Encryption

The Crypto Wars Are Not About Terrorism, They're About Power

Make no mistake: the War on Crypto is not primarily about "terrorism" or "fighting crime" or "public safety" at all.

|

tyler_r

The FBI may have been able to unlock San Bernardino shooter Syed Rizwan Farook's work-related iPhone without conscripting Apple as an unwilling hacker, but that has not slowed down the government's broader war on encrypted technologies one bit. It didn't take long for another tragic terrorist attack, this one in Belgium, to provide fresh rhetorical ammunition to the stubborn officials in a quixotic battle against mathematical techniques that keep us safe online. 

As is typical these days, early reports that the Brussels attackers used encrypted technologies tended to be both alarmist and inaccurate. But the extent to which terrorists employ secure technologies (or not) is irrelevant: governments will seize upon whatever emotional excuse that they can in a crusade to augment their authority. 

In the wake of the Brussels attack, we saw the same "encryption panic cycle" that was first typified after terrorist attacks in Paris last year and later with the San Bernardino investigation. In both instances, parties who have always opposed strong security techniques quickly speculated that encryption was to blame long before facts were established, ensuring the conversation was framed in a beneficial way for their policy goals.

For example, in the wake of the Paris attacks, longtime encryption opponent Rep. Adam Schiff (D-California) wasted little time in preemptively calling upon Congress to require a "backdoor" for government access to encrypted technologies. There was just one problem—most, if not all, of the terrorist's planning was done with no encryption at all, relying instead on the tried and true burner-phone method. This does not appear to have prompted any new restraint from the Congressman, however. After the Brussels bombings occured, Schiff stated that while "we do not know yet what role, if any, encrypted communications played in these attacks … we can be sure that terrorists will continue to use what they perceive to be the most secure means to plot their attacks."

Then there's Schiff's sister in encryption-antipathy, Sen. Diane Feinstein (D-California). Feinstein at least had the decency to wait a few days before exploiting the Paris attacks to further her anti-encryption agenda. But she does not seem to have learned any lessons about jumping to conclusions after terrorist incidents, either. On the day of the Brussels attacks, Feinstein leapt into action to urge the intelligence community to "use all the tools at [their] disposal to fight back"—presumably, by compromising security techniques for government access, as her recent bill proposes.

Unfortunately, Schiff and Feinstein only happen to be some of the noisiest warriors against our online security in Congress. These attitudes are troublingly common among our elected officials. 

In fact, it is still unclear exactly whether or how the Brussels attackers used encryption to carry out their vicious plans. We may not have a better picture until the investigations conclude several months from now.

We do know that ISIS operatives have trained new recruits to use TrueCrypt, a discontinued on-the-fly encryption program, but we do not know how extensively this program is being used. In the case of the Paris attacks, the final report found no direct evidence that encryption was employed, though French police did note that they were unable to find any of the attackers' email communications. Police speculate that this is because the terrorists used encryption, but it is also possible that they simply did not use email. In any event, the "did-they-or-didn't-they" dance with encryption in many ways misses the big picture.

As a report from Harvard's Berkman Center for Internet & Society argues, it is incredibly difficult for even the most competent hacker to completely "go dark." The structure of the Internet is such that even people who use encryption programs leak reams of metadata that should prove illuminating in criminal investigations. The authors should know—some of the report's signatories include leading cryptographers who agonize over just these vulnerabilities.

And it's important to keep the scope of the problem in context. When I dug into the Administrative Office of the U.S. Courts' data on the total number of wiretaps that involved any encryption at all, I was surprised by how limited this problem appears to be. From 2001 to 2014, only 147 of the total 32,539 reported wiretaps encountered any issues with encryption. That's 0.45 percent.

On top of that, most of those encrypted technologies were able to be deciphered anyway. A measly 15, or 0.046 percent of the total, were both encrypted and uncracked.

