Terror law expert to Why backdoors when there's so much other data to slurp?

We leave huge digital paper trails, but biz can still do more

By Rebecca Hill


Secure end-to-end encrypted comms is a desirable technology that governments should stop trying to break, especially as there's other information to slurp up on crims, UK politicians were told this week.

Blighty's former independent reviewer of terrorism legislation, David Anderson, told the House of Commons Home Affairs Committee on Tuesday that there are plenty of sources of intelligence for law enforcement to get their hands on, rather than banging the drum for backdoors in communications.

In what has now become a frustratingly standard question from politicians about tech companies' role in the war on terror, Anderson was asked if he thought the state would ever get access to encrypted messages for security purposes.

"No," he replied. "Because end-to-end encryption is not only a fact of life, it is, on balance, a desirable fact of life. Any of us who do our banking online, for example, are very grateful for end-to-end encryption."

The debate, Anderson continued, was sometimes wrongly "portrayed in very black and white terms, as if the world is going dark and because of end-to-end encryption we're all doomed".

He argued that although the loss of information the state can gather from the content of someone's communications is "very significant", it is tempered by the mass of other data it can slurp from elsewhere.

"I mean who would have thought 30 years ago you could track somebody's movements all around London by Oyster card? And you don't even need the Oyster anymore, because you can get the location data from the phone company. It's almost as good as having someone on their tail the whole time."

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors


He said that the most striking of these measures are those contained in the controversial Investigatory Powers Act, which allow public authorities to gain access to 12 months' worth of a person's internet connection records from their provider.

"The more people spend their lives online, the more revealing that behaviour becomes," Anderson said.

But although Anderson may not share the government's magical thinking when it comes to backdoors, he does believe tech firms could be doing more to help tackle terrorism.

This includes being more cooperative in helping governments hack into physical devices (we think he's looking at you, Apple).

Anderson also expressed surprise at admissions from social media companies – also made to the Home Affairs Committee – that they were only actively searching for content from one proscribed organisation (ISIS).

Referring to terrorist videos coming up in the first line of searches, Anderson appeared sceptical of Google's efforts too. "This from the master of search engine optimisation," he said. "If I may say so, I would advise you [the committee] to keep up the pressure."

He also questioned whether a "West Coast" attitude to free speech meant companies were less responsive to other states' opinion on what needs to be taken down – but said he'd rather firms "recognise they're working in a global environment" so they didn't end up with a "heavy-handed approach" to regulation.

D'oh! Amber Rudd meant 'understand hashing', not 'hashtags'


When pressed on what he thought of taxes, fines or other punitive measures – for instance those recently imposed by Germany – Anderson said that was one possible way, but increased transparency was another.

"If we as a state are effectively outsourcing these Ofcom-like functions to these private operators, surely we need to see not just their terms of service but the internal guidelines they're applying when they decide to take these down," he said.

He also pointed out that although companies might say they have 5,000 people looking at content, they won't say exactly where they are – "in which case they might all be [in Germany] because that's where the fines are".

But, Anderson cautioned, the issue of regulating the internet and big business would be the biggest global legislative issue of the next decade.

"Anyone who thinks they've got easy answers has a long way to go and a lot more thinking to do." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

When's a backdoor not a backdoor? When the Oz government says it isn't

Draconian new proposals on data privacy from Australia

WordPress captcha plugin on 300,000 sites had a sneaky backdoor

WordFence says a fix has landed

The off-brand 'military-grade' x86 processors, in the library, with the root-granting 'backdoor'

Black Hat Dive into a weird and wonderful 'feature' of Via's embedded hardware chips

WD My Cloud NAS devices have hard-wired backdoor

UPDATE This is serious: some of the messed-up machines can host VMs and databases

Oz government says UK's backdoor will be its not-a-backdoor model

Investigatory Powers Act suggested as good model for local crypto workaround

New law would stop Feds from demanding encryption backdoor

The Secure Data Act has returned and is lookin' for love

Cisco sneaks hardcoded secret root backdoor into vid surveillance kit

Who watches the watchers? Anybody who has the login

FBI chief asks tech industry to build crypto-busting not-a-backdoor

'You guys can build anything if you put your mind to it' is the gist of the argument

Creepy backdoor found in NetSarang server management software

Do you use this suite? If yes: A July 18 update screwed over your security

Telegram chat app founder claims Feds offered backdoor bribe

Pavel Durov flings Twitter dooky at rivals Signal, says US govt funds their encryption