Europol chief warns on computer encryption
- 29 March 2015
- From the section Technology
A European police chief says the sophisticated online communications are the biggest problem for security agencies tackling terrorism.
Hidden areas of the internet and encrypted communications make it harder to monitor terror suspects, warns Europol's Rob Wainwright.
Tech firms should consider the impact sophisticated encryption software has on law enforcement, he said.
Mr Wainwright was talking to 5 Live Investigates.
A spokesman for TechUK, the UK's technology trade association, said: "With the right resources and cooperation between the security agencies and technology companies, alongside a clear legal framework for that cooperation, we can ensure both national security and economic security are upheld."
Mr Wainwright said that in most current investigations the use of encrypted communications was found to be central to the way terrorists operated.
"It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he explained.
"It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that any more."
Mr Wainwright, whose organisation supports police forces in Europe, said terrorists were exploiting the "dark net", where users can go online anonymously, away from the gaze of police and security services.
But he is also concerned at moves by companies such as Apple to allow customers to encrypt data on their smartphones.
And the development of heavily encrypted instant messaging apps is another cause for concern, he said.
This meant people could send text and voice messages which police found very difficult or impossible to access, he said.
"We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet.
"[Tech firms] are doing it, I suppose, because of a commercial imperative driven by what they perceive to be consumer demand for greater privacy of their communications."
Mr Wainwright acknowledged this was a result of the revelations by former National Security Agency contractor Edward Snowden, who exposed how security services were conducting widespread surveillance of emails and messages.
He said security agencies now had to work to rebuild trust between technology firms and the authorities.
The TechUK spokesman told the programme: "From huge volumes of financial transactions to personal details held on devices, the security of digital communications fundamentally underpins the UK economy.
"Encryption is an essential component of the modern world and ensures the UK retains its position as one of the world's leading economies.
"Tech companies take their security responsibilities incredibly seriously, and in the ongoing course of counter-terrorism and other investigations engage with law enforcement and security agencies."
The programme also found evidence that supporters of the Islamic State (IS) are using encrypted sites to radicalise or groom new recruits.
On one blogging website, a 17-year-old girl who wants to become a "jihadi bride" is told that if she needs to speak securely she should use an encrypted messaging app.
The family of 15-year-old Yusra Hussein from Bristol, who went to Syria last year, also believe she was groomed in this way.
The extent of the challenge faced by security services is shown in the scale of social media use by IS.
Mr Wainwright revealed that IS is believed to have up to 50,000 different Twitter accounts tweeting up to 100,000 messages a day.
Europol is now setting up a European Internet Referral Unit to identify and remove sites being used by terrorist organisations.
Mr Wainwright also says current laws are "deficient" and should be reviewed to ensure security agencies are able to monitor all areas of the online world.
"There is a significant capability gap that has to change if we're serious about ensuring the internet isn't abused and effectively enhancing the terrorist threat.
"We have to make sure we reach the right balance by ensuring the fundamental principles of privacy are upheld so there's a lot of work for legislators and tech firms to do."