Terrorist attacks renew pressure for allowing authorities to access encrypted messages
Cyber expert says tech firms have options
Mark Greenblatt, Scripps News
2:22 PM, Nov 17, 2015
4:18 PM, Nov 17, 2015
WASHINGTON, D.C. - A video purported to be from ISIS that threatens a strike in America’s capital city following the massacre in Paris has re-ignited demands for Silicon Valley firms to deploy technology allowing intelligence officials and law enforcement agencies to better monitor what many believe are encrypted communication tools terrorists seek to plan attacks.
The push for some kind of so-called “back door” or exceptional access took a heavy blow only last month when FBI director James Comey told the Senate the White House would not step in to pressure technology firms to help.
But in the wake of the Paris attacks, the recent downing of a Russian passenger plane over Egypt, and terrorism strikes linked to ISIS in Beirut, one of the most influential members of Congress from President Obama’s own party is breaking ranks and demanding change.
“I think that Silicon Valley has to take a look at their products, because if you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents, whether it's at a game in a stadium, in a small restaurant in Paris, (or to) take down an airliner, that's a big problem,” Senator Dianne Feinstein told MSNBC this week.
Feinstein, a California Democrat and Senate Intelligence Committee ranking member, was referring to new privacy technologies introduced by tech firms such as Apple, Google, and Facebook that are so powerful, law enforcement cannot crack them even with a search warrant and judicial authorization.
“We need high tech's help in securing an Internet that, even with a court order, you can't get to what they're saying. That's a big problem,” she said.
French officials have not confirmed the Paris terrorists used encrypted messages, but it is worth noting that messages claiming responsibility for the crash of the Russian airliner and the Paris attack used “Telegram,” an encrypted communication tool.
Until now, privacy advocates in the United States and technology firms had largely won the debate over encryption in America by arguing that if you create a so-called back door for law enforcement agencies, other bad actors could break through as well.
But technology experts tell Scripps News that solutions could be created and deployed that would both allow officials to access encrypted messages of terror suspects, while still protecting the public from intrusion by governments or any unwelcome actor.
“I know we’re an innovative nation. And we’re constantly developing new technology every single day,” said Shawn Henry, who retired from the FBI three and a half years ago after running the agency’s cyber and criminal investigations around the globe.
Henry suggested Silicon Valley firms could create encryption modeled after the same security concepts deployed to prevent the launch of nuclear weapons by bad actors, where action can only be taken if more than one party agrees to deploy separately held keys.
“So even if one has access you still need the other key. Whether the technology companies hold the key and somebody else holds the keys, (it could even be) a third party escrow company -- not necessarily the government. These are things that just need to be explored,” Henry said.
Henry believes the growing threat from ISIS has placed America in a parallel moment to the months leading up to the attacks on Sept. 11, 2001, when officials knew Osama Bin Laden had both the capability and the desire to carry out a serious attack on American soil.
He says, however, if intelligence officials who knew of the credible threats had suggested in August of that year to implement security measures in airports requiring laptops to be examined, shoes to be taken off, and liquids to be limited, “Congress would be up in arms, the American public would be adamant this is big brother (and an) imposition of our rights. Fast forward six weeks – planes crash into buildings, 3,000 Americans die and people are stripping off their coat and flipping their shoes off because all of a sudden they understand what the risks are. They’re willing to accept it.”
But any suggestions to implement any form of access for law enforcement in the United States is likely to face fierce opposition from technology firms and privacy advocates, who argue that consumers worldwide should be able to know their communications are truly private, and say law enforcement and intelligence agencies have other ways to track criminals and suspected terrorists than by looking at their communications.
Jeremy Gillula, a staff technologist for the Electronic Frontier Foundation, said the idea of deploying multiple-key encryption is not new, and was proposed earlier this spring by the director of the NSA.
“The problem is, even if you split up the key, it is still essentially creating a backdoor in a crypto system,” Gillula said. “The system will still be insecure. It will still create an opening for hackers.”
Henry, who is president of CrowdStrike Services and CSO, a security consulting firm, concedes there may be no “perfect” solution to the problem, and says the best technical idea may yet to be engineered, but argues the public may still decide it is willing to settle on a compromise.
“I’m saying we as citizens have to assess the issue, assess the risks and make determinations and recognize we are going to have to make some concessions somewhere if we want to be safe.”
In Britain, officials are debating whether to fast-track proposed sweeping legislation that would give law enforcement the ability to monitor consumers’ Web browsing. British Prime Minister David Cameron has come out in strong support of the legislation.
CIA director John Brennan said in a speech Monday in Washington that blocking intelligence officials from accessing terrorist communications has created a safe haven for bad actors.
“There have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging,” he said. “I do hope that this is going to be a wake-up call.”