Wah, encryption makes policing hard, cries UK's National Crime Agency

Ever since Snowden it's been the default – report


Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain.

"Since 2010, communication service providers have migrated to encrypted services 'by default', a process that accelerated following the Snowden disclosures," said the National Strategic Assessment of Serious and Organised Crime 2018.

"Now, the majority of internet traffic is encrypted and publicly available mobile device apps offer end-to-end encryption as standard."

Although the report acknowledged this meant enhanced privacy for users, the NCA warned the use of encryption "is impacting on law enforcement's ability to collect intelligence and evidence".

NCA director general Lynne Owens said: "This year's assessment shows that organised crime groups are exploiting digital technology, for instance using encryption to communicate, and dark web marketplaces to aid their activities."

The report warned encryption built into mainstream products would continue to expand and will offer criminals enhanced protection by default, rather than design. "The pace of these developments will continue to challenge law enforcement capability and resource, with narrowing options for mitigation," it said.

Amber Rudd

Rudd-y hell, dark web! Amber alert! UK Home Sec is on the war path for stealthy cyber-crims

READ MORE

However, the report did not cover whether the government should break encrypted services, as has been previously suggested, which could potentially lead to anyone exploiting back doors, including criminals.

On the subject of the dark web, the combination of encryption and anonymisation pose "substantial challenges to law enforcement's collection of intelligence and evidence", the NCA document stated.

In April, former Home Secretary Amber Rudd announced a £9m war chest to tackle crims using the darker recesses of the web for illegal activities, such as selling firearms, drugs, malware and people.

Rudd had previously spoken out about encryption, often prompting criticism due to her apparent lack of understanding.

Technologies such as virtual private networks and virtual currencies will support fast, "secure" and anonymous operating environments, facilitating all levels of criminality," the report said.

Unsurprisingly, a number of the security services were consulted prior to publication, including MI5 and GCHQ.

Elsewhere in the report, the NCA warned the UK remained a prime destination for money laundering. "Investment in UK property, particularly in London, continues to be an attractive mechanism to launder funds," it said. ®


Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021