‘We Can Trust GCHQ On Encryption’

After the chiefs of GCHQ, MI5 and MI6 faced questions from the Intelligence and Security Committee on their snooping efforts last week, voices from the more cantankerous anti-establishment communities said it was a farce. Weak lines of inquiry, from MPs who had already declared the mass surveillance revealed by the Snowden leaks legal, allowed the agency chiefs to come back strongly with their argument that breaking encryption is needed to fight terrorists and paedophiles, and paint those responsible for the leaks as the bad guys.

Not that the papers have stopped publishing. Further revelations today have indicated GCHQ hacked oil price control body Organisation of the Petroleum Exporting Countries (OPEC), gaining access to an HQ network in Austria and actually infecting nine workers’ machines with malware. The NSA is said to have targeted OPEC too.

Brits love snoops?

Despite continued reports of aggressive intelligence tactics, the opprobrium GCHQ and its partners have faced appears to have waned. The public outcry has not been particularly vociferous, particularly here in the UK. In mid-October, a YouGov survey found only 19 percent of the British public believed agents should have their powers cut back. Almost a quarter said they didn’t have enough power, whilst 43 percent said the leaks were a bad thing that would aid Britain’s enemies.

Members of the academic community are also now stepping forward to defend GCHQ. One of the most heated issues is that of encryption. Heavyweights of the cryptography community, led by the legendary Bruce Schneier, have derided efforts by intelligence services to crack or bug commonly-used encryption, from SSL to popular random number generators, claiming it weakened the security of the Internet as a whole.

But there is another train of thought that has had little public airing: there’s no reason why GCHQ or the NSA would make encryption less secure, given that they use it themselves.

Professor Alan Woodward, from the University of Surrey, noted that one of the missions of GCHQ (via CESG) is to ensure that government communications are as secure as possible.

GCHQ loves encryption?

“I find the encryption argument really quite strange, as the allegation is that the standards themselves have been somehow downgraded to make encryption less secure,” he told me.

“Personally I would be very surprised if this had happened for two simple reasons. First, there are many experts in encryption who can study the maths behind the encryption standards and they would be able to see if  it had been degraded in some way…  In essence, let the maths speak for itself.

“Second, the very standards that have been allegedly tampered with are those used to create systems for use by the governments and armed forces of the countries that are supposed to be weakening the encryption.  That would mean they are weakening their own defences.  I find that highly unlikely.

“If it were me I would have a team working in parallel looking to see what weaknesses might arise in the encryption standard as it is being developed.  That isn’t the same as deliberately weakening it.”

It would be easy for someone to label Woodward’s assertions as naive. In the security world, he is going against the tide of opinion. But are the detractors being naive in believing the largely negative spin the papers have put on the leaks?

The debate points to two things happening. First, altruistic  members of the security community will build more secure communications tools. As Silent Circle and Lavabit have shown with their own effort to improve email privacy, this is already happening.

Second, intelligence agencies in the UK will keep their powers and the level of data scooping will only continue to rise. That might not mean more communications are being snooped on, however.  “These agencies have an enormous job to do and whilst we have mass data gathering we don’t have mass surveillance – the two are not synonymous,” Woodward added.

Shhh! Don’t look at our whistleblowers quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

4 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

5 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

6 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

7 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

10 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

10 hours ago