The Tradeoff Between Security And Privacy: How Do Terrorists Use Encryption?
Over the last few years, the British government has devoted greater attention to the presence of online extremism, especially following the five terror incidents that occurred in 2017 alone.
This includes the ‘Darknet’ – portions of the internet that are not easily accessible by the public at large, without dedicated expertise.
Like encryption, terrorists and extremists can use the Darknet to mask their communication and propaganda efforts, recruit and radicalize, and gain material benefits in the form of illicit goods, such as weapons and fraudulent documents.
Following the 2015 attacks in Paris, for example, a new Islamic State propaganda hub was found on the Darknet by researcher Scot Terban (aka ‘@krypt3ia’), who reportedly made the discovery via a message on the Shamikh forum, a known jihadist messaging board. The post detailed an address for the new website and instructions on how to reach it. On the site al-Hayat claimed the attacks in Paris, and translated such claims into English, Turkish, and Russian. The site also hosted a selection of terrorist propaganda.
The issue of terrorist communication on encrypted sites has been raised by several governments, and was brought to light following the 2015 San Bernadino terrorist attack. Following their deaths, the seizure of suspects Syed Farook and Tashfeen Malik’s electronic devices revealed the use of encrypted messaging systems within their Apple iPhones, which resulted in a significant legal dispute over encryption between law enforcement and Apple. In a 2015 speech to the United States Senate Judiciary Committee, former FBI Director James Comey argued that terrorists who communicate on encrypted messaging platforms are protected because “increasingly, we are unable to see what they say, which gives them a tremendous advantage against us”.
In the United Kingdom, similar concerns have been raised about the misuse of encrypted messaging. Following the Westminster attack in 2017, Home Secretary Amber Rudd reiterated the need for government access to encrypted services to protect the public, stating that “we need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other”, with the aim of intercepting planned terrorist attacks and infiltrating possible terror-cell networks. Following the attacks in 2017, the Director General of The Security Service (MI5), Andrew Parker, noted that technological advancements have an “unintended side-effect” which “aid the terrorists, whether it’s the ease of online purchasing, social media content or encrypted communications”.
Largely in response to these trends, last year the British police started a campaign to inform the public about the dangers of visiting the Darknet, stating that it is a site used to smuggle firearms, raise funds for terrorists, assist terrorists and criminals in their communications, and recruit members into criminal and terrorist networks.
I believe a balance must be struck between reducing opportunities for terrorists to exploit encryption, and protecting the communication and privacy of ordinary citizens. Police techniques such as infiltration, sting operations, and user records of points of sale have been used successfully in the past to capture criminals for the purchase of drugs and firearms. These techniques can, and are, being used to capture terrorists and do not require ‘backdoors’ to private and confidential data. Opening such ‘backdoors’ would affect everyone, not just terrorists.
While calls have been made by governments to allow ‘backdoors’ to encryption in apps such as Telegram, the privacy offered by the app is an essential part of its brand. If we allow security services to access private communications, criminals and terrorists can use other, rival programs that offer more privacy.
After all, any technological innovation can be exploited for sinister purposes, and we cannot allow this to stop advancement.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.