Furthermore, the vast majority of these wiretaps have nothing to do with terrorism or even violent crime at all. The American Civil Liberties Union (ACLU) issued FIOA requests to find out more information about the government's cases against device manufacturers such as Apple and Google involving locked phones. They found 73 instances where the government attempted to apply the All Writs Act of 1789 to force a company to unlock a device like they did in the San Bernardino case. Of the 41 cases in which a crime can be identified, 19 involve drug charges, nine involve sexual offenses, six involve fraud, and another four involve assorted charges like carjacking and gambling. Only one case—the infamous San Bernardino incident—involves the kind of terrorist activity that law enforcement officials often invoke to demonize encryption.

But the biggest problem with the government's line of reasoning on encryption is that it is self-defeating. Government meddling in secure encryption techniques will not prevent terrorists from developing their own encryption programs, but it will backfire by making innocent parties less secure. The mathematics at the heart of encryption techniques will continue to exist no matter how harshly it is criminalized. "Banning" these security techniques for innocent people will expose them to dramatic vulnerabilities online, as is evidenced by the recent FREAK, LOGJAM, and Heartbleed vulnerabilities that resulted from U.S. government encryption restrictions in the 1990s. Nor will building a so-called "backdoor" exclusively for law-enforcement access work, either: the bad guys can use backdoors, too. There is simply no away around this technical reality. 

Make no mistake: the War on Crypto is not primarily about "terrorism" or "fighting crime" or "public safety" at all. Rather, these emotional hot-buttons are merely a cover to justify expansions in government power that law enforcement officials have long coveted, as leaked emails from top intelligence lawyer Robert S. Litt show. Unfortunately for the rest of us, this naked desire for unattainable power trumps the very real dangers of purposefully crippling our security online.

It's hard to anticipate how this seemingly non-negotiable tension will end as new developments in the arms race between secure technologies and government shenanigans escalate in both pace and volume. Last week, the popular messaging service WhatsApp made waves by announcing that it would enable end-to-end encryption for its over 400 million users. That same week, Sens. Feinstein and Richard Burr (R-North Carolina) unveiled a draft bill to force companies to decrypt data on demand—a measure which would effectively criminalize WhatsApp's end-to-end encryption. If we truly value online security and personal privacy online, it looks like we're going to have to fight for it.

Advertisement

NEXT: Donald Trump's Organizational Failure in Colorado Shows He's Totally Unprepared to Be President

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

    1. my co-worker’s sister makes $64 /hour on the computer . She has been without a job for ten months but last month her pay was $21908 just working on the computer for a few hours. go ????????????? Click this link http://goo.gl/JNLxe5

  1. Government meddling in secure encryption techniques will not prevent terrorists from developing their own encryption programs, but it will backfire by making innocent parties less secure. The mathematics at the heart of encryption techniques will continue to exist no matter how harshly it is criminalized. “Banning” these security techniques for innocent people will expose them to dramatic vulnerabilities online, as is evidenced by the recent FREAK, LOGJAM, and Heartbleed vulnerabilities that resulted from U.S. government encryption restrictions in the 1990s.

    This assumes mutual respect of good faith by people who’ve been disrespected or perceive they have been. More accurately, if you ban encryption, then only the criminals will have encryption.

    It’s pretty well known that US Intelligence agencies are already massively understaffed for translators as it is. If ISIS made an encryption scheme and advertised that the Chinese government couldn’t crack it and managed to dupe even, say, 100K Chinamen into the network, the resulting Chinese/Arabic morass would be wholly impenetrable to US intelligence forces and that’s strictly at a linguistics level. The socio-political implications of labeling a faction of Chinese dissidents/non-conformists as ISIS sympathizers would be equally perilous.

    1. massively understaffed

      Just to be clear: this is government-ese for “we have way more people than we need but we have far less budget than we want“.

      1. True

        It should also be known/understood that the ability to generate gibberish in a foreign language far outweighs any country’s ability to throw bodies at the problem.

