got them. 

    Only with Android phones which comes from the factory with security holes in them which will never be patched because the telcom company doesn't support the phone 6 months after they start selling it.
    longpathwatto_cobra
  • Reply 20 of 45
    If Apple did this for one government, they would have to make it available to all governments. Do you think China would not want this, or do you think they don’t have enough leverage to demand it if it exists?
    longpathwatto_cobra
Sign In or Register to comment.