US tech companies are not doing enough to help UK police and intelligence agencies by handing over their customers' data and communications, according to a government expert.
A report by Nigel Sheinwald, the Prime Minister's special envoy on intelligence and law enforcement data sharing, said that UK law enforcement still struggles to get access to information it requires.
He said that since September last year, UK law enforcement has worked with the companies on the most urgent requests, particularly in the areas of counter-terrorism and other threat-to-life and child-protection cases. He noted: "The companies' assistance in these cases has improved, showing the value of active engagement with them."
But he added: "Cooperation remains incomplete, and the companies and governments concerned agree that we need to work on longer term solutions."
Last year Shienwald was given the job of trying to persuade foreign governments, and US communications companies in particular, to give UK police and intelligence agencies more access to their data, in order to tackle threats to national security or for the "prevention or detection of serious crime".
It's likely to prove an uphill struggle. The revelations from NSA contractor-turned-whistleblower Edward Snowden uncovered the scale of internet snooping by intelligence agencies on both sides of the Atlantic, which is why many tech companies started encrypting traffic and customer data in the first place. Some have implemented end-to-end encryption, which means even if they are asked for the data they cannot provide it because they don't have the key.
For some companies, like Apple, it has become a fundamental moral stance in defence of individual privacy.
"If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life," Apple CEO Tim Cook warned recently.
The summary of Shienwald's report acknowledges some of these issues. He said access to these sorts of private communications "play a vital part in keeping our country safe -- whether it be to ascertain the location of a kidnapped child, or to obtain information about terrorists' attack planning".
But he said technological change -- "in particular the growth of encryption and the rise of new market entrants and different types of platform" -- is making it harder to access data in a readable format.
"New companies are increasingly pushing their offer of 'end-to-end' encryption and storing content on users' own devices rather than in data centres," he said.
In addition there are complex legal conflicts between different jurisdictions, in particular from the US Wiretap and Stored Communications Acts, which prohibit the disclosure of the content of electronic communications stored or intercepted in the US. "The Snowden leaks provide a challenging backdrop to this work and have increased the focus on the debate around privacy and security," added Shienwald.
He said cooperation between governments should be improved, and added: "There is scope for greater data sharing between like-minded countries, where threats are often shared."
According to Shienwald, the US/UK Mutual Legal Assistance Treaty (MLAT) should be reformed. This is used to obtain information to an evidential standard from other jurisdictions, but the process is widely criticised for being slow and unresponsive (it can take up to nine months) and bureaucratic (hard copies of legal documents are couriered across the Atlantic).
The report also proposed building a system to allow "certain democratic countries" to gain access to private communications data in serious crime and counter-terrorism cases through direct requests to the companies. "This proposal offers a sustainable and longer-term solution to data sharing and would aid in resolving interjurisdictional issues," the report claimed.
Shienwald also said the UK government should look at being more open about the number and nature of requests to overseas and domestic communications companies and noted: "Relationships with the companies also need to be better coordinated, linking the business, technological and security aspects of those relationships."
More stories on surveillance and cybercrime
- Inside the secret digital arms race: Facing the threat of a global cyberwar
- Surveillance laws need rethink, but bulk collection of web data will continue
- The undercover war on your internet secrets: How online surveillance cracked our trust in the web
- The impossible task of counting up the world's cyber armies
- Encryption: More and more companies use it, despite nasty tech headaches