A former head of MI5 has spoken out against curtailing use of encryption in messaging apps despite warning that Islamist terrorism will remain a threat for up to another 30 years.
Jonathan Evans said the terrorist threat to Britain was a generational problem, and suggested the Westminster Bridge attack in March may have had an energising effect on extremists.
Without encryption, everything sent over the internet from credit card details to raunchy sexts is readable by anyone who sits between you and the information’s recipient. That includes your internet service provider, and all the other technical organisations between the two devices, but it also includes anyone else who has managed to insert themselves into the chain, from another person on the same insecure wireless network to a state surveillance agency in any country the data flows through.
With encryption, that data is scrambled in such a way that it can only be read by someone with the right key. While some older and clumsier methods of encryption have been broken, modern standards are generally considered unbreakable even by an attacker possessing a vast amount of computer power.
But while encryption can protect data that it is vital to keep secret (which is why the same technology that keeps the internet encrypted is used by militaries worldwide), it also frustrates efforts by law enforcement to eavesdrop on terrorists, criminals and spies.
That’s particularly true for end-to-end encryption, where the two devices communicating are not a user and a company (who may be compelled to turn over the information once it has been decrypted), but two individual users.
But Lord Evans, who retired from the security service in 2013, told BBC Radio 4s Today programme that he would not support a clampdown on use of encryption.
His comments came after Amber Rudd, the home secretary, argued that internet companies were not doing enough to tackle extremism online. She has previously singled out the use of encryption as a problem.
Acknowledging that use of encryption had hampered security agencies efforts to access the content of communications between extremists, Evans added: Im not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly.
While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face. The way in which cyberspace is being used by criminals and by governments is a potential threat to the UKs interests more widely.
Its very important that we should be seen and be a country in which people can operate securely thats important for our commercial interests as well as our security interests, so encryption in that context is very positive.
After the home secretarys intervention at the Global Internet Forum to Counter Terrorism in California this month, the companies taking part said they were cooperating to substantially disrupt terrorists ability to use the internet in furthering their causes, while also respecting human rights.
Looking ahead, Evans warned of the threat of a cyber-attack against the internet of things the networking of physical devices, ranging from cars to lightbulbs to TVs as a major issue.
As our vehicles, air transport, our critical infrastructure is resting critically on the internet, we need to be really confident that we have secured that because our economic and daily lives are going to be dependent on the security we can put in to protect us from cyber-attack, he said.
But the threat of Islamist terrorism was likely to remain at the fore for 20-30 years, he warned.
Were at least 20 years into this. My guess is that we will still be dealing with the long tail in another 20 years time I think this is genuinely a generational problem, Evans said.
I think that we are going to be facing 20 or 30 years of terrorist threats and therefore we need absolutely critically to persevere.
He said the London bombings in July 2005 triggered an energising effect on the extremist networks in the UK, and thought there would be a similar feeling after the Westminster Bridge attack.
We did see a huge upsurge in threat intelligence after 7 July and I suspect that theres the same sort of feeling in the period after the Westminster Bridge attack that a lot of people who thought Id like to do this suddenly decided Yep, if they can do it, then I can do it.
Since the atrocity in March, there have been attacks in Manchester, London Bridge and Finsbury Park.
Evans, now an independent crossbencher in the House of Lords, also told the programme he would be surprised if Russia had not attempted to interfere with British democracy, after repeated allegations of Kremlin interference in foreign elections.
He said: It would be extremely surprising if the Russians were interested in interfering in America and in France and in various other European countries but were not interested in interfering with the UK, because traditionally I think we have been seen as quite hawkish and therefore I would be surprised if there had not been attempts to interfere with the election.
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 184.108.40.206 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018
- Azure Search enterprise security: Data encryption and user ... - January 26th, 2018
- Skype finally getting end-to-end encryption | Ars Technica - January 13th, 2018
- FBI chief says phone encryption is a 'major public safety issue' - January 13th, 2018
- Encryption and Export Administration Regulations (EAR) - December 27th, 2017
- Key (cryptography) - Wikipedia - December 21st, 2017
- security - Fundamental difference between Hashing and ... - December 15th, 2017
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017
- Trumps DOJ tries to rebrand weakened encryption as responsible ... - October 11th, 2017
- How to encrypt (almost) anything | PCWorld - September 22nd, 2017
- Private Internet Access | VPN Encryption - September 21st, 2017
- Encryption Substitutes | Privacy | Encryption - September 21st, 2017
- Data Encryption: Hardware & Software Security: Online ... - September 21st, 2017
- How To Enable BitLocker Drive Encryption In Windows 10? - September 21st, 2017
- PGP Encryption Tool - iGolder - September 21st, 2017
- encryption - How to encrypt String in Java - Stack Overflow - September 21st, 2017
- Encryption Software Market, Size, Trends and Forecast 2020 - September 21st, 2017
- Encryption Definition - Tech Terms - September 20th, 2017
- Why You Should Be Encrypting Your Devices and How to Easily Do It - Gizmodo - September 6th, 2017
- Black Hats, White Hats, and Hard Hats The Need for Encryption in Mining and Resources - Australian Mining - September 6th, 2017
- How can enterprises secure encrypted traffic from cloud applications? - TechTarget - September 6th, 2017
- Encryption Explained - Arizona Daily Wildcat - September 6th, 2017
- News in brief: Call to link encryption to ID; Facebook maps everyone ... - Naked Security - September 2nd, 2017
- 'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption - The Register - September 2nd, 2017
- High-Dimensional Quantum Encryption Performed in Real-World ... - Futurism - September 2nd, 2017
- It's Time to Replace Your Encryption-Key Spreadsheet - Data Center Knowledge - September 2nd, 2017
- Legislation to limit smartphone encryption 'may be necessary,' deputy AG Rosenstein says - Washington Times - August 31st, 2017
- Cloud Encryption Market by Component, Service Model, Organization Size, Vertical And Region - Global Forecast to ... - Markets Insider - August 31st, 2017
- Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings - Hashed Out by The SSL Store (registration) (blog) - August 31st, 2017
- Encryption in Office 365 - Office 365 - August 29th, 2017
- Need-to-Know Only: Use Encryption to Make Data Meaningless to ... - Security Intelligence (blog) - August 29th, 2017
- Four strategies to prevent data encryption from hijacking your network - Digital News Asia - August 29th, 2017