The ACPO (Association of Chief Police Officers) has called for new powers to allow police to tackle rogue websites, and make withholding encryption keys a criminal offence.
The new proposals are buried inside a long and in places controversial list of powers the influential body would like the government to consider enabling through legislation in the light of the special demands posed by terrorist investigations.
Most of these relate to conventional police powers, but one section of the official release suggests amending part three of the Regulation of Investigatory Powers Act with a specific offence of withholding a software encryption key. This is the first time encryption keys have been singled out by UK police in this way, although the problems associated with their use by criminals to secure documents has long been a subject of debate.
"Recent investigations have been made more complex by difficulties for investigating officers in ascertaining the whereabouts of encryption keys to access computers," the release states.
Once notorious for their lack of user-friendliness, simple-to-use encryption programs are now widely available. Powerful asymmetric algorithms such as 256bit AES and Blowfish, among others, are now powerful enough to delay all but the most specialised super-computers, assuming files have been secured using passphrases that can’t easily be attacked using brute force methods.
More contentiously, ACPO wants powers to "attack" websites considered to be purveying terrorist or paedophiliac content. "This issue goes beyond national borders and requires significant international cooperation. The need for appropriate authority and warranty is implicit," the proposal states. "This power offers significant benefits for counter-terrorism and overlaps with other police priorities, namely domestic extremism, paedophilia and child pornography."
It is not made clear in what ways such attacks would be undertaken – a request for official clarification had not been answered at the time of going to press – but this could include a mixture of electronic methods such as hacking a website directly, launching a denial-of-service attack, or requesting that the relevant ISP removes the material or closes the account.
Whichever method is intended, reaching a consensus on which websites could be construed to be terrorist is likely to prove problematic. It is also not guaranteed that making the act of withholding an encryption key an offence will make much difference in terrorist cases. It will, however, give police a new offence with which to charge those they suspect of being involved in terrorism, but whose involvement can’t be proven.
ACPO represents senior police chiefs from throughout England and Wales, as well as national agencies such as the National Crime Squad and British Transport Police.