Cybersecurity

Paris Attacks Deepen Encryption Debate

Encryption once again has come under fire in the wake of last week’s terrorist attacks in Paris.

Western intelligence agencies blamed the technology for enabling communications among the attackers, according to a New York Times report, and some officials renewed their calls for technology companies to give them decryption keys.

However, the terrorists may have communicated through private messages on the PlayStation 4, or even during game play, camouflaging relevant statements as routine gaming chatter, according to reports.

Demands for a Clampdown

Obama officials have noted ISIS’ use over the past 18 months or so of a variety of encryption technologies, many of which can’t be cracked by the NSA, the Times reported. Among them are free encryption apps such as Signal, Wickr and Telegram, for mobile messages.

It’s arguable whether weakening encryption would provide greater protection for the public, and the timing of the latest demands may provoke a backlash.

“This is an opportunistic effort to leverage a barbarous tragedy into a rationale to expand nonspecific surveillance,” charged Jack Danahy, CTO of Barkly.

In the event companies should accommodate government decryption requests, terrorists easily could find other ways to communicate, he told TechNewsWorld.

There are multiple open source tools that provide strong encryption capabilities “outside the jurisdiction of any particular government or intelligence agency,” noted Danahy, which “would provide a simple alternative to commercial tools. As a result, the net benefit of these proposed changes would likely be very small.”

Encryption “isn’t a product where production is limited to specific companies,” observed Tim Erlin, director of IT security and risk strategy at Tripwire.

It’s “a mathematical operation that can be performed in many ways across many mediums,” and weakening encryption could “result in a black market for strong encryption,” he told TechNewsWorld.

Introducing backdoors into encryption would “leave legitimate actors with their pants down, while nefarious actors would still have [strong] encryption at their disposal,” Tripwire security analyst Travis Smith told TechNewsWorld.

Why Intelligence Failed

The governments of Turkey and Iraq reportedly warned the French government of a terrorist plot in advance of the attacks in Paris.

The U.S. reportedly received advance warning of an attack in Europe.

However, “intelligence agencies are bombarded with information pointing to generalized attacks, and there’s not always an effective way to discern credible threats for further investigation,” noted Craig Young, a security researcher at Tripwire.

“This is in many ways the ultimate big data problem,” he told TechNewsWorld.

Silicon Valley’s Role

ISIS has threatened to attack the United States and continue its reign of terror elsewhere in the world, so an argument could be made that the high-tech industry would serve the greater good by agreeing to weaken encryption.

“No, it should not,” maintained security expert Sorin Mustaca.

“There has to always be somebody who controls those that control everyone else. The day when security companies give in to those demands is the day there’s no privacy for everyone,” he told TechNewsWorld.

“If we outlaw encryption in the U.S., they will simply make it elsewhere,” Lieberman Software VP of Product Strategy Jonathan Sander told TechNewsWorld. “Do we want to continue to have a leading role in encryption so we can keep up with the most advanced technologies?”

Richard Adhikari

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Cybersecurity

Technewsworld Channels