This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-30191218
The article has changed 6 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Tech firms anti-terrorism efforts criticised in Rigby report | Tech firms anti-terrorism efforts criticised in Rigby report |
| (35 minutes later) | |
| The Intelligence and Security Committee (ISC)'s report into the murder of Fusilier Lee Rigby suggests there was a "significant possibility" MI5 could have prevented the attack had its agents been aware of an online exchange in December 2012 between Michael Adebowale and a person codenamed Foxtrot. | The Intelligence and Security Committee (ISC)'s report into the murder of Fusilier Lee Rigby suggests there was a "significant possibility" MI5 could have prevented the attack had its agents been aware of an online exchange in December 2012 between Michael Adebowale and a person codenamed Foxtrot. |
| "The party which could have made a difference was the company on whose platform the exchange took place," it says. | "The party which could have made a difference was the company on whose platform the exchange took place," it says. |
| However, it adds, the company "does not appear to regard itself as under any obligation" to have indentified the conversation or acted to prevent the threat of an attack becoming reality. | However, it adds, the company "does not appear to regard itself as under any obligation" to have indentified the conversation or acted to prevent the threat of an attack becoming reality. |
| "There is therefore a risk that, however unintentionally, it provides a safe haven for terrorists to communicate within." | "There is therefore a risk that, however unintentionally, it provides a safe haven for terrorists to communicate within." |
| The report does not name the service involved, but goes on to highlight the "considerable difficulty" MI5 has accessing content from six US-headquartered companies: | The report does not name the service involved, but goes on to highlight the "considerable difficulty" MI5 has accessing content from six US-headquartered companies: |
| This returns to a theme highlighted earlier this month by Robert Hannigan, the new director of GCHQ, who wrote an article for the Financial Times suggesting the tech giants were in denial over the fact their services had become "the command-and-control networks of choice for terrorists". | This returns to a theme highlighted earlier this month by Robert Hannigan, the new director of GCHQ, who wrote an article for the Financial Times suggesting the tech giants were in denial over the fact their services had become "the command-and-control networks of choice for terrorists". |
| The companies, in turn, have stressed their need to protect users' privacy. They have promised to co-operate with the authorities if surveillance requests occur under a legal framework and with oversight. | The companies, in turn, have stressed their need to protect users' privacy. They have promised to co-operate with the authorities if surveillance requests occur under a legal framework and with oversight. |
| But the ISC highlights the practical problems British authorities experience when they try to hold the companies to this commitment. | But the ISC highlights the practical problems British authorities experience when they try to hold the companies to this commitment. |
| Its report states that because the companies are US-based, they refuse to accept the UK has jurisdiction over them when it comes to lawful intercept requests and instead require authorisation from the US courts. | Its report states that because the companies are US-based, they refuse to accept the UK has jurisdiction over them when it comes to lawful intercept requests and instead require authorisation from the US courts. |
| For example, it notes that Twitter's guidelines explicitly stated that requests for tweets, direct messages, photos and other content required a "valid US search warrant". | For example, it notes that Twitter's guidelines explicitly stated that requests for tweets, direct messages, photos and other content required a "valid US search warrant". |
| In fact, the reference to the United States in this passage has since been dropped from Twitter's site, but the San Francisco-based company still states it only guarantees a response to "valid legal process issued in compliance with US law". | In fact, the reference to the United States in this passage has since been dropped from Twitter's site, but the San Francisco-based company still states it only guarantees a response to "valid legal process issued in compliance with US law". |
| Forward planning | Forward planning |
| The UK, is of course, an ally of the US, and British agencies can request their American partners seek local authorisation on their behalf. | The UK, is of course, an ally of the US, and British agencies can request their American partners seek local authorisation on their behalf. |
| The problem is that in practice, the ISC says, this only happens when there is an imminent threat to life. | The problem is that in practice, the ISC says, this only happens when there is an imminent threat to life. |
| The conversation in which Adebowale said he intended to murder a soldier occurred about four months before the attack - the implication is that this might not have qualified. | The conversation in which Adebowale said he intended to murder a soldier occurred about four months before the attack - the implication is that this might not have qualified. |
| So why aren't the tech companies flagging up spotted threats themselves? | So why aren't the tech companies flagging up spotted threats themselves? |
| The committee says it had been told the messaging service used by Adebowale had closed some of his accounts before the murder and that GCHQ believed this was because the company's automated internal checks for terrorism-related content had been triggered. | The committee says it had been told the messaging service used by Adebowale had closed some of his accounts before the murder and that GCHQ believed this was because the company's automated internal checks for terrorism-related content had been triggered. |
