Infosec 2016 Lord Hague has predicted that Western societies will enact laws and regulations against unbreakable encryption – while conceding that the technology has always existed.
The former UK foreign secretary, who is also a historian and author of a biography of Prime Minister William Pitt the Younger, told delegates at the Infosec trade show that a book-based cypher written by an 18th century politician remains unbroken.
“Unless we know the book it’s based on,” or can find example of the same code being used in other messages, then it will remain unbroken, he said.
Technology firms need to cooperate or else law enforcement will lose the ability to investigate serious crimes, including tax evasion, people trafficking and terrorism, according to Lord Hague. This is because criminals and terrorists use communication technologies also used by mainstream consumers such as iMessage and WhatsApp – those are Lord Hague’s examples.
Unless government and their security agencies retain the ability to spot malicious activities through electronic intelligence, restrictions on civil liberties would have to be more “severe and draconian”, he argued.
Rather than the courts or technology firms deciding regulations for encryption, it ought to be decided through public opinion and a debate in Parliament or its equivalent in other Western countries, Lord Hague concluded.
The Apple versus FBI case was a “genuine and understandable clash of principles” that’s “likely to happen again especially since not resolved in court”. He acknowledged concerns that if law enforcement could break into communications for one reason they’d be able to break it for another as a legitimate concern. While there should be constraints to intrusion, there’s no absolute right to privacy either, he said.
“Not representative of how government and companies have worked together in the past,” Lord Hague added. Ultimately it’s for “parliaments and public to resolve”.
Spies like US
As well as speaking about the balance between privacy and security, Lord Hague also talked about the threat landscape and cyber-espionage.
Only a network of partnerships is going to protect security, according to the former leader of the Conservative party.
The senior politician, who signed interception warrants authorising the operations of GCHQ for four years while foreign secretary, said that businesses are becoming more vulnerable as they become more efficient through greater use of technology.
“Organisations wouldn’t leave doors open all night at the company headquarters but they are doing that in cyberspace,” Lord Hague said.
A network of partnership and greater information sharing is needed to deal with threats. Breached organisation should be obliged to report problems but these could be stored and shared in an anonymised form so that potential risk to reputation is reduced, according to the peer, in order to “see the scale of what is going on”. Many or most serious breaches were down to human error, he added.
While foreign secretary, Hague spoke to a conference where he gave three anonymised examples of organisations that had been hacked. All three of the blue chip firms affected were in the room but none knew they were affected by the theft of intellectual property.
Attacks of this type – often targeted against military contractors and aerospace firms – have historically been blamed on China, an accusation the country routinely denies.
Attributing the source of cyber attacks is notoriously difficult, “and what if a non-state actor like Isil [the self-styled Islamic State] is involved? Any treaty could risk either Balkanising the internet or increasing state power.”
For these and other reasons, an international accord is “highly unlikely” according to Lord Hague, who argued that issues ought to be addressed diplomatically and bilaterally between senior politicians in the respective countries involved.
“Defensive capabilities are limited without an offensive capability to detect deter or prevent attack,” he said during his keynote presentation at the Infosec trade trade in London on Wednesday. ®