#alternate TechCrunch » Feed TechCrunch » Comments Feed TechCrunch »
What The U.K. Surveillance Powers Review Says On Encryption And Hacking
Comments Feed Mobile App Enablers: Who Will Be The Winners? GIFs Is A
Mac App For Finding The Best Animated Encapsulation Of Your Current
Emotion alternate alternate TechCrunch WordPress.com
Menu TechCrunch Search
* Follow Us
* Facebook
* Instagram
* Twitter
* Youtube
* Flipboard
* LinkedIn
* Google+
* RSS
* More
+ Youtube
+ Flipboard
+ LinkedIn
+ Google+
+ RSS
Got a tip? Let us know.
* News
+ Channels
+ Startups
+ Mobile
+ Gadgets
+ Enterprise
+ Social
+ Europe
+ Asia
+ Old Crunch Network
+ Unicorn Leaderboard
+ Gift Guides
All Topics All Galleries
Video
Shows
* Apps
* Breaking News
* Bullish
* Crunch Report
* CES 2016
* Gadgets
* Interviews
* Reviews
* TC Cribs
* TC Features
All Shows
All Videos
Events
* TechCrunch Events
* Disrupt
* Startup Battlefield
* Crunchies
* Meetups
* International City Events
* Hackathon
* Include
* NFL’s 1ST and Future
* TC Davos 2016
* News About
* CES
All Events
CrunchBase
* Trending
* Apple
* Google
* Samsung
* News
* Startups
* Mobile
* Gadgets
* Enterprise
* Social
* Europe
Search TechCrunch
Search TechCrunch ____________________ (BUTTON) Search (BUTTON) Search
9th Annual CrunchiesFind Out Who Will Win The Crunchie For Best Mobile
App - Citymapper, Messenger, Periscope, Robinhood or Wish Get Your
Tickets Today
Europe
* At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
* MariaDB Raises $9M More, Michael Howard Named New CEO, Monty
Widenius CTO
MariaDB Raises $9M More, Michael Howard Named New CEO, Monty Widenius CTO
* Kickstarter Needs Better Ways To Sanity-Check Complex Hardware
Projects, Says Zano Review
Kickstarter Needs Better Ways To Sanity-Check Complex Hardware Projects, Says
Zano Review
*
Browse more...
surveillance
* State Lawmakers Create Coalition To Overhaul Digital Privacy Laws
State Lawmakers Create Coalition To Overhaul Digital Privacy Laws
* EU-US Safe Harbor Data Flow Talks Still Sticking On Surveillance
EU-US Safe Harbor Data Flow Talks Still Sticking On Surveillance
* UK Surveillance Bill A Risk To Data Security And Privacy, Says ICO
UK Surveillance Bill A Risk To Data Security And Privacy, Says ICO
*
Browse more...
encryption
* Why Cloud Computing Will Shake Up Security
Why Cloud Computing Will Shake Up Security
* Will 2016 See The End Of Closed-Source Politics?
Will 2016 See The End Of Closed-Source Politics?
* UK Surveillance Bill A Risk To Data Security And Privacy, Says ICO
UK Surveillance Bill A Risk To Data Security And Privacy, Says ICO
*
Browse more...
What The U.K. Surveillance Powers Review Says On Encryption And Hacking
Posted Jun 13, 2015 by Natasha Lomas (@riptari)
* 0
SHARES
*
*
*
*
*
*
*
*
*
Next Story
Mobile App Enablers: Who Will Be The Winners?
[lock.jpg?w=738]
An independent review of U.K. surveillance powers conducted by QC David
Anderson published its findings this week. Among its recommendations
the report calls for judges to sign off interception warrants, and for
a new law to govern surveillance powers — replacing the problematic
patchwork of outdated and amended legislation that currently exists
with stricter and more coherent oversight.
The report also supports continued use of “bulk data collection” (aka
mass surveillance) by U.K. intelligence agencies — so long as “strict
additional safeguards” oversee its usage and minimize privacy impacts.
Anderson writes:
…if the acceptable use of vast state powers is to be guaranteed, it
cannot simply be by reference to the probity of its servants,
the ingenuity of its enemies or current technical limitations on
what it can do. Firm limits must also be written into law: not
merely safeguards, but red lines that may not be crossed.