| Yet it notes that no person at the company had ever reviewed the contents of the accounts or passed on the material for the authorities to check. | Yet it notes that no person at the company had ever reviewed the contents of the accounts or passed on the material for the authorities to check. |
| The ISC contrasts this with the fact such companies are often quick to tip off others when it comes to suspected cases of child abuse. | The ISC contrasts this with the fact such companies are often quick to tip off others when it comes to suspected cases of child abuse. |
| "On the basis of the evidence we have received, the company does not have procedures to prevent terrorists from planning attacks using its networks," the ISC says. | "On the basis of the evidence we have received, the company does not have procedures to prevent terrorists from planning attacks using its networks," the ISC says. |
| Automated checks | Automated checks |
| The committee does, however, acknowledge that the six named US companies took different approaches to the matter. | The committee does, however, acknowledge that the six named US companies took different approaches to the matter. |
| Its report states: | Its report states: |
| For the most part, however, the ISC says the companies rely on either other users or the authorities notifying them about offensive content before taking action - an approach it suggests is ill-suited to tackling covert communications between terrorists. | For the most part, however, the ISC says the companies rely on either other users or the authorities notifying them about offensive content before taking action - an approach it suggests is ill-suited to tackling covert communications between terrorists. |
| Furthermore, it highlights that the companies' embrace of complex encryption techniques is making it even harder for GCHQ to spot potential threats in the "204 million email messages, 100,000 tweets and a million Facebook posts" sent every minute. | Furthermore, it highlights that the companies' embrace of complex encryption techniques is making it even harder for GCHQ to spot potential threats in the "204 million email messages, 100,000 tweets and a million Facebook posts" sent every minute. |
| And the report is critical of the suggestion the companies need to prioritise their users' privacy. | And the report is critical of the suggestion the companies need to prioritise their users' privacy. |
| "Where there is a possibility that a terrorist atrocity is being planned, that argument should not be allowed to prevail," it says. | "Where there is a possibility that a terrorist atrocity is being planned, that argument should not be allowed to prevail," it says. |
| Tellingly, a section covering how GCHQ and others are seeking to tackle the issue is blanked out. | Tellingly, a section covering how GCHQ and others are seeking to tackle the issue is blanked out. |
| 'Impossible to predict' | 'Impossible to predict' |
| Prime Minister David Cameron and Labour Party leader Ed Miliband have both called for the tech companies to create a standard method to alert the authorities to cases of suspected extremism, similar to the way they flag child exploitation. | Prime Minister David Cameron and Labour Party leader Ed Miliband have both called for the tech companies to create a standard method to alert the authorities to cases of suspected extremism, similar to the way they flag child exploitation. |
| Mr Cameron also told the House of Commons he regularly raised the issue with President Obama. | |
| But while the named tech companies have yet to release statements in response, one digital rights campaigner has attacked the tone of the ISC's findings. | But while the named tech companies have yet to release statements in response, one digital rights campaigner has attacked the tone of the ISC's findings. |
| "The government should not use the appalling murder of Fusilier Rigby as an excuse to justify the further surveillance and monitoring of the entire UK population," said Jim Killock, executive director of the Open Rights Group. | "The government should not use the appalling murder of Fusilier Rigby as an excuse to justify the further surveillance and monitoring of the entire UK population," said Jim Killock, executive director of the Open Rights Group. |
| "The committee is particularly misleading when it implies that US companies do not co-operate, and it is quite extraordinary to demand that companies proactively monitor email content for suspicious material. Internet companies cannot and must not become an arm of the surveillance state. | "The committee is particularly misleading when it implies that US companies do not co-operate, and it is quite extraordinary to demand that companies proactively monitor email content for suspicious material. Internet companies cannot and must not become an arm of the surveillance state. |
| "As the report admits, 'lone wolf attacks' are almost impossible to predict - and therefore difficult to prevent. | "As the report admits, 'lone wolf attacks' are almost impossible to predict - and therefore difficult to prevent. |
| "The security services should focus their efforts on the targeted surveillance of individuals like Michael Adebolajo rather than continuing to monitor every citizen in the UK." | "The security services should focus their efforts on the targeted surveillance of individuals like Michael Adebolajo rather than continuing to monitor every citizen in the UK." |
| TechUK, an industry lobby body, added that tech firms had taken part in counter-terrorism talks since the ISC's report was written. | |
| "Positive steps have already been taken since the summer to examine these very complex issues," said Antony Walker, deputy chief executive of the organisation. | |
| "However, if the government believes that it needs additional powers to be able to access communication data it must be clear about exactly what those powers are and consult widely on them before putting proposals before Parliament." |