Channel concerned as PM hints at tougher stance on privacy and encryption following terror attacks

Tom Wright
clock
Channel concerned as PM hints at tougher stance on privacy and encryption following terror attacks
Image:

Channel concerned as PM hints at tougher stance on privacy and encryption following terror attacks

Theresa May hit out at tech firms yesterday for providing 'safe spaces' for terrorism to 'breed'

In the aftermath of Saturday's attack in London prime minster Theresa May reignited the debate around the technology industry's role in facilitating communication among terrorists, claiming tech firms have created "safe spaces" for terrorists online.

May called for international action from Britain's allies to regulate cyberspace and prevent it giving terrorist ideology the "space it needs to breed" in yet another attack on social media and internet providers.

Since giving her speech outside Downing Street on Sunday the world's biggest tech firms, including Microsoft, Facebook and Google, have rallied in defending the work they have done in keeping terrorists away from their platform.

The exchange has reignited a long-running battle between global tech giants and governments, which have often clashed over data privacy and encryption.

In two of the highest profile examples, Microsoft is currently locked in a long-running legal battle with the US government to stop it obtaining information in one of its datacentres, while Apple had previously refused to build a backdoor into its iOS operating system for the FBI, after the agency failed to gain access to the mobile phone of the San Bernardino shooter. The FBI eventually gained access using a third party.

The UK government also brought in the Investigatory Powers act late last year, which in theory allows it to remove electronic protection from any data as it sees fit.

While May did not directly reference encryption in her speech, many have interpreted her remarks as referencing a desire to limit the amount of encryption tech firms employ on their products - a stance which home secretary Amber Rudd echoed on Sunday.

In response, digital privacy lobbyist Open Rights Group expressed disappointment at the government's decision to focus on technology companies in the wake of recent terror attacks, rather than the root causes of terrorism.

In a statement it said: "It is disappointing that in the aftermath of this attack, the government's response appears to focus on the regulation of the Internet and encryption.

"This could be a very risky approach. If successful, Theresa May could push these vile networks into even darker corners of the web, where they will be even harder to observe.

"But we should not be distracted. The Internet and companies like Facebook are not a cause of this hatred and violence, but tools that can be abused. While governments and companies should take sensible measures to stop abuse, attempts to control the Internet is not the simple solution that Theresa May is claiming."

Talking to CRN, Lawrence Jones, CEO of hosting provider UKFast, as well as ethical hacking firm Secarma, argued that May's claims showed a chronic lack of understanding for how both the internet and encryption work.

He said that firstly, it is too soon after recent tragedies to be pointing the figure at who's to blame, but also that initiatives like banning encryption or regulating the internet would do little to stop terrorists communicating.

"Theresa May is wrong to bring a tech company of any sort, especially to broad brush all tech companies, into the line of fire for something as brutal as what has happened," he said.

"I think it's the tech companies that work hardest at a community level and trying to connect the whole world. Terrorists are using platforms which are open and readily available to everybody. If a terrorist uses a car you can't then punish the car manufacturers. Her rationale does not make sense in anyway."

Jones opined that forcing companies like instant messaging provider WhatsApp to remove encryption would have no effect on the wider threat of terrorism.

"If she banned encryption then any decent techie could encrypt their own app," he said. "They already are anyway. You have [terrorists] sending the odd WhatsApp message, but the really important stuff will be deep below the surface of the internet.

"They're using proxy servers as well, so you can't really trace them. If you put a proxy in Russia you don't know where they are. They might be in Syria of Afghanistan but all you'll know is that the server they're using is in Russia."

Gov-tech partnerships

While the relationship between the government and tech companies remains frosty, a collaboration may well produce the most effective results.

Stephen Love, security solutions architect at Computacenter, said that instead of attacking tech firms the government should look to work in conjunction with them to help stamp out illegal behaviour on the internet.

"The security industry as a whole does a lot of good work in terms of trying to keep one step ahead of things of this nature and I think to be honest, especially in today's modern environment, the likes of the Ministry of Defence and MI5 should actually be working with the technology vendors to make sure that what they know is also being used," he said.

"It's not just the actual vendors making the technology that should be responsible. If you look at Symantec, Cisco - any of the big vendors in security - none of them will fix every problem you've got.

"The government has started saying ‘these are the things you should be doing', but I think it needs to be more along the lines a collaborative approach with consultancies like Computacenter and Deloitte [for example], and the vendors that make the technology."

