Picks of the Week: How Paris Attacks Will Change Cybersecurity
Poisoning the Internet won’t Stop more Paris Attacks | The Christian Science Monitor
The recent terrorist attacks in France, Egypt, and Lebanon have rapidly reopened the global debate on the appropriate balance between national security and our privacy online. While many of us believe our right to privacy extends to the Internet, others have used the unspeakable violence of recent weeks to advocate for backdoors into secure communications and increased online surveillance. As Jason Healey recently wrote, “the Islamic State’s brutality in France may tilt the pendulum toward security [in this debate,]. But even he acknowledges that “whether tamping down on the Internet will keep anyone safer is unknown, but it will certainly diminish the Web as an engine of global innovation.”
The events in Paris have thrusted these issues onto the front pages of newspapers worldwide because, in the wake of the attacks, many of us have asked the same question: how could ISIS execute such a complex attack while evading detection from intelligence services? The answer so far appears to be that the perpetrators employed some type of encryption in their digital communications. Experts have hypothesized at least three different possibilities: either the attackers used powerful over-the-counter encryption to communicate and coordinate the attacks; or they collaborated on the dark web; or they just stopped using technology for coordination once they reached a certain level of operational readiness.
Today, virtually anyone—terrorists, criminals, state actors, non-state actors, etc.—can employ advanced encryption techniques in addition to other software and services to slip through security and surveillance.”
In the aftermath of the Paris attacks, US officials are rehashing their argument that would-be terrorists have “gone dark” after the Edward Snowden revelations, making the case that Snowden’s actions tipped-off potential criminals as to how the US conducts surveillance online, enabling them to take counter-measures to avoid it.
Technology companies, privacy advocates, computer security personnel, and encryption experts, however, oppose the idea of providing so-called “backdoor” access to encryption, which they argue would make Internet data more vulnerable and significantly weaken Internet security for everybody. “Hacking of personal information and web sites,” they argue, “seem like the more possible outcome rather than detection of terrorist activity.”
Just last month, in fact, the White House overruled law enforcement’s request to push tech companies to create such backdoors. Indeed, the White House concluded that creating such backdoors would increase US citizens’ vulnerability to foreign government, cyber criminal, and terrorist intrusions.
Time will tell whether the Paris attacks will change the White House and other countries’ view on this sensitive debate, and whether cybersecurity will finally take center stage on the national security conversation going into the 2016 presidential race. What is certain is that the battle over encryption and other privacy-related technologies won’t be over anytime soon and it will continue to reflect the larger public policy debates on the balance between national security and civil liberties. As we move in the next decade into a world where far more powerful computing capability will come on line, such as quantum computing, the ability for every person to encrypt their communications at levels that may not be able to be decrypted will only help sharpen that debate. – Senior Fellow Francesca Spidalieri