Encrypted communication 'biggest problem' in tackling terrorism, Europol warns

The European agency says tracking and monitoring terrorist suspects is increasingly difficult in a world where encryption is becoming commonplace.
Written by Charlie Osborne, Contributing Writer

Monitoring threats to national security is becoming increasingly difficult as tech companies ramp up encryption efforts, Europol has warned.

The European Police Office's Director, Rob Wainwright, says sophisticated, encrypted online communication and hidden areas of the Internet -- known as the Dark web -- are creating problems in tracking and monitoring terrorist suspects.

Speaking to the BBC as part of 5 Live Investigates, the Europol executive said sophisticated online communication is "the biggest problem" law enforcement officers face in this duty.

"It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," Wainwright told the news agency. "It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore."

Europol says encrypted communications is often central to terrorist operations. As an example, Rodrigo Bijou from data solutions provider The Data Guild told attendees at Kaspersky's Annual Security Summit in February that groups such as ISIS and Al Qaeda are using online forums to spread propaganda, and are both developing their own communication tools and using encrypted offerings from the marketplace to communicate and organize activities.

In addition, the director says terrorists are using the Dark web more frequently in order to keep their activities away from spying eyes.

As a result, Wainwright believes technology companies should consider the effect encryption has on law enforcement.

While companies including Apple are using end-to-end encryption protocols to secure consumer devices and Google declared to do the same through the Android operating system -- although later had to backtrack because of old device compatibility issues -- the development of heavily encrypted instant messaging applications is also a cause for concern, according to Wainwright.

One could argue that law enforcement and intelligence agencies have caused an explosion of interest in encryption due to their own abuse of power and far-reaching surveillance goals. Confidential documents leaked to the media by ex-National Security Agency (NSA) contractor Edward Snowden revealed the scope of the US intelligence agency's spying operations, as well as the UK's GCHQ operations which included the bulk metadata collection of consumer data, wiretapping and the use of backdoors.

See also: Feds only have themselves to blame for Apple and Google's smartphone encryption efforts

The Snowden disclosures broke trust between government, technology agencies and the general public -- which unsurprisingly acted as a catalyst for encryption as tech giants battled to restore consumer faith. Despite this, Wainwright says that Europol is "disappointed" by the position taken by most tech companies by pushing encryption by default policies.

Wainwright said:

"It only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet. [Technology companies] are doing it, I suppose, because of a commercial imperative driven by what they perceive to be consumer demand for greater privacy of their communications."

The director also revealed during the interview that Europol is currently setting up a "European Internet Referral Unit" to find, identify and potentially remove websites used by terrorist groups.

In February, Europol joined forces with law enforcement agencies around the globe to take on the Ramnit botnet, a network which enslaved approximately 3.2 million computers worldwide. Together with tech firms including Microsoft, Symantec and AnubisNetworks, the botnet's operations have been disrupted and a total of 300 Internet domain addresses used by the botnet's command and control center (C&C) were redirected.

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards