British spies are once again stipulating that tech companies break their encryption so life is made easier for state-sponsored eavesdroppers.
The head of the domestic spy agency, Sir Andrew Parker, demanded that companies such as Facebook compromise the security of their messaging products so spies could read off the contents of messages at will.
Although Sir Andrew linked this need to serious crimes such as terrorism, the principle of a technical backdoor is that once open to spies, it's open to anyone who knows it exists.
Calling the world of encrypted messaging apps a "Wild West" that is "inaccessible to authorities", Sir Andrew told ITV in a pre-recorded interview: "Can you provide end-to-end encryption but on an exceptional basis – exceptional basis – where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?"
In the interview, summarised by ITV itself as well as other news outlets, Sir Andrew also claimed that MI5 is not interested in the products of dragnet mass surveillance. He told the broadcaster: "We do not approach our work by population level monitoring – looking for, you know, signs of: 'Out of this 65 million people, who should we, you know, look a bit more closely at?' We do not do that."
On a technicality, he may be right: that role is mainly reserved for GCHQ, which does the dirty work of automated spying on the entire population of Britain, as the Snowden revelations confirmed in 2013. Having "collected" everyone's online conversations and trawled through them for snippets of interest, GCHQ passes the highlights to MI5 and overseas UK spy agency MI6.
The tension between frictionless reading of criminal suspects' messages and protection of freedoms in the digital era is one where the English-speaking world outside the US has become angrier and angrier with American tech firms, which politely refuse to compromise their products. In Australia this public sector anger boiled over into outright denial of mathematics, with technically illiterate politicians convincing themselves that shouting "Make it so", Star Trek-style, can create a technical means of letting police and spies read your messages whilst shutting out everyone else.
Current UK home secretary Priti Patel is firmly anti-encryption, with the social conservative having banged on about paedoterrorists shortly after her appointment last summer.
A GCHQ plan to silently add the government as an authorised "third user" to online conversations, whose sole merit was that some actual thought and technical knowhow had been put into it, was dismissed last year by an international coalition of tech companies and big infosec names. The main tension between privacy activists and state security agencies is that the latter prefer the ease of dragnet surveillance over applying for judicial permission to target individuals on a case-by-case basis. Privacy activists say a lack of per-case controls leads to innocents being wrongly caught up in surveillance.
MI5 was found by a secretive British spy court in 2018 to have been breaking the law for years. Thanks to the unique way in which MI5 is subject to the law, neither the agency nor any individuals associated with it were held accountable. The Investigatory Powers Tribunal's (IPT) judges were all but falling over themselves to tell MI5 it would be walking free from court.
A year later the same court granted MI5 de facto immunity from the law, presumably to apologise for its previous public ruling. Judges drew a line between a newly devised legal "power" to commit crimes in direct defiance of the law and "immunity from prosecution." Apparently one doesn't equal the other, though even the IPT was too embarrassed to explain in its published judgment why that is.
Sir Andrew is stepping down in April, along with National Cyber Security Centre founding chief Ciaran Martin, whose service ends at some point this summer. Both their replacements will be appointed by the current government.
Sir Andrew Parker's full interview is due to be broadcast on ITV's Tonight programme tomorrow. ®
Sponsored: Webcast: Simplify data protection on AWS