GCHQ boss: Tech firms should co-operate over encryption
The head of GCHQ has called for greater co-operation between spies and tech companies in dealing with challenges posed by encryption.
Robert Hannigan said the encoding of data was being misused by a small number of people.
He said the rational response was not to think encryption was bad, but to look for pragmatic ways of responding.
Mr Hannigan was speaking as the FBI engages in a legal battle with Apple over the firm's encryption systems.
At an event at MIT in Boston, Mr Hannigan, director of the UK government's communications intelligence agency, said it should be up to politicians - not companies or spies - to set the parameters.
On his first day in charge of GCHQ in November 2014, Mr Hannigan wrote an opinion piece for the Financial Times accusing US tech companies of becoming the "command and control network of choice" for terrorist groups.
A year and a half later in Boston, Mr Hannigan conceded the comments caused a bigger stir than he expected and said they were wrongly seen as an attack on the tech industry.
The tone of his latest intervention was conciliatory, focusing on the need for government agencies and companies to work together to find solutions.
"We need a new relationship between the tech sector, academia, civil society and government agencies. We should be bridging the divide, sharing ideas and building a constructive dialogue in a less highly-charged atmosphere," he told the audience.
Apple has designed phones with strong encryption which made it impossible for the company to retrieve data for the state, including in the case of one of those involved in the San Bernadino attacks.
The company and its supporters have stressed that creating any form of "key" for the government to unlock data would also create a vulnerability for hackers and others to exploit.
Mr Hannigan did not mention Apple directly but emphasised the way in which GCHQ supported strong encryption because of the agency's role in protecting British data from hackers and other states.
He also pointed to the agency's pioneering work such as that of Alan Turing in World War Two who worked not just on breaking codes but also on securing speech through encryption.
Mr Hannigan said two previously secret papers from 1970 by James Ellis, a leading GCHQ cryptographer, were being declassified which showed the early work on developing what became the now widely used system of public key cryptography.
That kind of innovation was what Mr Hannigan said he wanted to see today in dealing with the modern challenges surrounding encryption.
"The solution is not, of course, that encryption should be weakened, let alone banned. But neither is it true that nothing can be done without weakening encryption," he said, adding that it was wrong to see every attempt to tackle the misuse of encryption by criminals and terrorists as a "backdoor".
Mr Hannigan reiterated that the British government position - as set out in the new investigatory powers bill - would not outlaw the type of end-to-end encryption which is at the heart of the row between Apple and the FBI.
Drawing the boundaries
Instead, he said, it will demand companies take reasonable and practical steps to provide data when demanded.
"Within the parameters set by legislation, it should be possible for technical experts to sit down together and work out solutions to particular manifestations of the abuse of encryption."
Such conversations were more common before the Snowden revelations, officials say, but since then companies have withdrawn and referred requests to their lawyers.
The decision about where to draw the boundaries was not one for either the companies or the spies, Mr Hannigan said, but instead for lawmakers.
"It is not for me, as an intelligence official and civil servant, or for a law enforcement officer to make these broad judgements, whether about the use of data in general or encryption in particular; nor is it for tech company colleagues nor even for independent academics.
"Since the trade-offs are for society as a whole, it must surely be for elected representatives to decide the parameters of what is acceptable."
Antony Walker, deputy chief executive of techUK, an organisation which represents tech firms, said the solution lay in government, academia and industry working together.
"These are hugely complex issues," he said. "This speech makes it very clear that there are no easy answers. It is a realistic assessment of the trade-offs that need to be made to secure our digital world.
"We must not jeopardise our long-term security."