All Commentary
Wednesday, November 18, 2015

Don’t Blame Encryption for the Paris Attacks

Politicians have found a new scapegoat

In a recent post, my colleague David Bier has rebuffed the claims that refugees were responsible for the attacks in Paris last week. While media outlets and politicians have hammered Syrian refugees as the source of these attacks, they’ve also found another scapegoat: encryption.

Numerous outlets have reported on the intelligence community’s “belief” that the attackers in question utilized encrypted communications to plot the Paris attacks. A recent New York Times piece best summed up the responses to Friday’s tragedy: “European officials said they believed the Paris attackers had used some kind of encrypted communication, but offered no evidence.”

Unfortunately, this has not prevented politicians and law enforcement officials from opining on the negative impact of encryption.

Sen. Chuck Grassley, for instance, contends that these types of tools are a scourge:

Technology exists today that allows terrorists and criminals to communicate in the shadows, using encryption that makes it impossible for law enforcement or national security authorities to do everything they can to protect Americans.

Sen. Dianne Feinstein, in an MSNBC interview, made her own position clear, arguing that these types of apps give terrorists a “secret way of being able to conduct operations and operational planning.” And a Wall Street Journal article quoted FBI director James Comey laying the blame for ISIS’s recruitment successes on “social media and communications tools with strong encryption provided by Apple and Google.”

What the director and politicians are ignoring, however, is the proliferation of encryption tools not provided by American tech companies. There are an abundance of open source, free to use, and foreign-produced encryption tools — all available to would-be terrorists. Any individual nation’s attempt to weaken encryption is bound to fail due to the wide availability of encryption tools from foreign sources.

Any discussion surrounding encryption’s role in this horrific attack needs to be based on facts, not merely speculation. Initial reports suggested the terrorists used the Playstation 4 as a means of communication, but were shortly thereafter retracted for lack of any evidence supporting that claim. Another article indicated that the attackers used bitcoin to fund their operations. But, as of yet, there is no clear link between the use of encryption technologies and this attack.

However, for the sake of argument, let’s say the attackers did use encryption to mask their communications. Given the nature of terrorists’ activities, we would expect them to seek the means to communicate in secret.

But just as terrorists may make use of these tools, so too do everyday people, whether protecting themselves from financial fraud, engaging in secure commercial transactions online, or defending their very lives from the all-seeing eyes of oppressive security states like Iran and North Korea.

These attacks were a horrid display of barbaric depravity, and it is clear that law enforcement and the intelligence community need reliable tools at their disposal to prevent future attacks. But those tools should not come at the expense of the protocols that underlie online commerce and keep dissidents in authoritarian societies safe from the prying eyes of the Orwellian regimes under which they live.

The arguments in favor of encryption are the same today as they were ten, fifteen, or twenty years ago. The world may have changed, but the underlying reasons for supporting strong encryption are the same.

Encryption keeps people safe more often than it aids the nefarious goals of terrorists; encryption keeps the lifeblood of the modern economy pumping; and it enables those living under despotic rulers to have a voice, organize safely, and speak out against their oppressive overlords. Given the benefits of encryption that accrue to average, law-abiding citizens, we ought to take pause before trading these known gains to trod down a path that will leave all of us less secure online.

It was true before the Paris attacks, and it remains true in the wake of the tragedy.

This post first appeared at the Niskanen Center.

  • Ryan Hagemann is a civil liberties policy analyst at the Niskanen Center.