He also weighs in on encryption, although his recommendations here are
rather more murky. In essence, he is taking the view that more
widespread use of strong encryption ultimately sanctions mass
surveillance — and even hacking activities by state agencies — as
necessary workarounds to get at information that’s otherwise locked out
of reach.
The 300-page+ report was commissioned by U.K. Prime Minister David
Cameron last year in the wake of NSA whistleblower Edward Snowden’s
revelations. Since then Cameron has stepped up his rhetoric in support
of state surveillance powers, making hawkish pronouncements arguing for
expanded capabilities — to the point where, earlier this year, he
appeared to be calling for an effective ban on strong encryption.
“Are we going to allow a means of communication between people which
even in extremis, with a signed warrant from the Home Secretary
personally, that we cannot read? No we must not. The first duty of any
government is to keep our country and our people safe,” said Cameron
back in January.
Anderson’s review backs Cameron’s notion that encryption should not be
an ultimate barrier to security agencies — arguing that the power to
“intercept a particular communication” or “track a particular
individual” “needs to exist”, although he also qualifies this by saying
such a power might only be usable “where skill or trickery can provide
a way around the obstacle”.
What that means in practice appears to be a suggestion that
surveillance capabilities should allow enough intrusiveness that
strongly encrypted data can be got at — or its intelligence inferred —
by other “ingenious or intrusive” means. Not by enforced backdoors, but
by what amounts to a patchwork of investigatory workarounds.
Government-sanctioned hacking/malware is one mooted option, along with
the triangulation offered by data retention powers plus data-mining of
bulk datasets — which, presumably, expands the likelihood that
encrypted comms can be caught in a less secure form somewhere in the
digital haystack. All these ‘tricksy circumventions’ are offered up as
an alternative to legislating to deliberately and systematically
perforate encryption — i.e. by mandating backdoors be built into
encrypted services.
Anderson writes (emphasis mine):
…There may be all sorts of reasons – not least, secure encryption –
why it is not physically possible to intercept a
particular communication, or track a particular individual. But the
power to do so needs to exist, even if it is only usable in cases
where skill or trickery can provide a way around the obstacle. Were
it to be otherwise, entire channels of communication could be
reduced to lawless spaces in which freedom is enjoyed only by the
strong, and evil of all kinds can flourish.
This does not mean that state access to communications should be
made easy. Few now contend for a master key to all communications
held by the state, for a requirement to hold data locally in
unencrypted form, or for a guaranteed facility to insert back doors
into any telecommunications system. Such tools threaten
the integrity of our communications and of the internet itself. Far
preferable, on any view, is a law-based system in which encryption
keys are handed over (by service providers or by the users
themselves) only after properly authorised requests.
But in an imperfect world, in which many communications threatening
to the UK are conducted over services whose providers do not or
cannot comply with such requests, there is a compelling public
interest in being able to penetrate any channel of communication,
however partially or sporadically. Paedophiles should not be able
to operate on the dark net with guaranteed impunity, and terrorists
should not be able to render themselves undetectable simply by
selecting an app on which their communications history will never be
known even to the provider. Hence the argument for permitting
ingenious or intrusive techniques (such as bulk data analysis or CNE
[computer network exploitation]) which may go some way towards
enabling otherwise insuperable obstacles to be circumvented. Hence,
also, the argument for requiring certain data to be retained so that
they can be used in piecing together a crime after the event.
He notes elsewhere in the report that U.K. Agencies “do not look to
legislation to give themselves a permanent trump card” to unlock
encryption, adding: “Neither they nor anyone else has made a case to me
for encryption to be placed under effective Government control, as in
practice it was before the advent of public key encryption in the
1990s.”
Instead, the push from U.K. security agencies appears to be for a
multitude of workarounds to get at encrypted intel — including gaining
access to domestic and foreign companies’ own
user datasets via “cooperation, enforced by law if needed, from
companies abroad as well as in the U.K., which are able to provide
readable interception product”.
“The Agencies seek to address impeded access to communications through
their own cryptographic work,” the report adds. “They will also need to
develop new methods of accessing data, for example through increased
use of CNE [aka hacking]. They therefore want the capabilities and an
appropriate legal framework within which this work can be carried out.”
Elsewhere in the report Anderson notes that the use of hacking by U.K.
security agencies has not been clearly defined in national law —
pointing out that this activity was only “recently acknowledged” by
government, when it published the Draft Equipment Interference Code in
February. Indeed, civil liberties organizations have accused the U.K.
government of making ‘under the radar’ legislative changes to try to
retroactively legalize state agency hacking activities.
