The Intelligence and Security Committee (ISC)'s report into the murder of Fusilier Lee Rigby suggests there was a "significant possibility" MI5 could have prevented the attack had its officers been aware of an online exchange in December 2012 between Michael Adebowale and a person codenamed Foxtrot.
"The party which could have made a difference was the company on whose platform the exchange took place," it says.
However, it adds, the company "does not appear to regard itself as under any obligation" to have indentified the conversation or acted to prevent the threat of an attack becoming reality.
"There is therefore a risk that, however unintentionally, it provides a safe haven for terrorists to communicate within."
The version of the report released to the public does not identify the service involved, but goes on to highlight the "considerable difficulty" MI5 has accessing content from six US-headquartered companies:
Apple
Microsoft
Yahoo
This returns to a theme highlighted earlier this month by Robert Hannigan, the new director of GCHQ, who wrote an article for the Financial Times suggesting the tech giants were in denial over the fact their services had become "the command-and-control networks of choice for terrorists".
UK agencies suggest it is difficult to get US tech companies to comply with intercept requests
These companies, in turn, have stressed their need to protect users' privacy. They have promised to co-operate with the authorities if surveillance requests occur under a legal framework and with oversight.
But the ISC highlights the practical problems British authorities experience when they try to hold the companies to this commitment.
Its report states that because the companies are US-based, they refuse to accept the UK has jurisdiction over them when it comes to lawful intercept requests and instead require authorisation from the US courts.
For example, it notes that Twitter's guidelines explicitly stated that requests for tweets, direct messages, photos and other content required a "valid US search warrant".
In fact, the reference to the United States in this passage has since been dropped from Twitter's site, but the San Francisco-based company still states it only guarantees a response to "valid legal process issued in compliance with US law".
The UK, is of course, an ally of the US, and British agencies can request their American partners seek local authorisation on their behalf.
The problem is that in practice, the ISC says, this only happens when there is an imminent threat to life.
The conversation in which Adebowale said he intended to murder a soldier occurred about five months before the attack - the implication is that this might not have qualified.
So why aren't the tech companies flagging up spotted threats themselves?
The committee says it had been told the messaging service used by Adebowale had closed some of his accounts before the murder and that GCHQ believed this was because the company's automated internal checks for terrorism-related content had been triggered.
The ISC's chairman, Malcolm Rifkind, thinks a desire to protect users' privacy should not be allowed to outweigh the opportunity to prevent terrorist atrocities
Yet it notes that no person at the company had ever reviewed the contents of the accounts or passed on the material for the authorities to check.
The ISC contrasts this with the fact such companies are often quick to tip off others when it comes to suspected cases of child abuse.
"On the basis of the evidence we have received, the company does not have procedures to prevent terrorists from planning attacks using its networks," the ISC says.
For the most part, however, the ISC says the companies rely on either other users or the authorities notifying them about offensive content before taking action - an approach it suggests is ill-suited to tackling covert communications between terrorists.
Furthermore, it highlights that the companies' embrace of complex encryption techniques is making it even harder for GCHQ to spot potential threats in the "204 million email messages, 100,000 tweets and a million Facebook posts" sent every minute.
And the report is critical of the suggestion the companies need to prioritise their users' privacy.
"Where there is a possibility that a terrorist atrocity is being planned, that argument should not be allowed to prevail," it says.
Tellingly, a section covering how GCHQ and others are seeking to tackle the issue is blanked out.
By Leo Kelion
No comments:
Post a Comment