UK security services fear they could be locked out from the communications of potentially dangerous suspects due to sophisticated encryption tools, a report has warned.
Police and spy agencies face a significant challenge when they are trying to track down individuals who pose a risk to collective security, the year-long review of surveillance practices found. It said communication service providers (CSPs) have been increasingly introducing data-encryption techniques in the wake of the Edward Snowden revelations.
The report said: “Security services are increasingly concerned by the fact that many of the subjects of interest – including those in the highest-priority investigations – are able to use means of communication to which they no longer have access.”
It added: “It is this lack of detailed intelligence available on a small number of high-priority targets that is the prime concern, rather than broader intelligence available on a large number of low-priority targets.”
The review was commissioned from security think tank the Royal United Services Institute (RUSI) by then Deputy Prime Minister Nick Clegg in the wake of disclosures by Snowden, a former NSA contractor-turned-whistleblower. Sir David Omand, a former director of GCHQ, ex-head of MI6 Sir John Scarlett and former Director General of MI5 Jonathan Evans worked on the report.
Controversy has erupted in recent months over whether technology firms should be forced to hand over encryption keys to authorities when they are seeking to access the communications of suspects. The panel concluded that police and intelligence agencies should not have “blanket access to all encrypted data”, but stressed that the material should not be “beyond the reach” of law enforcement.
The report warned that a matter of real concern was posed by technology firms such as Google, Apple or Facebook that are not as keen to collaborate anymore. However, internet firms and CSPs told the report’s authors that they are “very conscious of their corporate social responsibilities, especially in matters of terrorism and serious crime”, but that they are “not qualified to be intelligence agencies” and “should not be assumed to be natural partners of any government in national security”.
The report concluded that, despite claims that followed the Snowden revelations, there is no evidence that “the British government knowingly acts illegally in intercepting private communications” or that “the ability to collect data in bulk is used by the government to provide it with a perpetual window into the private lives of British citizens”.
Chairman of the panel, Michael Clarke, of RUSI, said there is a manifest need for new legislation.
“The government has a golden opportunity to make a fresh start by introducing legislation that provides a clear and legally sound framework within which the police and intelligence agencies can confidently operate, knowing that at all times they will be respecting our human rights,” he said.
Sir John said: “Extraordinary technological change requires us to monitor rigorously the social contract, including legislation, which allows our democracy to strengthen and prosper.”
Sir David said: “It is time to lift the cloud of unjustified suspicion from the digital activity of British intelligence, work that is essential to keep us safe.”