The new head of GCHQ, Robert Hannigan writing in the FT today has warned US technology companies such as Twitter, Facebook and WhatsApp are aiding terrorist organisations by providing social media messaging that may be used to promote their cause. He further goes on to add that encrypting messages which is now routinely available can add further challenges to the security services.
I can remember similar discussions many years ago before the internet became such a fundamental part of life but even in those days electronic communications were becoming the order of the day and cryptography was emerging as mainstream public knowledge. Even then the argument was that the stable door is open and the horse has long since bolted. So what has changed in the last 30 years or so?
Cryptography is far better understood by a much wider sector of the technical population, in 1980 it was almost a black art and algorithms such as DES and RSA had only just appeared, we’ll ignore the arguments over who actually invented public key cryptography. In the public domain at least it all happened in the late 70’s. In the 80’s the algorithms were known but not well understood outside of a narrow field of specialists and if used incorrectly could often be broken. Today it is public knowledge on the internet which algorithm to use along with what key size and how best to implement it. That really does cause a hurdle to the security services and I feel quite confident that their internal expertise is little different from that in the academic community.
It actually gets worse than this because the resources available to the security services probably can’t match that available in the connected community on the internet. We can routinely see groups of thousands connect to achieve some common gain and unfortunately we can also see hackers do the same thing without the knowledge of the owners of the computing resources.
It is not realistic to assume that you can stop people encrypting messages because many will have good commercial reason, nor is it sensible to imagine they are going to knowingly use a cryptographic algorithm that can be broken. Equally the social messaging services are not going to go away, remember the Blackberry riots in 2011 where people were using the Blackberry Messaging service to help organise arson and looting in Croydon.
I think it is a given that people today can easily use strong cryptographic algorithms and can easily communicate with groups of people in real time. I also doubt that the leaders of such technology companies are unaware of the potential misuse of their systems. I equally doubt this is news to the security services; do I need to say more?
Dr David Everett