In a recent post, my Niskanen Center colleague David Bier has rebuffed the claims that refugees flowing into Europe were the culprits responsible for the attacks in Paris last week. Major news outlets and American politicians have been hammering home this message of Syrian nationals as the source of these attacks, but they’ve also begun catapulting another culprit into the blameworthy limelight: encryption.
Numerous outlets have reported on the intelligence community’s “belief” that the attackers in question utilized encrypted communications to plot the Paris attacks. A recent New York Times piece best summed up the responses to Friday’s tragedy: “European officials said they believed the Paris attackers had used some kind of encrypted communication, but offered no evidence.” Unfortunately, this has not prevented politicians and law enforcement officials from opining on the negative impact of encryption.
Sen. Chuck Grassley, for instance, contends that these types of tools are a scourge:
Technology exists today that allows terrorists and criminals to communicate in the shadows, using encryption that makes it impossible for law enforcement or national security authorities to do everything they can to protect Americans.
Sen. Dianne Feinstein, in an MSNBC interview, made her own position clear, arguing that these types of apps give terrorists a “secret way of being able to conduct operations and operational planning.” And a Wall Street Journal article quoted FBI director James Comey laying the blame for ISIS’s recruitment successes on “social media and communications tools with strong encryption provided by Apple and Google.”
What the director and politicians are ignoring, however, is the proliferation of encryption tools not provided by American tech companies. There are an abundance of open source, free to use, and foreign-produced encryption tools–all available to would-be terrorists. Any individual nation’s attempt to weaken encryption is bound to fail due to the wide availability of encryption tools from foreign sources.
Any discussion surrounding encryption’s role in this horrific attack needs to be based on facts, not merely speculation. Initial reports suggested the terrorists used the Playstation 4 as a means of communication, but were shortly thereafter retracted for lack of any evidence supporting that claim. Another article indicated that the attackers used bitcoin to fund their operations. As of yet, there is no clear link between the use of encryption technologies and this attack.
However, for the sake of argument, let’s say the attackers did use encryption to mask their communications. Given the nature of terrorists’ activities, we would expect them to seek the means to communicate in secret. But just as terrorists make use of these tools, so too do everyday people, whether protecting themselves from financial fraud, engaging in secure commercial transactions online, or defending their very lives from the all-seeing eyes of oppressive security states like Iran and North Korea.
These attacks were a horrid display of barbaric depravity and it is clear that law enforcement and the intelligence community need reliable tools at their disposal to prevent future attacks. But those tools should not come at the expense of the protocols that underlie online commerce and keep dissidents in authoritarian societies safe from the prying eyes of the Orwellian regimes under which they live.
The arguments in favor of encryption are the same today as they were ten, fifteen, or twenty years ago. The world may have changed, but the underlying reasons for supporting strong encryption are the same. Encryption keeps people safe more often than it aids the nefarious goals of terrorists; encryption keeps the lifeblood of the modern economy pumping; and it enables those living under despotic rulers to have a voice, organize safely, and speak out against their oppressive overlords. Given the benefits of encryption that accrue to average, law-abiding citizens, we ought to take pause before trading these known gains to trod down a path that will leave all of us less secure online.
It was true before the Paris attacks, and it remains true in the wake of the tragedy.