The argument centers on encryption, which services like WhatsApp or Apple’s iMessage and FaceTime use to ensure eavesdroppers can’t listen to private chats between people.
Critics latched onto the method soon after Friday’s attack — with little evidence of the role technology played.
“I think what we’re going to learn is that these guys are communicating via these encrypted apps,” former CIA Deputy Director Mike Morrell said on “Face the Nation” on Sunday.
The next morning, current Director of Central Intelligence John Brennan — who recently had his personal email hacked — reportedly said companies’ encryption techniques, coupled with the revelations of mass surveillance released by National Security Agency whistle-blower Edward Snowden, have made it “much more challenging” for authorities to find terrorists.
It’s a push to give law enforcement greater access to private communications — a battle they seemingly lost earlier this year when President Obama dropped his plan to compel tech firms to provide access to encrypted messages.
Too-Quick Remedy
“We have no idea how the terrorists in the Paris bombings and shootings (communicated), but notice that (government officials) already have the solution,” said Eva Galperin, a global policy analyst at the Electronic Frontier Foundation, who works specifically on international security and privacy issues.“After any kind of security event, politicians believe that they must do something, and this is something and therefore it must be done.”
It remains unclear how these terrorists communicated. Early reports linking the attack to messages sent over Sony’s PlayStation 4 proved inaccurate.
“It seems like the timing of these kinds of (statements from) officials aren’t based on any concrete knowledge of what encryption was being used, but rather: ‘Here is an opportunity to revive this debate,’” said Matthew Green, an assistant professor at Johns Hopkins University’s Department of Computer Science.
He pointed to a paradox that’s popping up in the discussion: Since there is so far no evidence attackers used encryption, the thinking goes, they must have used encryption — otherwise, we’d have already found their messages.
“It just seems like it’s just a bad time to be having this conversation with a total lack of knowledge,” Green said.
If intelligence officials do get what they want, he added, it won’t necessarily weaken terrorist organizations’ ability to communicate with each other over the Internet.
They still could use encrypted tools free from federal oversight: open-sourced software or even their own technology. Or they could hide in plain sight, chatting in corners of the Internet where no one thinks to look.
Giving government a back-door into encryption won’t change that, he said.
Personal Records a Risk
But what it could do is make it easier for criminals and terrorists to access our financial, medical and other personal records, said Pam Dixon, the executive director of the World Privacy Forum in San Diego. They might find a way through the back-door as well.“Strong crypto means good security for all of us,” she said. “It means that banks and hospitals can secure financial and other transactions in our digital world.”
Silicon Valley companies began taking more serious steps to obscure the information their users transmitted after the Snowden revelations. Such privacy protections have become a selling point for tech industry giants — especially in overseas markets.
Though privacy has become something of a Silicon Valley rallying cry, there are even debates here over what’s appropriate.
“Crypto advocates need a better answer than ‘privacy’ when asked ‘those people who machine-gun concerts — why can’t we read their e-mail?’” Benedict Evans, a partner at the venture capital firm Andreessen Horowitz, who focuses on mobile technology, on Sunday.
Payments consultant Cherian Abraham, answered: “If I wanted to bug your bedroom, should I also be allowed to bug all bedrooms in the off chance you may be there one day?”
©2015 the San Francisco Chronicle Distributed by Tribune Content Agency, LLC.
