The debate about “Going Dark” has reignited following the tragic attacks in Paris last week. There have been claims the terrorists used encrypted communications to coordinate their attack and avoid detection by intelligence services– creating what is, essentially, the worst case scenario envisioned by advocates for government access to encrypted communications platforms. Even though no hard evidence has surfaced yet to substantiate those claims, these attacks highlight many of the key issues associated with the problem of going dark.
The two sides of this debate remain firmly entrenched in their respective views. Proponents of strong encryption argue that any attempts to weaken encryption will violate people’s civil liberties, weaken American businesses’ ability to compete overseas, and cause a net decrease in security overall. Proponents of lawful intercept capablities contend that bad actors are exploiting encryption to facilitate criminal and terrorist activities, so the government has a legitimate need for access to encrypted communication. The resumption of the debate comes at a time when ISIS recently endorsed an encrypted communication app, called Telegram, as its app-of-choice for communicating among extremists abroad.
Law enforcement agencies in the U.S. have been working to address the potential problem of terrorists using encrypted apps. Although the FBI has stopped pushing for legislative solutions, the essential problem remains unaddressed. At first glance, the renewed interest in encryption following the Paris attacks seems like it will produce broad support for government access. The argument that is emerging post-Paris is that encryption is partially to blame for the loss of life in France, and so law enforcement elsewhere needs access to encrypted communications now to stop similar attacks from happening again. And ISIS has promised that more attacks are coming soon, with Washington, D.C. and New York City being singled out as the next targets. However, there is more to this problem than meets the eye.
Terrorists know that security services want to monitor their communications, and so they adapt to avoid them. For example, Telegram is not based in the United States, so the U.S. government cannot necessarily force it to accommodate the needs of law enforcement. Terrorist groups will likely seek out platforms that are outside U.S. jurisdiction specifically for that reason. Telegram is actively working to remove terrorist accounts from its service, but Twitter’s inability to do the same in the past calls into question the likelihood of success. Even if it is successful, the bad actors would probably just switch to another communication platform, just as they switched from Twitter to Telegram. This represents one of the core technical problems with placing lawful intercept capabilities into encrypted systems – the terrorists will simply change platforms, and the formerly secure system will then have a hole in its security.
Beyond the technical aspects, there is an ideological issue at play as well. Telegram was created by two Russian brothers, one of whom is an outspoken critic of Russian President Vladimir Putin. They created Telegram as a space where people could talk without fear of surveillance from their repressive government. Former U.S. Secretary of Homeland Defense Michael Chertoff told the The Cipher Brief that encouraging nations like Russia and China to respect strong encryption can only be done “if we are honoring the same principle ourselves.” As Telegram aptly demonstrates, encryption is a tool that can be used to protect free speech, but it can also be abused to facilitate violence. That is at the center of the debate in the U.S.: how do you ensure physical security while maintaining the integrity of national values such as the protection of privacy and civil liberties.
The dispute over encryption never really went away, but the Paris attacks have created a new sense of immediacy to what was previously a more theoretical threat, at least in the minds of many Americans.
Luke Penn-Hall is the Cyber and Technology Producer at The Cipher Brief.
