The intelligence services and the government have become increasingly vocal in campaigns for access to the contents of the public’s encrypted messages on Facebook, WhatsApp and other encrypted messaging services.
Government and industry attempts to develop a technical solution that will both preserve the integrity of communications and allow the state to bulk scan messages for criminal content have floundered.
Apple suspended its plans to install software on smart phones to automatically scan and report child abuse material in messages before they are encrypted. Top computer scientists and cryptographers had condemned the scheme as unworkable, vulnerable to abuse and a step towards bulk surveillance without warrant or suspicion. The former CEO of GCHQ’s National Cyber Security Centre, weighed-in to argue that end-to-end encryption must be permitted unless a technical compromise can be found that is acceptable to the tech industry and cryptography experts.
In practice, law enforcement and intelligence agencies have turned to “equipment interference” (also known as Computer Network Exploitation or hacking), to bypass end-to-end encryption altogether.
Police forces in the UK, Europe and the US collaborated in three major operations to hack into encrypted phone networks used by organised crime groups, leading to thousands of arrests world-wide.
The use of equipment interference to access encrypted phone messages has far reaching implications for the future use of intercept evidence in court.
For the past 65 years, the UK has banned the use of intercept evidence in court hearings. Following a legal decision in February, intercept evidence obtained through “equipment interference” can now be placed before juries.
1. EncroChat: Appeal court finds ‘digital phone tapping’ admissible in criminal trials
Judges have decided that communications collected by French and Dutch police from the encrypted phone network EncroChat using software “implants” are admissible evidence in British courts.
UK law prohibits law enforcement agencies from using evidence obtained from interception in criminal trials, but three judges found on 5 February 2021 that material gathered by French and Dutch investigators and passed to the UK’s National Crime Agency were lawfully obtained through “equipment interference”.
“Today’s verdict implies that intercepting, or ‘tapping’ – copying other people’s live private calls and messages – has no clear meaning in the digital age,” said Duncan Campbell, who acted as a forensic expert in the case for defendants.
2. Police crack world’s largest cryptophone network as criminals swap EncroChat for Sky ECC
When the French gendarmerie, Dutch police and the UK’s National Crime Agency (NCA) infiltrated the EncroChat encrypted phone network last summer, organised crime groups around the world opted to switch to a new phone supplier.
That supplier was Sky ECC, now the largest supplier of crypto communications worldwide, with 70,000 customers.
Sky ECC bills itself as the “most secure messaging platform you can buy” and is so confident of the impregnability of its systems that it offers a handsome reward for anyone who can break the encryption of one of its phones.
But in a re-run of last year’s French and Dutch operation against the EncroChat encrypted phone network, Belgian and Dutch police were able to infiltrate the platform and harvest hundreds of thousands of supposedly unbreakable messages.
3. FBI planned a sting against An0m cryptophone users over drinks with Australian investigators
Three years ago, the FBI began planning a sophisticated sting that led to the arrests of 800 suspected organised criminals in raids around the world.
Police have since carried out hundreds of searches, seized drugs, firearms, luxury vehicles and cash in co-ordinated operations across multiple countries.
The targets were organised crime groups which had placed their trust in an encrypted phone application called An0m to arrange drug deals, kidnappings and assassinations.
An informer working for the FBI sold An0m Android phones on the black market, claiming it offered users highly secure encrypted messaging services.
4. Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks
Home secretary Priti Patel used a conference organised by the National Society for the Prevention of Cruelty to Children (NSPCC) to warn that end-to-end encryption will severely erode the ability of tech companies to police illegal content, including child abuse and terrorism.
The home secretary’s intervention is the latest salvo in a long-running battle by ministers and the intelligence services against the growth of end-to-end encryption.
Speaking at a roundtable organised by the NSPCC to discuss the “next steps to securing child protection within end-to-end encryption”, Patel warned that end-to-end encryption could deprive law enforcement of millions of reports of activities that could put children at risk.
5. How Samlesbury, Lancashire became the home of the National Cyber Force
The battle to win the headquarters of the UK’s National Cyber Force (NCF) has been quietly fought out of the public eye for the past 12 months.
