Incident Response, TDR

Former UK foreign secretary William Hague declares crypto enemy no.1

Pointing out the terrorists communication of choice, “mobile phones” which “had evidently not been used before and showed no record of texts, chat or emails,” had led him to claim that their chosen method of communication had been “sufficiently private or encrypted that the authorities do not seem to have been aware of it.”

Blaming Edward Snowden who in 2013 brought to light allegations of extensive surveillance by western intelligence agencies for the internet “going dark”, Hague who, as Foreign Secretary, was responsible for MI6, said that “every mastermind of terrorism or organised crime has been alerted to the need to change or disguise their means of communication.”

This is despite the fact that since the attacks in Belgium, Belgian authorities claimed that the terrorists used “burner phones”, unregistered and previously unused numbers that are not known to law enforcement, making them difficult to track down. This subsequently meant that it was not possible to track down the Belgium attackers' communications in time to prevent their attack.

The use of pre-paid phones, also known as "burner" phones, as part of an criminal organisations' efforts to combat the dangers of communications surveillance had been done before, with a recent report in NY Times detailing how the group behind the Paris attacks which left 130 dead also used such methods.

“They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims,” the newspaper reported.

After the attacks in Belgium, US congresswoman Jackie Speier introduced a bill that would ban the anonymous sale of prepaid mobile phones in America. She blogged that such "burner phones" were "pre-paid phones that terrorists, human traffickers, and narcotics dealers often use to avoid scrutiny by law enforcement because they can be purchased without identification and record-keeping requirements. This bill would close that legal gap."

Hague continued, “The UK is fortunate in having some of the world's best intelligence agencies and capabilities. That they have prevented many attacks is publicly acknowledged. But they have been hampered in recent years by the Snowden leaks, by the rise of widespread encryption by communications firms, and by developments in technology.”

It has already been established by the Home Office, and demonstrated in the Investigatory Powers Bill metadata is the primary way of establishing connections between individuals who are suspected of terrorist activities. So by extension, encrypted communications would be unlikely to prevent this aspect of intelligence agencies' actions as cryptography protects the content of a message or a phone call and not its metadata, such as the time it took place, numbers/locations used etc

Hague noted that interception was not the only tool used for monitoring "terrorist and criminal networks", but that intelligence agencies also need "access to 'bulk data', logs of which internet sites were visited on which device, and which device was used to contact another one."

He went on to explain that this ability "is vital in order to see patterns in the behaviour of those who might join a cell such as the one in Brussels. And it can help us to spot them if they make a mistake."

Darran Rolls, CTO of SailPoint comments: “Governments and organisations worldwide are currently weighing the trade-offs between consumer privacy and combating the evolving threat to public safety. Given the recent acts of terror in Paris and further afield, security services are increasingly demanding the power to view encrypted consumer messages on the ground in the pursuit of national security.

“However, discussions on opening a backdoor to encryption in user communications only hurts consumers and not the wrongdoers. Take away the free, encrypted messaging platforms and offenders will simply move to another medium, built with bomb-proof crypto that embeds messages in the low bits of images published on the likes of Instagram.

He concludes: “Playing around with existing procedures and protocols to open up a revolving backdoor is a potentially dangerous game – one which will do more harm to the consumer than good. Governments need to address their approach, focusing their efforts on strengthening protection for the consumer through greater encryption, rather than diluting it."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.