Learning from the Americans that to fight terrorism is welcome, tampering with encryption is not!

by
Ray Pinto

Governments in France and Germany have announced joint efforts to kick-off a global initiative to root out terrorists using instant messaging services. The Interior Minister of France, in reaction to a recent spate of horrific acts of terror including the murder of a French priest, announced a global need to intercept messages from terrorists using mainstream social media and encrypted services.

Both governments on the 24th August will propose a system to force companies to divulge its technical secrets on encryption technologies and allow security forces to access encrypted messages.

But what can we expect the demands of such an initiative as European governments’ security forces are struggling to keep up with disruptive communications technologies that are free and provide end-to-end encryption that even the manufactures do not have the keys?

It’s a question of trust

The advent of the internet has accelerated fear and suspicion on who is listening. Data protection activists are pushing governments through active lobbying and judicial intervention to demand US technology companies to tighten up its encryption services to push out government snoopers.

But it goes beyond civil rights. The world of e-commerce is delivering its promise of massive revenue opportunities across the planet. According to Ecommerce Foundation in 2014 Europe enjoyed a $427 billion boost in goods and services sales. The numbers are set to grow dramatically in the coming years as well as new trends in technology such as wearable devices and all types of objects (cars, buildings, kitchen appliances, etc.) connecting to the internet.

Only one thing can upset this burgeoning internet revolution and that is the trust consumers have to increase their dependence and usage of internet technologies.

Just press a few buttons and give us access to fight terror!

Internet technology companies are painfully aware of this. It is a race between them as to who will be seen as the most trusted to win hearts, minds and most importantly eyeballs. Tech companies know that as ecommerce usage accelerates then the platforms that are the most trusted will greatly benefit when monetisation really kicks in.

Technology companies also know that government interference could undermine the nascent growth we are seeing in ecommerce services should consumers lose confidence that the technologies are not safe and secure.  This is why we have seen a many recent examples where companies are actively suing the US government. Recently Microsoft, Facebook, Google successfully sued the US government to allow them to post on a transparency website every government request for information.  Microsoft was also successful in defeating the New York State’s attempt to use a warrant to access data of a US citizen from its Dublin Data Centre. Finally Apple made headlines when it went against both the FBI and a federal magistrate that ordered it to unlock the encryption of a single mobile phone formerly owned by a known terrorist whose actions led to the deaths of 14 innocent lives. Technology companies rallied around Apple’s defense saying that the US government is attempting to set a dangerous precedent to authorize the tampering and weakening of encryption technology.

In the Apple case it became public that the FBI wanted a new software tool to be developed that it could keep and reuse to unlock other phones in the future. Apple refused the FBI’s order. The FBI eventually backed down and found a hacker to crack Apple’s encryption technology.

Looking to Europe how would an EU Member State respond? Well around this time, French lawmakers backed an amendment to impose penalties including jail time of up to 5 years on technology executives who deny access to encrypted data during a terrorist investigation, giving security services and prosecutors the power to force companies such as Apple to cooperate.

What is at stake?

It is not a fun or popular job to defend the phone of a terrorist. But Apple’s decision was very much the right one. The most fundamental defense is what the FBI was asking was the undermining of human rights and civil liberties. Such a technology once created can be used by undemocratic regimes to spy on its populations. The American Civil Liberties Union said the FBI’s actions would “deliberately compromised digital security [that] would undermine human rights groups around the globe”. There was a similar reaction after the French German announcement for the creation of ‘backdoors’ for government. Isabelle Falque-Pierrotin, head of France’s data protection authority the CNIL, penned a strong statement in Le Monde raising the alarm that a measure to weakening encryption will lead to weakening security of Europe’s citizens and ironically can be exploited by those security forces are trying to protect.

The problem then emerges that if the EU or US mandates a rule of law obliging technology companies to weaken encryption technology we can expect this to follow in countries such as Chinese, Russia, or in the Middle East and Latin America.

Also encryption is critical to the secure functioning of new technologies that will run all types of critical systems in our cars, nuclear power plants and airplanes. Already at constant risk it would not be welcome if our elected governments are also working to weaken encryption.

Once governments begin to tamper or oblige companies to create encryption hacking technology it can be used by more nefarious governments and groups to access people’s personal information.

Where do we go from here?

It is increasingly apparent that EU governments are starting to ramp up its powers to interfere with encryption technology with the intention to protection its citizens and national security. However, as John Oliver has pointed out in his usual tongue in cheek manner, governments “…and its supporters can be weirdly dismissive of [the encryption] issue, in ways that indicate they don’t fully understand how technology works—or are pretending not to”.

Encryption technology is very complicated and hard to understand. It may seem it can be switched on and off like a light switch but in reality any form of government intervention will weaken encryption and expose the systems and information it tries to protect to attack or abuse.

It is important that companies work with their national and EU governments and legislative bodies to better understand the complexity and limitations of encryption and try to find solutions and acceptable compromises.

If we take one final lesson from the US its current Secretary of Defence Ashton Carter said “if they don’t [find compromises] industry will have to deal with laws written by policymakers who don’t have the technical knowledge in an atmosphere of anger and grief.”