nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Why Bletchley Park could never happen today

Can you keep a secret? No, course you can't

By SA Mathieson, 25 Oct 2013

Feature Following the torrent of revelations about US and British government surveillance unleashed by whistle-blower Edward Snowden, we now know what many had previously guessed: with a few exceptions*, the spies have the electronic world pretty much wired.

Some spied-upon countries – such as Brazil and Germany – have reacted furiously, and the articles published by the Guardian and others have started a debate in the United States which might lead to some changes.

The reaction in Britain, though, has been muted. We love our spooks, both fictional, like James Bond, and semi-legendary, like those who worked at Bletchley Park. Britain’s World War II code-breaking centre remained a secret for three decades after the end of the war – a war which some historians believe those at the centre shortened by two years. It now hosts a wonderful set of preserved buildings and exhibits, including The National Museum of Computing.

Rebuilt Bombe Bletchley Park, photo copyrighted mubsta.com

A rebuilt Bombe, Bletchley’s first code-breaking machine – an electro-mechanical device designed by Alan Turing and fellow mathematician Gordon Welchman, following development work by the Polish Cipher Bureau. Photo by: mubsta.com

But while Bletchley’s heroes are rightly venerated, the Snowden affair suggests that the model it pioneered – still used by its successor GCHQ and its American big brother the NSA – may be heading towards obsolescence.

The end of spying as we know it?

Bletchley Park relied on total, long-term secrecy over its methods. If the Nazi regime had realised that the Allies were breaking its "unbreakable" Enigma machines on a routine basis, the game would have been up. But that secret was kept for the entire war and for three decades beyond.

The expiry period for such secrets is a bit shorter these days: it has taken less than two years for GCHQ’s Tempora project's access to undersea cables to become common global knowledge. So what has changed?

Firstly, whistle-blowers have become much more efficient, even in the last decade. In 2003, GCHQ translator Katherine Gun leaked an email on the NSA’s bugging of the United Nations in the run-up to Iraq War. (She was cleared of charges under the Official Secrets Act when the prosecution offered no evidence in her trial.) In 2013, Edward Snowden’s material has blown the gaff on everything from numerous modern-day NSA and GCHQ capabilities and methods to their dodgy taste in PowerPoint graphics.

As Chelsea (formerly Bradley) Manning and WikiLeaks demonstrated, the combination of networked secret agencies and high-capacity storage devices can allow one person to do an enormous amount of leaking, and with the actual documents rather than deniable claims.

No doubt such agencies are currently working on how they might prevent this in future. The problem is that the obvious answer – stopping flows of information by heavily compartmentalising such agencies – would presumably greatly hamper their efficacy. Otherwise why let an NSA contractor in Hawaii slurp GCHQ’s wiki?

The enemy of my enemy... hang on, who IS the enemy?

Secondly, the type of enemy the secret agencies were built to fight is no longer their main target (unless they are taking a greater interest in China than they let on).

This may be the only example of Nazis being an enemy you would choose: they were highly organised, operated in known areas and used Enigma machines for nearly everything, making it both worthwhile and possible to read all their communications.

Terrorists – a definition which is itself sometimes a matter of opinion – comprise a wide range of groups and individuals, who use whatever they can and may operate anywhere and infiltrate any group – or indeed, become aligned to the cause while in a group which first appears at odds with it. In spy logic, that makes it desirable to be able to spy on everyone, using everything, everywhere.

And that leads to the question of loyalty. During World War II and the Cold War, it wasn’t hard for most people to decide which side they were on – although even then, the likes of Anthony Blunt chose differently. Since 1989, the threats to the countries of the free world have been from terrorists who certainly wish to commit mass murder, but do not pose an existential national threat.

However, the way such terrorists have operated has convinced many politicians to reduce the freedoms of their own people, particularly to personal privacy – a contentious choice, given it means secret agencies carrying out mass surveillance on their own people and allies. A whistle-blower exposing how this works will probably commit career suicide and may end up in exile or prison, but will also be treated as a hero by many.

Quis custodiet ipsos custodes?

There are also the specific circumstances of people like Snowden. Those at Bletchley Park were serving King and Country, but the NSA in particular outsources work to private companies – Snowden was working for contractor Booz Allen Hamilton when he flew the roost. And regardless of current employer, few people now expect to have a job for life, reducing the default loyalty of previous generations.

More specifically, the digitisation of spying has required agencies to recruit digitally minded people – there may even be a GCHQ job ad by the side of this article. To generalise enormously, quite a few techies have what might be called a digital morality, seeing things as right or wrong and believing that the latter should be exposed for the common good. That works rather well for developing open-source software, but such people seem more likely than most to blow whistles. You could see certain readers of The Register as freedom’s last, best hope.

Finally, the media is learning to arbitrage nationalities. Once upon a time, government officials would have leaned on Fleet Street to keep a national secret under its collective hat. They tried it this time too, but following the lead of WikiLeaks, The Guardian now shifts between acting as a British newspaper, an American website and a Brazilian blog, depending on convenience.

And while its editor acquiesced by smashing up a computer in its London basement while GCHQ staff watched, both parties knew full well that the documents it held could still be turned into copy in the Americas.

This all creates conditions which make it much harder for the secret world to keep its digital methods secret, encouraging terrorists to move off-grid – which is, after all, where real terror is created, with guns and bombs rather than computers crashing. One implication is that governments should consider moving funds from signals intelligence (sigint) to human intelligence, the real-world spies that infiltrate terrorist groups.

But we would still need sigint – with reforms. Former NSA boss General Michael Hayden has said his agency needs to “show a lot more leg” with greater transparency and scrutiny to maintain public confidence, and Dame Stella Rimmington, one-time head of MI5, has made similar comments.

Secret source...

There is a model for this. It is not a secret that Britain always has a nuclear-armed submarine at sea – that’s how it works as a deterrent. Neither are the capabilities of the police secret. The existence of the sub and the police’s powers are constantly up for debate and can be changed, but there are rarely whistles to be blown (when they are, it’s often because the police have secretly exceeded these powers).

Operational secrets remain – where the sub is, who the police are investigating – but only have short-term value. The methods are not secret, something which is also largely true for physical spying, given it is as old as humanity. Yet they still work.

Secrecy over methods has to last for years or decades until they become obsolete, and given the often-grey ethics at work, it is highly vulnerable to whistleblowing. The government could give the whistlers nothing to blow about – by stating GCHQ’s capabilities, at least for the surveillance of individuals if not other governments, and getting them explicitly cleared (or not) by Parliament. Its operations would remain secret, but its broad methods would be officially known to all.

In the wired digital world partly created by GCHQ - and indirectly by Bletchley – it is nearly impossible to keep a secret for long. It’s looking like that applies to the spies, too.

In the 1940s and beyond, Bletchley to all intents never existed. Now it’s a tourist attraction. Until the early 1980s, GCHQ didn’t officially exist: now it’s on Google Earth and the sides of Cheltenham’s buses. The government abandoned secrecy over the agency’s existence, as it had become futile and ridiculous. It’s time to go much further: in General Hayden’s words, to show a lot more leg. ®

* Including, according to Snowden, only exceptionally well-executed strong encryption.

The Register - Independent news and views for the tech community. Part of Situation Publishing