WavebreakmediaMicro - Fotolia
Law enforcement officers from the UK, Europe and the US have weighed in on the controversial issue of encryption at Infosecurity Europe 2015 in London.
In recent months, Europol director Rob Wainwright, FBI director James Comey, former European Cyber Crime Centre head Troels Oerting and GCHQ director Robert Hannigan have all warned that encrypted communications make it difficult to monitor terror suspects.
Europol consultant, cyber security expert and visiting professor at Surrey University Alan Woodward led the response on the issue of encryption in the context of law enforcement and security, and controversial suggestions by UK prime minister David Cameron that encryption technologies should include back doors for law enforcement and security forces to access.
“I am a great supporter of encryption because it is out there, and you are not going to un-invent it, but my problem with some of the suggestions [on back doors] is that if everyone is required to leave a key under the mat to let the police in if they want, then the criminals will know where it is as well,” he said.
Woodward expressed concerns about weakening encryption. “If you weaken it, you weaken it for your friends as well as your enemies, and if you put in any back doors, they will be found by those who are not intended to use them,” he said.
However, Woodward said he agrees with the principle that there should not be places where criminals and extremists can have conversations that law enforcement and security agencies cannot listen to.
“But that means that industry has to co-operate with government, and so where you get an application like WhatsApp that has end-to-end encryption, that is a real problem,” he said.
However, Woodward said if service providers had architectures that allow for interception of messages in response to warrants from police or security agencies, it would be a “far more sensible, practical” way of doing things.
Read more about encryption
- Encryption has become one of the biggest problems for police and security services in dealing with threats from terrorism, says Europol chief
- A coalition of top cryptologists and several large technology firms have sent a letter urging the US government to preserve strong encryption
- The UK needs to enforce encryption by default to protect citizens' privacy, claim Liberal Democrat MPs
“This is something that could be controlled and does not lend itself to mass surveillance. It would be very much about targeted surveillance, and gets around the whole encryption argument because you can still encrypt, but there is a point where it is potentially visible,” he said.
Law enforcement does not want mass surveillance because it does not have the time or resources to deal with large volumes of data and to take care to avoid collateral intrusions, said Andy Archibald, deputy director of the National Crime Agency’s National Cyber Crime Unit.
“We need to develop a narrative that reassures the public,” he said, pointing out that law enforcement has had surveillance capabilities in a traditional policing environment for many years, and that they have demonstrated the ability to monitor those engaged in serious criminal activity in a “very responsible” way.
“We don’t want mass surveillance, but we do want the ability – where there is serious and organised criminality impacting on the economic wellbeing of individuals in the UK in a significantly detrimental way – to have a conversation with industry about how best we can work together to tackle that particular challenge,” said Archibald.
However, he said he recognises that it is an “emotional” topic which means law enforcement organisations need to work with the public to help them understand that targeted electronic surveillance can be done responsibly because it is managed and supervised.
Michael Driscoll, assistant legal attaché at the FBI, said encryption is a useful tool in safeguarding transactions and is unlikely to go away, so law enforcement has to adapt to that reality.
“At the same time, there are serious threats that come with encryption that we are concerned about, and we have to work with the private sector to help address those threats,” he said.
Driscoll said that if there is absolutely no way into electronic communications, that will be exploited by organised criminal groups and other bad actors.
European Cyber Crime Centre deputy director of operations and acting head Wil van Gemert said there is no simple "yes" or "no" answer when it comes to encryption.
He urged law enforcement and legislators to find various ways to tackle the problem. “When freedom of movement was introduced in the European Union and border patrols halted, law enforcement found alternative ways of co-operating – we have to do the same and find alternative measures to deal with encryption.
“Powers to oblige technology providers to give up encryption key may not be the best answer, but it is one of the ways that could be used if circumstances require it,” said Van Gemert. “Such measures, together with co-operation with the industry, the necessary legal authority and proper supervision, is the way to handle it.”