However Carl Gottlieb, consultancy director at security MSP Cognition, said that the tech industry has a duty to focus more on issues away from business - which ultimately could mean more government collaboration.

"The tech community needs to do a better job in contributing towards the greater good," he said.

"Currently, we're highly critical of government surveillance plans, whilst providing zero in the way of constructive ideas to improve national security.

"I want to see more collaboration with government, more exchange of ideas and technology, and a wider adoption of information sharing. At Cognition, all of our consultants contribute 10 per cent of their time as pro bono for charities. It's only a small thing, but it's our way of doing more, and getting expert advice into the hands of those that need it."

UKFast's Jones however said that this collaboration is already available to the government, should they choose to use it - explaining that his security organisation Secarma just last week made the government aware of a vulnerability it had discovered in Windows 2003 servers.

"Interestingly enough I think we already do [collaborate with authorities] and I think this is one of the things that makes Britain an attractive place for people to host their organisations," he said.

"We already have a very good system. If someone is doing something illegal and we receive a warrant then we work with the police and the government and hand that server over.

"We should be working with the police more, sharing information and collaborating on information. I'd like to see some of these government organisations reaching out to people like ourselves and seeing how we can help."

Britain's tech rep

Jones also highlighted the potential wider implications of May's stance on internet security and data privacy, saying that she could damage the UK's strong credibility for being a reliable hosting location, and also deter foreign businesses from holding data in the UK.

He argued that it would be foolish for the UK to change its encryption and internet policies, when the rest of the world subscribes to an existing set of rules. Likewise, giving governments a backdoor into IT systems would sully the industry's credibility and provide even greater security risks, he added.

"It would be the end of hosting as we know it because everyone would host offshore," he said. "Britain at the moment has an incredible reputation for being a very trusted partner - and a very honest partner.

"Where data is concerned people want to host it in the UK because it has a fabric around it and if someone breaks the law it gets followed up in the right way. That has elevated us to a certain degree and been one of the things that's helped UKFast fight these larger corporate giants.

"If you say we're going to have an open-door policy and the government can access all data, and on top of that we're going to ban encryption, everybody will move all of their hosted environment offshore. We'd be the laughing stock because Theresa May is the only person saying this, as far as I'm aware."

The possibility of backdoors being built in the systems of hosting providers and tech companies has often been an idea floated by governments to allow them to view data belonging to criminal suspects, but has been rebuffed countless times by the IT industry.

Computacenter's Love said that the concept of a backdoor merely makes it easier for the criminals that the government is trying to protect against to obtain information themselves.

"The problem with that is as soon as you enable a backdoor, that's a vulnerability," he said.

"You can put all the protection in the world around it, but what if that information is leaked or there's a vulnerability. It happens.

"It's the same as putting a key under the plant pot by the backdoor. If people have any sense it's the first thing they'd check."

Marty Kamden, chief marketing officer at virtual private network firm NordVPN questioned even whether the government's crusade to remove security blocks around data would prove beneficial in its fight against terrorist - echoing the sentiment that backdoors would do more harm than good.

"There is no proven record showing that internet restriction could prevent any sinister plots from happening," he said.

"If a backdoor to the internet is built, it can actually be used by the same people that the government wants to keep track of. A backdoor gives away a lot of private information about each citizen, and puts big power in the hands of anyone who wants to take advantage of it."

"The essence of the internet is to be a free space - it was not built to have regulation, censorship or administrators."

More on uncategorised

Channel Awards

Sara Yirrell
clock 05 November 2010 •

Quiet period

Sara Yirrell
clock 04 November 2010 •

Now I get IT

Sam Trendall
clock 01 November 2010 •

Highlights

'So many vendors out there are monetising misery' -Trellix CRO on rational behind new name for McAfee and FireEye business

'So many vendors out there are monetising misery' -Trellix CRO on rational behind new name for McAfee and FireEye business

New name promotes nurturing and supporting role of cybersecurity, CRO Adam Philpott tells CRN

Josh Budd
clock 19 January 2022 • 3 min read
Dell: New incentives for UK partners as data storage services come to Apex

Dell: New incentives for UK partners as data storage services come to Apex

Partners will be able to earn incentives when selling the solutions on a referral basis

Dan Bennett
clock 19 January 2022 • 1 min read
SoftwareONE and AWS ink new multi-year deal

SoftwareONE and AWS ink new multi-year deal

The agreement will include an expansion of SoftwareONE’s Simple for AWS offering, joint go-to-market investments, training for the next generation and more

Dan Bennett
clock 19 January 2022 • 1 min read