Should we give the government access to encrypted messages and devices?
FBI Director James Comey Jr. testifies at a Senate Judiciary Committee hearing on Capitol Hill in Washington December 9, 2015. The couple who killed 14 people in San Bernardino last week were radicalized before they met online and spoke of jihad and martyrdom to each other as early as late 2013, Comey said on Wednesday.
The recent attacks in Paris and San Bernardino have reopened the debate over whether the government should have expanded abilities to crack open encrypted messages and access encrypted devices. The director of the FBI in testimony on Capitol Hill this week that messages are going unread, even from those responsible for known attacks.
Two experts, however, say the real problem isn’t lack of access, but lack of analysis.
After the Paris attacks CIA Director John Brennan warned that encryption could hinder security services from tracking potential dangers.
“This is a time for particularly Europe, as well as for in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve,” Brennan said.
But Matt Blaze, a professor of computer and information science at the University of Pennsylvania, says encrypted messages from terrorists are the last thing US and European governments should be worrying about.
“First of all, we don't actually know much about what the Paris terrorists were actually using to communicate. In fact, a lot of the evidence that's come out so far suggests that they were just communicating back and forth on Facebook and weren't using any encryption apps at all,” Blaze says.
Patrick Skinner, the director of special projects at The Soufan Group in Savannah, Georgia, agrees with Blaze.
“They already know who these people are. They just operate right under the radar. And the St Denis raid was actually an unencrypted cell phone they were [using to] track the female cousin of Abaaoud. And so encryption could play a role, but it doesn't appear to have played a role in this or any other major plot,” Skinner says.
In fact, Skinner and Blaze say, the CIA director’s call for more government access to encrypted messages may just be a smoke screen.
“When the intelligence agencies warn about the use of encryption causing them to go dark with terrorists, I wonder sometimes whether what they're saying is ‘Oh please, don't throw us into the briar patch! We would hate that if they used more encryption and use more of this secure communication!’ Because, you know, I wonder if the availability of encryption tools encourages our adversaries to make more use of electronic communication where the metadata of the presence of the communication can be tracked. … Like sending messages back and forth with couriers would be much harder to track. So I think this may be a boon for intelligence, but they'll never say that publicly,” Blazes says.
Instead of more access to encrypted devices, Skinner says we need more analysts are needed to interpret all the data security services already collect.
“The Paris attack show that we have all the information, and in fact we have way more information than we can process. And what we've done with all this data collection is build the world's most accurate hindsight machine. We can quickly determine what happened, but we're still unable to prevent it. So I don't think that encrypted apps — I mean it's the scare of the month, and there are some valid concerns but that's not the root problem,” Skinner says. “We certainly need to combine more human intelligence, human sources. That would provide context to the information that we're collecting. If you continually collect everything you would literally know nothing, and so we need more analysis.”
This article is based on an interview that aired on PRI's Science Friday with Ira Flatow.