Guardian: Tim Berners-Lee: encryption cracking by spy agencies 'appalling and foolish'

http://www.theguardian.com/world/2013/nov/06/tim-berners-lee-encryption-spy-agencies

Tim Berners-Lee: encryption cracking by spy agencies 'appalling and foolish'

Inventor of world wide web condemns 'dysfunctional and unaccountable' oversight as intelligence chiefs face MPs

Ed Pilkington

6 November 2013

Sir Tim Berners-Lee, the computer scientist who created the world wide web, has called for a "full and frank public debate" over internet surveillance by the National Security Agency and its British counterpart, GCHQ, warning that the system of checks and balances to oversee the agencies has failed.

As the inventor of the global system of inter-connectivity known as the web, with its now ubiquitous www and http, Berners-Lee is uniquely qualified to comment on the internet spying revealed by the former NSA contractor Edward Snowden.

In an interview with the Guardian, he expressed particular outrage that GCHQ and the NSA had weakened online security by cracking much of the online encryption [1] on which hundreds of millions of users rely to guard data privacy.

He said the agencies' decision to break the encryption software was appalling and foolish, as it directly contradicted efforts of the US and UK governments to fight cybercrime and cyberwarfare, which they have identified as a national security priority. Berners-Lee also said it was a betrayal of the technology industry.

In contrast to several senior British politicians -- including the prime minister, David Cameron [2] -- who have called for the Guardian to be investigated over reporting of the Snowden leaks, Berners-Lee sees the news organisation and Snowden as having acted in the public interest.

"Whistleblowers, and responsible media outlets that work with them, play an important role in society. We need powerful agencies to combat criminal activity online -- but any powerful agency needs checks and balances and, based on recent revelations, it seems the current system of checks and balances has failed," he said.

The damning assessment was given as the heads of GCHQ, MI5 and MI6 prepared to face questioning by MPs in the Commons on Thursday. In an unprecedented hearing in Westminster, questions over the conduct of Britain's spy agencies will be raised when the heads of the three secret services go before parliament's intelligence and security committee.

The 90-minute session will give the nine-strong committee, led by Sir Malcolm Rifkind, a chance to question the agencies about the reach of the mass surveillance programmes that have provoked a global debate about privacy in the internet age. While critics have often despaired of the ISC's lack of clout, Rifkind has promised to use new powers to provide robust scrutiny of the agencies and restore public confidence in what they have been doing.

As the director of the World Wide Web Consortium (W3C) that seeks to forward global standards for the web, Berners-Lee is a leading authority on the power and the vulnerabilities of the internet.

He said the Guardian's coverage of the Snowden leaks had to be seen within the context of the failure of oversight of GCHQ's and the NSA's surveillance activities. "Here is where whistleblowing and responsible reporting can step in to protect society's interests.

"It seems clear that the Guardian's reporting around the scale and scope of state surveillance has been in the public interest and has uncovered many important issues which now need a full and frank public debate."

Talking in his office at the Massachusetts Institute of Technology in Cambridge, Massachusetts, Berners-Lee said that though he had anticipated many of the surveillance activities exposed by Snowden, including taps on the internet through the Prism program, [3] he had not been prepared for the scale of the NSA/GCHQ operations. "I didn't realise it would be so big," he said.

At worst, such spying could damage the public's confidence in the intimate privacy of the internet as a free and safe place to interact. "When you take away the safe space, you take away a lot of the power of human problem solving," he warned.

Berners-Lee will mark the 25th anniversary of his invention of the web next year by campaigning for greater public awareness of threats to the internet and by pushing for a charter that would codify the rights of all its users. As head of the World Wide Web Foundation, on 22 November he will release the 2013 Web Index, [4] which measures the web's growth, utility and impact across about 80 countries -- including indicators on censorship and surveillance.

The scientist, who was honoured in the opening ceremony of the London Olympics, reserved his harshest words for GCHQ and the NSA's undermining of the protection afforded by encryption, which he said would benefit organised criminal hacker gangs and hostile states.

"In a totalitarian state where it reckoned it was the only strong state in the world, I can imagine that being a reasonable plan. But in this situation, internet security is hard. It's naive to imagine that if you introduce a weakness into a system you will be the only one to use it."

He also criticised the cracking of encryption on ethical grounds: "Any democratic country has to take the high road; it has to live by its principles. I'm very sympathetic to attempts to increase security against organised crime, but you have to distinguish yourself from the criminal."

Berners-Lee said that the series of Snowden disclosures revealed a failure at the heart of oversight in both the US and UK governments, which he called "dysfunctional and unaccountable". The leaked documents raised the question: who guards the guards themselves?

In practice, he said, the only practical answer to that question was the whistleblowers. He called for the introduction of an international system of protection for whistleblowers such as Snowden, who has taken a year's temporary refuge in Russia.

The Obama administration has pursued official leakers heavily, launching eight prosecutions under the 1917 Espionage Act including that of Snowden himself -- more than twice the total number under all previous presidents.

"Civilisation has to a certain extent depended on whistleblowers, and therefore you have to protect them," Berners-Lee said.

[1] http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

[2] http://www.theguardian.com/world/2013/oct/28/david-cameron-nsa-threat-newspapers-guardian-snowden

[3] http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

[4] http://thewebindex.org/