Encryption and counter-terrorism: getting the balance right
An op-ed from Home Secretary Amber Rudd, published in The Telegraph on 31 July 2017.
Awful terror attacks this year have confirmed again how terrorists use internet platforms to spread their vile ideology, and to inspire and to plan their acts of violence.
Nearly every plot we uncover has a digital element to it. Go online and you will find your own “do-it-yourself” jihad at the click of a mouse. The tentacles of Daesh (Isil) recruiters in Syria reach back to the laptops in the bedrooms of boys – and increasingly girls – in our towns and cities up and down the country. The purveyors of far-Right extremism pump out their brand of hate across the globe, without ever leaving home.
The scale of what is happening cannot be downplayed. Before he mowed down the innocents on Westminster Bridge and stabbed Pc Keith Palmer, Khalid Masood is thought to have watched extremist videos. Daesh claim to have created 11,000 new social media accounts in May alone. Our analysis shows that three-quarters of Daesh propaganda stories are shared within the first three hours of release – an hour quicker than a year ago.
Often, by the time we react, the terrorists have already reached their audience. The enemy online is fast. They are ruthless. They prey on the vulnerable and disenfranchised. They use the very best of innovation for the most evil of ends. That’s why I called the internet companies together in March to start to work out how we can start to turn the tide. And they get it.
Working with the Government’s Counter-Terrorism Referral Unit, 280,000 pieces of terrorist content have been taken down since 2010, and millions of accounts closed. But there is much more that must be done. So back at that meeting in March, the world’s most powerful technology companies stepped forward to say they would form the Global Internet Forum to Counter Terrorism.
Today the Forum meets for the first time, and I am in Silicon Valley to attend. The internet companies want to go further and faster in finding technology solutions to identifying, removing, and halting the spread of extremist content. They should be commended for that and they should know we will be holding them to account. But that is not where our challenge ends. For beyond the harmful content that is openly available, there is that which we cannot see, in the form of encrypted data.
Encryption plays a fundamental role in protecting us all online. It is key to growing the digital economy, and delivering public services online. But, like many powerful technologies, encrypted services are used and abused by a small minority of people. The particular challenge is around so called “end-to-end” encryption, where even the service provider cannot see the content of a communication.
To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption. But the inability to gain access to encrypted data in specific and targeted instances – even with a warrant signed by a Secretary of State and a senior judge – is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.
I know some will argue that it’s impossible to have both – that if a system is end-to-end encrypted then it’s impossible ever to access the communication. That might be true in theory. But the reality is different. Real people often prefer ease of use and a multitude of features to perfect, unbreakable security. So this is not about asking the companies to break encryption or create so called “back doors”. Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? Companies are constantly making trade-offs between security and “usability”, and it is here where our experts believe opportunities may lie.
So, there are options. But they rely on mature conversations between the tech companies and Government – and they must be confidential. The key point is that this is not about compromising wider security. It is about working together so we can find a way for our intelligence services, in very specific circumstances, to get more information on what serious criminals and terrorists are doing online.
The responsibility for tackling this threat at every level lies with both governments and with industry. And we have a shared interest: we want to protect our citizens and we don’t want platforms being used to plan ways to do them harm. Today’s meeting of the Forum is the next step towards achieving that mission.