Manchester Attack Raises Questions Over Encryption Policies


The delicate balance between privacy and security is drawing new scrutiny and debate days after the Manchester, England, attack that killed 22 people on Monday.

How much access governments should be allowed to monitor citizens’ internet use drew a range of opinions Thursday at a New America discussion on encryption technology in Europe.

Following the attack, the Sun reported U.K. officials will ask Parliament to approve new “Technical Capability Notices” that would for the first time empower police and the intelligence service MI5 to decrypt suspicious messages sent via social media such as WhatsApp and Facebook Inc.

U.S. authorities have pushed for similar methods after terrorist attacks, particularly the San Bernardino, Calif., shootings in 2015 that left 14 people dead. Apple Inc. and the FBI tussled over access to the iPhone used by a shooter. Authorities eventually gained access to the device through other means.

“The prime minister or the president has to have an answer when something really, really bad happens, people die, and encryption was involved,” said Mike Nelson, who works on global internet policy for web security firm Cloudflare Inc. and teaches cyber policy at Georgetown University.

“This is an intractable problem,” said Nelson, an audience member commenting to the panel.

It’s likely to be an ongoing point of dispute. Some privacy advocates oppose companies being forced to store encryption keys in “escrow” — versus only the user holding the key — so they can share it with law enforcement if asked.

The FBI, under then-Director James Comey, had pushed for this approach, said Kevin Bankston, panelist and director of New America’s Open Technology Institute. Now, with Comey’s exit, “we’re in the midst of an uneasy peace until if and when there’s another security incident,” Bankston said, noting “there’s no such peace in Europe.”

Bankston called for a fund to be established by U.S. companies that would help their counterparts in Europe and around the world push for policies locally to guarantee the right to encryption is not compromised.

Morning Consult