CHAPTER 4: TECHNOLOGY
Alan Woodward has warned that moves to ban encryption could result in those who
wish to do harm using steganography instead.82
Will the encryptors always win?
4.58.
The efficacy of legislation aimed at combating encryption has been questioned by
some, as there are ways to avoid detection.83
4.59.
There is force in the argument: but it reckons without human fallibility. Fingerprint
databases are a staple of police work, despite the fact that criminals need only wear
gloves to render them useless. Similarly, even when encryption cannot easily be
broken or circumvented, criminals will not always operate it properly. Thus:
(a)
FBI General Counsel Caproni told the US Congress at a hearing about
changing technologies in 2011 that the majority of targets “tend to be somewhat
lazy, and a lot of times resort to what is easy”.84 However, some argue that due
to the expansion of encryption, targets are likely to end up using it. The growth
of encryption by default settings makes encryption easier.
(b)
As Lord Carlile QC explained to the JCDCDB in 2012, criminals still make calls
on lines that are listened to and send texts that can be tracked.85
(c)
The 2014 investigation by the ISC into the murder of Fusilier Lee Rigby
revealed that one of those responsible, Michael Adebowale, used his landline
to communicate with a member of Al-Qaida in the Arabian Peninsula.
4.60.
End-to-end encryption can provide a high level of privacy for the content of
communications. However, pattern analysis of communications data can still identify
targets. As Charles Farr of the Office for Security and Counter-Terrorism [OSCT]
explained to the JCDCDB: “if you have the right kind of data, issues of anonymisation
cease to be a significant problem”.86 The ISC Privacy and Security Report noted that
bulk interception was chiefly to GCHQ not for the content of communications so much
as for “the information associated with those communications”.87
4.61.
Establishing patterns via communications data becomes more difficult when a greater
proportion of communications data are encrypted or there are less communications
data. The amount of communications data visible to CSPs is decreasing because OTT
providers, increasingly use Secure Sockets Layer88 (SSL) to provide encryption. This
means that communications data such as the sender and recipient of an email are not
visible to the CSP. When SLL is used the CSP will only see that the message is to be
delivered to the particular OTT provider. As mentioned earlier, OTT providers are
usually based overseas and so ease of access to this communications data by law
82
83
84
85
86
87
88
“Viewpoint: Criminals can hide data in plain sight”, BBC Website, 28 August 2012. He reiterated his
warning on 12 January 2015 on Twitter: https://twitter.com/profwoodward.
Jimmy Wales, JCDCDB, Oral Evidence, p. 196.
Jonesing for Privacy, p. 542.
JCDCDB, Oral Evidence, p. 279.
Ibid. p. 11.
ISC Privacy and Security Report, para 80.
Websites which use secure sockets layer start with https.
64