British Prime Minister Theresa May has focused on vastly improved regulation of the internet since the U.K. suffered its third terrorist attack in the space of three months on Saturday.
ISIS has claimed responsibility for the latest atrocity, which saw three terrorists with knives set upon the restaurants and bars of Borough Market. At least seven people have been killed, with another 21 still fighting for their lives. It follows fatal attacks in Westminster in March, and Manchester in May.
With only three days to go until the U.K. goes to the polls, national security now dominates the General Election campaign. May believes her principal opponent, veteran leftwinger Jeremy Corbyn, is weak on this issue, though she has been heavily criticized since the attack for cutting the number of police officers during her six-year tenure overseeing the U.K.’s equivalent of the Department of the Interior.
In particular May has focused on the role of the Internet in these kinds of attacks. Cyberspace provides ideological extremism with “the safe space it needs to breed,” she said on Sunday — and by extension, the large companies that provide services on the web. Extremists in the U.K. and elsewhere are often radicalized by militants thousands of miles away through digital communication.
In response, May wants “allied, democratic governments to reach international agreements to regulate cyberspace in an effort to prevent the spread of extremism and terrorist planning”. This comes on top of an election manifesto promise to make the U.K. a “global leader” in regulating the web.
May already introduced one of the toughest regulatory regimes in the world in 2016 through the Investigatory Powers Act. Dubbed the “Snooper’s Charter” by opponents, civil libertarians have blasted the act as totalitarian because it gives authorities the right to intercept, record and monitor Internet use. Now, she suggests, she wants to go further with a global treaty of sorts.
Figures in May’s own party think this is a sensible approach. Bob Neill, a Conservative Party lawmaker who sat on the Joint Committee National Security Strategy during the last Parliament, says this is a “perfectly reasonable” response. He points out it will be particularly important to organise agreements with European agencies when the U.K. leaves the E.U. in 2019.
But the U.S. will need to be involved too, of course. May had hoped a treaty to get U.S.-based Internet service providers (ISPs) like AT&T, Comcast, and Time Warner to share information on possible extremist activity with British authorities would be passed before the presidential election last year, but is still waiting.
A source on the powerful Intelligence and Security Committee of Parliament tells TIME this is necessary for the U.K.’s security — but warns that international treaties won’t necessarily mean better access to servers. “Even if every Western country in the world ganged up together there is still the risk the ISP could move servers to somewhere not covered under that agreement, like China.”
ISPs have been accused of not doing enough to monitor and share information from their sites. Alan West, a former Labour Party counter-terrorism minister and ex-head of the U.K. Navy, says: “More can be done and more should be done. Big ISPs have been economical in the actuality of what they can do.”
West notes that the U.K. piled pressure on ISPs over monitoring for child pornography, and their response was “amazing.” He suggests treating ISPs like print publishers, meaning they could be liable for what appears on their sites and therefore face multi-million dollar lawsuits. “Goodness knows they’d change their behavior then,” he adds.
Social media companies are a different matter. May’s government has been pushing for “backdoors” on end-to-end encryption services, such as WhatsApp, so that authorities can infiltrate secret conversations. Apple chief executive Tim Cook said introducing such a legal obligation would have “very dire consequences”, because these backdoors would also be available to terrorists, who could then hack encrypted intelligence conversations.
However, cyber security expert Andrew Henderson of Wychwood Consulting says there are already methods of cracking encrypted messages. “If you encrypt something there’s always a key,” he says. “If you can get hold of the key and the encrypted message then you don’t need a backdoor, you can go through the front door.”
Even if a variant of this policy is possible — and U.S. social media firms are broadly opposed to it — the Intelligence and the Security Committee source warns that regularly opening encrypted messages will again encourage ISPs to move servers to one of the world’s ungoverned spaces.
More broadly, some say there is a limit to what greater regulation can do. To block extremist activity completely, says Peter Sommer, a University of Birmingham digital technology professor who has been an expert legal witness on cyberterrorism, “you’re going to have to get the rest of the world to shut down large parts of the Internet, and that’s pretty unrealistic.”
Sommer believes Internet service providers across the world could be able to get tougher “at the margins”, by filtering pictures and documents identified by computers as extremist. But combing through more data requires a commensurate investment in personnel who would understand the nuances of human communication.
“If you send a text message saying ‘I could murder an Indian’ it could just mean someone wants a chicken tikka marsala for dinner,” he says. “You would still require a large number of human beings [to filter these documents].”