Evans is right.

The former MI5 Director-General, Jonathan Evans, has thoughts.

Acknowledging that use of encryption had hampered security agencies’ efforts to access the content of communications between extremists, Evans added: “I’m not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly.

This is a startlingly rare comment for a spook. In general, they talk about encryption in terms of a balance between security and liberty. The trade-off between surveillance and information security is left to a secondary debate within the IT world, which itself tends to be framed as a debate about surveillance versus liberty.

This mirrors the structure of the intelligence agencies. GCHQ owns the previously independent security mission. With its special right of direct access to the prime minister, it’s no surprise that the offensive, collection oriented side of the agency won out over boring information assurance. At the same time, MI5 and the SIS can only envy GCHQ’s special access, as well as being heavy customers for its product and therefore lobbyists for its interests.

Evans, however, argues for a genuinely strategic appreciation of the problem. The terrorists exist and probably will for the rest of our lives. But so does the information security threat. And it is bound to get worse as more and more systems are network-attached – and as old ones are explored. Exploits, as they say, only get better. If the country is going to be full of dodgy Internet of Things devices connected to the national grid, this is potentially much worse than a couple of stabbings with better PR. If it’s possible to influence the elections with a horde of fake Twitter accounts, not so good either.

So there’s not just a trade-off between spying and not spying; there’s a trade-off between threats, which is after all the essence of strategy. The crypto warriors are chasing today’s menace or possibly yesterday’s while undermining our defences against those of tomorrow.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>