MI5 director general Andrew Parker has argued for the ability of police and the intelligence services to be able to access private electronic communications in his first even live interview.
The interview, conducted by BBC journalist Mishal Husain on Radio 4's Today Programme on Thursday, was notable for the fact that it was the first ever live interview by any head of the MI5 in its 106 year history.
In his interview, he called on social media companies to cooperate with the security services and police to turn over the communications of those suspected of terrorism, child sexual exploitation and serious crime.
“Because of the threat that we face from terrorists, if we are to find and stop the people that mean us harm, MI5 and others need to be able to navigate the internet, to find terrorist communications, to be able to use databases to find and stop the terrorists who mean us harm before they can bring their plots to fruition,” Parker said. “We have been pretty successful at that in recent years but it is becoming more difficult to do that as technology changes faster and faster.”
His views echoed comments made to SCMagazineUK by senior law enforcment officers, including Commissioner Adrian Leppard of the City of London Police (see interview in next month's SC Magazine, October), and Jamie Saunders, director of the National Cyber Crime Unit at the NCA last year, both calling for legal access to encrypted data.
Husain challenged him to admit that he was seeking further powers for MI5, an assertion he deflected by noting that it was not for MI5 to decide these things. “We operate within a framework set by Parliament and independently overseen and as our capabilities move forward, the legislation is updated from time to time to ensure we are operating under modern, straightforward law that describes as fully and transparently as it can what MI5 does these days,” he said.
It is widely believed that the government is moving to reintroduce some variation of the Draft Communications Data Bill, the so-called Snooper's Charter, and this week the home secretary Theresa May held talks with the bosses of internet and social media companies, presumably to test the waters and pave the way.
Parker emphasised throughout the interview the need for the intelligence services to work within the framework of the law and with cooperation of the technology companies to collect the information that he believes is vital to keeping society safe.
“James Comey [director of the FBI] has referred a few times publicly to what he refers to as 'going dark' by which he means shifts in technology, particularly internet technology, and the use of encryption and so on creating a situation where law enforcement agencies and security agencies can no longer obtain under proper legal warrant the content of communications between people they have reason to believe are terrorists,” Parker said. “That is a very serious issue, it requires that there is a legal framework to authorise but it also requires the cooperation of companies that run services over the internet that we all use.”
He argued that technology companies have an “ethical responsibility” to cooperate with the authorities. “This question comes up in the realm of child sexual exploitation, terrorism, other forms of crime, and I think there's a real question about whether companies holding information of that sort – under what arrangements they should come forward to the authorities and share and report it,” he said.
One of the questions that crops up often in this argument is the extent to which technology companies can cooperate with the authorities. They may be reluctant to, partly on the grounds that they don't want to scare off their customers who may treasure their privacy but also because technically it can be difficult to comply with a court order to produce the data.
Encryption is getting more and more sophisticated, leading to a situation where the technology companies can't even break their customers' encrypted messages, as the US Justice Department discovered a few months ago when it asked Apple for messages that alleged drug dealers had exchanged over iMessage. Apple replied that it was impossible – because of encryption.
Governments have responded by threatening to legislate for encryption backdoors, much to the consternation of privacy advocates and cyber-security professionals, but apparently not a concern shared by the public as a whole – at least not in America.
One cyber-security expert who agrees with Andrew Parker is Dr Nithin Thomas, founder and CEO of SQR Systems, which specialises in real-time data encryption.
“As pointed out by Andrew Parker this morning, technology has advanced much faster than legislatures could have predicted and has begun to move beyond the reach of the law. The latest end-to-end security measures used by services like Apple's iMessenger have focussed purely on offering end-to-end protection of data without any consideration for the organisations that own the data and the legal obligations they have to meet. I believe the onus is on organisations to invest in gaining more control over the data they handle, and enable access when necessary in a more transparent way that is fully compliant to the legislation. This needs to be a universal standard across all forms of communication, not limited to a few select services.
“With the next generation of encryption it will be possible for organisations to meet their obligations from a legal perspective, without impacting the privacy and security that is so important to users.”
On a more sceptical note, Jacob Ginsberg, senior director of Echoworx has made the following comments: "No-one can argue with the fact that if the police were able to access and look inside all houses, they would catch more criminals. But is this going too far? Is the value gained from this type of intelligence worth watching citizens as if they were criminals? We also have to consider how this may be putting people at risk. History has shown that the government is subject to attacks just as much, if not more so than other parties. All of the data collected by the government will need to be stored somewhere, what's top stop someone hacking into and exposing that data? No-one is arguing whether we would catch more criminals, but there's a fine line and this would be crossing it. There is a balance that needs to be struck. I'm looking forward to hearing more about the specific details of the bill as the government moves forward. We will also be looking to make sure there's appropriate judicial oversight balancing the use of these powers."