Encryption

Ban Encryption? It's an Impossible Idea Whose Time Will Never Come

Of course government officials want to ban privacy-oriented technologies. They were created to thwart the grasping creatures.

|

If truth is the first casualty of war, the first casualty of a terrorist attack is people's right to be left the hell alone. Even before the terrorist outrage in Paris, the country of France already had a fully developed security state, with a wide-ranging surveillance law passed earlier this year, following on last year's crackdown on speech and travel. Chances are the shiny new measures in those bills hadn't even been implemented when the government last week awarded itself yet more eavesdropping, detention, and censorship powers.

But France is hardly alone: the U.S. infamously adopted the Patriot Act post-9/11, and Europe has rushed to follow after the attacks of the past few years, loosening already limp restrictions on officials spying on the people paying their salaries.

It's apparently not enough, though. Unwilling to let a good crisis go to waste, government officials have played on public fears to suggest bogus links between the Paris attacks and privacy-protecting technology like encryption and bitcoin. It's all in an effort to deny the benefits of those technology to people who don't want to live under constant state scrutiny.

The one saving grace is that these technologies were developed in the expectation that governments would pull exactly such stunts, and are well positioned to resist government controls.

It's worth noting here that terrorists certainly could use tools such as encryption apps and anonymous digital currency, just as they can use cars, weapons, telephones, cash, and everything else that human beings find useful in their everyday lives. To rid the world of goods and services useful to the few terrorists in our midst would be to leave everybody shivering naked and impoverished in the cold. And, in fact, ISIS and other terrorist groups use services like Twitter and Telegram to reach mass audiences, just as many people do. Shutting down those accounts just causes new ones to pop up; you'd have to kill the services entirely to keep terrorists out. 

Which is probably A-OK to officials. But that wouldn't actually cut terrorists off from one another. As early as 2007, "al-Qaeda's Global Islamic Media Front (GIMF) released their own encryption software: Asrar al-Mujahedeen," notes a paper from the UK think tank Demos. That project has been updated and built upon since. No matter how successful FBI Director James B. Comey is in his efforts to arm-twist Apple and Google into weakening the privacy protections in their products, developers actively servicing the terrorist cause are unlikely to follow their lead.

What's amazing, though, is that—while we don't yet know all the details—it appears that the Paris attackers not only didn't use the commercial encryption products that make security-state apparatchiks so sad, they didn't use their home-grown tools either. They apparently communicated openly, with little effort at secrecy. The Paris apartment targeted for last Wednesday's raid was identified from data extracted from an attacker's cell phone after the fact.

In fact, intelligence officials aren't suffering a dearth of information about terrorists—they're gagging while drinking from a firehose of the stuff. Just as Boston bomber Tamerlan Tsarnaev was already on a watchlist well ahead of his crime, so perpetrators of the Paris attacks and many others were already known to authorities—who were overwhelmed by the demands of monitoring so many suspects.

Likewise, there's little if any evidence that bitcoin funded the Paris attacks. Forget electronic money—proceeds from crime, social welfare payments, and defaulted consumer loans are among the major sources of funds for terrorist acts, according to a report by the intergovernmental Financial Action Task Force (FATF). But governments aren't looking for a spur to toughen efforts against bank robbery and welfare fraud—they want an excuse to track everybody's spending habits.

So European Union officials met last Friday in Brussels to emulate James Comey by exploiting the fears of the moment to hammer at cash and bitcoin—tools that had nothing to do with the massacre in Paris, but allow people far and wide to go about their lives with a modicum of privacy.

But statements issued at the end of the meeting were notably sparse on just how to do that, and for good reason. Bitcoin's creators were well aware that their efforts wouldn't be popular among regulators and legislators, precisely because they were potentially empowering people to bypass scrutiny, capital controls, and taxes (exactly that is happening in Argentina and elsewhere). The digital currency's network was designed to be decentralized and as anonymous as possible to make it resistant to control.

Bitcoin shares this feature with the better developed and far better established world of encryption. The tone was probably set when Phil Zimmermann specifically designed PGP as a privacy tool for political activists to protect their communications and ensured its distribution in the face of U.S. government opposition.

Zimmermann is now involved with Silent Circle, a commercial secure communications company based in Switzerland to put it beyond easy reach of the world's snoopier regimes. That model of choosing a friendly jurisdiction is followed by services such as ProtonMail and Tutanota. Other operations, such as Open Whisper Systems, make their products open source so that the code can be monitored for incursions by intelligence agencies.

The result leaves presidential candidate Hillary Clinton complaining "we need Silicon Valley not to view government as its adversary" while the FBI's Comey frets that his efforts to intercept private communications increasingly "are ineffective."

That's not likely to change. The guerrilla war between advocates of privacy-protecting technology and snoopy government officials began many years ago. The sight of blustering politicians' steadfast determination to erode civil liberties in every nook and corner of society that they can reach is unlikely to convince the public at large to surrender its digital money and encrypted communications.

Especially when the supposed dangers of privacy-aiding technologies that officials raise are such obvious crap.