Governments and intelligence agencies charged with protecting us are already on edge because of encryption built into iOS, Android, and even individual chat apps, and it's a sure thing that some of those governments will use the Paris attacks to push legislation mandating back doors into encryption systems or simply outlawing encrypted communications entirely.
That march has already started. The role of encrypted communications is being increasingly identified as one of the ways these attacks went undetected while being planned and executed. Pundits are criticizing encryption and blaming Edward Snowden for exposing mass surveillance programs in the U.S. Mainstream news outlets on TV, print, and the Internet have speculated frequently on the idea that encrypted communications allowed the terrorists to operate undetected.
In a press conference on Monday, U.S. Attorney General Loretta Lynch said, “We are pursuing a number of options, we're in discussions with industry looking for ways in which they can lawfully provide us with information while still preserving privacy.”
The fly in that ointment is that it's impossible to have those two things together. “Lawfully providing information” and “preserving privacy” are incompatible in the real world.
We saw similar rhetoric used to pass the PATRIOT Act in the U.S. in the wake of 9/11, and I've little doubt misguided and uneducated politicians will try to use the Paris attacks to fuel a new onslaught on encryption.
Same as it ever was
We at The Mac Observer have written and spoken extensively on this issue. A back door open to one is available to all. It's why Apple built end-user encryption into iMessage and other aspects of iOS and OS X, and it's why so many chat apps and other communications platforms have done the same thing. To have security from criminal organizations and foreign governments who want to steal our data, we must have security from everyone, even our own protectors.
In addition to the infeasibility of back doors, end-user encryption is here to stay and relatively easy to implement. If Apple, Google, Facebook, and all the other major tech companies were to eliminate end-user encryption today, terrorists and criminal organizations alike could easily move to home-grown communications tools that give them all the privacy they want while leaving we, the people, exposed to every malicious player on the planet.
As Dave Hamilton noted during Monday's TMO's Daily Observations, only nerds and criminals would have privacy.
Do not mistake my message. It is terrible that enemies are able to use mainstream encrypted communications platforms to plan and execute their horrific deeds, but exposing all of us to the many other bad actors eager to steal our identities, banking information, and other data won't stop the terrorists.
The knee-jerk response we are seeing from those whose biggest desire is to protect us is understandable. But we must be diligent because we will get nothing in return if we trade away our privacy in the illusory pursuit of security. The terrorists of the world, the criminals, will easily find ways to communicate privately while we will be left exposed.