The U.K. has faulted an unnamed tech company for failing to flag a conversation that played a crucial role in planning the murder of a British soldier.
If the company would have monitored its networks to find conversations linked to terrorism, the murder might have been prevented, a Parliament committee found in a 191-page report reviewing the circumstances that led to the soldier's death and published Tuesday.
Fusilier Lee Rigby was murdered in London in May 2013 when two men hit him with a car from behind and attacked him with knives. The murder could not have been prevented, despite that his murderers appeared in seven different intelligence and security agency investigations, the committee found. However, had the agencies had access to information that only came to light after the attack, things might have been different.
"The party which could have made a difference was the company on whose platform the exchange took place. However, this company does not appear to regard itself as under any obligation to ensure that its systems identify such exchanges, or to take action or notify the authorities when its communications services appear to be used by terrorists. There is therefore a risk that, however unintentionally, it provides a safe haven for terrorists to communicate within," the report said.
One of the murderers, Michael Adebowale, expressed his intent to murder a soldier "in the most graphic and emotive manner" in an online exchange in December 2012.
"Had MI5 had access to this exchange, their investigation into Adebowale would have become a top priority. It is difficult to speculate on the outcome but there is a significant possibility that MI5 would then have been able to prevent the attack," the committee found.
The committee is "extremely concerned" by the difficulties U.K. agencies face when trying to obtain evidence from North American tech companies including Facebook, Google, BlackBerry, Microsoft, Yahoo, Apple and Twitter, which were all asked to clarify their policies for providing information to the U.K. authorities.
"None of the major U.S. companies we approached proactively monitor and review suspicious content on their systems, largely relying on users to notify them of offensive or suspicious content," the report found. Moreover, none of them regard themselves as compelled to comply with U.K. warrants.
The company on whose systems the conversation took place had not been aware of it before the attack, but had previously closed some of Adebowale's accounts because their automated system deemed them to be associated with terrorism. However, they neither reviewed those accounts nor passed any information to the authorities.
Tech companies should "accept their responsibility," the committee said. When possible links to terrorism trigger accounts to be closed, the company concerned should review these accounts immediately and, if such reviews provide evidence of specific intention to commit a terrorist act, they should pass this information to the appropriate authority.
Online extremism has been a point of worry in Europe, where Google, Twitter, Facebook and Microsoft have been discussing the issue with EU officials who are trying to persuade the companies to do more in the fight against terrorism.
Jim Killock, executive director of the U.K.'s Open Rights Group called the report on the murder "misleading," saying that this should not be an excuse for intelligence agencies to gather even more data on individuals. They need to get back to basics and look at the way they conduct targeted investigations, he said.
"The committee is particularly misleading when it implies that US companies do not cooperate," he said, adding that it is extraordinary to demand that companies proactively monitor private messages on their networks for suspicious material. "Internet companies cannot and must not become an arm of the surveillance state," he said.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.