Yesterday U.K. government ministers once again called for social media companies to do more to combat terrorism. There should be no place for terrorists to hide, saidHome Secretary Amber Rudd, speaking on the BBCs Andrew Marr program.
Ruddscomments followed the terrorist attack in London last week, in which lone attacker Khalid Masood drove a car into pedestrians walking over Westminster bridge beforestabbinga policeman to death outside Parliament.
Pressreportsof the police investigation have suggested Masood used the WhatsApp messaging app minutes before commencing the attack last Wednesday.
We need to make sure that organisations like WhatsApp, and there are plenty of others like that, dont provide a secret place for terrorists to communicate with each other, Rudd told Marr.It used to be that people would steam open envelopes or just listen in on phones when they wanted to find out what people were doing, legally, through warranty.
But on this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp.
Rudds comments echo an earlier statement,made in January 2015,by then Prime Minister David Cameron, who argued there should not be any means of communication that in extremis cannot be read by the intelligence agencies.
Cameronscomments followed theJanuary 2015 terror attacks in Paris in which Islamic extremist gunmen killedstaff oftheCharlie Hebdo satirical magazine and shoppersat a Jewish supermarket.
Safe to say, its become standard procedure for politicians to point the finger of blame at technology companies when a terror attack occurs most obviously as this allows governments to spread the blame for counterterrorismfailures.
Facebook, for instance, wascriticized aftera 2014 reportby the U.K. Intelligence and Security Committee into the 2013 killing of solider Lee Rigby by two extremists who had very much been on the intelligence services radar. Yet the Parliamentary ISC concluded the only decisive possibility for preventing the attack required the internet companyto have proactively identified and reported the threat a suggestion thateffectively outsources responsibility forcounterterrorism to the commercial sector.
Writing in a national newspaperyesterday, Ruddalso called for social media companies to do more totackle terrorism online.We need the help of social media companies: the Googles, the Twitters, the Facebooks, of this world, she wrote. And the smaller ones, too platforms like Telegram, WordPress and Justpaste.it.
Ruddalso saidGoogle, Facebook and Twitter hadbeen summoned to a meeting to discuss action over extremism, as well assuggesting the government is considering including new proposals to make internet giants take down hate videos quicker in a forthcoming counterterrorism strategy which would appear to mirror a push in Germany. The government there proposed a new law earlier this monthto requiresocial media firms to remove illegal hate speech faster.
So, whatever else it is, a terror attack isa politically opportune moment for governmentsto apply massivelyvisible public pressure onto a sector known for engineering workarounds to extant regulation as a power play totry to eke out greater cooperation going forward.
And U.S. tech platformgiantshave long been under the public counterterrorism cosh in the U.K. with the then-head of intelligence agency GCHQ arguing, back in 2014, that their platforms had become the command-and-control networks of choice for terrorists and criminals, andcalling for anew deal between democratic governments and the technology companies in the area of protecting our citizens.
They cannot get away with saying
As is typically the case when governments talk about encryption, Rudds comments to Marr are contradictory so on the one hand shes making the apparently timeless call for tech firms to break encryption and backdoor their services. Yet when pressed on the specifics she also appears to claim shes not calling for that at all, telling Marr: We dont want to open up, we dont want to go into the cloud and do all sorts of things like that, but we do want [technology companies] to recognise that they have a responsibility to engage with government, to engage with law enforcement agencies when there is a terroristsituation.
We would do it all through the carefully thought through, legally covered arrangements. But they cannot get away with saying we are in a different situation they are not.
So, really, the core of her demandis closerco-operation between tech firms and government. And the not so subtle subtext is: wed prefer you didnt useend-to-end encryption by default.
After all, what better way to workaround e2e encryption than to pressure companies not to proactively push its use in the first place (So even if one potential targets messages are robustlyencrypted, the agencies could hope to find one of their contacts whose messages are still accessible.)
A keyfactor informing this political power playis undoubtedly the huge popularity of some of the technology services being targeted. Messaging app WhatsApp has more than a billion active users, for example.
Banning popular tech services would not only likely betechnically futile, but any attempt to outlaw mainstream networks would be tantamount to political suicide hence governments feeling the need to wage a hearts and minds PR war every time theres another terrorist outrage. The mission is to try to puttech firmson the back foot by turning public opinion againstthem. (Oftentimes, a goalaided and abetted by sections of the mainstream U.K. media, it must be said.)
In recent years, some tech companies with very large user-bases have also been shown to make high-profile stances championing user privacy which inexorable sets them on a collisioncourse with governments national security priorities.
Consider how Apple and WhatsApp have recently challenged law enforcement authorities demands to weaken their security system and/or access encrypteddata, for instance.
