In the age of ISIS, privacy still matters


After the devastating terror raids on Paris, is privacy a luxury we can no longer afford?

Intelligence agencies and lawmakers warn that the use of encryption — data scrambling — on smartphones and other digital devices makes it much harder to observe terrorist activities. On Wednesday, James Comey, director of the Federal Bureau of Investigation, said the agency has lost track of likely terrorist recruits, because they used secure devices the FBI can’t monitor.

Meanwhile, NBC News reports that the Islamic State, which has claimed responsibility for the attacks in Paris, runs a round-the-clock technical support hot line for jihadists, to help them set up untraceable data networks.

The only solution, the authorities say, is a system of “back doors” that would unlock encryption programs to any investigator with a court order.

But that’s no solution.

Back-dooring our secure devices would weaken global demand for US technology products and make life easier for cyber-criminals.

Above all, it wouldn’t work.

It’s not yet known if the Paris attackers­ used encrypted communications to plan their crimes. That’s the point of using encryption — so the authorities don’t learn anything until it’s too late. Comey calls it “going dark,” and with good reason, it terrifies him.

These days, anyone can go dark. Apple Inc.’s iPhone encrypts stored data­ automatically, using a method so secure that even Apple can’t crack it. Phones running Google Inc.’s Android software offer the same feature as an option. Apple’s iMessage text messages are also encrypted, and many other apps, such as Telegram and Whatsapp, offer encrypted chat. And a company called Silent Circle makes a device called Blackphone that encrypts voice traffic. Tap a call between two Blackphones, and all you’d get is noise.

Going dark isn’t a new problem. It almost happened when the nation’s phone network switched from analog to digital. But a 1994 federal law required that digital phone systems must have features that makes them “tappable.” The law was later expanded to apply to broadband Internet services, ensuring that police with warrants could intercept our e-mail.

But this law becomes irrelevant when data are encrypted and therefore unreadable. In the late 1990s, the United States tried to ban encryption software, for fear it would compromise national security, but failed. Today, it’s an indispensible tool of e-commerce. And since Edward Snowden, the National Security Agency turncoat, revealed that the US government routinely collects massive quantities of personal data, encryption software has become even more popular.

Hence the demand for a law providing back-door access for police in all US-made encryption systems, a demand that lawmakers of both parties are taking seriously.

But such a policy would threaten American dominance in digital technology. Since the Snowden leaks, foreign consumers and businesses have avoided US products, for fear of being spied upon. This will cost US companies over $36 billion in lost sales by 2016, according to the Information Technology and Innovation Foundation, a Washington think tank.

Back-dooring US smartphones would make matters a lot worse.

We’d also face a bigger threat from digital criminals, who would immediately look for ways to exploit the back door themselves and steal our most sensitive secrets. ISIS might try its hand at it.

Besides, the United States isn’t the only country that makes software. One of the most popular secret-messaging programs, Telegram, was invented by a Russian. But he set up shop in Germany, a nation with famously strong privacy protection laws. Even though Telegram has become popular with ISIS operatives, it remains legal, and quite untouchable by US law. Foreigners could build many more such untappable apps; a smart terrorist organization like ISIS might even create its own.

Like a gun-control law that constrains only the law-abiding, a back-door law will affect only people too honest or too ignorant to sidestep it.

Luckily, the bad guys make mistakes. One of the Paris killers left behind an intact cellphone. Easily accessed metadata from the phone company — who he called, when, and where — led police to a north Paris suburb on Wednesday, where they took down another terror team. Once that phone was found the terrorists were doomed.

Scrambled data makes the authorities’ jobs harder, sure enough. But with so many investigative tools in play, it will take more than encrypted files to insulate terrorists from justice. And it will take nothing less than trustworthy encryption to protect our data and preserve our trust in government. Even in these dangerous times, privacy is too precious to give away.

Hiawatha Bray is a technology reporter for the Boston Globe. E-mail him at [email protected].
Follow Hiawatha on Twitter - Facebook - Google+