The Web has exploded this week with comments, concerns, op-eds and the occasional speech by government leaders about just what it’ll take to end terrorism.
The main talking point has centered around encryption.
When Edward Snowden revealed NSA programs designed to collect this data from people that had never been linked to terrorism, we were appalled, then apathetic, and now we’ve basically moved on. The problem, however, is the effect encryption has on bulk data collection efforts by the US government. In short, it renders them useless.
The problem is, we’re fighting a battle against encryption when there really isn’t any tangible data that shows terrorists even used it in the plotting of the Paris attacks.
What we know about Paris terrorists -Not Syrian -Not refugees -No encryption What the US is focusing on -Syrians -Refugees -Encryption
— Daniel Lin (@DLin71) November 20, 2015
Encryption is being villified as a secure way for terrorists to send and receive communications, but the reality is, the entire Internet relies on encryption to do just about everything, including:
- Sending and storing your nudes on Snapchat.
- Keeping your credit card data safe from hackers.
- Protecting your passwords.
- Sending and receiving email.
This is where the government and Silicon Valley can’t see eye-to-eye. Government sees this as a way of fostering terrorism while tech companies see it as, well, everything else.
Does encryption aid in terrorism? Absolutely. But so does government policy, religion and online poker (apparently).
For me, this debate reached a boiling point last night when former Secretary of State Hillary Clinton insinuated the blame for terrorism rests directly on the shoulders of Silicon Valley
Another challenge is how to strike the right balance of protecting privacy and security. Encryption of mobile communications presents a particularly tough problem. We should take the concerns of law enforcement and counterterrorism professionals seriously.
I guess the hope here is that tech companies just bow down to government and start creating backdoors so that they can access our data any time they see fit, with or without cause.
It’s also worth mentioning that we’ve never actually stopped a major a terrorist plot by government intercepted data.
Clinton then mentioned the role of encryption in facilitating terrorism:
[Law enforcement and counterterroism professionals] have warned that impenetrable encryption may prevent them from accessing terrorist communications and preventing a future attack.
It can. That’s probably why terrorists are using it. It’s also why your average Joe relies on it to protect his dick pics from prying eyes.
If only she recognized the security concerns for the 99 percent plus of us that aren’t terrorists.
On the other hand, we know there are legitimate concerns about government intrusion, network security, and creating new vulnerabilities that bad actors can and would exploit.
Oh, good. She gets it.
Or, so I thought.
So we need Silicon Valley not to view government as its adversary. We need to challenge our best minds in the private sector to work with our best minds in the public sector to develop solutions that will both keep us safe and protect our privacy.
For fuck’s sake.
This is, and will continue to be, the problem. Government has a fundamental misunderstanding of what encryption is and how it aids in a Web-centric world.
You can’t just turn it on to “protect our privacy” nor can you turn it off to “keep us safe.”
Another day in the land of beyond-parody, as the Government says encryption that encrypts is no good, but one that doesn't work is good.
— Adam Hepton (@adamhepton) November 4, 2015
In fact, the very information government is asking for isn’t even accesible by the people that make the product in most cases. For example, LastPass, the popular password management application, can’t reach into your vault and remove a password. While this data is stored on a LastPass server, it’s encrypted, meaning even it doesn’t have the key it would take to break it.
Apple is another example. When pressed by the US government to provide backdoor access to iOS, it has repeatedly said that not only would it not do that, it couldn’t even if it wanted to, all because of encryption.
Facebook and Google have also repeatedly stated they fiercly oppose government backdoors.
Clinton isn’t alone in her battle cry to weaken encryption.
Senator John McCain supports the effort to end encryption, as does CIA Director John Brennan. Former presidential hopefuls Jeb Bush and Marco Rubio have also gone on the record in favor of weakening encryption.
The spun narrative of government officials is also contrary to what security experts everywhere believe. Most are steadfast in their belief that weakening encryption or allowing backdoors would do little to stop terrorist attacks.
1. Government is too damn big. It's tyranny! 2. We must empower government to use a giant database to track religious minorities. #GOP
— Jesse Singal (@jessesingal) November 20, 2015
According to Matthew Green, an assistant professor at the John Hopkins Information Security Institute, in a piece by Scientific American:
Law enforcement is talking about easy encryption apps that you download from the app store. What we’ve learned from terrorists is that they will go to great lengths to encrypt and even hide their communications in code. They’re not completely dependent on these easy-use apps that people are talking about.
If we’ve learned anything over the last decade it’s that the government will go to great lengths to collect data and that tech companies will be there to oppose them every step of the way.
Until we realize the real issue here, the debate will continue to be on-going.
This isn’t an encryption problem; it’s a government problem.