Why Government Access to Encrypted Messages Won’t Make Us Safer

Since the Nov. 13 attacks in Paris, the question of whether the terrorists behind the massacre were using encryption to cover their trail has been the subject of widespread speculation.

Just as they did after 9/11, current and former officials in the United States and abroad have predictably cited the Paris tragedy as a reason to increase government surveillance powers — this time by granting the National Security Agency, the CIA and other intelligence agencies back-door access to encrypted information.

Some commentators have also claimed that the revelations of former National Security Agency contractor Edward Snowden, first published in June 2013, have spurred terrorists to use encryption to evade reconnaissance and capture. Former CIA Director James Woolsey has even said that Snowden has “blood on his hands.”

His statement, however, is provably absurd, as terrorism experts have known since the 1990s that terror groups were using encryption and other methods to evade surveillance. Osama bin Laden, for example, took extraordinary measures to cover his digital footprint, including writing his emails on a computer with no Internet connection, saving the files on a flash drive and then ordering a courier to a distant Internet cafe where the messages could be sent.

But as Truthdig has explained before, back-door access to encrypted apps is a bad idea and would not work. Many who rely on encryption, like investigative journalists, aid workers, lawyers and political dissidents around the globe, need their privacy protected. Furthermore, installing a back door for one officially sanctioned entity may very well mean that a malicious entity can find the same door and gain access.

“We were shocked and saddened to learn of the attacks in Paris and Beirut,” Cindy Cohn, executive director of the Electronic Frontier Foundation (EFF), told Truthdig in a written statement. “But these heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy. Any ‘backdoor’ into our communications will inevitably (and perhaps primarily) be used for illegal and repressive purposes rather than lawful ones.”

In a recent blog post, Cohn also noted that none of our existing mass surveillance operations were able to stop the Paris attacks, so it’s unlikely that adding more surveillance powers would do much to stop future attacks.

“Big data and mass surveillance techniques are simply not useful for predicting or uncovering terrorist plots,” she wrote.

That being said, how do you catch terrorists if everyone is using encryption? After all, popular apps like iMessage and FaceTime use encryption.

“Intelligence and law enforcement agencies have multiple ways to track suspected terrorists beyond simply breaking encryption,” Aaron Brantly, a cyber policy fellow at the Combating Terrorism Center at West Point, told Truthdig. Although terrorists may be using encryption and other ways to hide their footprints, he said, it’s extremely unlikely that any of them are always covering their tracks. Just for convenience or out of necessity, some communications will be left unsecured. Intelligence analysts can find bits and pieces across the spectrum to get a feeling for the bigger picture.

“There is a popular misconception that there is one email, one phone call, one text, or one chat that would have prevented a given attack,” Brantly said. “The reality is that it is a combination of clues dispersed over time and space from multiple sources that helps to provide a clearer picture as to the nature of the objectives and potential operations of an adversary.”

Even if every encrypted message was cracked by intelligence agencies, there’s no guarantee that those communicating wouldn’t be using code words and phrases. That back door to encryption could simply become a way for intelligence analysts to access messages they don’t understand.

“To suggest that breaking encryption is the panacea for such attacks is to assume that our adversary is static. The adversary innovates just as we do,” Brantly said. “If we force back doors into encryption, then we compromise the mathematics that safeguards our commerce, health and personal records, our own communications and much more. All the while our adversaries will move to new platforms where they can encrypt. If they can’t find a platform, they will work on developing their own.”

Beyond the widely available apps that use encryption, there are also plenty of open-source platforms for encrypting your communications, so putting back doors into the most popular apps wouldn’t really solve the problem. Similar to what happened when a head was cut off the Hydra of ancient myth, every time you eliminate one line of secure communication, others will rise in its place.