Debate Over Encryption Rages On as More Terror Attacks Feared
More than a week after the coordinated terrorist attacks that killed 130 in Paris, a debate is still raging over the pros and cons of encrypted communications. While some law enforcement officials point to the attacks as evidence that they need "backdoor" access to bypass encryption, privacy and civil rights advocates say such measures would weaken, rather than strengthen, security.
Despite early reports suggesting that some of the Paris attackers used encryption to hide their plans for the assaults, evidence has since emerged indicating that members of the ISIS/ISIL/Daesh terror network discussed their plans using unencrypted lines of communication.
In response to the comments of some officials after the Paris attacks, the Information Technology Industry Council (ITI) last week issued a statement in support of strong encryption. Member companies of the ITI include Apple, Facebook, Google, HP, IBM, Intel and Microsoft.
Attackers Communicated Openly
Concerns about the risk of additional attacks in Belgium have led to a third day of security lockdown across Brussels today. Law enforcement officials in Europe have also conducted a number of raids and made at least 21 arrests so far in connection with terror threats.
Writing in The Intercept on Wednesday, Dan Froomkin compiled various news reports following the Paris attacks that indicated the attackers used unencrypted, rather than encrypted, communications in the lead up to the attacks.
"European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre," Froomkin wrote. "Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying 'we're off; we're starting.' Police were also able to trace the phone's movements."
Cybersecurity expert Bruce Schneier opened his blog post -- titled "Paris Terrorists Used Double ROT-13 Encryption" -- about The Intercept's report with the comment, "That is, no encryption at all."
Weakening Encryption 'Does Not Make Sense'
In a press briefing in Washington, D.C., on Thursday, FBI Director James Comey, who has repeatedly advocated for encryption back doors, noted that the agency was working with partner organizations and "watching people of concern, using all of our lawful tools. We will keep watching them, and if we see something, we will work to disrupt it."
The ITI's statement last week said, "We deeply appreciate law enforcement's and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense."
The New York Times last week also published a strongly worded editorial titled, "Mass Surveillance Isn't the Answer to Fighting Terrorism," in which it noted that "requiring that companies build such backdoors into their devices and software could make those systems much more vulnerable to hacking by criminals and spies. Technology experts say that government could just as easily establish links between suspects, without the use of backdoors, by examining who they call or message, how often and for how long."
In July, the ITI also co-signed a letter with the Software & Information Industry Association urging President Barack Obama to avoid actions that would undermine encryption technology.
The debate about security and privacy is also heated in the U.K., where Secretary of State for the Home Department Theresa May earlier this month proposed a draft bill that would expand the government's surveillance abilities and could threaten encryption technologies. Opponents of the proposal -- called the Draft Investigatory Powers Bill -- have dubbed it the "Snooper's Charter."
Image credit: iStock/Artist's concept.
Posted: 2015-11-23 @ 1:08pm PT
The encryption horse has already left the proverbial barn. There are already so many encryption libraries available that any two-bit programmer could make a secure communication system if they wanted.