Modern field guide to security and privacy

With or without evidence, terrorism fuels combustible encryption debate

The encryption issue has become indelibly linked to the broader debate in Europe, the US, and South America over how to balance individual liberties with matters of national security and law enforcement.

|
Vincent Kessler/Reuters
A masked Belgian police officer took part operations after last week's bomb attacks in Brussels, Belgium, March 25, 2016. REUTERS/Vincent Kessler

In another front in the debate between technologists and law enforcement over the spread of encryption, French lawmakers this week will consider a law to force companies to decrypt customers' communications if presented with a warrant.

It’s just one of several measures introduced to the French legislature in the response to the brutal Islamic State terrorist attack on Paris last November that left 130 people dead and dozens more wounded. And now, the deadly Brussels airport bombings last week are adding new fuel to the political firestorm over encryption.

"Those who strike us use the Dark Net and exchange encrypted messages to access weapons they acquire to hit us,” French Interior Minister Bernard Cazeneuve said at a press conference last week. 

While there's no evidence that the Brussels bombers plotted the recent attacks using private chat apps or other secure communication tools, the encryption issue has become indelibly linked to the broader debate in Europe, the US, and South America over how to balance individual liberties with matters of national security and law enforcement.

In the Apple v. FBI case over the San Bernardino, Calif., shooter's iPhone, for instance, US officials claimed it needed Apple's help unlocking the phone to determine if it contained additional evidence or ties to coconspirators. In Brazil earlier this month, a judge jailed a Facebook executive because the company didn't hand over WhatsApp data on suspects in a drug case. And in Britain, lawmakers are considering a bill that would force companies to create special access to data for law enforcement agencies. 

But while many national security hawks want technologists to poke holes in encryption systems to enable greater government surveillance, the tech community, civil liberties advocates, and many rights groups are pushing back hard. They say that any efforts to create a workarounds for encryption – or so called backdoors – would only harm digital security for all consumers, putting them at greater risk from malicious hackers and hostile governments. 

"If this position that the FBI is holding prevails, if you can force companies to decrypt communications, it's going to have global implications," said Javier Pallero, a Latin American policy analyst at the advocacy group Access Now. "It's going to break the Internet."

That argument, however, has not stopped governments in Europe nor the White House from advocating for the development of some mechanism that could give law enforcement access to encrypted data if officials obtain a warrant.

In France, the amendment that lawmakers will debate is part of the omnibus Digital Republic bill that passed the lower house of France’s parliament earlier this year.

"Manufacturers of IT equipment — phones, tablets, computers — are gradually moving toward individual encryption of devices out of a desire to protect their users' personal data," the amendment reads. "This move is virtuous for protecting personal data. However, it has a downside when faced with the need for the protection and security of the state."

As it’s currently written, the amendment doesn’t contain any provisions for cases where it’s technically impossible to decrypt data — as is the case with many encrypted messaging services such as WhatsApp. Companies that fail to comply could face up to five years in prison and a roughly $400,000 fine, according to Estelle Masse, a policy analyst at Access Now.

"There is a general lack of understanding from French parliamentarians regarding the functioning of encryption," said Ms. Masse. "Many make the wrongful assumption that every company has some sort of 'magic key' or 'magic software' to bypass encryption without undermining it."

If passed, it's unclear how French courts will interpret the amendment, according to Philippe Aigrain, a French security expert and cofounder of the advocacy group La Quadrature du Net. He worries it will scare companies operating in France off of providing strong encryption altogether.

"One can imagine that the fear of possible incriminations would be a powerful factor for some players at least to include backdoors or provide themselves weak security services of which they possess (and would reveal) master keys," Mr. Aigrain said.

In December, French authorities told the Washington Post that the terrorists behind the Paris attack used WhatsApp to plan their assault. But investigators have been unable to find any of the attackers' electronic communications, leading them to believe the attackers used encryption, according to a recent report in the New York Times.

Still, critics say that absence of evidence is not necessarily evidence of encryption. Authorities know the Paris attackers used unencrypted burner phones and borrowed phones from their hostages, the Times reported.

“It is remarkable that at every new bombing or attack, there are claims that the authors used encryption even when all evidence is contrary, such as was the case in the Nov. 13 attacks in Paris, where the terrorists exchanged unencrypted [texts],” said Philippe Aigrain, a French security expert and cofounder of the advocacy group La Quadrature du Net.

For example, at a campaign event at Stanford University last Wednesday, one day after the attacks in Brussels, Democratic presidential candidate Hillary Clinton repeated her call for greater cooperation from Silicon Valley and proposed a national commission on encryption, according to the LA Times.

"Impenetrable encryption provides significant cybersecurity advantages, but it may also make it harder for law enforcement," Ms. Clinton said. "ISIS knows this."

The French Senate’s scheduled to vote on the new encryption regulations on April 5 – the same day government lawyers will file a status report in the FBI’s case against Apple. No matter how these skirmishes end, one thing’s certain: The crypto war is far from over. That has Pallero of Access Now worried.

"We in Latin America have a saying: You can't have bread and cake at the same time," he said. "It's security everywhere or security nowhere. There's no middle ground."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to With or without evidence, terrorism fuels combustible encryption debate
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0328/With-or-without-evidence-terrorism-fuels-combustible-encryption-debate
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe