In the wake of the atrocious terror attacks that have targeted Manchester and London and affected the whole of the UK in recent weeks, the Prime Minister, Theresa May, has made various statements about the role she thinks ‘tech companies’ must play in tackling terrorism. Jim Killock, Executive Director of the Open Rights Group has kindly provided us with a guest blog discussing the PM’s recent comments and his concerns over the Government’s plans regarding encryption, censorship and their requirements on tech companies.
“In the wake of the terrorist attacks at London Bridge, Theresa May has called for Internet companies to do more so that there are ‘no safe spaces’ for terrorists online.
We must remember that these attacks were not just brutal assaults on individuals but an attempt to undermine the freedom and liberty we enjoy in this country. While some politicians may instinctively search for ‘anything’ that can be done to prevent future attacks, our response must uphold our values and democratic way of life. A free and open Internet has transformed how we live, communicate and share information – and we should protect that just as we should protect the democratic processes that the terrorists want to disrupt.
May’s proposals appear to be two-fold – that companies must ensure that the agencies can access any communications they wish and that they must do more to remove extremist content.
Calls for the security agencies to be able to access any communications are not new. In the wake of the Charlie Hebdo attacks in Paris in 2015, David Cameron said that there should be no means for communicating privately that the Government could not access. This line has been repeated often over the last couple of years. Following the Westminster Bridge attack, Home Secretary Amber Rudd said that it was ‘completely unacceptable’ that the police and intelligence agencies could not read messages that are protected by end-to-end encryption.
The powers to force companies to modify the security of their products now exist since the passing of the Investigatory Powers Act last December. This law also gave our law enforcement and intelligence agencies vast surveillance powers to hack devices and also to compel Internet Service Providers to collect and store their customers’ communications data.
One of the key problems with weakening or bypassing encrypted products is that it risks opening up the lives of millions of ordinary people to crime – such as online fraud that could itself be used to fund further terrorist attacks.
Encryption is the backbone of Internet security. Without it, we could place ourselves at risk whenever we shop, bank or communicate online. Security experts are as united about the dangers of weakening Internet security as climate scientists are about global warming.
From another angle, it seems plain that individuals, or companies, ought to be able to choose the defensive security they feel they need. Undermining people’s right to defend their own property and communications as they see fit seems a high price to pay.
There have also been calls for more to be done to remove extremist content and propaganda from platforms such as YouTube. The Conservatives want to push for companies to have more responsibility for identifying and removing extremist content. This would inevitably require more use of algorithms and automated ways of identifying content.
Companies are likely to err on the side of caution – particularly if penalties are imposed – and we would likely see the removal of content that challenges extremism if it uses key words and images that are associated with terrorist groups like Isis. It appears that this would be done with little or no oversight from the courts – unless something failed to be censored.
Extremists are likely to find other encrypted messaging systems and other platforms to share their propaganda among their cliques and plan future crimes. It is possible that these measures could make it harder to track criminals, for instance by losing the metadata from companies like WhatsApp, or being less able to remove propaganda if it moves off Youtube.
That is not to say that our agencies should not try and disrupt these activities whenever they can, but we need to move beyond laying the responsibility for counter terrorism at the door of tech companies. The government needs to look closely at the social drivers of extremism, including at their foreign policy, for the long term solutions.”
Of course we agree that everything within our collective power should be done to tackle terrorism to avoid further attacks. However, as Mr Killock explains, there are a number of significant concerns from industry (and the wider public) regarding the Government’s current plans. The risk of implementing back-door access and reduced encryption is significant and could severely affect the security of our day-to-day online activities.
ISPA recently released a statement with similar concerns: “The Internet industry takes this issue very seriously, and together with relevant authorities and civil society, continually looks to improve processes and ways of removing content. Significant steps have been taken over recent months and years to limit the ability of terrorists to misuse the internet and social media.
The UK Government and the security services already have substantial powers in this area and the Internet industry complies with the laws and regulations in the UK and elsewhere. When considering the need for more powers to regulate the Internet, policymakers need to be fully aware of the effectiveness of existing powers, resources to deal with the threat and the impact any new measures may have, including unintended consequences that could undermine our defences – for instance the weakening of cyber security.
Technology is only one part of the wider approach to dealing with radicalisation, which is a complex international challenge that requires an international response.”
The answer to tackling terrorism is far from simple and we encourage the Government (whoever they be after Thursday’s election) to work alongside the industry to achieve the best solutions and avoid dictating potentially damaging policies and actions.
Have your say!
Do you think the ‘tech companies’ are doing enough to work with the Government to tackle terrorism or is there room for improvement? Do you think encryption should be removed/reduced or are you concerned that would open the door to fraud and further issues? Have your say with a comment below.
- Entanet Opinion: Guest Blog: ISPAs ongoing concerns over the IPB
- Entanet Opinion: Looks like the IPA and EU can’t co-exist after all!
- Entanet Opinion: It’s USOs all round in the party election manifestos
- Entanet Opinion: Guest Blog: What will 2017 hold for the industry?
Rate our article...