Samlesbury, in Lancashire’s Ribble Valley, saw off stiff competition from Manchester, the home of GCHQ’s northern office, to become the site of the UK’s headquarters for military operations in cyber space against nation states, terrorists and criminals.
The arrival of the NCF brings with it an investment of £5bn to the Lancashire economy, the largest seen in the area for 50 years.
In its wake is the promise of high-tech jobs to an area that has been struggling with lower-than-average wages and a shortage of highly skilled jobs.
6. Surveillance expert ‘unfairly’ refused job at intelligence regulator after MI5 intervened
One of the leading experts in UK surveillance law was “unfairly” refused security clearance for a senior role overseeing the intelligence services after MI5 raised “serious reservations” over his former associations with privacy campaigning groups.
Eric Kind, a visiting lecturer at Queen Mary University London specialising in criminal justice and surveillance technologies, had been due to become the first head of investigations at surveillance watchdog, the Investigatory Powers Commissioner’s Office (ICPO).
Kind had high-level support from the ICPO and current and former members of the police and intelligence services, including David Anderson, the former independent reviewer of terrorism legislation, for the job.
But the Home Office reversed a decision to give him security clearance after MI5 raised concerns that his work with non-governmental organisations to reform surveillance meant he was “insufficiently deferential to the sanctity of confidentiality”, it emerged today.
7. Government use of ‘general warrants’ to authorise computer and phone hacking is unlawful
The security and intelligence services cannot use “general warrants” to indiscriminately hack into large numbers of mobile phones and computers in the UK, judges have decided.
The High Court ruled on 8 January that it was unlawful for GCHQ and MI5 to use the warrants issued under Section 5 of the Intelligence Services Act to interfere with electronic equipment and other property.
The judgment means that targets for equipment interference – government language for hacking – will have to be scrutinised by a secretary of state, rather than being left to the discretion of intelligence agencies. Warrants will only be lawful if they are specific enough for the targeted equipment to be objectively ascertainable.
8. CIA sought revenge against Julian Assange over hacking tool leaks, court hears
The CIA wanted revenge against WikiLeaks founder Julian Assange after WikiLeaks published documents about the CIA’s surveillance tools, a court heard.
Lawyers for Assange told court judges that the Vault 7 leak – which disclosed the CIA’s hacking capabilities – provoked a desire for blood and vengeance from the US intelligence community.
They told the court that US agents discussed plans to forcibly remove Assange from the Ecuadorian embassy by kidnapping him and had discussed the idea of poisoning him.
The claims were made on the second day of an appeal by the US government against a UK court’s decision not to extradite Assange to face charges in the US.
9. EU recognises UK data protection adequacy – but with a warning
Businesses in the UK will be able to continue to exchange data with Europe following a long-awaited decision that the UK’s data protection regime is compatible with Europe’s data protection rules.
After a year of talks between the UK and European Union (EU), the European Commission (EC) granted adequacy status to the General Data Protection Regulation and the Law Enforcement Directive.
The decision comes with a four-year sunset clause and “strong safeguards” that allow the EU to revoke adequacy if the UK’s data protection laws diverge significantly from the EU’s in the future.
Conservative ministers and backbenchers have proposed watering down the UK’s data protection regime as part of a move to cut red tape and boost the competitive position of the UK following Brexit.
“We are talking about a fundamental right of EU citizens that we have a duty to protect,” said Věra Jourová, vice-president for values and transparency at the EC. “This is why we have significant safeguards, and if anything changes on the UK side, we will intervene.
10. Pandora Papers: How journalists mined terabytes of offshore data to expose the world’s elites
The Pandora Papers revealed how politicians, celebrities, royalty and fraudsters use offshore tax havens to hide assets, secretly buy property, launder money and avoid taxes.
More than 600 journalists in 117 countries collaborated, using data tools to extract hidden connections between offshore companies and wealthy elites who used tax havens to hide their financial activities. Their investigation embarrassed politicians, royalty, celebrities and oligarchs worldwide.