UK cyber-security firms join Cameron for 'controversial' US trip

News by Tim Ring

PM's Washington visit includes promoting UK cyber-skills and seeking to circumvent encryption.

A select band of UK cyber-defence companies are accompanying David Cameron on what is likely to be a controversial visit to Washington this week - as the PM reportedly aims to lobby President Obama on rolling back data encryption and seeking to get US tech companies to do more to block terrorist content.

The 12 UK firms, specialists rather than ‘household names', will be discussing joint R&D proposals and meeting potential customers in the US finance, commercial and government sectors. They include firms like Darktrace, Cambridge Intelligence and Digital Shadows.

Dave Palmer, co-founder and director of technology at Darktrace, told “From the UK trade and industry perspective, a large part of the visit is about restating the UK as a big player in terms of skills and knowledge and intellectual property in cyber-defence.”

But this is likely to be less reported than Cameron's controversial bid to enable UK spies to access all emails and other communications, in order to combat extremism.

As SC reported earlier this week, Cameron has been slated by the UK cyber-security community as ‘living in cloud cuckoo land' for seemingly suggesting internet companies could stop encrypting communications or introduce government backdoors, to help the security services.

But undaunted, the Wall Street Journal says Cameron plans to ask the President face-to-face to criticise US tech companies such as Microsoft, Facebook, Google and Apple who, post-Snowden, have started to encrypt their communications by default.

According to The Daily Telegraph, the PM will also raise the idea of companies such as Twitter and Facebook giving UK spies access to the accounts of potential jihadists plotting attacks, and telling the British authorities of any extremist discussions on their networks.

But UK cyber-security experts remains sceptical that Mr Cameron will get anywhere with his campaign.

Professor Alan Woodward, a Europol adviser, told SC: “Do we want to listen into the content of terrorists' messages? I think most people would say yes. But the problem is the practicality.

“The internet is awash with encryption to try to secure it, and you can't uninvent encryption, you can't put that genie back in the bottle.

“And if you deliberately weaken encryption to stop terrorists, you will inherently make everybody less secure.”

Woodward said Cameron's efforts to get internet and social media companies to help monitor content is more practical.

“They do that anyway – with child exploitation, or extremist videos of someone being beheaded, you quite often find it being taken down as soon as it's reported.

“Handing over accounts, going along with a warrant and saying we need you to close down that Twitter account or access it for us, that's not technically impossible.

“I think that's what Cameron is going for - we want to be on the acceptable list along with the US Government. But if US companies do it for the UK, where do they stop? Do they do it for China, for Russia?”

Darktrace's Dave Palmer welcomed the fact that at least cyber-security and privacy issues were now being discussed at the highest level.

He told SC: “It's the first time I'm aware of that a topic like this has been discussed as an open policy – that is a huge sea-change from where we've been in the past.

“It's brilliant that cyber is on an agenda like this, as is Governments having an open debate with the population and with each other about what is the right thing to do in the future.

“I genuinely think these specific policies may become an electoral issue. It's something that significant numbers of people will have extremely strong views on, possibly in both directions, and that's progress.”

But he was also glad Darktrace by design doesn't hold any customer data. “It means we can operate in most territories without having to face the spectre of being compelled. Helping what someone would think of as a friendly government is one thing. Setting a precedent so that any country you operate in has the ability to compel this data out of you – I think that will be pretty tricky for a lot of companies.”

He added: “It will be interesting to see what comes out of the policy discussions on this visit. I would be surprised if there is any resolution or whether it's a stepping stone to further discussions in future.”

Meanwhile, internet companies represented by the Internet Services Providers' Association (ISPA) are opposed to the kind of changes being mooted by the PM.

ISPA secretary general Nicholas Lansman told SC via email: “There are existing legal processes for law enforcement to access communications data so it is wrong to suggest that the internet is a ‘safe haven for terrorists'.

“The proposal that companies should monitor all communications online runs counter to the legal framework that underpins the internet, which forbids unwarranted monitoring of customers' communications.“

ISPA added in a statement: “Restricting the use of encryption and encrypted communication, as suggested by the Prime Minister, further risks undermining the UK's status as a good and safe place to do business. Encryption is widely accepted as a key measure to safely do business online.“

Instead ISPA is backing an ongoing independent, government-commissioned review into investigatory powers being led by David Anderson QC. The review is set to report before the election.

The 12 UK cyber-security companies involved in this Thursday and Friday's Washington visit are Cambridge Intelligence, CertiVox, CyberLytic, Darktrace, Deep-Secure, Digital Shadows, Garrison Technology, Panaseer, RepKnight, Ripjar, Surevine and Titania.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews