The 'need' to control encryption and The Big Lie

The Paris terrorist attacks have given lots of pols and bureaucrats a golden opportunity to push ill-considered, ignorant, and dangerous agendas about limiting or banning encryption.

Credit: Perspecsys Photos / Flickr

Within hours of the recent Paris terrorist attacks, various politicians and current- and ex-government officials used it as an opportunity to push ther agendas. For example, in multiple interviews James Woolsey, former Director of the CIA, blamed Edward Snowden, the National Security Agency whistleblower:

I think the blood of a lot of these French young people is on his hands ... I would give him the death sentence, and I would prefer to see him hanged by the neck until he’s dead, rather than merely electrocuted.

He even went so far as to claim that the Obama administration’s changes to government surveillance policies were responsible for the inability of the US and French intelligence services to prevent the Paris attacks. Talk about a partisan viewpoint.

Doubling down on this narrative of where the blame lies, in an interview on CBS' Face the Nation last Sunday, Michael Morell, a former CIA Deputy Director, said:

I think what we're going to learn is that these guys are communicating via these encrypted apps, this commercial encryption which is very difficult or nearly impossible for governments to break, and the producers of which don't produce the keys necessary for law enforcement to read the encrypted messages.

But the truth of how the Paris terrorists communicated and coordinated their attacks turns out to be far more pedestrian than high-grade encryption: In a trash bin outside the Bataclan concert hall in Paris where 89 people were murdered, French police found an unlocked phone, without encryption of any kind, which had a text that had been sent in the clear. The text read: 

“On est parti on commence.”

In English, that’s “Let’s go, we’re starting.”

So, despite US (and French, and German, and, most likely, Swiss, Spanish, and, and and …) operating a whole range of far-reaching, immensely powerful surveillance programs costing billions of dollars, our national intelligence services were unable to prevent a major tragedy but it wasn't because the attackers were even vaguely sophisticated in their communications. It seems the intelligence services just didn't do their job. Nevertheless, the first thing the politicians and the bureaucrats did after the tragedy was take the opportunity to push ill-considered, anti-encryption agendas based on technical ignorance and unsupported assumptions. 

It appears they want to ban encryption or require “backdoors” but will that make sending messages in secret in any way difficult? Of course not. There are many ways to send encoded messages that aren’t breakable (for example, the one time pad) so it's not like anyone’s evil plans will be thwarted by taking away a sophisticated tools while leaving a more primitive set that can’t be stopped, tracked, or blocked.

If any government ever does anything as downright stupid as requiring backdoors (which may well already be far more common than we know) the long term consequences will be inescapable. With the certain knowledge that a backdoor exists, legions of hackers will start looking, and some of those people are really, really smart. Armed with the knowledge that there’ll be a huge payoff in finding a backdoor, you can bet they’ll be really motivated.

And as anybody with even the slightest understanding of security principles should know, security through obscurity simply doesn’t work for long.

So, given that the whole idea of controlling encryption is beyond silly, will the authorities walk back their assumptions and contentions in the face of pesky, inconvenient facts? Not a chance. The Big Lie has always worked well (just look at the huge lies told in recent presidential debates) so why change? 

Encryption is going to become a huge political issue in the forthcoming US election cycle even when encryption isn't actually the real problem.

Thoughts? Suggestions? Send me feedback via email or comment below then follow me on Twitter and Facebook.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10