The importance of encryption is paramount in today’s world of ever increasing threats. The idea of encryption is designed for people who are concerned with privacy, regardless of their motivation. Motivations range from the need for secure business or private communications, strong beliefs in privacy, political views and the like. The issue is that people concerned with privacy might have sinister motives as well. It is not a secret that encryption can be used for evil. Terrorists, kidnappers, blackmailers, drug dealers, etc. can use it to get away with their businesses. Encryption is such a powerful tool that even the government, with all its resources, cannot get access to encrypted information that may help prevent, for example, an act of terrorism. The very recent FBI vs. Apple dispute is a proof of this limitation.
All the encryption must be weakened, back doored or even completely banned.
Let us take a look at the aftermath of weakened encryption in the real world scenario. You may be quite surprised.
First of all, weakening encryption would have a significant impact on the national security. This is because, although more than half of the encryption products are made in the USA, not all of them are made here. It is virtually impossible to weaken all the existing applications. The US authorities could force software companies in the country to ease their encryption standards, but they cannot force the entire world to do the same. That would mean that the US companies would have to use weak security standards, whereas their foreign competitors would use strong encryption. You don't have to be a visionary to foresee the consequences.
Secondly, there is so much hype about encryption at the moment, that, to avoid unwanted attention, the “bad guys” choose to communicate over alternative channels. These channels are usually considered insecure but are not easy to intercept if precautions are taken. This means that they use channels that are not under the surveillance spotlight, to avoid any snooping. Finding information in such a channel is like finding a needle in the haystack. Anyway, preventing a crime involves a lot of other works apart from decrypting a communication channel. Decrypting the channel in itself would not give us sure-shot leads. For instance, after months of vain attempts to unlock the iPhone of one of the San Bernardino terrorist attackers, it appeared that it contained “nothing of real significance”.
There are no evidences that the terrorists used any encryption at all.
According to the French Newspaper, Liberation, the police found an unlocked and unencrypted phone:
“French police found an unencrypted, unlocked phone in a trash bin outside the Bataclan concert hall in Paris that contained a text sent in the clear: “On est parti on commence.” (“Let’s go, we’re starting”).”
According to some sources, they used burner phones. A burner phone is usually a pre-paid anonymous phone that is used for communications and then discarded, so it is almost impossible to track who was using it, especially if the phones are used on a by-call or by-action basis. Note, that there is no encryption involved, they activate the phone, make several calls and trash it. Unless the police find a phone, there are almost no chances of recovering information.
NY Times reported that:
“Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest. From 8:41 p.m. until just before he died at 9:28 p.m., the phone was in constant touch with a phone inside the rental car being driven by Mr. Abaaoud. It also repeatedly called a cellphone in Belgium. Most striking is what was not found on the phones: Not a single email or online chat from the attackers has surfaced so far.”
“Everywhere they went, the attackers left behind their throwaway phones”
Ars Technica says on encryption:
“That seems to be further evidence that they knew such communications were routinely monitored by intelligence agencies. But rather than trying to avoid discovery by using encryption—which would in itself have drawn attention to their accounts—they seem to have stopped using the Internet as a communication channel altogether, and turned to standard cellular network calls on burner phones.”
If they used mobiles in an ordinary way and did not stand out of the crowd, it is very unlikely that they would draw any attention until too late. This eliminates the need of any encryption. The police are free to find all they need, but they would find out the information after the act is done. The chain of investigate-discover-prevent is reversed to act-investigate-discover and the discover part has little to no sense in this case. The miscreants do not need their communication to be absolutely unbreakable by encryption. They just need to buy some time before the police (or whoever else, for that matter) would read their messages. This time is measured in hours and days and definitely not in months and years as encryption assumes. So, why not use a simple tool if it fits perfectly? And they did that. The solution? Banning the cellphones altogether?
As Forbes notes:
“Additionally, there are probably still a number of ways that terrorists could send messages to each other without speaking a word, if they really wanted to. An ISIS agent could spell out an attack plan in Super Mario Maker’s coins and share it privately with a friend, or two Call of Duty players could write messages to each other on a wall in a disappearing spray of bullets. It may sound ridiculous, but there are many in-game ways of non-verbal communication that would almost be impossible to track.”
No doubt, encryption can save them some time and effort of communicating with each other – their need to meet in person would be eliminated. But there will always be a way to deliver information from one person to another, no matter what the government will ban – encryption, messengers, emails or phones. Just imagine a world where in a race for an “illusion of safety”, all the “too much secure” means of communications are out-of-law because 0.0001% of people might misuse it. That is an illusion of safety, and not a solution to the problem.