The debate around law enforcement being able to access encrypted communications currently seems to be a hot topic in Australia where the Australian Criminal Intelligence Commission (ACIC) has said it believes there is no legitimate reason for a law-abiding member of the community to own or use an encrypted communication platform. I do not accept that position and firmly believe law abiding citizens have the fundamental human right to privacy.
In comments made in a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) as part of its inquiry into the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, the ACIC declared:
“These platforms are used almost exclusively by SOC [serious and organised crime] groups and are developed specifically to obscure the identities of the involved criminal entities and enable avoidance of detection by law enforcement,” the ACIC declared. “They enable the user to communicate within closed networks to facilitate highly sophisticated criminal activity”.
I do not agree that secure “platforms are almost exclusively used for serious and organised crime” purposes, although there is no doubt that criminals across the world are using online communications for their nefarious activities. Indeed, in many respects the fight against crime has moved from the streets to cyber space and law enforcement agencies need all the tools at their disposal to protect citizens from those with criminal intent.
The answer is not to simply allow law enforcement agencies to be able to access everybody’s encrypted communications. Surely the solution is to make secure online communications inaccessible to criminals so they can’t use them in the first place. Legitimate users need to have confidence that their online business activities, will always remain private and confidential.
Mercury, our secure communications platform, was designed after taking advice from former senior FBI agents and law enforcement chiefs from the US and the UK. Our first and foremost rule – is that we do not allow Mercury to be used by those with criminal or terrorist intent. We do this by not allowing them access to it in the first place.
Unlike some other popular tech platforms, we only allow trusted professionals and companies to use our platform and they must first go through a strict vetting process. It is not available for the general public to download.
If technology companies were required to leave a backdoor open for law enforcement, then it could also be vulnerable to access by criminals, thus undermining the point of true E2EE. The best way to balance providing E2EE with effective law enforcement is to ensure tech providers have security at the heart of their operations and do everything within their power to prevent their platforms from being used by criminals.
Many platforms do hold substantial amounts of data which can include information like where calls/messages were made; who the sender and recipient was; how long the call lasted for; and which device(s) were used to make the call. This customer information is often used internally for marketing, research and development purposes but can be useful to law enforcement, even if the actual content is not available. To access content of communications would require tech companies to hold encryption keys and store the transmission data.
At Secured Communications we do not harvest any data about communications. We do not hold encryption keys. This is because our users’ privacy is paramount to us. Our customers are business leaders and professional people who need to use our system in confidence, with confidence that their company information will be secure and private when they, or their employees, are discussing work matters online.
They need to be sure that no-one can listen in on their conversations or see their data. Because that kind of legitimate information can be very useful to competitors, criminals or some other nefarious entity, and potentially be very commercially damaging. Their privacy must be protected.
Next let’s take into account matters of personal privacy. How much of your day do you spend online, communicating with family and friends? How much of your life do you trust to share online?
This trust is betrayed on a daily basis by some companies in the tech space. On the one hand are the adverts that appear on your devices for products you were looking at or spoke about only an hour or so previously. Some companies know about your browsing history because they track and send screenshots of your interactions to third parties, including what you type and later delete. On the other hand is the disregard for protecting personal data, as exemplified by the Facebook/Cambridge Analytica scandal, which saw Facebook stand by while a third party app harvested the personal data of 87 million users without consent.
Online privacy is not about hiding nefarious information but about protecting sensitive information from nefarious actors. The vast majority of people do not use platforms for illicit purposes, but that doesn’t mean they should be an entirely open and transparent ecosystem. If someone were to piece together enough seemingly inconsequential pieces of your personal data then they would have a good idea of how you live your life (where you work, where you shop, who you interact with) and therefore how to disrupt it.
Taking data privacy seriously is not optional. Secured Communications hears this louder than most. Mercury, our corporate communications suite, starts with security. We use industry-leading encryption to protect your information and we never harvest data. We hand total control of the product to users, putting you firmly in charge of a private ecosystem. Above all, privacy is our default, because any other starting point is unsatisfactory.
With all of this in mind, we are proud to be able to say that we are a global tech company that gives TRUE end-2-end encryption and still protects against any criminal use even though we don’t hold any encryption keys and we never harvest any data.
We can do this, because we’ve done our due diligence on our users in the first place!
John Parkinson OBE is President of US tech company, Secured Communications LLC, which recently launched its Mercury ultra-secure video conferencing, audio calling, messaging and file transfer platform in the UK. He is a former UK Chief Police Officer and Senior National Counter Terrorism Coordinator with over 40 year’s experience in the security field.
E2EE – End to end encryption (a random string of bits which are created for scrambling and unscrambling data)
Transmission Data – the transfer of digital or analogue data over a communication to one or more devices