After Paris: The encryption debate

Dec 04, 2015, 3:14 PM EST
Source: Intel Free Press/flickr
Source: Intel Free Press/flickr

Concern over encryption on hardware and software in mobile devices following the Paris attacks of early November have heightened in the U.S. over the past week in the wake of two mass shootings — one in Colorado and one in California.

Globally, governments have noted that technology companies' use of encryption in their products (such as messaging apps like WhatsApp and Apple’s iMessage) have at times made it difficult to monitor terrorist activity; this is not a new issue. Now, however, security authorities in both the U.S. and Europe are claiming that more transparency — namely the easing of certain encryption techniques — will prevent further terrorist activity.

There is much debate over the credibility of these concerns: Is there concrete evidence showing that encryption is the primary factor behind concealed digital communication among terrorists? Speaking to Blouin News, Bruno Scap, President of Galeas Consulting, said that, in order to be sure that encrypted messages conceal criminal activity, encrypted messages would have to be, well, decrypted. While metadata can help authorities determine if people are communicating using encryption, they won’t necessarily understand the content of the exchange – at least not without decrypting actual messages.

Some supporters of existing encryption use argue that governments looking to require technology companies to open their “back doors” are simply using the encryption debate to obtain greater access to user data. Privacy advocates are up in arms in particular, especially following this week’s reveal that the Federal Bureau of Investigation uses gag orders against companies from which it subpoenas broad amounts of detailed user data.

But experts in the security world emphasize that collaboration between the private and public sectors is necessary in order to improve security overall. The traditional butting of heads between government and tech companies isn’t working. Scap said, “Generally, technology companies decry government’s attempts to procure access to all data. Contrarily, government has denounced technology companies’ unwillingness to provide such access. But there exists room for compromise here. This requires establishing trust, and perhaps that is a good starting point.”

Another criticism of the push to have technology companies lift or alter encryption techniques is that governments regard encryption (or rather, its absence) as a catch-all solution to a problem they themselves have failed to address. Particularly in terms of intercepting terrorist communication. Pakistan has gone so far as to end BlackBerry Enterprise Services in its markets because BlackBerry’s mobile technology is famously encrypted. Pakistan, which is struggling to contain the heavy presence of the Taliban and other terrorist groups within its borders, clearly believes that encrypted hardware and software play a role in the those groups’ success.

Scap echoes that point, noting that “Blaming Silicon Valley for counterterrorism efforts failing shows a lack of government leadership. When something bad happens and your immediate response is to point the finger at something else, it tends to highlight your own mistakes and attempt to cover them. There are many ways to communicate, including analog methods which people have relied on for thousands of years.”

According to Scap, when one considers all the ways in which encryption can be detrimental to counterterrorism efforts, there are actually more positives in using encryption than negatives — something tech companies try to emphasize whenever this debate re-emerges. Scap pointed out that journalists in dangerous areas use encryption when publishing articles for their own safety, companies communicate via encryption in order to protect intellectual property and trade secrets, and people use encryption to prevent identity thieves from stealing their personal information. Until there is coherent, well-directed collaboration between the public and private sectors, counterterrorism efforts in the cyber world will be lacking.