FBI, Europol and MI6 gang up on tech firms over encryption

Worldwide law enforcement continues to voice concerns over technology companies' increasing use of encryption.

FBI, Europol and MI6 gang up on tech firms over encryption
FBI, Europol and MI6 gang up on tech firms over encryption

The FBI, Europol and Britain's MI6 separately expressed misgivings about technology companies this week, with encryption especially sweating under the microscope.

Coming just weeks after Prime Minister David Cameron's inferred comments that encryption should be banned, Europol's Rob Wainright, Mi6's Alex Younger and FBI's James Comey reopened fresh wounds, suggesting that encryption is being used by criminals to hide their activities.

Speaking on the BBC's 5 Live Investigates programme earlier this week, Wainwright was vocal in how encryption can hinder criminal investigations.

“There is a significant capability gap that has to change if we're serious about ensuring the internet isn't abused and effectively enhancing the terrorist threat,” said Wainwright, the Europol director.

On encryption, he added: “It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he said. "It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore."

Wainwright added, as Europol EC3 chiefs have before him, that terrorists are exploiting Tor darknets to be anonymous on the internet, and criticised Apple for allowing customers to encrypt data on their smartphones. Encrypted IM apps also cause for concern as well as Twitter, which is being used by ISIS for recruitment.

"We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet.

"[Tech firms] are doing it, I suppose, because of a commercial imperative driven by what they perceive to be consumer demand for greater privacy of their communications."

But a TechUk spokesman on the programme, added:  "From huge volumes of financial transactions to personal details held on devices, the security of digital communications fundamentally underpins the UK economy.

"Encryption is an essential component of the modern world and ensures the UK retains its position as one of the world's leading economies.

"Tech companies take their security responsibilities incredibly seriously, and in the ongoing course of counter-terrorism and other investigations, engage with law enforcement and security agencies."

Wainwright said that current laws are “deficient” and should be reviewed, but concurred: "We have to make sure we reach the right balance by ensuring the fundamental principles of privacy are upheld so there's a lot of work for legislators and tech firms to do."

Wainwright's comments came only days after FBI director Comey was speaking at Congress, in front of the House Appropriations Committee, imploring Congressmen to pass laws forcing technology companies to create backdoors.

He also suggested that the Obama administration might be crafting such a law right now. “One of the things that the administration is working on right now is, what would a legislative response look like that would allow us … with court process, to get access to that evidence”, he said.

FBI's own advice, on enabling encryption on mobile devices, was removed from its site late last week, something the agency has said was down to an “ongoing website redesign.”

Elsewhere, Alex Younger, the new head of MI6, was reported by The Guardian as saying that terrorists were increasingly exploiting internet technology.

Speaking at a conference in London this week, he said that the internet has offered both good points and bad, big data offered more targeted investigating, but technology had still created new vulnerabilities.

“The bad news is the same technology is in opposition hands, an opposition often unconstrained by consideration of ethics and law, which allows them to see what we are doing and to put our people and agents at risk,” he said.

“So we find ourselves in a technology arms race. Contrary to myth, human intelligence operations are not an alternative to technical operations – the two are interdependent and set to become more so.”

Adrian Culley, an independent cyber-security consultant and former Met Police Computer Crime Unit detective, told SCMagazineUK.com that, despite this flurry of publicity, this is not a new debate – with banning encryption on the map since the Walsh report was inadvertently published by the Australia Attorney General in 1999.

“This is not new; it's been going on for a long time. But I think there needs to be a deeper thinking on encryption at the moment - banning it is not the answer. You can't put the genie back in the bottle.”

“It's great Europol is addressing the issue but there's more work to do.” Culley added that part of this would involve educating senior management on the intricacies of encryption, as well as changing the law.

Citing RIPA, which he says has been used in the UK to get access to encryption keys, he said: “I think post-Snowden, it's clear that all legislation needs revisiting. With any legislation relating to tech, 15 years (when RIPA was first introduced) is a long time.”

Digital forensics expert and white-hat hacker Jonathan Zdziarski had some extra strong words when speaking to SC: “If there's one thing I've learned about government it's never to put even the dumbest idea past them.”

“[And] as far as whether any middle ground exists that would make everyone think so, I don't think so. Especially with Apple having such a strong posture that it's essential to freedom.”

He added on the future, there is the possible continuation of backdoors: “Backdoors existed before we ever started fighting about it so I suspect it will continue; at some point I'd expect to see someone try to push through some key escrow or backdoor legislation. I think this has already happened historically.”

“The only thing that's really changed is that privacy advocates have a new understanding of who their adversary is.”

close

Next Article in News