Over the weekend, with all the terror attacks-related frenzy in the media, I happened to stumble upon what might just be one of the most ignorant stances on encryption I’ve read in a while, The Telegraph’s “Why is Silicon Valley helping the tech-savvy jihadists?” And yes, the story is related to the debate on strong encryption, the kind of data protection for Internet-connected devices and Internet services that intelligence agencies can’t crack.
Before we start, no tech company is helping tech-savvy ISIS members by creating such products. In fact, it’s still not even clear that encryption helps ISIS plan and execute sophisticated attacks such as the one in Paris on November 13th.
“Developing apps and emails that are heavily encrypted is playing into the hands of ISIL. Whose side are they on?” The Telegraph asks from the get-go. “They” refers to Apple, Google, Facebook, Microsoft, and every other company that encrypts data with complex algorithms, and they are in fact on the side of consumers, who are the main beneficiaries of this security. Of course people with malicious intent, including hackers and terrorists, will also always use online services that protect data the best.
“What will it take? 129 dead on American soil? 129 killed in California? What level of atrocity, what location will it take for the Gods of Silicon Valley to wake up to the dangerous game they are playing by plunging their apps and emails ever deeper into encryption, so allowing jihadists to plot behind an impenetrable wall?” The Telegraph continues, making it sound like tech companies are somehow aiding and abetting terrorists.
That’s simply not the case.
Encryption is used to safeguard banking transactions and to protect the security of many other services that are connected to the Internet. Encryption is also needed so hackers can’t steal money from banks, take control of airplanes, or mess with our electricity and gas companies, to name just a few.
Bad encryption, the kind that would leave backdoors for spy agencies to access, isn’t the answer either. Sure, some say that bad encryption might be imposed on Internet companies while everything else would be protected by proper encryption. But even still, hackers will look for those backdoors and will ultimately open them for their own use.
“This isn’t about privacy, it’s about profit,” The Telegraph says, referring to tech companies’ preference for offering encrypted services to users. “The tech firms have calculated that they build user numbers by inflaming fears of violations of privacy and offering more secrecy than anyone else. It suits them to paint Government agencies as snoopers who hate all encryption. But this is too simplistic. GCHQ invented encryption. Half of its job is defending the UK against cyber attacks, and the right kind of encryption is a vital part of their armoury. They simply want reasonable access, with a warrant, when lives are in danger.”
NSA and other agencies are snoopers, that’s part of their job description, and there’s nothing wrong with that. But that’s not because tech companies paint them that way. It’s because of all the Snowden leaks that revealed the complexity of mass data collection schemes used by law enforcement agencies, and the fact that the regular citizen is pretty much left in the dark about all that. Not to mention that these spy agencies haven’t come forward explaining how their advanced tools actually helped them prevent Paris-like tragedies. In fact, even in France, local intelligence services were not able to stop the attacks despite previous warnings, and despite having known some of the terrorists. It’s also yet to be determined what kind of encrypted services – if any – ISIS used in Paris.
On the other hand, ISIS has a 24-hour customer support service for its fighters, instructing them in real time on how to better protect their operations when it comes to communications. While this department does advise terrorists to use of encrypted services, that would be the case regardless of whether widely available tools like Apple’s iMessage were the norm.
“As Apple CEO Tim Cook argued: ‘If you put a key under the mat for the cops, a burglar can find it, too,’ The Telegraph continues, writing about Apple’s resistance to weakening encryption. “But this is not a reason to refuse co-operation outright. The global tech industry made around $3.7 trillion last year. They employ some of the brightest people on the planet. Apple et al could, if they wanted, employ a fraction of these resources to work out how we can simultaneously keep the good guys’ data secure and keep the bad guys in plain sight. The geniuses of Silicon Valley would be more than a match for the dunderheads in the desert.”
Keeping good guys’ data secure and bad guys’ data in sight means including a backdoor in an encrypted service. In this case, you should just read Tim Cook’s stance on bad encryption once again. Oh, and I thought that Silicon Valley was helping “tech-savvy jihadists” not “dunderheads in the desert.”
Ironically, The Telegraph ended its post with a poll. “Should Internet firms be banned from offering unbreakable encryption?” the news site asked. There were more than 28,000 votes at the time of this writing, and 92% said no.