  2. It didn’t take long for another tragic terrorist attack, this one in Belgium, to provide fresh rhetorical ammunition to the stubborn officials in a quixotic battle against mathematical techniques that keep up safe online.

    Hemingway disapproves.

    Also, squee!

  3. If this bill passes, there’s no such thing as security on the internet any longer. That’s not hyperbole, it’s fact. It’s not only phones that the feds can’t get into without a password or an iMessage conversation. Your banking, the credit card details sent over to Amazon to buy a book… nothing is safe.

    Dianne Feinstein is seriously the worst legislator in the history of the United States Congress.

    1. Indeed.
      Money shot:

      As Jonathan Zdziarski notes, the bill is so ridiculously drafted that it doesn’t distinguish between encrypted data and deleted data.

      1. I’m not sure that’s accidental. If you can’t deny the government access to your data by encrypting it, why should you be able to deny the government access by deleting it?

        “Well, comrade, why would you need to delete data unless you were trying to hide it? You don’t have anything to hide, do you?”

        1. So much for y’alls edit button.

      2. War On Entropy!

    2. “Dianne Feinstein is seriously the worst legislator in the history of the United States Congress”

      I 100% agree with this statement. I would love to see her personal info and communications get hacked and posted online daily.

    3. I agree. I’ve written her in the past and gotten back letters explaining her policy positions that are basically “but what about the children?!” arguments in essence. It’s all scaremongering all the time with her. It doesn’t occur to her that there are Americans brave enough to forgo (a false sense of) security in exchange for more actual liberty.

      For instance, I’m okay with a 0.000001% chance of being on a plane that gets hijacked in exchange for doing away with the 100% chance of having to stand in a long-ass TSA line. For now, I boycott air travel as much as possible and use web/video conferencing as much as possible. If they insert backdoors into web conferencing, then what privacy do I have left?

  4. A measly 15, or 0.0046 percent of the total, were both encrypted and uncracked.

    You moved your decimal point one too many to the left. The point remains, it is a trivial percentage.

  5. Make no mistake: ‘government’ will not rest as long as we are able to hide ANYTHING from its peering eyes and ears. “A government big enough to give you everything you want, is a government big enough to take away everything that you have.” Thomas Jefferson

  6. Want to meet a girl? come on http://goo.gl/mxiosK
    the Best adult Dating site!

  7. I’ve just finished reading an interesting history of Europe from 1789 (French Revolution) to 1848 (The Year of (failed) Revolutions), and one of the fascinating aspects was the degree to which Austria and other nations opened, copied, and reclosed mail. Austria at one point paid heavily to subsidize their post office to be the fastest and cheapest in Europe just so they would get more mail to read.

    And the result was mainly that (1) people who wanted privacy found other means to communicate, and (2) the spy services were so inundated in trivia (mostly false) that they never saw the big pictures.

    It’s amazing how much history repeats itself.

    1. Phantom Terror. My only criticism is that sometimes he gets so deep into the repetitive examples that your eyes begin to glaze over. But not TMI — it’s all fascinating. There’s one funny example of a Russian poet whose poem was rejected by the censor because “divine” is reserved for God, not lovers; “heavenly” is reserved for what emanates from God, not lovers’ appearances; “universal” includes the tsar and the lawful authorities, so it is improper to say a lover has universal appeal; and wanting to be alone with your lover implies a desire to shrik one’s duty to the State.

  8. I’m wondering if the encryption thing IS actually about power.

    I could definitely see that as being their motive… but I see an equally likely explanation: These politicians may just be motivated by the #DoSomething mentality.

    In reality there is jack shit we can do to stop terrorist attack planning, because you can’t stop burner phones. But politicians, as Obama showed with his #DoSomething in response to gun violence. His proposal wouldn’t have stopped the specific attack he was reacting too, but it LOOKS like he did something, which largely is ALL THAT MATTERS to a lot of voters.

