Terror law expert to UK.gov: Why backdoors when there's so much other data to slurp?

We leave huge digital paper trails, but biz can still do more

A silhouette walks through a keyhole leaking binary

Secure end-to-end encrypted comms is a desirable technology that governments should stop trying to break, especially as there's other information to slurp up on crims, UK politicians were told this week.

Blighty's former independent reviewer of terrorism legislation, David Anderson, told the House of Commons Home Affairs Committee on Tuesday that there are plenty of sources of intelligence for law enforcement to get their hands on, rather than banging the drum for backdoors in communications.

In what has now become a frustratingly standard question from politicians about tech companies' role in the war on terror, Anderson was asked if he thought the state would ever get access to encrypted messages for security purposes.

"No," he replied. "Because end-to-end encryption is not only a fact of life, it is, on balance, a desirable fact of life. Any of us who do our banking online, for example, are very grateful for end-to-end encryption."

The debate, Anderson continued, was sometimes wrongly "portrayed in very black and white terms, as if the world is going dark and because of end-to-end encryption we're all doomed".

He argued that although the loss of information the state can gather from the content of someone's communications is "very significant", it is tempered by the mass of other data it can slurp from elsewhere.

"I mean who would have thought 30 years ago you could track somebody's movements all around London by Oyster card? And you don't even need the Oyster anymore, because you can get the location data from the phone company. It's almost as good as having someone on their tail the whole time."

Brit Prime Minister theresa may at a podium

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

READ MORE

He said that the most striking of these measures are those contained in the controversial Investigatory Powers Act, which allow public authorities to gain access to 12 months' worth of a person's internet connection records from their provider.

"The more people spend their lives online, the more revealing that behaviour becomes," Anderson said.

But although Anderson may not share the government's magical thinking when it comes to backdoors, he does believe tech firms could be doing more to help tackle terrorism.

This includes being more cooperative in helping governments hack into physical devices (we think he's looking at you, Apple).

Anderson also expressed surprise at admissions from social media companies – also made to the Home Affairs Committee – that they were only actively searching for content from one proscribed organisation (ISIS).

Referring to terrorist videos coming up in the first line of searches, Anderson appeared sceptical of Google's efforts too. "This from the master of search engine optimisation," he said. "If I may say so, I would advise you [the committee] to keep up the pressure."

He also questioned whether a "West Coast" attitude to free speech meant companies were less responsive to other states' opinion on what needs to be taken down – but said he'd rather firms "recognise they're working in a global environment" so they didn't end up with a "heavy-handed approach" to regulation.

Amber rudd holds forth

D'oh! Amber Rudd meant 'understand hashing', not 'hashtags'

READ MORE

When pressed on what he thought of taxes, fines or other punitive measures – for instance those recently imposed by Germany – Anderson said that was one possible way, but increased transparency was another.

"If we as a state are effectively outsourcing these Ofcom-like functions to these private operators, surely we need to see not just their terms of service but the internal guidelines they're applying when they decide to take these down," he said.

He also pointed out that although companies might say they have 5,000 people looking at content, they won't say exactly where they are – "in which case they might all be [in Germany] because that's where the fines are".

But, Anderson cautioned, the issue of regulating the internet and big business would be the biggest global legislative issue of the next decade.

"Anyone who thinks they've got easy answers has a long way to go and a lot more thinking to do." ®

Sponsored: Minds Mastering Machines - Call for papers now open


Biting the hand that feeds IT © 1998–2018