MI5 chief asks tech firms for 'exceptional access' to encrypted messages

Dan Sabbagh Defence and security editor
Photograph: Stefan Rousseau/PA

MI5’s director general has called on technology companies to find a way to allow spy agencies “exceptional access” to encrypted messages, amid fears they cannot otherwise access such communications.

Sir Andrew Parker is understood to be particularly concerned about Facebook, which announced plans to introduce powerful end-to-end encryption last March across all the social media firm’s services.

In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.

The result, he says, is that cyberspace has become “a wild west, unregulated, inaccessible to authorities”, as he repeated calls that have been made by Britain’s spy agencies in recent years for special access to encrypted messages.

Although Parker did not specifically mention Facebook, security sources said of particular concern was the company’s encryption plans, because of the global popularity and influence of the company.

Parker called on the tech firms to “use the brilliant technologists you’ve got” to answer a question: “Can you provide end-to-end encryption but on an exceptional basis – exceptional basis – where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?”

Spy agencies and technology companies have been battling over how much access to provide to encrypted communications, as secure end-to-end encryption becomes increasingly prevalent.

It is already used by Signal and the Facebook-owned WhatsApp, but Mark Zuckerberg, Facebook’s chief executive, wants to extend it across Facebook’s other products, including its own brand messaging service.

In November 2018, Ian Levy, the technical director of GCHQ’s National Cyber Security Centre, proposed that tech companies send a copy of encrypted messages when requested following a warrant to spy agencies, a technique known as the “ghost protocol”.

That was rejected six months later by a group of technology companies, including Apple and Whatsapp, which said it would risk misleading users because it would secretly turn “a two-way conversation into a group chat where the government is the additional participant”.

Parker’s return to the fray demonstrates how concerned security agencies are about the issue, and comes after the controversy generated by the Edward Snowden revelations, in which UK and US spy agencies were forced to admit how far they had been able to gain access to older communication technologies.

That controversy led tech companies to begin developing stronger privacy protections, using end-to-end encryption of the type that, in theory, is very difficult for law enforcement agencies to access without knowledge of the encoding key.

A spokesperson for Privacy International, a technology human rights group, said strong encryption kept communications safe from criminals and hostile governments.

“The reality is that these big tech platforms are international companies: providing access to UK police would mean establishing a precedent that police around the world could use to compel the platforms to monitor activists and opposition, from Hong Kong to Honduras,” the spokesperson added.

Parker’s demand comes in an interview as part of an ITV documentary about the work of the domestic intelligence agency MI5. In it, he acknowledges that it is not possible to stop every terror plot.

He says he tells ministers that in the event of an attack, “the very high likelihood is that it will be done by somebody who appears in our records somehow”. But he adds that “there are thousands of them and we cannot – cannot – monitor closely what all those people are doing all the time”.

The agency has more than 20,000 persons of interest on its database, and is responsible for monitoring and preventing Islamist threat, dissident paramilitary groups in Northern Ireland and, since 2018, far-right extremism.

Parker is due to step down in the spring at the end of his statutory term. He acknowledged that the toughest point in his time as director general was in 2017, when there was a run of terror attacks, including at Westminster, Manchester and London Bridge.

Asked if he felt he was not in control of the security situation at the time, Parker said: “Well we’re not in control of it ever, are we? To be in control would mean that somehow we could manage this whole landscape and stop everything. We can’t. We can’t do that.”