Tuesday, 31 March 2015

Europol chief says being secure makes us less safe

14807863071 02d2649efaA European police chief says the sophisticated online communications are the biggest problem for security agencies tackling terrorism.

I don’t know whether that’s true.  But if it is true, that doesn’t mean we should ban encryption.  There are other things to consider.

Hidden areas of the internet and encrypted communications make it harder to monitor terror suspects, warns Europol's Rob Wainwright.

I’m sure it does, but that’s not the issue, is it?  He’s not even saying that some terror attacks could have been avoided if it weren’t for encryption.  I’m fairly sure we’d have heard about that if it were the case.  There are other things terrorists can do to keep things secret and no overwhelming pressure to ban those.  And of course there are plenty of legitimate reasons to encrypt things, governments and criminals reading those things being a major one.

Tech firms should consider the impact sophisticated encryption software has on law enforcement, he said.

No they shouldn’t.  Their duty should be toward their users, not to the governments and law enforcement agencies who want to snoop on them.

A spokesman for TechUK, the UK's technology trade association, said: "With the right resources and cooperation between the security agencies and technology companies, alongside a clear legal framework for that cooperation, we can ensure both national security and economic security are upheld."

National but not personal security.  “legal frameworks’ are fluid things and tend to flow in one direction only.  It’s hard to imagine a government trying to make it harder for their law enforcement agencies to get at citizens’ data and traffic.  It’s frustrating how blithely supposed experts manage to gloss over this fact.  He does finally go on to state that terrorism is a problem for anti-terrorism:

"[Encryption has] become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he explained.

Banning or breaking encryption isn’t going to stop terrorists from using it unbroken.  It reminds me of the old landing visa that non-Americans had to fill in when travelling to the US. There was a box to tick if you had ever committed genocide.  Then you had to sign it to say your declaration was true as if lying on your visa was a worse crime than genocide. 

"It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore."

Mr Wainwright, whose organisation supports police forces in Europe, said terrorists were exploiting the "dark net", where users can go online anonymously, away from the gaze of police and security services.

But that doesn’t imply that banning or breaking encryption is the only or even the best way to solve that problem.  Maybe they should have to live with those restrictions.  Maybe the price of breaking encryption is too great, maybe it wouldn’t be effective anyway.  Maybe it wouldn’t have been such a problem anyway if the NSA, GCHQ and others hadn’t been spying on all of us.

Mr Wainright really doesn’t lile phones with data encryption that the manufacturers can’t break or encrypted IM.

"There is a significant capability gap that has to change if we're serious about ensuring the internet isn't abused and effectively enhancing the terrorist threat.

Because governments and law enforcement agencies would never abuse the internet…

"We have to make sure we reach the right balance by ensuring the fundamental principles of privacy are upheld so there's a lot of work for legislators and tech firms to do."

Or maybe there’s no work to do because we already have the right balance.  Mr Wainright doesn’t seem to consider this possibility.

Photo credit: Surveillance via photopin. License.

No comments:

Post a Comment