Unsurprisingly Anderson recommends that hacking powers be clearly
defined within a new oversight framework for state surveillance
capabilities. He also touches on concerns there may be a need for
“exceptional safeguards” in order for some types of hacking to be used
legally — without specifying exactly which methods could warrant theses
extra checks and balances.
[Hacking] presents a dizzying array of possibilities to the security
and intelligence agencies.
“There are significant concerns regarding the use of these methods at
all,” he writes. “In particular in relation to encryption, some are of
the view that these methods are dangerous for the safety and security
of the users of the internet. Moreover, CNE presents a dizzying array
of possibilities to the security and intelligence agencies, and while
some methods of CNE may be appropriate, many are of the view that there
are others which are so intrusive that they would require exceptional
safeguards for their use to be legal.”
While the intelligence and security agencies are the only U.K. public
bodies currently afforded hacking (and mass surveillance) powers for
investigatory purposes, the review notes that the U.K.’s National Crime
Agency wants additional powers to be considered for domestic police
forces — including “the possible future use by law enforcement of CNE”.
So, to be clear, U.K. police forces are pushing to be allowed to use
hacking to investigate criminal activity.
Anderson is specifically not supporting such an expansion of police
powers, but he does suggest that invasive digital investigation
techniques are likely to spread to other government agencies in future.
“There are still investigatory powers that only the security and
intelligence agencies deploy: notably, bulk data collection and CNE. I
have not suggested that this should change. But as technology develops,
bulk data analysis (notably by private companies) becomes a standard
feature of everyday life and digital investigation techniques become
more widespread, the trend may prove to be towards convergence rather
than the reverse,” he writes.
The report also touches on enforced decryption as a workaround method
for thwarting secure encryption. Anderson says it was required 76 times
in 2013-14, with two convictions over this period for failure to
comply. But he notes the security agencies’ primary concern with this
resort for circumventing encryption is the target may choose to opt for
a smaller prison sentence for refusing to hand over their encryption
keys than a more serious conviction for criminality based on whatever
data they have encrypted. Hence the push for security agencies to have
something else up their sleeve to workaround encryption.
Anderson’s report is not binding, so it remains to be seen how many of
his recommendations will be adopted by the government as it drafts
the new Investigatory Powers Bill, announced in the Queen’s Speech last
month. The draft bill is due to be published this fall.
After the report’s publication this week, the government said it will
“carefully consider” Anderson’s recommendations. However Home Secretary
Theresa May has already signaled she may reject his proposal to strip
ministers’ power to sign off interception warrants and hand that over
to judges. That suggests the government is preparing to expand state
surveillance capabilities without bracketing additional powers within
the strict red lines Anderson believes are necessary in order to
achieve an acceptable balance between state security and individual
liberty — pushing the U.K. further out of step with countries such as
the U.S. where politicians are now legislating to place limits on
domestic spying powers.
* 0
SHARES
* 0
Share
* 0
Tweet
* 0
Share
* 0
* 0
* 0
*
*
Advertisement
Advertisement
TechCrunch Newsletters
[ ] TechCrunch Daily Our top headlines Delivered daily
[ ] TC Week-in-Review Top stories of the week Delivered weekly
[ ] CrunchBase Daily The latest startup funding announcements Delivered
daily
[ ] TC Europe The top European tech stories Delivered weekly
[ ] TC Gadgets Top stories about gadgets Delivered weekly
[ ] TC Mobile & Apps Top stories about apps Delivered weekly
