The recent attacks by the extremist group Islamic State (also known as ISIS) around the world have deepened our sense of vulnerability and increased demands that government protect our security. But the horrific crimes in Paris and elsewhere should not become the excuse to weaken cyber security globally and attack the availability of strong encryption.
It is entirely possible that the attackers might have tried to evade detection by using encryption, though no evidence of this has yet emerged. But most of the rest of us use encryption too in our daily digital lives, even without knowing it.
Terrorists and criminal networks will only rejoice if it becomes easier to hack the digital systems on which modern societies rely. They already know how to evade detection, and will do so whether it’s lawful or not, even if the Apples and Googles of the world are forced by governments to compromise user security.
Edward Snowden’s revelations of mass surveillance, not to mention massive data breaches, increased public concern over the privacy and security of communications. Many companies and technologists have worked to make end-to-end encryption more prevalent in everyday communications and transactions. Encryption ensures that were your messages stolen or swept up into government databases, they would appear as gibberish – unless the snooper could force you to decrypt it or crack the code, a resource-intensive endeavor.
Those opposed to strong encryption in the intelligence and law enforcement communities ominously call this “going dark,” by which they mean an old status quo where neither government, terrorists, nor cyber-criminals can easily and instantly invade every person’s every communication. But that still leaves plenty of other ways to monitor risk and trace criminals. Indeed, it appears there was advance warning of an attack on France, some suspects were well-known militants, and their phones had useful, unencrypted messages.
But security hawks in the United States seized on the Paris attacks to ominously speculate that encryption was somehow to blame, insinuating that in a world without it, more would have been detected and tragedy averted. In the US, legislators wanting to look tough on terror renewed debate on encryption and called for the revival of rejected surveillance laws.
But the basic facts haven’t changed: requiring “backdoors” into encryption will only make global communications more insecure, as they will open access to criminals as well as government. Every new technology can be exploited by criminals, but that isn’t a reason to ban or degrade technologies that have overwhelming public benefit. As others have noted, flush toilets have destroyed a lot of evidence, but that doesn’t mean they aren’t worth that risk.
So when Senator Dianne Feinstein chides Silicon Valley for making products that allow “monsters” to communicate, remember that the rest of us need those products too, from security in banking and medical privacy to protection from harassment, stalking, attack, or persecution. From the Central Intelligence Agency to the New York City police, officials are exploiting this moment to press reversal, but US policy favoring strong encryption is grounded in the solid calculation that it’s too valuable to every other aspect of US security and freedom to sacrifice for the marginal – and as yet unproven – benefit backdoors may give in preventing and detecting terrorist attacks.
We look to our leaders not for fear-mongering but for cool-headed assessments of what measures are necessary and proportionate for protection. In the coming weeks, expect many proposals worldwide to curtail rights and expand surveillance in the name of counterterrorism. A rational assessment has to consider whether our safety is actually served by sacrificing our freedoms. With encryption, the answer is plainly, no.