Encryption access debate escalates in wake of San Bernardino attacks

Encryption access debate escalates in wake of San Bernardino attacks

In spite of calls for increased access for security services in the US after the San Bernardino attack on December 2, the use of encrypted technologies under current regulations is likely to persist in the short-term. Why is the debate important, and could more access by security services decrease terrorist operational capability?

The age old tension between upholding security and civil liberties has garnered renewed attention in recent days after it emerged that the San Bernardino attackers were inspired by the self-proclaimed Islamic State (IS), and used encryption on their mobile devices for secure communications. This revelation could instigate a United States government push to gain access to encrypted information that is currently inaccessible except to end-to-end users (senders and receivers of the messages).

The spate of IS-inspired attacks in the Sinai, Beirut, Paris, and Tunis in November, followed by San Bernardino in early December, served as a ‘focusing event’: an event that shocks society and as a result, can cause knee-jerk policy shifts in attempts to meet a perceived threat. What does this mean for the future of encrypted services in the current political climate in the US?

Silicon Valley executives have pushed back against US government requests for greater access to user data until now. If these stakeholders acquiesce, it could drive innovation towards new technologies that afford the user protection, while allowing for monitoring and access.

While this may promote investment opportunities in the tech world, it will not be a stroke of magic that halts all future terrorist activities on US soil. Individuals or groups meaning to undertake an act of terror tend to work around operational constraints to achieve a goal, tailoring the target to match the constraints. Moreover, such a policy shift could be viewed as an infringement on civil liberties, while lending added risks to Internet users.

The use of encryption technology contributes to the operational security of a group such as IS, or independent would-be affiliates or lone actors, who may communicate across natural and political borders, and rely on secrecy to carry out more ‘effective’ (read: deadly) acts of terror.

Nevertheless, is data encryption vital for the successful planning of international terrorist attacks, or is it just another enabling component of a given plan? If government access to secure messaging was granted in some form, it is possible that perpetrators would merely seek alternative methods of communication. Members of the attack team in Paris, for example, resided in the same neighborhood: key communication was likely carried out face to face, and encryption use has not yet been substantiated.

US President Obama’s address to the nation on December 6 was not the first time he had alluded to curbing access to encryption technologies for would-be terrorists.

While Obama commented on the need to limit technology that enables inaccessible communication, he also suggested that in the face of attacks, the international community must not forsake ‘our values or give into fear.’ That may be a tall order.

As the Patriot Act expires in the US, the United Kingdom is moving in the other direction with the Investigatory Powers draft bill under consideration in the House of Commons, aiming to let internet suppliers store user data for a period of time and seeking more cooperation with tech companies. In the current US environment after the San Bernardino attack, pressure may rise to follow suit.

The US government itself fell victim to hackers who accessed the personnel files of over 20 million people in the famed OPM breach of 2014-5. Multiple sources reiterate that if tech companies opened up a ‘backdoor’ for domestic security services; the same entryway could be exploited by hackers, spies, and the like.

Succinctly summed up by Apple CEO Tim Cooke: ‘You can’t have a backdoor that’s only for the good guys’. Early in 2015, IS hacked into a US Military twitter feed, validating more fears about the viability of government cyber security.

In the short term, the debate is likely to escalate, with tech frontrunners denouncing calls for limitations on encrypted services (most recently, 140 experts, activists, and tech firm reps held an event at the White House on December 8 to present a cohesive front), and government officials intermittently grasping onto the climate of fear that has increased after San Bernardino. As the White House recently asked representatives from Silicon Valley to continue the dialogue in Washington, DC, the next steps will play out in the near future.

It is increasingly likely that US legislators will push for the development of new access-granting technologies, using the increased attention on encrypted messaging services as a policy driver. Would granting access to encrypted platforms curtail the threat of terrorist acts? At the risk of sounding grim, it seems doubtful. If a ‘security services’ backdoor was required for encrypted messaging, their popularity amongst those avoiding authorities could decrease.

Simultaneously, any market benefits from investments in Silicon Valley gained by the development of a new technology for official access could be offset by the risks to data security, and the knowledge that another terrorist act enables policy that restricts civil liberties.

Categories: North America, Security

About Author

Kira Munk

Kira Munk is a political risk analyst located in the DC Metro area, and has lived in Lebanon and Egypt and the UAE. Kira focuses on topics related to terrorism and counterterrorism, human rights, and the impacts of social and political developments in the MENA. She holds a Master’s degree in Terrorism, Security & Society from the Department of War Studies at King’s College London.