Opposition to Snoopers’ Charter is ‘patronising’, claims Met Police cyber expert

Parliament and Internet Conference 2015

Opponents of the UK government’s proposed Communications Data Bill, also known as the Snoopers’ Charter, have been described as “patronising” by a Metropolitan Police cyber expert.

“I have no interest in snooping around people’s private information,” said DCI Andrew Gould, deputy head of Falcon, the Met’s online fraud and cyber crime division.

“One thing that winds me up is when people describe the Communications Data Bill as a Snoopers’ Charter. I find that really offensive.

“I want to be able to get access to the data I need and the information I need to protect the public. It’s about protection, and to have the debate turned in such a patronising and offensive way just shows a real lack of understanding of what it is we do and why we need to do it.”

The comments came at the annual Parliament and Internet Conference in London during a debate that covered encryption, privacy and government snooping. The panel included experts from law enforcement, academia and cyber security.

Gould told attendees that encryption in a “post-Snowden” world has become a significant challenge for law enforcement in the UK.

“It seems to me, as a police officer, that the right to privacy in the civil liberties debate has completely drowned out and obscured the right to life and the right to live freely without the harm of serious crime and terrorism, and I think people are complacent,” he said.

“If you can’t get into someone’s device when you seize it because of encryption you could go to the service providers with the right warrant and ask them to inform you, but that could take a year, 18 months, two years. These offences are committed at light speed.”

Yet Gould said he believes the public position on encrypytion and cyber security will change as the threat from cybercime continues to rise.

“There are two very entrenched sides to the [encryption] argument but I think reality will overtake both sides as we see more successful cyber attacks affecting more people’s daily lives. Once it starts to affect the public they will demand better protection,” he said.

Professor Thomas Rid of the Department of War Studies at King’s College London, agreed with some of Gould’s argument, suggesting that there is a level of “hysteria and hypocrisy” in some privacy and civil liberty debates.

“People rely on these slide decks that we have on Wikipedia that Snowden leaked that are incomplete, imprecise and often contain wrong information,” he said.

The dark web problem

Kaspersky fingers NSA style Equation Group for hard drive backdoor epidemic

In fact Rid, who has conducted detailed research into the dark web and Tor, said people how are pro encryption need to know that it is just as vulnerable as any other technology.

“Cryptography is just a technology that depends on implementation. It’s not a pure technology that always gets it right, which is what a lot of people think in the activist community,” he said.

“It depends on how we use it. It can be used or abused and we have to be careful. Cryptography has become an ideology. It has become a cult.”

Rid’s also agreed that encryption can be used for clearly nefarious purposes. He said his research into dark web browsers such as Tor, which use strong encryption to preserve anonymity, found that over 50 percent of Tor’s ‘hidden services’ contain illegal content.

“When I say illegal content I don’t mean illegal in restrictive jurisdictions but illegal in the most liberal jurisdictions you could possibly imagine. We [found] trade in fraudulent material, weapons and illegal forms of pornography. It’s a very nasty space,” he said.

“The initial design and the reason [Tor] was developed was to defend against a denial-of-service attack and maintain availability. The designers didn’t even think about the dark consequences and the abuse that it would engender and create. That is an ideological attitude that we cannot tolerate any longer.”

Business and government clash on encryption
The debate between law enforcement and security firms is only likely to grow as rigorous legislation looms over the UK, but the panel was in agreement that encryption is a vital aspect of any business operation.

“Encryption is a crucial enabler for the digital economy. If we did not have a reliable channel to secure and communicate commerce online we would grind to a halt,” said Patrick Nuttall, cyber security advisor at KPMG and head of the London Digital Security Centre.

“It’s unfortunately becoming everyday headlines that we see something about a new breach, particularity in relation to customer data. It’s really important for businesses to be able to protect their market advantage by securing their intellectual property, and encryption is one way they are able to do this.”

Indeed, the recent hack at mobile and internet provider TalkTalk shows just how important it is for businesses to fully encrypt customer data.

“Businesses that are growing entirely digitally, such as Amazon, Uber and Airbnb. Would they be possible without secure and reliable encryption?” asked Nuttall.

Another problem is that awareness of cyber crime is often minimal, especially in small to medium businesses.

“Businesses need to be aware of where data is actually stored, what’s happening to it in transit and what’s happening when it’s at rest,” he said.

“Business owners need to learn more about their responsibilities in relation to what they do with data and what kind of steps they take to protect it.”

The end-to-end debate
Some businesses are clearly falling behind, but encryption as a process has never been easier to adopt, according to Erka Koivunen, cyber security advisor at F-Secure.

“Companies are being attacked every day and they are losing customer data and customer trust. It might be best to start learning from others’ mistakes because you might have to end up learning from your own,” he warned.

Koivunen welcomed the move by popular firms, including iMessage, WhatsApp and Signal, to implement strong encryption.

“In the 90s it was not an easy task to come up with encryption tools let alone teach people to use them. Currently, I am kind of living my dream as we have easy to use, accessible encryption tools that everybody can understand,” he said.

“Modern systems like iMessage, Signal and WhatsApp have found ways to solve the key exchange problem by trusting third parties that relay keys to each other. So you don’t even see that key exchange. This is encryption as it’s supposed to be. It’s tough to crack and easy to use.”

However, encryption, more specifically end-to-end encryption, is often viewed as hampering law enforcement agencies as they are unable to read communications data.

cameron-encryption

This has long been a sticking point for the UK government, yet Baroness Shields, minister for internet safety and security, said recently that the government has no plans to ban or weaken encryption.

However, Shields’ carefully worded statement did describe the rise in end-to-end encryption as “alarming”, indicating that the government’s true position on encryption may be murkier that at first appears.

“It’s no wonder that law enforcement and intelligence organisations have seen the internet ‘going dark’,” said Koivunen, referring to the term used by FBI director James Comey when discussing encryption.

“It’s the proliferation of easily accessible communications that I feel are important and necessary for businesses to protect communications and for us to protect our privacy.”

F-Secure has launched an online petition to lobby the government ahead of the Investigatory Powers Bill, a large piece of draft legislation that aims to give police more snooping powers.

The firm has also drafted an open letter to the government (PDF) which has been signed by over 40 companies eager to fend off increased privacy invasion from law enforcement agencies.

The letter states: “The general, individual need for computer security is arguably more fundamental to our economy, communications and collective safety than a catch-all, intrusive power which has the potential to compromise all three.”

Yet Koivunen told V3 that he is impressed by the “level of maturity” in the current cyber discussion in the UK.

He said that the national security and law enforcement aspects are very well understood, but that “industry needs to be put on par as well”.

There is little doubt that the encryption debate will become more intense as snooping legislation looms and as UK businesses wake up to the benefits of encryption in the face of rising cybercrime.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

30 October 2015 | 1:08 pm – Source: v3.co.uk

[ad_2]

Leave a Reply

Your email address will not be published.