Encryption; should governments have a way in?

Every time there is a major terrorist attack the governments involved are asked to look for clues that they missed and therefore the successful attack. The recent attack in Paris is no different, with intelligence officers from across the world examining how intelligence in France missed the communication between the obviously coordinated attacks. The same questions were asked after the Mumbai bombings and after the 9/11 attacks.
Encryption governments have way
The obvious answer is that terrorists are now using encryption to hide their communication. The sophisticated technology, some of which was developed by the US government has turned the pursuit of criminal activity online into a particularly hard undertaking. TOR, or The Onion Router was for example a creation of the US government and is now a tool that is popular in the dark web.

The question that is now being asked is whether in the pursuit of anonymity and privacy the world has created the perfect way for terrorists to become untraceable online. It has to be taken into account that the internet world after 9/11 was heavily watched, especially by the NSA. However, after Edward Snowden revealed the extensive surveillance leading to public outcry the NSA as we wrote in this article cut back on some of the surveillance.

Companies like Google on the other hand started to boost their encryption so that even when served with court orders to show the messages between users they were technically unable to do that. Commercial encryption has developed encryption keys that are only valid in a certain time period after which the messages are permanently encrypted, with the users only being able to decrypt.

While countries like Britain are on the verge of passing a legislation that will make the kind of spying surveillance that the law enforcement in many countries desire real, there still are concerns that people and therefore terrorists will find a way hide (like hiding real IP online via VPN and other means), given the multitude of tools available to maintain anonymity.

Suggestions have been made that companies maintain a backdoor into encryption software for law enforcement. The suggestion has been shot down by internet security experts who feel that leaving a deliberate point of weakness for the good guys will inadvertently allow an opportunity for hackers to exploit the flaw. It therefore is not possible that companies leave a way in for law enforcement.

That said, there still is a way for intelligence to pick up clues. Experts point out that the occurrence of encrypted communication from locations associated with terrorists in itself is a clue that something is bound to happen. In the fullness of time, law enforcement will piece together the information bits and get to the terrorists. Leaving a way in is far too dangerous for innocent users as well as risky for commercial companies.

As like anything, allowing governments to have a way in should bring both advantages and disadvantages on the table. But weighing both, the bads are next to unacceptable for users online – and that’s why we and many others over the Internet are fighting for Internet privacy and I’m positive folks will keep fighting. So, the governments should better find a way to end terrorism and not freedom over the web.

Top/Featured Image: By jisc.ac.uk

Pierluigi Paganini Cyber Security Analyst; Member, European Union Agency for Network and Information Security Threat Landscape Stakeholder Group; Founder, Security Affairs Blog. Co-author of The Deep Dark Web: The Hidden World.
Leave a Comment