Last week, a series of terrorist attacks carried out by ISIS struck Paris, France, killing hundreds of people. In the wake of those attacks, several US government officials have been calling for greater powers in order to prevent future attacks.
One of these powers is the ability to access encrypted systems and encrypted communications.
Encryption is used for basically everything. Most websites you visit where you enter any kind of password or have any kind of account (Facebook, Twitter, email, your bank) use encryption to scramble communications between sender and receiver, so someone can’t intercept them in the middle and read the communications. Maybe it’s not important when Tweeting (since it’s published publicly anyway) but it is important when sending a private message on Facebook – and even more important when using a credit card to order something online or to access your bank. Encryption is necessary for internet-based business to function securely.
A growing number of devices also contain encryption, and software exists that allows you to encrypt your hard drive so that nobody without your password can read the data on the device. This is also a necessary security measure because people store an increasing amount of private data on computers and phones. Computer and internet security requires strong encryption to be effective.
The encryption that is used is mostly impossible to “brute force,” which is not as cool as it sounds.
In very simple terms, brute force is the equivalent of trying every possible password until one works. In the case of modern encryption, there are millions or billions of possible “passwords,” so it takes a very, very powerful computer to make it possible.
The federal government wants access to encrypted data, claiming it will help to prevent terrorist attacks. It has variously called for a backdoor, a “front door,” and a “golden key,” which would allow access by the US government and only the US government. This is not new to the Paris attacks. The Director of the FBI James Comey has been especially vocal since Apple announced last year that all new iPhones from the current iPhone 6 models forward would have encryption by default.
Let’s ignore the fact that we can’t be sure they’ll only use this access legitimately, or only with a warrant. It’s partially irrelevant because it can’t be done. It’s just impossible to encrypt a system that can be easily decrypted by the government and ONLY the government. A security hole is a security hole. A “golden key” is just as much a flaw in security as a back door.
Criminals will and do attack encrypted systems all the time. It is already very difficult to have a system where every aspect is 100 percent secure. Coding errors or holes in other features of a system allow encryption to be defeated, subverted or bypassed without resorting to “brute force,” because humans make mistakes. Intentionally adding another flaw into systems that are already under attack is unconscionable. It would add new layers of frustrating complexity to the game of security whack-a-mole already being played against malware and hackers who carry out identity theft and digital blackmail, hack large corporations, steal credit cards and social security numbers, and hold people’s computers for ransom from the other side of the world. Even if making encryption government-accessible prevented terrorist attacks, it would be a trade-off with making people more vulnerable to other forms of crime, which affect more people overall than terrorist attacks.
So let’s get back to preventing terrorist attacks: Would government access to encrypted communications have prevented the Paris attacks?
It turns out, no. The attack was coordinated mostly through standard text messages (exactly like on your cell phone right now), which are unencrypted and to which the French government already had full legal access. Many of the people involved were already known to the intelligence community as potential threats and could have had their text messages monitored.
This was not a problem created by public access to strong encryption. This attack could have been prevented if government applied the tools it already has to communications that are not encrypted. There is no evidence that breaking encryption would have prevented this or any other terrorist attack.
Preventing terrorist attacks is good; preventing or investigating other kinds of crime is also good. The US government already has tools at its disposal to do this. Other governments already have these same tools. They still fail to use those effectively at times – so why should we give them a tool that makes us more vulnerable to other kinds of crime?