[ ] TC Startups Top stories about startups Delivered weekly
[ ] TC Social Media Top stories about social Delivered weekly
[ ] TC Asia The top Asian tech stories Delivered weekly
[ ] Crunch Network The best from our contributors Delivered weekly
View More
Enter Address ____________________ (BUTTON) Subscribe
Latest Crunch Report
* Facebook Sports Stadium Wants to Be Your New Sports Hub | Crunch
Report
Facebook Sports Stadium Wants to Be Your New Sports Hub | Crunch Report
Watch More Episodes
* surveillance
* encryption
* Europe
* Popular Posts
Featured Stories
* What The U.K. Surveillance Powers Review Says On Encryption
And Hacking
Don Baer On Politician's Approach To Technology
VIDEO | 12:03 | Breaking News
* Werner Herzog On His Documentary Lo And Behold, Cockroach Movies
And Moving To Mars
Werner Herzog On His Documentary Lo And Behold, Cockroach Movies And Moving
To Mars
1 hour ago | Matthew Panzarino
* Get Ready For A Smaller iPhone 6s Mini
Get Ready For A Smaller iPhone 6s Mini
4 hours ago | Romain Dillet
* Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
5 hours ago | Sarah Perez
* Forthcoming Samsung Galaxy S7 Benchmarks Leak
Forthcoming Samsung Galaxy S7 Benchmarks Leak
11 hours ago | Natasha Lomas
Latest From Europe
* At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
yesterday | Mike Butcher
* MariaDB Raises $9M More, Michael Howard Named New CEO, Monty
Widenius CTO
MariaDB Raises $9M More, Michael Howard Named New CEO, Monty Widenius CTO
yesterday | Ingrid Lunden
* Kickstarter Needs Better Ways To Sanity-Check Complex Hardware
Projects, Says Zano Review
Kickstarter Needs Better Ways To Sanity-Check Complex Hardware Projects, Says
Zano Review
yesterday | Natasha Lomas
* PieSync, The Belgium Startup That Syncs Contacts Across Cloud Apps,
Raises $1.6M
PieSync, The Belgium Startup That Syncs Contacts Across Cloud Apps,
Raises $1.6M
yesterday | Steve O'Hear
Up Next
Mobile App Enablers: Who Will Be The Winners?
Posted Jun 13, 2015
CrunchBoard
Job Listings
*
Principal Analyst - Marketing Technology
CarMax
*
Architect - Enterprise Information
CarMax
*
Senior Software Developer - Web Development
CarMax
*
Online Systems Platform Manager
CarMax
*
Team Manager- CRM
CarMax
More from CrunchBoard
Advertisement
TechCrunch
[crunch-network.jpg]
* News
* TCTV
* Events
* CrunchBase
About
* Staff
* Contact Us
* Advertise With Us
* Send Us A Tip
International
* China
* Europe
* Japan
Follow TechCrunch
* Facebook
* Twitter
* Google+
* LinkedIn
* Youtube
* Pinterest
* Tumblr
* Instagram
* StumbleUpon
* Feed
TechCrunch Apps
* iOS
* Android
* Windows 8
Subscribe to TechCrunch Daily
Latest headlines delivered to you daily
[X]
Subscribe to Subscribe to TechCrunch
Daily
Enter Email Address ____________________ (BUTTON) Subscribe
© 2013-2016 AOL Inc. All rights reserved. Aol Tech Privacy Policy About
Our Ads Anti Harassment Policy Terms of Service
Powered by WordPress.com VIP
Fonts by
[b?c1=2&c2=6036210&c3=&c4=&c5=&c6=&c15=&cv=1.3&cj=1]
* TechCrunch (BUTTON)
*
News
+ Startups
+ Mobile
+ Gadgets
+ Enterprise
+ Social
+ Europe
+ Asia
+ Old Crunch Network
+ Unicorn Leaderboard
+ Gift Guides
+ All Galleries
Videos
* Apps
* Breaking News
* Bullish
* Crunch Report
* CES 2016
* All Shows
* All Videos
Events
* Disrupt
* Startup Battlefield
* Crunchies
* Meetups
* International City Events
* Hackathon
* Include
* NFL’s 1ST and Future
* TC Davos 2016
* All Events
CrunchBase
____________________ (BUTTON)
(BUTTON)
Most Popular
Get Ready For A Smaller iPhone 6s Mini
4 hours ago by Romain Dillet
A Day After Launch, “Exploding Kittens” Tops The App Store
1 hour ago by Sarah Perez
Forthcoming Samsung Galaxy S7 Benchmarks Leak
11 hours ago by Natasha Lomas
Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
5 hours ago by Sarah Perez
Why Cloud Computing Will Shake Up Security
2 hours ago by Tom Gillis
Apple Has A New Apple TV Ad, And It’s All About Apps
1 hour ago by Romain Dillet
SpaceX Tested Its Capsule That Will Send Humans To Space
1 hour ago by Emily Calandrelli
These Are The Most-Watched Vines Of The Year
5 hours ago by Jordan Crook
Google Reportedly Paid Apple $1B In 2014 To Remain Default Search
Engine On iOS
17 hours ago by Jon Russell