Paris Terror Attacks Renew Encryption Debate - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
11/19/2015
10:06 AM
Larry Loeb
Larry Loeb
Commentary
50%
50%

Paris Terror Attacks Renew Encryption Debate

The terror attacks in Paris on November 13 have reignited a long-running debate about whether device makers and app developers should be required to give government agencies a backdoor or to hand over encryption keys.

Insider Threats: 10 Ways To Protect Your Data
Insider Threats: 10 Ways To Protect Your Data
(Click image for larger view and slideshow.)

As the investigation continues into the terror attacks that rocked Paris on November 13, the topic of strong encryption on devices and apps is gaining renewed attention.

Some media reports have alleged that the attackers were able to communicate under the radar of international intelligence agencies in part because they may have used readily available apps that offer strong encryption. This has reignited a long-running debate about whether devicemakers and app developers should be required to give government agencies a backdoor or hand over encryption keys that would enable them to access an individual's or group's data.

Government agencies, including the FBI in the US, have long expressed concern about strong encryption on mobile devices and apps. In July, FBI Director James Comey appeared before the Senate Judiciary Committee to argue for legal support to weaken strong encryption, which he claimed obstructs criminal investigations. Still, the Obama Administration decided last month not to seek legislation that would force backdoors into encryption methods.

According to an article in The New York Times, European officials made a direct link between the bombers and the use of encryption. The article states: "The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption."

(Image: Jean Jullien)

(Image: Jean Jullien)

An article in Wired outlines four reasons why encryption backdoors aren't a panacea, particularly when it comes to gathering intelligence about potential acts of terror.

In May, dozens of prominent technologists, civic organizations, and companies signed an open letter to President Obama urging him to preserve strong encryption in order to protect national security and US business interests. "Whether you call them 'front doors' or 'back doors,' introducing intentional vulnerabilities into secure products for the government's use will make those products less secure against other attackers," the letter argued, adding that any such requirement would harm the market for such products abroad.

[When good data intentions go bad. Read 14 Creepy Ways To Use Big Data.]

This summer, a group of cryptography experts published a similar letter warning that demands for exceptional access to encrypted data by law enforcement are fraught with problems. "We find that [granting law enforcement exceptional access] would pose far more grave security risks, imperil innovation, and raise thorny issues for human rights and international relations," the letter said.

It remains to be seen whether the Paris attacks will change the political will in the US and other nations when it comes to encryption backdoors.

The Washington Post obtained an August email from Robert Lott, lawyer to the intelligence community, that said, "The legislative environment is very hostile [toward encryption backdoors] today. It could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement."

Et voilà, Paris.

Is strong encryption and talk of backdoors for law enforcement a red herring? Adversaries can and will find ways to communicate using, for example, common non-encrypted devices, such as a PlayStation 4 videogame console, or rely on trusted human couriers. They will use encryption tools available in places without encryption bans, or develop their own encryption.

Meanwhile, reports are surfacing that French and Belgian intelligence services were aware of the likely suspects in the Paris attacks before the attacks took place.

As we consider the injuries and loss of human life caused by acts of terror in Paris and around the world, we hope that a nuanced debate is possible. Encryption is but one small piece in a very large, and daunting, intelligence puzzle that spans the worlds of technology, telecommunications, and all manner of organizations in the public and private sector.

Share your thoughts in the comments section below. Should governments be allowed backdoors into encryption services? Is strong encryption to blame for helping terrorists evade law enforcement? Have the Paris attacks changed the way you view these issues?

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SunitaT0
50%
50%
SunitaT0,
User Rank: Ninja
11/26/2015 | 3:38:39 PM
Re: Here we go again
That is true. Technology arms us only to disarm us later.
SunitaT0
50%
50%
SunitaT0,
User Rank: Ninja
11/26/2015 | 3:37:51 PM
Re: Here we go again
@larryloeb: exactly. Even if it can be done, the political interference would be sky high. Even if government agencies take to new encryption and and monitoring channels it would get major backlash from the public and this would facilitate opposition parties to dictate the fright of the common man for their own good.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/20/2015 | 7:08:51 PM
Re: They will catch up
Yes, exactly. Intelligence agencies use the metadata of a call to form patterns that direct actions, so they have already developed a workaround on this.
impactnow
50%
50%
impactnow,
User Rank: Author
11/20/2015 | 5:48:08 PM
They will catch up

Even if a back door to encryption is allowed they will find another way to chatter under the radar screen. Unfortunately is not possible to fully monitor all communications and get the information needed to prevent horrible events like 911 and Paris. If a lone wolf is commissioned it will close to impossible to get information prior to the attack. We need to do an overall better job of monitoring these groups their members and their activity. Just monitoring chatter will not be the solution to stop them.

larryloeb
50%
50%
larryloeb,
User Rank: Author
11/19/2015 | 2:07:52 PM
Re: Here we go again
The core solution will be political, not technical. But that is beyond the scope of this publication.

Technology can always be gotten around or subverted.
TerryB
50%
50%
TerryB,
User Rank: Ninja
11/19/2015 | 1:56:02 PM
Here we go again
I think you covered the issues well, Larry. Seems we've learned nothing since 9/11. Instead of just locking the cockpit door, which would have prevented takeover of those planes, we spent billions on TSA and made the flying experience absolutely miserable for everyone. And planes are still coming down.

The political response to these situations makes no sense. Instead of realizing that the bad guys are every bit as smart as the good guys, and will continually adapt to whatever is thrown at them, they throw away money and freedom for what is essentially propaganda aimed at stupid people.

Let's get real. If someone so committed to their idealism is willing to embark on a suicide mission to slaughter you at Applebees in Fargo ND, how could possible stop that? Especially in America where the NRA makes sure everyone can easily get a gun, much less make an explosive out of ordinary over the counter products. No amount of intelligience, encryption be damned, can stop that.

If you want 100% guarantee of being safe from terrorism, I suggest you get a farm in middle of nowhere and grow your own food, never going to a population center. Then your odds are good because a terrorist won't want to kill you if no one knows about it, what's the point? But otherwise, you better start looking at life like driving a car: there is a possiblility you may not come back.

My favorite response now is this task force in NYC. Now what would terrify average people more: an attack at crowded Times Square which kills 100 or an attack in Boulder Colorado at Hooters that kills 30? Most people in US will never set foot in Times Square in their lives. But if terrorists show no small community is ever safe, that impacts everyone. But NYC keeps those tourism dollars rolling in.

Anyone think even a complete police state, where everyone gets a tracking chip implanted at birth and all communications are monitored by government can stop a suicide attacker? Especially in a country where guns are as easy to get as chocolate bars? I'm sure I'll get reply saying if all are carrying guns, we can just shoot these guys after they kill 5 people instead of 25. In the big picture, does that really change anything? They have the element of surprise, they aren't going to say "draw stranger!" like the old west. Your gun will never clear it's holster before you are dead. These guys are planning on dying, your gun isn't deterent.

Unless real Muslims can kill this idea these terrorists have that God wants them to kill in the name of religion, there is no winning this war. TSA, encryption, meaningless in that fight. Yet I never read anything about this core issue.
Slideshows
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll