The debate over whether authorities should be able to bypass encryption in the name of national security has been reignited after UK Home Secretary Amber Rudd called it “completely unacceptable” that the government cannot readily access communications.
Critics point out that calls to expand intrusive surveillance powers often follow terrorist attacks. In London last week, a vehicle attack on Westminster Bridge left five people dead and more than twenty injured after Khalid Masood drove into pedestrians and fatally stabbed Police Constable Keith Palmer, who died defending Parliament.
“It is completely unacceptable. There should be no place for terrorists to hide,” Rudd said. “We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other.”
While Masood had previously appeared on a terror watch list, he had been removed, a decision that proved disastrous. The focus, many argue, should be on why he was no longer considered a threat rather than exploiting public fear to introduce wider, more intrusive laws.
Similar to Masood, authorities had sufficient intelligence to highlight Amri as a threat
Rudd has summoned leaders of major technology companies to a meeting scheduled for Thursday 30 March to discuss possible solutions. She hopes firms will agree to cooperate voluntarily, though she did not rule out introducing legislation if voluntary cooperation cannot be secured.
“These people have families, have children as well,” she added. “They should be on our side, and I’m going to try to win that argument.”
In the days after the London attack, the Metropolitan Police said officers seized 2,700 items of evidence, including “massive amounts of computer data,” across searches at 16 properties, with five searches still ongoing. A 30-year-old man was arrested in Birmingham on suspicion of preparing terrorist acts, becoming the 12th person detained in connection with the incident.
Although not officially confirmed, it is likely that the seized computer data contributed to the subsequent arrests, which authorities may use to support Rudd’s position. However, all but two of those detained have since been released, suggesting either insufficient evidence to charge them or mistaken suspicion.
Following a parliamentary inquiry it emerged that Anis Amri, who carried out a deadly attack on a Berlin Christmas market last year that killed 12 people, had been known to intelligence services as planning a suicide attack nine months earlier. Germany’s state criminal police reportedly warned regional authorities in a confidential memo last March that intercepted communications suggested Amri was planning a suicide attack and recommended his deportation.
Government calls to expand intrusive surveillance measures often follow terrorist attacks like the tragic events in London
The state government of North Rhine-Westphalia determined the deportation order could not be legally enforced, allowing Amri to remain free before he carried out the attack. Uwe Jacob, head of the North Rhine-Westphalia Landeskriminalamt, said his team suspected Amri after the Berlin attack occurred. “Our immediate reaction was please don’t let it be Amri,” Mr Jacob told the inquiry.
Similar to the case of Masood, authorities had gathered intelligence indicating Amri posed a threat, but failures to act on that information contributed to lives being lost and many people suffering serious injuries.
“It is right that technology companies should help the police and intelligence agencies with investigations into specific crimes or terrorist activity where possible,” said Jim Killock, Executive Director of the Open Rights Group. “This help should be requested through warrants and the process should be properly regulated and monitored.”
“However, compelling companies to put backdoors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop and bank safely.”
Intentionally weakening apps by inserting vulnerabilities would also expose them to exploitation by actors outside government. Recent leaks have shown that intelligence agencies have at times retained discovered vulnerabilities for operational use rather than disclosing and patching them, increasing the risk that those flaws could be turned against the public.
Where a threat is suspected, security agencies already possess extensive powers to obtain information when they secure the correct warrants. The real question is whether existing intelligence could be better used to prevent known threats like Masood and Amri from carrying out attacks.
Do you think authorities should be able to bypass encryption? Share your thoughts in the comments.