The sophisticated encryption software that now comes as standard with many electronic gadgets is, in many ways, just another instrument of modern life. Like air travel, international banking and mobile telephones, it contributes to all kinds of productive human endeavour — and also presents new security risks. But there is a difference. Its rapid and organic growth left little scope for regulatory control and balance.
The police are sometimes characterised as despotic agents of digital repression. That is wrong. I have never believed that encryption should be banned; it is a fundamental part of how the internet works. But its utility and effectiveness, like that of the internet as a whole, also creates significant criminal opportunity by masking identity and hiding communication.
Other innovations that have multiplied the freedoms of modern life were the product of democratic deliberation, and incorporated security by design. When telephones were introduced, a set of balanced legal instruments gave police the power to intercept them. Financial institutions have become more complex, but they are compelled to operate strong anti-money laundering controls.
When Europe’s Schengen agreement abolished internal border controls in the 1990s, measures designed to increase cross-border police co-operation were adopted at the same time, so the system would not be undermined by enterprising drug traffickers and terrorists. The development of the internet has been different.
This is not really about privacy. People accept the imposition of reasonable controls on the way they drive, take flights, and conduct banking transactions.
Why should the internet, alone in the territories in which we live our lives, be one in which rules do not apply. It should not, of course. We have to craft rules that will operate in a balanced way.
That has proved to be a challenge. The European Court of Justice last year struck down a law that would have required telecommunications companies to store data on the use of their networks. Yet it accepted that police should have access to communications data. It decided that the safeguards, as drafted, were not enough to ensure police did not overstep the mark. This is just a matter of technical design. It will be fixed.
事实已经证明，要做到这一点是一大挑战。去年，欧洲法院(European Court of Justice)驳回了一条法规，该法规要求电信公司将自己网络使用情况的数据存储起来。不过，该法院承认警方应有权访问通信数据。该法院裁定，这个法规草案中的保护性条款不足以确保警方不过线。这个问题其实只是个技术层面的问题，它应该会得到解决。
There are promising signs that technology companies are willing to work in partnership with the police. Some leading companies are helping us to set up a system for removing terrorist content online. But at the same time, the industry’s most recent innovations on encryption have made the task of the security services harder. They may not be deliberately making police work more difficult, but they are not showing much appetite for accommodation either.
Some argue that technology companies should be required to give the authorities a backdoor key, to allow encryption to be broken. Clearly, engineering deliberate security vulnerabilities in our digital systems has some serious downsides.
And it is a principle implacably opposed by most in the tech sector. The divide on the issue is symptomatic of a serious decline in the level of trust between government and industry partners, fuelled in particular by the revelations of Edward Snowden about National Security Agency surveillance. This does not serve public interest well.
The digital age has changed our way of life but police teams are still in the same business of preventing crime, tracking offenders and securing evidence with which to convict them. It is just that, these days, much of the information needed to do that is in the hands of the private companies that run online services. To do our job, we need to earn their trust. Together, we can keep the internet both a free and safe part of our lives.