Encryption puts terrorists beyond the reach of law, says MI5 chief

Shifts in technology are making it harder to track how criminals are communicating online, says the UK's security service head.
Written by Steve Ranger, Global News Director

The use of encryption and secure messaging apps is making it harder for intelligence agencies to track terrorists, the head of MI5 has said.

The director general of the UK security service Andrew Parker warned that new laws are needed to give police and intelligence agencies access to encrypted communications and that tech companies themselves should be more willing to hand over messages that could help catch criminals.

In an interview with the BBC, Parker said: "We all live our lives with our smartphones in our pockets. The terrorists do the same and they are using secure apps and internet communication to try to broadcast their message and to incite and direct terrorism."

While there has been increasing concern about the mass collection of data by intelligence agencies, Parker said that if MI5 is "to find and stop the people that mean us harm" then it needs to be able to "navigate the internet to find terrorist communication. We need to be able to use datasets so we can join the dots to be able to find and stop the terrorists who mean us harm before they are able to bring plots to fruition."

MI5 said that checking through large amounts of data is very often the only way the organisation can track down terrorists. It said communications data -- the details of who is calling who and when -- is used in all of its investigations. It said, for example, that analysing communications data was crucial in identifying a group in the final stages of planning to blow up the London Stock Exchange and other locations in 2010. The agency said it was able to quickly identify links between the individuals, which would otherwise have been extremely difficult to work out.

But Parker said shifts in technology and the use of encryption are now creating a situation in which police and security agencies can no longer obtain "communications between people who they have reason to believe are terrorists".

He said: "That is a very serious issue, it requires that there is a legal framework to authorise but also requires the cooperation of the companies who run and provide services over the internet that we all use and it's in nobody's interests that terrorists should be able to plot and communicate out of the reach of any authorities with proper legal power."

How intelligence agencies will be able to access encrypted communications remains unclear.

The UK government intends to introduce new legislation this autumn that will require internet companies to retain more data about their customers' communications and browsing data so it can be used by police and intelligence agencies. However, as many of the companies providing encrypted communications are based in the US, any new UK law is unlikely to have much impact on them.

"It is important into the future not only that there is a clear law in countries like Britain as there is now (but updated), but also that there is international agreement and arrangements whereby companies have a confident basis on which to cooperate with agencies like mine and with the police in order to protect society and of course their customers from people who want to do them harm," Parker said.

The debate over encryption goes back decades: since the 'crypto wars' in the 1990s, the use of encryption has become increasingly widespread -- although documents revealed by NSA contractor-turned whistleblower Edward Snowden revealed how intelligence agencies have been trying to crack and undermine encryption every since.

Privacy campaigners argue that intelligence agencies already have access to vast amounts of data and that encrypted conversations are an essential tool for those living under oppressive regimes to protect their communications.

More stories on surveillance and cybercrime

Editorial standards