The UK government’s attempts to ease the passage of the hugely controversial Investigative Powers Bill continued this week with a Telegraph opinion piece from William Hague (former First UK Secretary of Sate and former leader of the Conservative Party): The Brussels attacks show the need to crack terrorist communications.
In this piece Hague continues the usual confused approach over encryption while concentrating on the need for bulk data collection and retention. Discussing the Brussels terrorists he comments, “the mobile phones they carried had evidently not been used before and showed no record of texts, chat or emails. Whatever means of co-ordination they used, it was sufficiently private or encrypted that the authorities do not seem to have been aware of it.”
Nevertheless he continues on the standard theme that what amounts to mass surveillance will help the intelligence agencies discover what he has just admitted wasn’t there, while simultaneously demonizing the Snowden whistleblowing. Lee Munson, a researcher with Comparitech suggests that Hague is ‘sadly deluded’.
Security expert and commentator David Harley is more measured. Hague, he suggests is basing his arguments on at least two assumptions. Firstly, that “since intelligence agencies weren’t aware of whatever messages may have been passed between the terrorists, they must have been been using super-private, super-encrypted technology. Actually it’s at least as likely that they were communicating by such lo-tech routes that they didn’t show up on the authority’s radar.”
This is one of the arguments against bulk collection for intelligence purposes – if you keep making the haystack bigger, it will simply become more difficult to find the needle. Surveillance needs to be better targeted rather than more widely spread.
The second concern is that Hague is trying to differentiate bulk collection from mass surveillance when it is effectively, if not semantically, the same thing. Even then, wonders Harley, “if bulk data interception didn’t pick up relevant traffic on this occasion, will spending more money on it help? Or will we have to lean further in the direction of mass surveillance?”
The problem, he suggests, is that “The distrust of government intrusion that Hague describes as paranoia is not going to be reduced if further reduction of privacy is called for on such speculative grounds.”
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Sysdig Introduces CNAPP With Realtime CDR
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Zoom Expands Privacy Options for European Customers
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
- Quantum Decryption Brought Closer by Topological Qubits
- IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
- CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief
Latest News
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
