On Nov. 15, Michael Morell, the former deputy director of the Central Intelligence Agency, said on "Face the Nation" that militant extremists are using encrypted apps to communicate, making it difficult for law enforcement or governments to monitor them. In the wake of the coordinated attacks in Paris last week, Morell suggested that we need to have a new public debate about encryption.
Noting that previous conversations about encryption were "defined by Edward Snowden ... and the concern about privacy," Morell said future discussions will "be defined by what happened in Paris."
The Islamic State took credit for the suicide bombings and shootings in Paris on Nov. 13, which left at least 129 people dead and hundreds injured. Prior to the attacks, intelligence officials had raised concerns that suspected terrorists were "going dark" from surveillance by using commercial or open-source encryption tools.
Over the next few weeks, we'll likely see presidential candidates and law enforcement officials re-litigate the debate over public access to encryption in the court of public opinion. If they do, the new debate needs to acknowledge several points Morell failed to mention that complicate the issue.
First, as journalist Glenn Greenwald pointed out at The Intercept on Monday, the argument about Islamic militants changing their behavior after Edward Snowden leaked information about intelligence agencies' widespread surveillance of mobile devices and the Internet ignores an inconvenient truth: Terrorist networks have known for over a decade that phones and emails weren't secure and avoided using them.
As reported by the Washington Post in 2011, late al Qaeda leader Osama bin Laden avoided using phone or email communications for fear that they would be intercepted.
Despite heated claims from congressional leaders that encrypted messaging apps were putting terrorist communications out of government reach and calls in the United Kingdom to ban them, a 2014 analysis of jihadi behavior by security firm Flashpoint Partners found no change in al Qaeda tactics. (As far as we know, terrorists are not communicating over PlayStation 4 consoles, depite rumors claiming otherwise.)
Second, this discussion wasn't started by Snowden, although there's no question that his decision to contact media organizations has changed its context. We've been having a public debate over access to strong encryption for decades now.
It's hard not to see the growth of ephemeral messaging apps that promise to delete your posts -- and encrypted messaging services that advertise security against snooping -- as a public shift in behavior after widespread reporting of government surveillance. Whatsapp's encrypted messaging, however, isn't secure against national intelligence services.
If technology companies are forced to create "back doors" for governments to decrypt user data or devices, it weakens consumer protections against crime.
It's fair to acknowledge that domestically, law enforcement may have a decreased capacity to intercept unencrypted communications as a result of consumer adoption. That means that the FBI and Department of Homeland Security will need to leverage other sources and methods.
It's also inevitable that the Islamic State and other jihadis will build or adopt services with stronger encryption, which will in turn drive Western intelligence services to develop more powerful computers to break it.
Does that really mean we're going to ban encrypted services or weaken them, exposing billions of consumers to increased risk? Do our elected officials believe that passing laws in Congress or weakening the security of U.S. technology company software or hardware will somehow force the people willing to murder innocents in cold blood to use those tools instead of other products and services.
Finally, there's a third, larger problem with Morell's framing that's relevant to any debate over strong encryption: It isn't about "privacy versus security,” as he stated in his "Face the Nation" interview. With that phrase, Morell is posing a false dichotomous choice between privacy and security. This is about security and security. Security enables security, offline or online. That’s why we close and lock the doors and windows in our homes.
Whether the public knows it or not, we're already using encryption to send email, access our health records, file our taxes and buy goods and services online. We depend on encryption to keep our personal data safe, just as we depend on locks offline.
Let's make sure that any debate over privacy and security considers how our right to be secure in our persons, papers and personal effects extends online.
0 nhận xét:
Đăng nhận xét