Web encryption leads to ‘unethical’ spy practices – ex-GCHQ chief
The increased use of encryption technologies, particularly in everyday services such as email, will lead spy agencies to commit “ethically worse” behavior, such as hacking individual computers, a former GCHQ boss has warned.
Speaking at the London School of Economics (LSE), Sir David Omand said increasingly secure encryption technologies, which currently allow users to message and email in private, mean agencies are unable to intercept mail, and could be forced into more direct spying methods, report the Bureau of Investigative Journalism.
Following evidence leaked by NSA whistleblower Edward Snowden, both GCHQ and its US counterpart were found to be spying on millions of people’s private data. The revelations caused public outcry, leading to calls for web firms to make data more secure.
Apple and Google have begun introducing more sophisticated methods of encryption, and have signaled their unwillingness to pass user data to government agencies.
Security agencies can use “network exploitation” or direct hacking to get around encryption technologies, which currently support WhatsApp and iMessenger, and monitor the messages as they are written.
Sir David, who was GCHQ director from 1996 to 97, said: “One of the results of Snowden is that companies are now heavily encrypting [communications] end to end.
“Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.”
The surveillance technique of “close access” usually means the agent has to be within a certain level of physical proximity to the subject. It could be bugging, direct hacking of phones or computers, or even physical observation.
Sir David said this would lead to “ethically worse” problems for the intelligence agencies.
“You can say that will be more targeted, but in terms of intrusion into personal privacy – collateral intrusion into privacy – we are likely to end up in an ethically worse position than we were before.”
The former GCHQ boss further defended the work of the agency, saying it was not all “offence,” but that they were also responsible for defending the UK from cyber-attacks.
This point faced rebuttal from Gus Hosein, executive director at NGO Privacy International, who claimed GCHQ was putting less time and effort into the defense than they had previously done.
Hosein said the British security agency was responsible in the past for informing tech companies about glitches and flaws in their system, but “they’re not going to do that anymore.”
“They’re going to harvest these vulnerabilities, treat them like arms, pull them out and use them in a widespread manner that will not necessarily be targeted,” he added.
Prime Minister David Cameron plans to ban encrypted messaging services WhatsApp and Snapchat were greeted with outrage, with critics accusing him of “Chinese” levels of public censorship.
The outrage, however, is countered by the threat of extremist groups, many of which use social media to communicate and recruit members.
It was revealed on Friday that despite being banned in the UK, two Islamist groups were still flouting the law on Twitter and YouTube.