Apple most visibly in the case of the San Bernardino terrorists locked iPhone where the Cupertino company resisted a demand by the FBI that it write a new version of its OS to weaken the security of the device so it could be unlocked. (In the event, the FBI paid a third-party organization for a hacking tool that apparently enabled it to unlock the device.)
WhileWhatsApp aside from the fact the messaging gianthas rolled out end-to-end encryption across its entire platform, thereby vastly lowering the barrier to entry to the tech for mainstream consumers has continued resisting police demands for encrypted data, such as in Brazil, where the service has been blocked several times as a result, on judges orders.
Meanwhile, in the U.K., the legislative push in recent years has been to expand the investigatorycapabilities of domesticintelligence agencies with counterterrorism the broad-brush justification for this push tonormalize mass surveillance.
The current government rubber-stampedthe hugely controversial Investigatory Powers Act at the back end of last year which puts intrusive powers that had been used previously, without necessarily being avowed to Parliament and authorized via an antiquated legislative patchwork, on a firmer legal footing including cementing a series of so-called bulk (i.e. non-targeted) powers at the heart of the U.K. surveillance state, such asthe ability to hack into multiple devices/services under a singlewarrant.
So the really big irony of Rudds comments is that the government has already afforded itself swingeing investigatorypowers evenincluding the ability to require companies to decrypt data, limit the use of end-to-end encryption and backdoor serviceson warranted request. (And that before you even consider how muchintel can profitably be gleaned by intelligence agencies looking atmetadata which end-to-end encryption does not lock behind an impenetrable wall.)
Which begs the question why Rudd isseeminglyasking tech companies for something her government has already legislated to be able to demand.
stop this stuff even being put up
Part of this mightbe down tointelligence agencies being worried thatits getting harder (and/or more resource intensive) for them to prioritizesubjects of interestbecause the more widespread use of end-to-end encryption means they cant aseasily access and read messages of potential suspects. Instead they might have to directly hack an individuals device, for instance, which they have legal powers to do should they obtain the necessary warrant.
And its undoubtedly true that agenciesuse of bulk collection methods means they are systematically amassing more and more data, which needs to be sifted through to identify possible targets.
So the U.K. government mightbe testing the waterto make a fresh case on the agencies behalf to push forquashing the rise ofe2e encryption. (And its clear that at least some sections of the Conservative party do not have the faintest idea of howencryption works.) But, well, good luck with that!
Either way, this is certainlya PR war. And perhaps most likely one in which the U.K. government isjockeying for position toslapsocial media companies with additional extremist-countering measures, as Rudd has hinted are in the works.
Something that, while controversial,is likely to be less sothan trying to ban certain popular apps outright, or forcibly outlaw the use ofend-to-end encryption.
On taking action against extremist content online, Ruddtold Marrthe best people to solve the problem arethose who understand the technology, who understand the necessary hashtags to stop this stuff even being put up. Which suggests the government is considering asking for more preemptive screening and blocking of content. Ergo,some form of keyword censoring.
One possiblescenario might be that when a usertriesto post a tweet containinga blacklisted keyword theyareblocked from doing so until theoffending keyword is removed.
Security researcher, and former Facebook employee, Alec Muffettwasted no time branding thishashtag concept chilling censorship
Butmainstream users might well be a lot more supportive of proactive and visible action to try to suppress the spread of extremist material online (however misguided such an approach might be). The fact Rudd is even talking in these terms suggests the government thinks its a PR battle theycould win.
We reached out to Google, Facebook and Twitter to ask for a response to Ruddscomments. Google declined to comment, and Twitter had not responded to ourquestionsat the time of writing.
Facebook provided a WhatsApp statement, in whicha spokesperson saidthecompanyis horrified by the attack carried out in London earlier this week and are cooperating with law enforcement as they continue their investigations. But they did not immediatelyprovide a Facebook-specific response to being summoned by the U.K. government for discussions about tackling online extremism.
The companyhas recently been facing renewedcriticism in the U.K. for how it handles complaints relating to child safety,as well asongoing concerns in multiple countries about how fake news spreads across its platform. On the latter issue,its been working with third-party fact-checking organizations to flag disputed content in certain regions. While on the issue of illegal hate speech in Germany, Facebookhas said it is increasing the number of people working on reviewing content in the country, andclaims to be committed to working with the government and our partners to address this societal issue.
It seems highlylikely the social media giantwill soon have a fresh set of political demandson its plate. And that humanitarian manifestoFacebook CEO Mark Zuckerberg penned in February, in which he publicly grappledwith some of the societal concernsthe platform is sparking, is already looking in need of an update.