Amber Rudd MP

Comments on encryption and cyber security

Amber Rudd made a series of statements as Home Secretary regarding the Government’s position on the use of encryption by social media and Internet companies following terrorist attacks in March, May and June 2017.

Comments on encryption made in March 2017 following the Westminster attack

On the Andrew Marr show[1]:

"There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorist to communicate with each other.

It used to be that people would just steam-open envelopes or just listen-in on phones if they wanted to find out what people were doing, legally, through warrantry, but in this situation, we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp.

We’re not saying “open up”, we don’t want to go into the cloud but we do want them [tech firms] to recognise that they have a responsibility to engage with government, to engage with law enforcement agencies when there is a terrorist situation. We would do it all through the carefully thought through legally covered arrangements, but they cannot get away with saying we are a different situation. They are not.

I would invite Tim Cook [CEO of Apple] to work with us to think of other ways to finding out how we can get into the situations like WhatsApp on the Apple phone. It’s not necessarily Apple itself, sometimes it’s WhatsApp or the other situations on it.

I would much rather have a situation where we get all these companies around the table agreeing to do it. Now I know it sounds a bit like we are stepping away from legislation but we are not. What I am saying is the best people who understand the tech who understand the necessary hashtags to stop this stuff being put up – not just taking it down – but stopping it being put up in the first place, is them.”

Comments made in May 2017 following the Manchester attack

On the Andrew Marr show[2]:

"We are making good progress with the firms that have put in place end-to-end encryption. Some of them are being more constructive than others, but we will continue to build on that," Rudd said.

"The area that I am most concerned about is the internet companies who are continuing to publish the hate publications, the hate material that is contributing to radicalising people in this country." What we are doing is challenging the people who are developing and delivering end-to-end encryption to work with us so we have a way to keep people safe. Nobody wants a terrorist to have a safe place to exchange information and to be able to plot their terrible atrocities. I believe we can get them to be more successful in working with us to get some of that information. "I never did suggest it." (when asked about banning end-to-end encryption)

"What I have always said is the internet provides an incredibly important place for people to do business, encryption is important for banking, for everything else as you say," she said. "But we need to do better to stop terrorists being able to use it."

Comments on cyber security after the NHS hack in May 2017[3]

"Cyber-security is a huge industry and we can all do better to protect our businesses and our personal information.

"I would expect NHS trusts to learn from this and to make sure that they do upgrade."

“I do agree that we have to have a situation where we can have our security services get into the terrorist communications. That’s absolutely the case.

“Of course I will have those conversations and we will see where they go.”

Comments on encryption made in June 2017 following the London Bridge attack

On Peston on Sunday on 4 June:

“We can do so much more though. And we can make sure that we get an international agreement, we already set up in the UK an internet forum to get more work done and there has been some progress, but when the Prime Minister came back from the G7, she announced an international forum to do that. And there is an international agreement that we need to get those companies to do more, it’s not good enough to just to say “do no harm”, we have to get them to actively work with us to stop their platforms being used to radicalise people. It’s two points to it. One is to make sure that they do more to take down material that is radicalising people, and secondly, it’s to help work with us to limit the amount of end-to-end encryption that otherwise terrorists could use to plot their devices.”[4]

Communications Data Bill

External links