MI5 boss Andrew Parker has stepped up the pressure on internet and comms providers to notify intelligence agencies of potentially serious crimes plotted on their platforms, claiming they have an “ethical responsibility” to do so.
In the first ever live interview of a serving MI5 director general, Parker claimed terrorists are using “secure apps and internet communication to try to broadcast their message and to incite and direct terrorism amongst people who live here.”
He called for international agreements between internet providers, many of which are based in the United States, and law enforcement agencies globally.
“It’s in nobody’s interest that terrorists should be able to plot and communicate out of the reach of any authorities with proper legal power,” he told the BBC Today Programme.
Having had its ‘Snooper Charter’ blocked by coalition partners the Lib Dems in the last parliament, the Tories are set to re-introduce controversial elements of the legislation designed to increase the state’s surveillance powers.
Parker was careful to maintain it was for parliament to decide exactly what those powers are, although he made the point several times that the law needs updating to “keep pace with technological change.”
He was referring here in part to strong encryption, which is increasingly being built into online services and which effectively means intelligence agencies cannot monitor the conversations of suspects – even if they do get approval to do so.
Parker stressed MI5 was not about “browsing the private lives of citizens” and did not have “population scale monitoring or anything like that” – alluding to the dragnet surveillance programs of the NSA and GCHQ revealed by the Edward Snowden leaks.
MI5 has stopped six terrorist attempts in the past 12 months alone – the highest number in Parker’s 32-year career, he claimed.
Nithin Thomas, founder of encryption firm SQR Systems, agreed with Parker that technology has advanced faster than the law.
“The latest end-to-end security measures used by services like Apple’s iMessenger have focused purely on offering end-to-end protection of data without any consideration for the organizations that own the data and the legal obligations they have to meet,” he explained.
“I believe the onus is on organizations to invest in gaining more control over the data they handle, and enable access when necessary in a more transparent way that is fully compliant to the legislation. This needs to be a universal standard across all forms of communication, not limited to a few select services.”
The next generation of encryption products will allow organizations to meet legal requirements without impacting privacy and security, Thomas added.
Yet internet and comms providers claim it would be impossible to give intelligence agencies backdoor access to their products without the risk of these details eventually falling into the wrong hands – endangering the security and privacy of hundreds of millions of customers.