Report of the Independent Surveillance Review
59
3.54
Anderson also points out, however, that law-enforcement and intelligence agencies do
not have a technological edge over their adversaries, ‘whether through crypto-analytical
power, back-door access or partnership with other agencies’.27 Equally, the agencies
‘do not look to legislation to give themselves a permanent trump card: neither they
nor anyone else has made a case to me for encryption to be placed under effective
Government control, as in practice it was before the advent of public key encryption
in the 1990s’.28
3.55
As we consider what powers of surveillance the SIAs have, there is a need for better
understanding of the benefits and disadvantages of end-to-end encryption, as well as
consensus on what data, if any, should be off-limits to authorities (and the consequences
of this decision). As it stands, there seems to be broad public agreement that agencies
such as the NCA and MI5 should be able to access data under legal and properly authorised
circumstances. Encrypted data should not, as a principle, be beyond the reach of law
enforcement; it is important that the relevant agencies are able to work with CSPs and
seek to access information that will protect the public from (imminent) threats.
The Police and Law-Enforcement Agencies
3.56
There are forty-five territorial police forces in the UK, of which the Metropolitan Police is
the largest. The NCA is a non-ministerial department set up in October 2013 to lead the
UK’s response to serious and organised crime. It combines elements of the former Serious
and Organised Crime Agency, Child Exploitation and Online Protection, National Police
Improvement Agency and the Metropolitan Police, and operates as a single national
intelligence hub. The ISR Panel visited the NCA and Metropolitan Police, and met with
representatives from the College of Policing and National Police Chiefs’ Council.
3.57
A common theme from the ISR Panel’s meetings, evidence sessions and research is that
digital intelligence is central to police and law-enforcement response in the twenty-first
century. According to the government, an estimated 95 per cent of serious and organised
crime, domestic violence and cyber-crime investigations will use communications data.
Evidence from the Metropolitan Police highlights that the majority of communications
data is sought to manage risks to vulnerable members of society, victims of crime and the
general public. Seventy per cent of urgent cases that the Metropolitan Police respond
to relate to vulnerable people – for example, those at risk of suicide, those with mental
health issues or potential victims of child sexual exploitation.
3.58
Given their often transnational nature, organised criminal groups make full use of
modern communications technologies and data mining, and the Internet facilitates
27. Ibid., p. 195.
28. Ibid., p. 195.