Encryption Under Fire In Wake Of Paris Attacks

“I think this is going to open an entire new debate about security versus privacy,” said Michael Morell, a former deputy director of the CIA. This assessment encapsulates, in a nutshell, the narrative that is developing in the aftermath of the horrific terrorist attack in Paris.

Despite the lack of solid evidence that encryption, too difficult for law enforcement to crack, was at the heart of the most recent Paris attacks, some still choose to capitalize on the issue. In a companion piece, the probable effect it will have on the 2016 US Presidential campaign will be explored. But for now, suffice so say that all pundits are weighing in on the topic – from Presidents to police – and seeking to slant the narrative to their liking. To use the excuse that too-tough-to-crack encryption was used by the terrorists, and that it formed the basis for the attack, is a stretch of the imagination, and contradicts the facts.

The much maligned and much feared end-to-end encryption can indeed be problematic for law enforcement, but is not an impossible obstacle. Calls to ban it or provide “backdoor” saccess to law enforcemen,t is a conundrum without a simple solution, and will invariably revive the long- running debate as to when security should prevail over privacy. The matter is further complicated by the fact that it is not necessarily especially difficult, secret, or exclusive encryption used by terrorists claimed to be at the core of the horrific assault.

Some of the most powerful technologies are free, easily available encryption apps, with names like Signal, Wicker and Telegram, which encode mobile messages from cellphones. ISIS militants used one such app, Telegram, two weeks ago, in claiming responsibility for the downing of the Russian jet in Egypt that killed 224 people. They used it again last week, in Arabic, English and French, to broadcast responsibility for the Paris massacre.

But much information is still easily and readily available and useable by police. For example, it has just been learned that the ringleader of the attack, Abdelhamid Abaaoud, was tracked to, and  reportedly ultimately killed using information gleaned from a cellphone found in a trash bin near one of the attack sites.

In the US, national security officials are playing coy about their abilities to break ISIS encryption, while acknowledging that they’ve used a range of encryption-breaking technologies over the past two years. But the fact that the Obama administration had given up on legislation compelling the tech companies to provide encryption keys to law enforcement may be telling. It has led many experts to believe that the NSA may be able to pierce some of the terrorist’s encryptio,n but are naturally reluctant to disclose specifics lest their advantage evaporates. Paris may change the dynamic, however.

But before one makes the knee-jerk assumption that it was impenetrable encryption that allowed the planning to fester, and ultimately resulted in the carnage, one must sift carefully through the per-attack evidence. Obama, in abandoning the fight for backdoors, rejected the argument of FBI director, James Comey, that the United States should require any company that provides encrypted software and hardware to engineer a way for the government, armed with a court order, to get access.

For the tech companies, this is a thorny issue that is fraught with peril for thier businesses. The natural, patriotic, inclination is to help out law enforcement where possible. However, to this they risk undercutting, as Apple’s Tim Cook opined, customers’ confidence that the most precious data they keep in their phones is safe from everyday cyber criminals, as well as sophisticated nation states that could gain access to keys via hacking, or lawfully through court order. Mr. Cook asserts that investigators have ways to obtain crucial clues from the available metadata about who is talking to whom by phone, from information in the Internet, cloud or, security experts have said, by hacking a target’s device.

The tech companies’ position seems to be supported by a study the White House sanctioned before shrinking from the encryption debate. The Obama administration reluctantly adopted a view put forth by 14 of the world’s top cryptographers and computer security experts. They wrote, in a white paper, that weakening the encryption of American technology sold by companies like Apple, Google and Facebook would only render confidential data and critical infrastructure more vulnerable to criminals and national adversaries, and push terrorists to adopt encrypted services sold overseas.

Also, security experts assert that even when strongt encryption ius used a trail of metadata is left behind, which can yield valuable, actionable information about who is talking to whom and the when and the where of the communication. As Matt Blaze, a computer security expert at the University of Pennsylvania, notes,

Encryption is really good at making it difficult to hide the content of communications, but not good at hiding the presence of communications. All the encryption in the world doesn’t help if the end point that holds the keys are compromised. So this idea that encryption make terrorists’ communications go completely dark has a pretty big asterisk next to it.

Of course, proponents of tech companies caving in on the encryption issue will not be dissuaded by such arguments. So the defenders of privacy must be equally resolute regarding their position. This, after all, is how true democracy operates  thrives, and will endure, even under the strain of aberrant attacks.

Stan Ward has enjoyed writing for 50 years. Writing has been a comfortable companion to a successful business and teaching career for him. Find him on Google+.

Related Coverage


2 responses to “Encryption Under Fire In Wake Of Paris Attacks

  1. The world’s governments and law abiding population must stand up to terrorism and not be persuaded to give up on its way of life.
    Giving up on privacy by allowing “back doors” to encryption would do huge harm to both technological progress and economic growth, because there would be no certainty that financial transactions would remain secure. There can be certainty however that “back doors” would NOT remain within the purview of the authorities, and subversives would soon wreak havoc.
    We would be back to using cash & writing cheques.

    Also using steganography (along with encryption) is a way of hiding the fact that a secret message exists in a communication; though admittedly the longer the message the more obvious is its existence. Some steganographic systems designed to protect image copyright might be more difficult to crack.

    Nothing can be better than good quality policing and anti-terrorist activities (and the use of metadata) to undermine the subversives; and these activities occur at the points of access to the subversives’ communications, not within them.

Leave a Reply

Your email address will not be published. Required fields are marked *