Former MI6 head tells European Legal Security Forum: I’m in favour of “strong encryption” – albeit with legal safeguards
The former head of MI6 has backed the use of “strong encryption” as a tool for protecting information security, claiming he is “100 per cent in favour of it”. Speaking at the recent European Legal Security Forum (ELSF) in London, Sir John Sawers said that encryption was an “important part of cyber security and confidentiality generally.”
However, Sir John also said that it was important that the security and technology community found a way to ensure that the widespread adoption of encryption did not result in “no go areas” on the internet, beyond the reach of law enforcement agencies. In a lively panel session which followed his keynote address, Sir John said he wanted to see a form of “front door access in the virtual world that you have in the physical world”. Technology providers should behave less like safe manufacturers, who pride themselves in their inability to unlock their own products, he said, and more like old-style telecoms companies. Telecom companies, he added, traditionally allowed the security services to eavesdrop on conversations facilitated by their technology – albeit with the “right legal framework” and the “right authorities in place”.
Continuing this debate, ethical hacker Freaky Clown told the ELSF audience that the widespread adoption of encryption may result in a situation where “everyone gets complacent”, leaving themselves open to a “back door” hack. This outcome was akin to someone locking their door and convincing themselves that no-one could break in. “It gives you a false sense of security,” he warned.
Earlier in the day, Freaky Clown had conducted a “live hack” for ELSF delegates. Here, he showed how human weakness – in this case, a desire to look at cat pictures on the internet – could often be exploited by hackers to circumvent even well-built and well-maintained IT security systems.
Elsewhere on the conference floor, representatives from the UK government’s National Cyber Security Centre (NCSC) offered an overview of the security threats currently facing UK law firms. The NCSC speakers also encouraged those attending the ELSF to consider joining CiSP, the NCSCs’ Cyber Security Information Sharing Partnership, and its Cyber Network Reporting (CNR) network. The former scheme offers an early warning service of cyber threats, while the latter offers a free tool for detecting malicious network activity. “We are also working with the Law Society to set up a private [CiSP] group specifically for law firms,” the NCSC representative told the ELSF audience.
Reflecting on the ELSF’s proceedings, Netlaw Media UK and EMEA Managing Director Frances Armstrong said the event had given all those attending a great deal to think about. “This year’s ELSF offered delegates a one-stop-shop of best practice, advice and real-world security solutions for the legal sector,” she said. “We’ve already received numerous enquiries about next year’s ELSF agenda and speakers, almost 12 months before the Forum is due to take place.”
An overview of the London Law Expo, which includes a summary of many of the event’s presentations and debates, will shortly be available to download from
- An overview of the London Law Expo, which includes a summary of many of the event’s presentations and debates, will shortly be available to download from https://netlawmedia.com/media/podcasts/ and https://netlawmedia.com/conference-reports/
About ‘The London Law Expo 2017’ and ‘The European Legal Security Forum 2017’
The London Law Expo / European Legal Security Forum 2017 is Europe’s largest international law event. New for 2017, it bought together two separately branded law events under one roof, giving delegates unrivalled opportunity to learn how to both enhance and protect their law firms.
The London Law Expo, included talks from sector leaders on how to increase success and profitability, while The European Security Forum focused on the security threats, opportunities and problems associated with cyber security and data protection.
The European Security Forum was held at the Old Billingsgate in London on 10th October, alongside the parallel London Law Expo.