Terrorism, the Internet and encryption

A blog post from Andrew Cushen, Work Programme Director at InternetNZ
17 November 2015

Andrew CushenThere is no doubt that what has happened in Paris, and indeed any city that has experienced terrorism, is horrible. My heart goes out to the people impacted. It is a very human reaction to want to do whatever is possible to seek to prevent such horrors in the future.

I’m worried though by what I heard last night on the news for wholly different reasons. Already, it appears that our politicians are turning these events into an opportunity to question the open Internet, to attack end-to-end encryption, and to look for ways to turn the Internet into an even better tool for mass surveillance.

This story sums up what I mean:

NZ fear over secret communication over Paris attacks

In that video, “dark communications” are blamed for terrorist attacks on Paris and elsewhere.

One does not follow the other for me.

Firstly, there is the heroic logical leap that despite the fact that the French haven’t quite worked out how these attacks were planned, here in New Zealand we already have an idea that encrypted “dark communications” are likely responsible.

Secondly, the use of language here is incriminating - these evil sounding “dark communications” to which they refer are likely about as sinister as what you are doing right now, every day of the week - using iMessage, or using WhatsApp, or using the Playstation Network, or just logging into online banking.

Encryption isn’t the problem. Encryption is what makes the modern Internet usable and trustable in a whole pile of common, everyday, perfectly innocuous and non-terrorism related scenarios. Here are some perfectly legitimate reasons for using encryption:

  • you’re a journalist, researching a highly sensitive story and this is the only way you can get sources, information, contacts without risk;

  • you’re a teen who wants to access information that may offend your parents, like about your sexual health;

  • you’re an everyday New Zealander, who simply wants to protect their information from passing over the Internet for all to see.

Utilising these services does not make you a terrorist using “dark networks.” We shouldn’t have to give these services up in order to try and be safer from terrorism, not least because it won’t work - people who want to communicate for nefarious and criminal reasons will find another way. But those of us who want to use the Internet securely and privately would miss out with no simple alternatives. I believe we would all be poorer if we did not have the ability to encrypt our communications over the Internet.

We have to distinguish between the technology itself and its nefarious uses. The issue here is people with bad intent. There is no such thing as an evil technology, no matter how much you use turns of phrase like “dark communications.” This is not the first time we’ve been here - remember when Peer to Peer file sharing was derided because it was used to infringe copyright, but is also incredibly useful for distributing legitimately purchased content too?

The challenge is to differentiate between the legitimate and illegitimate uses of encryption.  That may seem hard, but we do this all the time.  Society seems perfectly capable of differentiating between legitimate and illegitimate uses of a ski mask, without making all uses of them illegal.   But to try to ban, damage, install back doors to, hamper, require access to passwords for - or any number of other “innovations” that our Government might have in mind - are all fools’ errands.

All such measures would do is push encryption on to the next stage of technical development - it would speed up the rise of services that are even harder to crack, notice or even know about. Discussions like this also run the same risk of the same driftnet style of surveillance that we’ve seen become all too common in our frightened times. To collect everything, to encrypt noting, to have everything stored and monitored under the guise of our safety. Yet it has to be said - has this made us safer yet?

As New Zealanders, we should have the right to use our Internet in a manner that is private. We should have the right to communicate across the Internet utilising encryption. We should have the right to use these technologies without them being judged as enablers of terrorism. And we should be served by politicians and media that don’t take tragedies like Paris to argue for policies and changes that would damage the “open Internet,” curb our liberties online, and push us ever closer to being forced to use an Internet where we have no ability to control our own privacy.

In the meantime, my thoughts are with all of those that are impacted by these terrorist tragedies. I wish I did know the answer as to what would make us all feel and be safer. But going after encryption is not that solution - in fact, it risks making our lives far worse, while doing nothing to prevent these tragedies in the future. Technology and the Internet is not the cause or enabler of terrorism. I guess we’re going to have to work a bit harder to find out what is.