Opinion: Poisoning the Internet won't stop more Paris attacks

While it's more expedient to advocate for backdoors into secure communications and online surveillance to spot terrorists, the real answer may be investing in more old fashioned police work.

Surveillance

The terrorist attacks in Paris will feed the global debate on the appropriate balance between national security and a maintaining a private, free, and open Internet. The Islamic State's brutality in France may tilt the pendulum toward security. Whether tamping down on the Internet will keep anyone safer is unknown, but it will certainly diminish the Web as an engine of global innovation.

US officials will focus on the "going dark" narrative that law enforcement has used to advocate for access to encrypted devices and communications. The US government's position is that it needs so-called "backdoor" access to encryption. Officials argue that the Edward Snowden revelations have caused terrorists to switch to technologies that are more difficult for the National Security Agency and the FBI to monitor.

But if the terrorists are clever enough to avoid NSA-monitored technology, won't they be smart enough to avoid future NSA-backdoored cryptography and devices? They will simply switch to non-US software that has more privacy safeguards or is difficult to monitor. The proliferation of communications tools means they'll never lack for options. From WhatsApp or Telegram to the PlayStation network, easy access to communications tools means terrorists will never lack for options for hiding in the babble of Internet traffic.

Even though backdoors may not advance the fight against terrorism, government access to encrypted communications will come at a great cost.

According to a group of eminent computer security and encryption experts, such a backdoor would significantly weaken Internet security. The easiest way to weaken the security of the wall of a building is to add a door; the same is true with encryption. Criminals or rival nations could discover the door’s vulnerabilities and find their own way through the wall. Even worse, if anyone stole the keys to any backdoor in a digital heist, every conversation encrypted with that system would be open to the attackers. 

To stop future Paris attacks, the law enforcement officials concerned about going dark are looking in the wrong place for solutions.  Having a backdoor into encryption for police or spy agencies generally only matters if investigators have identified their targets but can't read their communications. That wasn't the case prior to the Paris attacks.

The type of mass surveillance practiced by the NSA is better at finding out who the potential bad guys are by analyzing metadata – locations of communications or unique identifiers. Authorities can target these suspects for more attention, including trying to gain access to their encrypted communications. Surveillance can also be helpful to alert investigators of an impending attack if they see any spike in communications on networks agents are monitoring. 

Even in post-Snowden America, there have been few restrictions placed on such mass surveillance. France has even fewer, especially after the Charlie Hebdo attacks; authorities can "spy on the digital and mobile phone communications of anyone linked to a 'terrorist' inquiry without prior authorization from a judge," as in the US. 

But the Internet cannot forever be more and more surveilled and still be the Internet. The system can handle only so much surveillance before digital natives around the world desert it for more trustworthy means to communicate.

So the solution to these tough problems exposed in the Paris attacks – and other recent acts of terrorism – isn't necessarily a technological one.

We need more good on-the-ground police work, not reliance on ever more monitoring. It was well known beforehand that Molenbeek, the Brussels neighborhood that seems to have been the base of several of the Paris attackers, had become a “hotbed” of terrorists. 

To stop more attacks like Paris, governments should improve their policing in places like Molenbeek, and not poison the Internet, our engine of global innovation and culture.

Jason Healey is senior research scholar at Columbia University's School of International and Public Affairs and senior fellow at the Atlantic Council’s Brent Scowcroft Center for International Security. Formerly he has been White House Director of Critical Infrastructure Protection and signals intelligence officer with experience at NSA. Follow him on Twitter @Jason_Healey.