UK faults tech firm for not alerting authorities before soldier's murder

Tech companies need to take responsibility and start monitoring networks to spot terrorist activity, the UK said

The U.K. has faulted an unnamed tech company for failing to flag a conversation that played a crucial role in planning the murder of a British soldier.

If the company would have monitored its networks to find conversations linked to terrorism, the murder might have been prevented, a Parliament committee found in a 191-page report reviewing the circumstances that led to the soldier's death and published Tuesday.

Fusilier Lee Rigby was murdered in London in May 2013 when two men hit him with a car from behind and attacked him with knives. The murder could not have been prevented, despite that his murderers appeared in seven different intelligence and security agency investigations, the committee found. However, had the agencies had access to information that only came to light after the attack, things might have been different.

"The party which could have made a difference was the company on whose platform the exchange took place. However, this company does not appear to regard itself as under any obligation to ensure that its systems identify such exchanges, or to take action or notify the authorities when its communications services appear to be used by terrorists. There is therefore a risk that, however unintentionally, it provides a safe haven for terrorists to communicate within," the report said.

One of the murderers, Michael Adebowale, expressed his intent to murder a soldier "in the most graphic and emotive manner" in an online exchange in December 2012.

"Had MI5 had access to this exchange, their investigation into Adebowale would have become a top priority. It is difficult to speculate on the outcome but there is a significant possibility that MI5 would then have been able to prevent the attack," the committee found.

The committee is "extremely concerned" by the difficulties U.K. agencies face when trying to obtain evidence from North American tech companies including Facebook, Google, BlackBerry, Microsoft, Yahoo, Apple and Twitter, which were all asked to clarify their policies for providing information to the U.K. authorities.

"None of the major U.S. companies we approached proactively monitor and review suspicious content on their systems, largely relying on users to notify them of offensive or suspicious content," the report found. Moreover, none of them regard themselves as compelled to comply with U.K. warrants.

The company on whose systems the conversation took place had not been aware of it before the attack, but had previously closed some of Adebowale's accounts because their automated system deemed them to be associated with terrorism. However, they neither reviewed those accounts nor passed any information to the authorities.

Tech companies should "accept their responsibility," the committee said. When possible links to terrorism trigger accounts to be closed, the company concerned should review these accounts immediately and, if such reviews provide evidence of specific intention to commit a terrorist act, they should pass this information to the appropriate authority.

Online extremism has been a point of worry in Europe, where Google, Twitter, Facebook and Microsoft have been discussing the issue with EU officials who are trying to persuade the companies to do more in the fight against terrorism.

Jim Killock, executive director of the U.K.'s Open Rights Group called the report on the murder "misleading," saying that this should not be an excuse for intelligence agencies to gather even more data on individuals. They need to get back to basics and look at the way they conduct targeted investigations, he said.

"The committee is particularly misleading when it implies that US companies do not cooperate," he said, adding that it is extraordinary to demand that companies proactively monitor private messages on their networks for suspicious material. "Internet companies cannot and must not become an arm of the surveillance state," he said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags GoogleMicrosoftsecuritytwittergovernmentdata protectionprivacyFacebook

More about AppleBlackBerryEUFacebookGoogleIDGMicrosoftNewsWoolwichYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts