GCHQ wants 'closer relationship' with tech sector

Robert Hannigan, the director of GCHQ, has called for a rapprochement of the often fraught relationship between national security bodies and the tech sector.

GCHQ director Robert Hannigan: Trade-offs between security and privacy must be made
GCHQ director Robert Hannigan: Trade-offs between security and privacy must be made

The head of GCHQ has called for a closer relationship between the intelligence community and the tech sector. Robert Hannigan,  the director of the UK signals intelligence body, GCHQ, said as much at a recent speech at the Massachusetts Institute of Technology (MIT). 

Hannigan said, “We recognise that we need a new relationship between the tech sector, academia, civil society and government agencies. We should be trying to bridge the divide, sharing ideas and building a constructive dialogue in a less highly-charged atmosphere.”

Citing the achievements of Alan Turing, the man who cracked Enigma, Hannigan mentioned that Turing actually spent more time in the middle-century equivalent of the modern cyber-security industry than he did in the fight against European fascism.

Comments Hannigan had previously made in a Financial Times opinion piece had raised the ire of more than a few within the tech sector. “The comments caused a bigger stir than I expected, to be honest, and were widely seen as an attack on the tech industry,” he conceded. 

The authoritarians of state security have traditionally had a chilly relationship with the libertarians of the tech sector. While state bodies tend to put individual privacy behind security concerns, technologists usually do the opposite. The response to the incoming Investigatory Powers Bill or Apple's recent collision with the FBI over the unlocking of the San Bernardino shooter's iPhone are just such examples of that fraught interaction.

“In principal, tech firms and GCHQ need to work together. Sadly, there is a conflict between our privacy and the requirement of keeping people safe”, Norman Shaw, CEO and founder of ExactTrak told SCMagazineUK.com. 

He added, “It comes down to robust safeguards. Do we want the security services to prevent terror attacks and catch murderers and child molesters. Of course we do. In that case, we need to work together. It would be nice if the security services could request access to a secure device and following appropriate oversight, a tech firm could make the secure data available but without giving the security services the ability to have an unlock capability that they could use as and when they feel like it.”

Hannigan also used his speech to take on what he believes to be some of the mischaracterisations of the government's desires, embodied in the incoming Investigatory Powers Bill, when it comes to encryption and privacy.  

Hannigan was “puzzled by the caricatures in the current debates where almost every attempt to tackle the misuse of encryption by criminals and terrorists is seen as a ‘backdoor'. It is an overused metaphor, or at least misapplied in many cases, and I think it illustrates the confusion of the ethical debate in what is a highly charged and technically complex area.”

Michael Hack, senior vice president of EMEA operations at Ipswitch, told SC that one company accepting the embrace of state security could mean problems for the rest. “Data encryption is only secure if there are no weak links. No matter how noble a cause, any technology company that provides a back door to its encrypted technology creates a weak link.”

While this could, said Hack, “speed up investigations of high profile crimes it would come at a significantly high cost to millions of law-abiding citizens. A weak link would very quickly become a target for hackers and cyber-criminals; we know from experience that there are plenty out there who would be keen to find a key of their own just for the hell of it. 

"However, there is also a whole wealth of people with dark motives waiting to kick in any backdoor they can. Despite GCHQ's best intentions and efforts, opening up encryption technologies would mean personal data such as bank accounts, health records and even details of frequently visited locations could be readily up for grabs.”

Not only did Hannigan call for a closer relationship but was also keen to point out that the relationship is often warmer than it might seem from the outside: “Government agencies do not have the answer here. The solutions lie with those who run the internet: that wonderful collaboration of industry, academia, civil society, governments and, above all, the public. The perception that there is nothing but conflict between governments and the tech industry is a caricature; in reality companies are routinely providing help within the law and I want to acknowledge that today.”

Antony Walker, deputy CEO of techUK, was more trusting of Hannigan's sentiment. “We welcome Robert Hannigan's commitment to constructive dialogue with the tech industry. The solutions lie in government, academia and industry working together.”

He added, “These are hugely complex issues. This speech makes it very clear that there are no easy answers. It is a realistic assessment of the trade-offs that need to be made to secure our digital world. The Investigatory Powers Bill gives us the opportunity to create the best possible legal framework. To be successful, it must reflect the trade-offs that need to be made. We have to be constantly wary of the long term implications of our actions. We must not jeopardise our long term security."