Shadow Home Secretary, Yvette Cooper, has added her voice to the global debate surrounding privacy and cyber security, calling for an updated and tougher approach to cyber crime. Her comments join calls for a solution to the growing security threat from across the globe.
Cyber crime is nothing new; just look how seriously the world took the threat of the ‘millennium bug’ at the close of 1999. So why, when widespread use of the Internet began to take hold at the end of the 1980’s, do we still not have effective measures and tools in place to monitor and police the digital world?
It is clear that in recent years the way we use the internet has evolved dramatically. Mobile devices, social media, and online banking are among new resources that leave individuals, organisations and governments vulnerable to attack. And there is no sign of the technology market slowing down, with new mobile devices released monthly and an array of software options being continuously tweaked and upgraded. With all this to consider it becomes clear that security services have their work cut out to keep up.
So how do you police something that adapts so quickly and is driven by corporate competition to meet consumer demand? In the UK, efforts to monitor the data circulating the digital world are governed by the Regulation of Investigatory Powers Act 2000 (RIPA). When you consider that this was put into force 14 years ago it becomes obvious why Yvette Cooper honed in on the idea that our “legal frameworks are now out of date”, particularly when laid against the massive progression made by the technology market in the same period.
This is why the Shadow Home Secretary has called for “major reforms to oversight and a thorough review of the legal framework to keep up with changing technology” as well as saying that these issues are “too important” to be ignored because they have implications “for our liberty, our security, the growth of our economy and the health of our democracy”.
In response to Ms Cooper’s speech, A Home Office spokesperson told SecurityNewsDesk that, “The Intelligence and Security Committee (ISC) is already undertaking a comprehensive review of privacy and security. This independent Parliamentary committee has significantly strengthened powers and resources since the last review of intelligence oversight that resulted in the Justice and Security Act 2013. The government strongly welcomes, and supports, the ISC’s review and looks forward to its recommendations in this important and sensitive area.”
However, Ms Cooper claims that the current Government is burying their heads in the sand hoping the issue would just go away, and it could be argued that some recent events support this.
Not only was Home Secretary Therasa May’s draft Communications Data Bill, dubbed ‘the Snoopers Charter’, outlining similar actions to those touched on by Ms Cooper, recently shelved due to fierce opposition, a bill to amend RIPA that was due a second reading on February 28th has lapsed. This bill would also have made changes to the Intelligence Services Act 1994 to “ensure judicial oversight of the use of material derived from British citizens by means of surveillance of telecommunications”. Liberal Democrat MP David Heath raised this bill in response to revelations made by Edward Snowden.
Private security
Edward Snowden, a former NSA contractor, leaked hundreds of thousands of US and UK intelligence documents because he could not “allow the US government to destroy privacy, internet freedom and basic liberties for people around the world”. He placed the value of privacy above that of security, and there is an argument that, in doing so, he drove a hole in the hull of existing cyber security efforts.
In her speech, the Shadow Home Secretary also highlighted the need for “stronger safeguards and limits to protect our privacy and sustain confidence”.
Speaking exclusively to SecurityNewsDesk, former Intelligence Officer James Abernethy[1] shared his view on the combination of privacy and security, saying, “It is very easy to sensationalise the collection of personal data by intelligence agencies, but the reality is very different. When an individual, walks down the street their sensors (eyes and ears) are collecting all of the data available, but it is all just background activity. The reality is only a very small proportion of the data your sensors have collected is processed.
“In government terms the sensors employed by the intelligence agencies ‘see and hear’ everything they can but like individuals they only react and ‘know’ what they are seeing when triggered and, more importantly, authorised to do so.”
Commenting on Snowden’s actions and calls for public debate on cyber security, Abernathy says, “It is very easy to call for a public debate on everything in our democratic process. However, one has to realise that the biggest advocates for a more public outing of intelligence processes on top of proven democratic processes already in place are the criminals and terrorists who constitute the threats.”
However, not everyone agrees with this perspective. Nick Pickles, Director of The Big Brother Watch, argues that giving intelligence agencies access to our online data what actually weakens Internet security.
“Recent revelations have made clear that the scale of intrusion on our privacy in the name of security, enabled by an explosion in digital communications, has gone far beyond any reasonable expectation or Parliamentary approval. Revelations about GCHQ actively working to undermine encryption standards, along with the NSA’s commercial partnerships to weaken security products, undermine privacy and security. By weakening internet security, for example, the outcome may be the very opposite of that intended – that criminal or terrorist elements are able to access information that they would previously have been denied, and to use it for hostile purposes.”
Nick goes on to add that, “Privacy is also a part of security, for example the concerns about a national ID card database becoming a ‘honeypot’ for hackers. If data is not collected, it cannot be lost, stolen or abused.”
An international issue
The UK’s Shadow Home Secretary is not the only one attempting to draw attention to the need for reform to the approach of policing cyber threats. For example, on the 9th of December 2013 the CEO’s of major social media and Internet providers, including Google, Twitter, AOL, Microsoft, Apple, Facebook, LinkedIn and Yahoo, wrote an open letter to Washington detailing concerns over the privacy of their clients and seeking global government surveillance reform.
And surely that is the crux of the matter, a “global” reform and response. Criminals, terrorists or hackers making use of the Internet and tools such as social media can commit a crime in one location while being physically located at the opposite end of the globe. For instance, it was recently reported that hackers have hijacked a network of over 300,000 across the world. The first discovered victims were in Eastern Europe, but now there are routers in Vietnam and around Europe as well as other countries affected. Not only is the reason for this hack unknown, neither is the origin of the hack location.
The Internet has made the world a much smaller place, and crimes conducted on, or facilitated by, the Internet require a level of unified response; particularly in the case of offences that cross international borders. For instance, British Lauri Love is currently facing extradition to the USA to face charges over allegedly hacking into US government servers. However, his lawyers “vehemently oppose” extradition, and say that as he is also under investigation by the UK National Crime Agency the matter should be settled in the UK.
Commenting on this particular case, the BBC has quoted George Venizelos, Head of the New York Office of the FBI, as saying: “Cyber-crime knows no boundaries and justice will not stop at international borders.”
The pressure is on policing and security services around the world, as the Shadow Home Secretary points out, saying, “The police and security services have been under pressure to explain why they did not know more about the murderers of Drummer Lee Rigby, and why more is not being done to disrupt the use of the internet by violent extremists looking to radicalise young people.” And these are not the only questions that need answering.
Juggling international considerations, privacy, data monitoring, political point scoring and deteriorating faith in existing measures all generate more questions that they do answers. So where do authorities begin?
Perhaps, with the ever evolving nature of cyber crime, there is only one that matters; will governments and security services ever catch up enough to institute effective measures?