Technology

The Taliban Is No Excuse To Crack Down On Secure Tech

Breaking encryption technologies always makes us less safe, no matter what the justification.

|

There are a lot of ways to look at the collapse of the U.S.-backed Afghanistan government into the hands of the ever-patient Taliban. It's a pathetic and predictable end to decades of wasteful war-driven nation-building in a faraway steppe. On a deeper level, it illustrates the limits of imposing liberalism at dronepoint. The desperate and dark images we have seen so far will sadly only continue to flow. With them will surely come calls for policy changes that may ultimately serve some unspoken and unrelated ends.

Already, people are talking about the ways that the Taliban is using technology. So far, the discussion has mostly surrounded platform policies.

Should the Taliban have a Twitter account? Suhail Shaheen, the self-described "Member of Negotiations Team and Polit. Office Spokesman for International Media (English)," does, and he breezily tweets in English and Pashto of the Mujahideen's mandate to protect the "life, property and honor" of those in the new Islamic Emirate. There is an official Pashto-only account as well, sharing news that "the general public is happy with the arrival of the Mujahideen and satisfied with security."

One writer for The Washington Post touted the Taliban's "strikingly sophisticated social media tactics" that have allowed the gang to avoid a Twitter ban. The article drew criticism for seeming to argue that President Donald Trump's posting career "challenged platform rules against hate speech and inciting violence" in a way that "today's Taliban, by and large, does not." But apparently, Twitter agrees, as the Taliban continues to tweet through the chaos largely without reprisal.

Facebook has taken a tougher tack, at least on its eponymous social network and Instagram. The company's policy is to remove any official Taliban accounts or content that "praise[s], support[s], and represent[s] them" as the group is "sanctioned as a terrorist organization under U.S. law." This policy has been criticized by the Taliban and Jillian C. York for stifling free speech—the latter's argument correctly and non-cynically pointing out that overbroad policies will capture important dissent and information in a dumb algorithmic net.

These issues are merely the latest iteration of the core design decisions that place central platform administrators in control of what content users can access. One might hope that the communications of a sitting U.S. president might be better included than the Taliban in the category of "acceptable platform speech," but technologically at least, this is the administrator's call to make.

It's a tough one, since this rebooted, tech-savvier Taliban seems to excel not only at logistics but also tactics. We have apparently been presented with a softer, more enlightened Sunni extremist organization that welcomes women's participation and brooks no ill will against Afghan collaborators. But are we really seeing the rise of a compassionate not-quite caliphate, or has the Taliban merely adopted a posture that they believe will get them out of Twitter jail and into some decent enough graces with the international order?

Powerful groups can and do lean on platforms to affect these decisions on who can say what in popular digital squares, notably in the case of mediating threats to established regimes. We will just have to watch how platforms and power centers decide to navigate the communications controls imposed on this seeming new order in its former satellite state.

The case of WhatsApp provides a more concerning possibility in the way governments may decide to react to yet another ascendancy of the Taliban to power in Afghanistan. The Facebook-owned messaging app maintains the same policies against platforming known terrorists as its other networks. At least, on paper. Because WhatsApp is end-to-end encrypted, determining which accounts are Taliban-operated is not as straightforward as on the social networking giant's plaintext platforms.

Many reports suggest that the Taliban is a snappy WhatsApper, disseminating news and propaganda to reassure perhaps frightened Afghans of their intentions. For instance, the Taliban operated a complaints desk in Kabul for residents to report violence and looting. Once WhatsApp identified the account, it shut it down.

Facebook does not seem to enjoy the fact that a rogue terrorist-designated state has chosen one of its products to operate a customer service hotline. It has argued that it is constrained in its reprisals because of the encryption built into the app. Beyond simply disabling the service in Afghanistan, which would also lock out Afghans and foreigners that might be using the app for their own non- or anti-Taliban activities, there is only so much that the company can do.

This is precisely the kind of unfortunate technological edge case that governments use to argue that encryption technologies must have "backdoors" for insiders to access secure communications. It happens after terrorist attacks, civil unrest, and unauthorized capitol ingress. It is only a matter of time until policymakers are tempted to use the Taliban as yet another excuse to break encryption technologies.

Although the threatening justifications may change, the technological trade-offs are the same as they were during the Crypto Wars of the 1990s. Changing encryption to allow governments to snoop at their leisure makes everyone less secure.

Firstly, it's technically dubious, and maybe impossible, to design the kind of backdoor system that would make both governments and technologists happy.

But even if such a unicorn system was devised, it would only be as secure as government cyber practices—which is to say, it would be insecure. Just last week, we learned that the foremost experts on nation-building in the State Department had succumbed to a major hack amidst the Afghan chaos. Yet somehow the chronically breach-prone U.S. government is expected to be able to protect a holy grail golden key that would allow unauthorized groups to take this Eye of Sauron for a spin at their leisure. Not even the National Security Agency can keep its stockpile of strategic exploits secure.

It's not just communications, either. Cryptocurrencies are another kind of encryption technology that allow for secure data transfer—money, in this case. Financial deplatforming is another way that the United States government has exerted control over enemy groups like the Taliban.

Most people are familiar with the U.S.'s communications surveillance program that kicked off with the USA PATRIOT Act. Fewer understand that the U.S. has a corresponding financial surveillance and sanctions infrastructure enhanced by that same act to track and control the flow of money as well. As with the communications surveillance programs exposed by whistleblower Edward Snowden, financial surveillance ensnares millions of innocent people in a government panopticon while often not even catching the targets for which it was erected.

Financial surveillance works by mandating that third-party services like banks collect information on all transactions that fit a certain profile. Cash transactions, which are "peer-to-peer" or direct, are largely exempt from this kind of surveillance.

Direct cryptocurrency transactions, which are peer-to-peer like cash, should be treated like cash transactions in law. And indeed, in the United States, financial surveillance regulations have so far been largely imposed on third party facilitators just like our established system. Yet internationally, this is not always the case, and governments are seeking to ensnare most or all cryptocurrency transactions in this financial dragnet. Worryingly, proposals emanating from Congress and the Treasury Department would also try to subject direct cryptocurrency transfers to extreme financial surveillance.

The ascendancy of the Taliban could provide another justification for more controls on cryptocurrency. U.S.-aligned financial institutions have already started choking Afghanistan of capital channels. Innocent Afghans will be hurt, and commentators are noting that cryptocurrency is on the rise in their country. It will only take one story of a possibly Taliban-aligned actor using bitcoin for anti-cryptocurrency actors to pounce. But using digital cash to protect privacy and security should be seen as a fundamental human right, and we should defend it with the equivalent fervor.

The justifications may change with the crisis of the week, but the reality that breaking secure and private technologies will make everyone less safe remains the same. What is happening in Afghanistan is terrible, but it is no excuse to give the government more power over technology. Don't fall for it.