    So, not with the FBI’s motives, but with some of the politicians, perhaps this is just them wanting to look like they are doing something about terrorism. Since burner phones cannot be stopped, they cannot address the real problem, so they find something they CAN stop that LOOKS like it might be related to terrorism. They get to #DoSomething and their votes are secured!!

    1. These politicians may just be motivated by the #DoSomething mentality.

      This is a bit heads up vs. tails down. There’s an old samurai maxim; ‘To a real warrior, power perceived is power achieved.’

      Being perceived as doing something while actually doing nothing is a pretty distinctly an exercise in power, especially if the ‘doing something’ is really ‘make others do something’.

      1. Well put.

        I would say though that for some subset of politicians, it really IS about gaining power, not just about #DoSomething. You can tell this by looking at their track record–some are very consistently pushing agendas towards specific and often loudly-proclaimed goals. A #DoSomething politician’s track record will be more opportunistic in hindsight, with lots of flip-flopping. But some politicians have very consistent policies and votes over time.

        Feinstein is absolutely one that will openly say she wants more power for the gov’t, and since she is an elite in that gov’t, she will share in that power.

  9. I saw a couple of episodes of “48 hours” a cops like show that follows homicide detectives. they were able to get all of text messages of the phones they were interested in from the phone carrier. My question is that not possible with encryption?

    1. Well, if each of the text messages were encrypted with, say, PGP, then the gov’t would not be able to open the messages even if they had the phone carriers collect them and hand them over.

      So, with the bill proposed, a backdoor would be built into PGP such that the gov’t can request the phone carrier collect the message (obviously bypassing the encryption on the call) AND also bypass the per-message encryption via the backdoor in PGP.

      This is just one example out of many bad scenarios in which there is no longer security for anyone if this bill passes and the law is enforced (even on open-source projects).

  10. Do I have the right to speak to my spouse, wife, husband, lover or friend in true confidence? What if I call my lawyer or doctor? I have only used encryption when required by contract or government rule but when everyday encryption is outlawed I will use it as much as I can.

  11. before I saw the bank draft which had said $9426 , I didnt believe that…my… brother woz like actualy earning money part-time at there labtop. . there uncles cousin has done this 4 less than fifteen months and by now repaid the dept on there place and got a great new Mini Cooper . read the full info here …

    Clik This Link inYour Browser??

    ? ? ? ? http://www.SelfCash10.com

  12. before I saw the bank draft which had said $9426 , I didnt believe that…my… brother woz like actualy earning money part-time at there labtop. . there uncles cousin has done this 4 less than fifteen months and by now repaid the dept on there place and got a great new Mini Cooper . read the full info here …

    Clik This Link inYour Browser??

    ? ? ? ? http://www.SelfCash10.com

  13. before I saw the bank draft which had said $9426 , I didnt believe that…my… brother woz like actualy earning money part-time at there labtop. . there uncles cousin has done this 4 less than fifteen months and by now repaid the dept on there place and got a great new Mini Cooper . read the full info here …

    Clik This Link inYour Browser??

    ? ? ? ? http://www.SelfCash10.com

  14. Start making more money weekly. This is a valuable part time work for everyone. The best part work from comfort of your house and get paid from $100-$2k each week.Start today and have your first cash at the end of this week. For more details Check this link??

    Clik This Link inYour Browser?

    ???? http://www.selfCash10.com

  15. On top of that, most of those encrypted technologies were able to be deciphered anyway. A measly 15, or 0.0046 percent of the total, were both encrypted and uncracked.

    ???? ?????? ???? ???????

    ???? ?????? ??????? ???????
    Feinstein and Richard Burr (R-Virginia) unveiled a draft bill to force companies to decrypt data on demand?a measure which would effectively criminalize WhatsApp’s end-to-end encryption. If we truly value online security and personal privacy online, it looks like we’re going to have to fight for it.

Please to post comments

Comments are closed.