Will unbreakable encryption keep us safer, or will it help terrorists carry out more attacks like the one this week in Brussels?
It’s too early to know if the Brussels bombers used encryption to communicate, according to the US attorney-general (though that didn’t stop politicians proclaiming they had). We do know, however, that terrorists don’t need encryption to kill and maim.
ISIL’s strategy in last year’s Paris attacks and others was simple: avoid trackable electronic communications like email and messaging apps in favor of in-person meetings and disposable devices, or “burner phones,” that are quickly activated, used briefly, and then dumped. Communications from the Paris attacks were reportedly (paywall) largely unencrypted, and investigators have found much of their intelligence through informants, wiretaps, and device-tracking rather than by trying to decipher secret messages.
That’s not to say that terrorists won’t use encryption to carry out heinous acts. They will. But encryption is by now a fact of life: your apps, credit cards, web browsers and smartphones run encryption algorithms every day. Soon, perhaps, they will be unbreakable.
Governments face two unpalatable options: force companies to build ”backdoors” for their spies, as the FBI has tried to get Apple to do, or accept encryption as a fact of life while finding better ways to stop bad guys. That decision may have already been made for them; third-party encryption software is readily available, so Apple or no Apple, terrorists will find ways to use it.
It’s important to remember that for ISIL, the carnage is a means to an end. The goal of its few but painful attacks is to weaken faith in open societies’ ability to protect their citizens, undermine their democratic principles, and thus push them into more closely resembling the theocratic surveillance state ISIL wants to build. That’s not a war the West, or any democracy, can afford to lose.