Paris attacks will strengthen case to weaken encryption

18 Nov 2015

The attacks that swept Paris could turn out to be the pretext that governments may use to put backdoors into encryption systems.

The attacks that swept Paris at the weekend, leaving around 128 people dead, could turn out to be the pretext that governments like the US and UK may leverage to put backdoors into encryption systems.

There are suggestions that the attackers operating on behalf of the so-called Islamic State (IS) may have used all kinds of technologies and apps, including the PlayStation 4 games console, to organise their attacks.

This is despite no firm evidence that the attackers used encryption to mask their movements or coordinate their attacks.

However, the tragic events in Paris at the weekend will now play into the hands of lobbyists in Washington and London who want to install backdoors into encryption systems and increase surveillance capabilities.

In the UK, home secretary Theresa May is pushing the Investigatory Powers Bill, which proposes that internet companies leave a backdoor to allow spy agencies and police services to access their security systems.

Also in the UK yesterday, Chancellor George Osborne pledged an additional £1.9bn towards creating a Cyber Force to complement GCHQ’s digital surveillance and cyber warfare resources. Osborne said he believed IS would develop a cyber warfare capability in the coming years.

The Obama Administration has said that IS has been using a range of encryption technologies to thwart surveillance by the National Security Agency, including free apps like Signal, Wickr and Telegram, which encrypt messages from mobile devices.

There have been reports in The New York Times alleging IS terrorists used Telegram to claim responsibility for the crash of the Russian jet in the Sinai Peninsula that killed 224 people.

Spies versus Silicon Valley

However, encryption is considered the bedrock of privacy in Silicon Valley and a standoff is coming between the tech community and the global security apparatus.

Tech leaders, including Apple’s CEO Tim Cook, who was in Dublin last week, have argued against putting backdoors into encryption systems as it would fundamentally harm privacy.

Addressing students in Trinity College in Dublin last week, Cook said weakening encryption in products like iMessage would be a recipe for disaster.

“All of us would say that we want to be secure and have the bad guys shipped off somewhere, but the reality of today is there are hackers everywhere. People want to take your data, there are bad governments in the world and bad people in the world and if you leave a backdoor in software there’s no such thing as a backdoor for the good guys only.

“We feel strongly that the safest approach is for the world to encrypt end-to-end with no back door. This protects the most people. Encryption is not something only a few companies have, it’s not something you can regulate. If you close down a few companies it’s not like the bad guys don’t have encryption of their own. They’ll just go to another source,” Cook warned.

Back-pedalling

Security analyst Brian Krebs of Krebs on Security has pointed out that claims in US media from Forbes to Politico and The New York Times citing officials in Belgium claiming the PlayStation 4 was used to discuss and plan the Paris attacks have since been back-pedalled after heavy criticism on Twitter.

Krebs warned that the media may be unwittingly playing into the hands of “anti-encryption enthusiasts” who want to weaken data encryption standards.

“The directors of the FBI , Central Intelligence Agency and National Security Agency have repeatedly warned Congress and the technology community that they’re facing a yawning intelligence gap from smartphone and internet communication technologies that use encryption which investigators cannot crack — even after being granted the authority to do so by the US courts.

“For its part, the Obama administration has reportedly backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices,” Krebs wrote.

The big question now, following the Paris attacks, reports of bombs in Hanover, gunfire in Paris and global fears of more IS attacks, is do the anti-encryption lobbyists have all the ammunition they need to weaken encryption?

The answer is yes, most likely.

Keys image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com