- An ex-MI5 boss has spoken out against calls for encryption to be weakened to help fight terrorism.
- Jonathan Evans, who led the spy agency from 2005 to 2013, says encryption is necessary to help secure businesses.
- Home secretary Amber Rudd previously said “real people” don’t need end-to-end encryption in messaging apps.
LONDON — The former head of MI5 has warned against weakening encryption in the fight against terrorism.
Speaking to Radio 4, Jonathan Evans said: “I’m not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly.” (We first saw his remarks via The Guardian.)
The public comments from Evans, who was director-general at the British spy agency between 2005 and 2013, come after Home Secretary Amber Rudd claimed that “real people” don’t need end-to-end encryption in messaging apps, and publicly asked messaging apps like WhatsApp to reconsider using it.
Strong end-to-end encryption involves encoding messages or data so it cannot be read by anyone other than the intended recipient — including the company whose tech encrypts it, or law enforcement with a warrant.
WhatsApp, which is owned by Facebook, end-to-end encrypts all its messages by default. Messenger, another messaging app from Facebook, offers the security feature as an option (though it’s not switched on automatically), as does Apple’s iMessage, as well as Allo, a messaging app from Google, and numerous other apps.
Britain says it doesn’t plan to ban end-to-end encryption — but wants companies to stop using it
In the wake of multiple terror attack in Britain in 2017, Amber Rudd said that the tech is making it more difficult for authorities to fight terrorism: “The inability to gain access to encrypted data in specific and targeted instances … is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.”
In a column, the politician said that the British government does not intend to ban end-to-end encryption — but would like companies to voluntarily move away from it, arguing it isn’t necessary for “real people.”
She wrote: “Real people often prefer ease of use and a multitude of features to perfect, unbreakable security … Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? Companies are constantly making trade-offs between security and ‘usability’, and it is here where our experts believe opportunities may lie.”
But privacy activists slammed her comments, arguing that her proposal would make people less safe. “Serious and competent criminals and terrorists can apply their own encryption — and incompetent ones can be caught any number ways. It’s only ordinary people — in Amber Rudd’s hideous terms, ‘real people’ that will suffer from her plans,” Paul Bernal, a senior lecturer at UEA Law School, told Business Insider.
‘Encryption in that context is very positive’
Evans argued that cybersecurity should not be compromised in the fight against terrorism. “While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face,” he said. “The way in which cyberspace is being used by criminals and by governments is a potential threat to the UK’s interests more widely.
“It’s very important that we should be seen and be a country in which people can operate securely — that’s important for our commercial interests as well as our security interests, so encryption in that context is very positive.”
Evans has spoken out about the issue before. In 2015, he told Business Insider that inserting backdoors to allow covert access for law enforcement is “not the answer” because of the risk they could be exploited by others.
Another senior ex-intelligence official who has been critical of attempts to weaken cryptography is former NSA boss Michael Hayden. Discussing failed efforts to curtail encryption in the Nineties, Hayden said: “in retrospect, we mastered the problem we created … We were able to do a whole bunch of other things. Some of the other things were metadata, and bulk collection and so on.”