Posted by Thersites on  UTC 2020-02-25 16:22

This man is an idiot.

That in itself would not be a problem – there are, indeed. a lot of them about these days – if it weren't for the fact that he is currently the Director General of MI5 in the UK. For that organization, 'intelligence' is written on the tin.

FoS image, size 708x398

Tieless and clueless: Sir Andrew Parker, Director General of MI5. Image: ITV News.

There is usually a glimmer somewhere in the darkest night: in this case we learn that he is only going to be in the job about another month or so. Another idiot will soon replace him, no doubt. Out, out, brief candle!

Sir Andrew Parker recently gave an interview to UK ITV News, in which he stated:

I say to the [tech] companies: Can you please use the brilliant technologists you’ve got to answer this question, which is: Can you provide end-to-end encryption, but on an exceptional basis – exceptional basis – where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?

There is so much idiocy wrapped up in this that we have to disentangle it knot by knot.

I say to the [tech] companies

For a long time now encryption has had almost nothing to do with the 'tech companies'. Cryptographic algorithms are open source and curated by academic computer scientists around the world. By definition, a cryptographic algorithm has to be verifiable if it is to be trusted.

If a tech company tried to build a weakness into encryption code a) someone would immediately notice that the code had gone from open source to proprietary (= deviant = manipulated) code; b) someone inside the company would leak this act; c) the same manipulations when shared between companies would be almost immediately leaked.

Parker can also forget about forcing hardware providers such as chip manufacturers to build some exploitable weakness into their products. From the moment they hit the market these devices would be hacked and rendered completely insecure. Every intelligence organization around the world – friend and foe – would be exploiting this vulnerability. A hostile intelligence agency would just have to leak the access route into its enemy's devices to render them useless overnight.

Changing the encryption procedure itself or tweaking the software to generate weak keys that could be easily cracked would be noticed by the cryptographic community within hours.

Can you please use the brilliant technologists you’ve got to answer this question

Such smarmy soaping might just about be acceptable on a children's television programme, but it's just embarrassingly gauche when used with adults. He's an idiot.

on an exceptional basis – exceptional basis – where there is a legal warrant and a compelling case to do it

The recent history of supposedly free and democratic Western countries delivers many examples of surveillance introduced for a specific limited case, an 'exceptional basis', including lots of 'checks and balances' and 'legal supervision' and only for 'use in emergencies' by only a few honest people doing their best to protect us all from monsters.

It usually takes about a week before the new powers are being used to pursue and prosecute people from whose pockets a sweet wrapper may have inadvertently fallen.

All such decisions would have to be taken in darkness, out of the public view. One only has to point to the manifest weaknesses of the FISA court in the USA that was supposed to guard against the misuse of surveillance by the US security services, which has now been shown to be utterly ineffective in the Trump 'Russian collusion' scandal.

provide access to stop the most serious forms of harm happening

Well, knowing 'the most serious forms of harm' is based on the premise that you already know that someone is extremely dangerous and wish to take the next step in order to foil whatever scheme is afoot. In practice, though, message interception and code-cracking would without doubt be required to establish this premise in the first place. Indeed, MI5 could argue that the very fact that the suspects are using end to end encryption justifies cracking it.

Can you provide end-to-end encryption, but on an exceptional basis – exceptional basis – … provide access

Encryption cannot simply be switched off. There are at least two ends in the communication, many more in the case of a group conspiracy. Encrypted transmission with valid keys has to be maintained or the system will break down completely. Breaking into the system would involve acquiring the private keys from each participant in the conversation.

It might be possible to fish out the private keys on the suspects' devices, but this will sabotage the security mechanism of those devices. If such a technique became public knowledge among the hacking community – and it would, in short order – the entire security system of computing on which everyone now relies would break down.

The ransomware plague which began a few years ago was leveraged with a code package filched from the NSA or Mossad or someone or other. The security services of the world share tools and knowledge with their friends all the time. Whatever MI5 got, their intelligence compatriots would have minutes later. Parker is effectively asking for a tool that would end up in the armoury of every intelligence agency in the world, friend and foe.

We all rely on the integrity of encryption for all our online transactions. It can't sometimes not work, however 'exceptional' the 'basis'. Encryption security is an absolute if the internet is not to collapse.

He's an idiot.

Another idiot

Since we are messing about with issues of security and privacy we may as well mention another sign of a serious intelligence deficit among the intelligence community, this time in the person of Dame Cressida Dick, the diminutive lady in charge of the Metropolitan Police (yes her: the Gold Commander of executed Brazilian housepainter fame, since then much honoured and promoted).

Dick used a public lecture to announce that the Met would be pushing ahead with its face recognition system, despite its many critics, who were 'sometimes highly inaccurate or highly ill informed' in her opinion.

However, using any technological success metric, the trials of the system have proved to be an utter farce. The introduction of the system is riddled with unanswered questions – for example about the exact implementation of the system and the storage of images. The system simply doesn't work, even using the kindest definition of 'work'.

It doesn't really need to, since zillions of images of everyone's faces at particular locations will be immensely helpful to the powers that be. These are not fuzzy images of a town square but very detailed images of faces. Even the Met's creaking computers are able to sort these images into useful categories, narrowing the search down from zillions to a dozen or so, at which point a human can take over.

An automated facial recognition that worked would be nice to have and may one day arrive, but in the meantime a collector and sorter of images that uses existing technology will also do nicely, thank you. That's why the Met is pressing ahead even when the system doesn't really work as it should. They may be idiots – but they are not stupid.

Citizens will have no defence against this system. Just as anyone using an encryption system will be immediately suspect, so anyone trying to avoid facial recognition is immediately in trouble:

In addition, fears over how the technology will be used by police on the ground were given serious credence when a man hid his face from a trial system being used in Romford, in East London. He was pulled aside by the police, who decided that such behavior was suspicious and fined £90 ($115) for "disorderly behavior."

A film crew happened to be filming at the time and spoke to the man afterwards. “I said, ‘I don’t want me face showing on anything’,” he told the film crew. “If I want to cover me face, I’ll cover me face. It’s not for them to not tell me to cover me face.”

Time to dust off the burka, methinks. Everyone should have one. The Register.

The clear evidence of the intellectual deficits and dismal incompetence of the security and intelligence services might be taken as a comfort by the troublemakers, subversives and malcontents amongs us.

For the rest of us, who still have hopes that we won't meet our premature end in some terrorist outrage on the mean streets of the UK, it's actually really rather worrying.

0 Comments UTC Loaded:

Input rules for comments: No HTML, no images. Comments can be nested to a depth of eight. Surround a long quotation with curly braces: {blockquote}. Well-formed URLs will be rendered as links automatically. Do not click on links unless you are confident that they are safe. You have been warned!

Name  [max. characters: 24]
Type   into this field then press return:
Comment [max. characters: 4,000]