CHAPTER 4: TECHNOLOGY
Documents, crypto-parties (gatherings where hosts teach guests, who bring their
digital devices, how to download and use encrypted email and secure internet
browsers) had begun to take place in a number of countries, with the aim of bringing
“crypto to the masses”.61 In January 2014 the British Government launched a
campaign called Cyber Streetwise, urging individuals and businesses to protect
themselves online.
4.48.
Privacy-enhancing changes introduced by Apple in 2014 include encrypting data by
default on iPhone devices, a move also made by Google in respect of Android devices.
WhatsApp has followed this lead by providing end-to-end encryption for
communications. Apple also provides encryption by default on its latest operating
systems for laptop and desktop computers. Encryption has been a setting on Apple
and Google devices for some years, but now the onus is on the customer to opt out.
The encryption of material on the device is now user-controlled, meaning whilst
previously Apple could unlock any device using a key that it controlled, it is now unable
to unlock iOS 8 devices.
4.49.
The level of concern about this trend amongst security and intelligence agencies is
demonstrated by the accusation levelled at US service providers by the head of GCHQ
that they are becoming the “command and control network of terrorists”.62 This is a
reference to the fact that terrorists are making increasing use of encryption
technologies in order to hide their communications. In 2014, the Director of the Federal
Bureau of Investigation in the United States [FBI], suggested that the “post-Snowden
pendulum has swung too far’’,63 and on 11th January 2015 UK Prime Minister David
Cameron announced that if he is leading the next government, he will introduce
legislation in 2016 to eliminate “safe spaces” for terrorists to communicate.64
4.50.
However, there are many strands to the encryption debate. A number of Snowden
Documents refer to encryption. For example, according to a Briefing Sheet said to
relate to an NSA programme called BULLRUN, “[i]n recent years there has been an
aggressive effort, led by NSA, to make major improvements in defeating network
security and privacy among many sources and methods.” An excerpt said to be found
in an NSA 2013 Budget Report describes a project called “SIGINT Enabling” as one
which “actively engages US and foreign IT industries to covertly influence and/or
overtly leverage their commercial products designs”.65 Amongst other things, the
program is designed to “insert vulnerabilities into commercial encryption systems” and
“influence policies, standards and specifications for commercial public key
technologies”. It further states that “design changes make the systems in question
exploitable through Sigint collection … with foreknowledge of the modification. To the
consumer and other adversaries, however, the systems’ security remains intact”.66
The BULLRUN Briefing Sheet states that “virtually all decryption is done by PTD
61
62
63
64
65
66
See http://www.cryptoparty.in/.
“GCHQ chief accuses US tech giants of becoming terrorists’ networks of choice”, The Guardian, 3
November 2014.
“FBI Chief Comey Hints at Phone Encryption Regulations Suggesting the Pendulum of Privacy has
‘Swung too Far’”, iDigitalTimes website, 17 October 2014.
“David Cameron pledges anti-terror law for internet after Paris attacks”, The Guardian, 12 January 2015.
The term [SIGINT] is used to refer to Signals Intelligence.
“Secret Documents Reveal NSA Campaign against Encryption”, NY Times, 5 September 2013.
61