I was in London when news emerged from Paris that a squad of Islamic militants had massacred 130 people in restaurants, theaters, and other locations. The reaction was entirely predictable: a debate over what can be done to prevent similar incidents in the future.
The “solution” to terrorism, if one exists at all, is elusive. But it is clear what hasn’t worked.
For instance, the “welfare state” solution has failed. For more than 50 years, France has paid generous social benefits to accommodate millions of Muslim immigrants. Yet, at least one of the participants in the attack spoke French with no accent, indicating that he was a native speaker. It’s clear that generous welfare benefits won’t guarantee that some portion of the population receiving them won’t be radicalized.
Military force doesn’t work, either. More than a decade ago, I wrote what was possibly the most unpopular essay I’ve ever written. I entitled it, “The Enemy of My Enemy Is My Friend.” In it, I predicted that then-President George W. Bush’s massive military effort to overthrow Iraqi President Saddam Hussein would unleash Islamic terrorism on an unprecedented scale.
Sadly, that’s exactly what happened. We are now facing the consequences with the rise of the Islamic State.
Now FBI Director James Comey and others have advanced another “solution” to deal with the threat of terrorism. It is to force US phone companies, Internet service providers, and social media companies to give law enforcement and spy agencies the capability to eavesdrop on encrypted communications. This would be accomplished through a “back door;” an intentional vulnerability in an encryption protocol.
Justification for the proposal comes from the claim by authorities that the Paris attackers used encrypted communications, though no hard evidence backs up this claim. The New York Times reported (but later pulled the article):
The [Paris] attackers are believed to have communicated using encryption technology… It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate.
The idea for encryption back doors has been around for decades. In the 1990s, the Clinton administration floated a similar idea. The initiative involved a microcircuit called the “Clipper Chip.” Its purported advantage was that it provided a standard for securing private voice communication. With Clipper, however, the government would hold a key that could be used to unlock the communication. Congress refused to go along with the scheme after a researcher discovered the actual back door in the Clipper design. It would allow anyone with the knowledge of the compromised algorithm to listen in.
There’s zero evidence the situation is any different today. If Congress approves the back door plan, then WhatsApp, Skype, and all other US companies that facilitate encrypted communications will be forced to adopt it. At that point, what’s an enterprising terrorist to do? It’s simple to use a non-US encryption solution or even a “homebrew” one developed by the Islamic State or a similar organization.
And once back doors are in place, hackers, organized crime, and even terrorist organizations will use the compromised encryption protocols for their own purposes. At that point, no one would be able to communicate securely with a US-source encryption protocol.
What’s more, while the current rationale for encryption back doors is to fight terrorism, they wouldn’t be used just for that purpose. For proof, just look at the history of the PATRIOT Act. This law gives the US government unprecedented civil forfeiture authority over the US “correspondent accounts” of any bank in the world. If an alleged terrorist or other criminal deposits money at the bank overseas, the PATRIOT Act allows the government to seize an equivalent sum of money in the correspondent account in the US.
Congress enacted the PATRIOT Act just six weeks after the 9/11 attacks. Proponents justified the law as a necessary escalation in the “War on Terror.” But the very first time the government used its new civil forfeiture authority, it had nothing to do with terrorism. A couple alleged to be involved in insurance fraud in the US opened a $2 million bank account in Belize. While the government couldn’t confiscate the money directly, with the PATRIOT Act, the Justice Department was able to seize an equivalent amount in the Belize bank’s correspondent account.
Let’s summarize. Inserting back doors in US encryption protocols will only encourage anyone seeking secure communication to pursue non-US solutions. The back doors will be vulnerable to hackers, organized crime, and yes, even terrorists. And finally, this newfound government authority will be used in investigations having nothing to do with terrorism.
Do we really want to initiate an ultimately fruitless policy that will undermine security for everyone?