Encrypted communications services are hampering the ability of law enforcement to monitor and catch criminals, the National Crime Agency (NCA) claims.
The 2018 National Strategic Assessment of Serious and Organised Crime by the National Crime Agency suggests that criminals are increasingly turning to encrypted communications to evade law enforcement and operate covertly. The report also notes the overall impact of technological changes on policing.
With an ever-growing digital society, police services around the world are continually adapting to new threats, however the ability of law enforcement to collect evidence and intelligence is being greatly affected by technological change.
On the other side of the Atlantic, US lawmakers look to protect encrypted messaging services and prevent government from forcing tech companies to undermine the security of their products. Encryption is an issue that has many talking points; while it offers unparalleled security for the individual, it also creates opportunities for society’s criminal elements to operate – often unmolested – in the shadows.
The report acknowledges that since 2010, communication service providers (CSPs) have migrated to encrypted service ‘by default’. The majority of internet traffic is encrypted and highly popular mobile apps – such as Telegram or WhatsApp – offer end-to-end encryption as standard. The report notes that while this means enhanced privacy and security for users of such services, the use of encryption is “impacting on law enforcement’s ability to collect intelligence and evidence.”
It also acknowledged that encryption provides important benefits to the UK economy, saying “it enables digital commerce, ensures security on the web and increases privacy”, however “such technology has become an enabler to criminality, presenting serious challenges for law enforcement.”
End-to-end encryption services are increasingly popular and in light of recent examples of data misuse, mobile users around the world are increasingly flocking to these services; conscious of their data and privacy, people aren’t willing to take the risk of not using encryption. A recent survey by Venafi found that of 512 security professionals attending the 2018 RSA Conference, 64% of respondents say their use of encryption services has increased.
This marks a significant increase from the same survey conducted in 2017, which saw 45% of respondents claiming they used encrypted services. This showcases the positive nature of encryption when considering personal security and online safety. As a service, encryption provides organisations and individuals unparalleled levels of security and peace of mind. Encryption, however, also offers criminal elements in society with a tool to operate covertly and avoid the gaze of law enforcement. The report claims that law enforcement is now observing the use of encryption in criminal communications across a number of threat areas; including terrorism, organised crime, smuggling and people trafficking.
NCA Director General Lynne Owens said: “This year’s assessment shows that organised crime groups (OCGs) are exploiting digital technology, for instance using encryption to communicate, and dark web market places to aid their activities.”
The report also highlights the increasing prioritisation of communications security by criminals, and with such readily available tools, criminals will have “enhanced protection by default rather than design.” The report adds that “the pace of these developments will continue to challenge law enforcement capability and resource, with narrowing options for mitigation.”
In addition to the increasing use of encryption by criminals and criminal organisations, the report highlights the dangers of the Dark Web when anticipating and intercepting criminal threats. Using a combination of encryption and anonymisation poses serious challenges to law enforcement, the report claims.
As criminals adopt anonymisation technology, such as ToR, VPN’s and ‘spoofing’ law enforcement will find it increasingly difficult to track and monitor criminal activity. Criminal services offered on ToR are a particular focus of the NCA. Cyber crime and fraud services, the agency claims, are most prevalent, however there are sites that offer banned commodities such as drugs and firearms.
The dark web is a small section of the Internet that is intentionally hidden and inaccessible through standard web browsers. It is primarily accessed through specialised encryption software, such as The Onion Router (Tor), the Invisible Internet Project (I2P) and Freenet.
The combination of both encryption and anonymisation technology poses a serious threat to the public. With criminals using the dark web to offer services and sell commodities, then communicating securely between each other through encryption services, policing becomes an incredibly difficult task.
In the United States this past week lawmakers introduced a bill that will prevent the government from forcing tech companies to introduce backdoor access to encrypted services. This bill, if passed, will ultimately allow companies to maintain the integrity of their encryption systems – A victory for the privacy loving individual, but perhaps a similar obstruction to law enforcement.
The Secure Data Act prohibits any government agency from demanding that manufacturers, developers or sellers design or alter their security functions to allow the surveillance and monitoring of a user. It also prohibits the physical search of a product by any agency. Products covered by the bill include computer hardware, software or any electronic device made available for public use.
American law enforcement has become increasingly frustrated with the rise of encryption services. In 2015, the FBI encountered great delays when trying to gain access to the iPhone of a mass shooter, Syed Rizwan Farook. Since then, law enforcement officials have become highly vocal about their concerns over the use of encryption, claiming it hampers their ability to conduct investigations in a timely manner and often leaves investigators in the dark.