The dispute between FBI Director Christopher Wray and Sen. Ron Wyden (D-Ore.) over “back door” access to encrypted communications is emblematic of the contentious debate playing out on Capitol Hill and in other Western countries.
On one side of the debate are the free-speech proponents, such as Wyden, who insist that there must be no access to encrypted content and devices under any circumstances despite the terror threat — and cite experts saying that providing such access is not even possible. On the other are counterterrorism officials and others protecting the public, who insist that it is not only possible, but necessary, to have such access for investigating and preventing terror attacks.
{mosads}There is also the emergence of a third way — experts coming together to come up with ideas and alternatives aimed at satisfying both sides. The Trump administration has been asking agencies to think more about access mechanisms such as those pointed to in a National Academies of Sciences, Engineering and Medicine report recently cited by the FBI.
Other researchers have discussed their research with government officials at workshops at universities, including MIT. These experts noted that they are aware that “this issue is not going away” and that they are trying to foster “constructive dialogue,” focusing on creating a safe enough way to unlock data on encrypted devices as opposed to decoding intercepted messages on encrypted communications apps.
One option may already be gaining acceptance: Boston University researchers say they have developed a new encryption technique to give authorities some, but not unlimited, access to communications. Also, according to a new report in Wired, former Microsoft and IBM executive Ray Ozzie has put out a new solution, “Clear,” which would allow law enforcement to unlock a device with a secret PIN generated by each device upon activation. Given the stalemate between advocates of free speech/privacy and advocates of protecting the public, this third direction should be supported.
Another key to finding a solution could come from the minds behind the apps and devices which have been used in major terrorist attacks worldwide. Even though many of these developers have not supported policies to help governments deal with terrorists using their platforms, because of their expertise they should be invited to help think of alternative ideas, in a brainstorming forum. They should include representatives from Telegram, WhatsApp, Signal, ProtonMail, Threema, Tutanota, and many others.
Telegram, referred to in a Washington Post report as jihadis’ “app of choice,” was developed by Pavel Durov, who has consistently defied calls for his platform to remove terrorist content. He insists that the platform deletes ISIS accounts, tweeting in December 2016 that it prohibits “calls for violence.”
The most widely used messaging app in the world, WhatsApp, added end-to-end encryption in 2017. Following the March 2017 Westminster attacks, in which WhatsApp was used, UK authorities sought access to the communications, but the company claimed that it had no access to the encrypted messages. However, a WhatsApp representative said: “We are horrified by the attack carried out in London earlier this week and are cooperating with law enforcement as they continue their investigations.”
Signal was developed by Open Whisper System, a nonprofit established in 2013 by “Moxie Marlinspike,” whose work creating highly secure software has aligned him with Twitter, whose security team he led, and WhatsApp, which uses his tools to encrypt all messages sent by users. He has said that while criminals and terrorists may be using these apps, they have incentives to find encryption tools no matter what.
The Switzerland-based encrypted email service ProtonMail bills itself as “NSA proof.” In response to the May 2017 Manchester attacks, ProtonMail tweeted: “The #Manchester attack is a tragedy. However, compromising our freedom is not how we should confront terrorism.” In response to the June 2017 London Bridge attack, company founder and CEO Dr. Andy Yen said: “Fighting terrorism does not translate into fighting Internet freedom and security.”
The popularity of the Switzerland-based end-to-end encrypted app Threema in Germany spiked following the Snowden disclosures. The app has been used in terrorist attacks, including the 2016 ISIS attack at the Holey Artisan Bakery in Bangladesh that killed 29. Responding to the report that it has been recommended by ISIS, Threema CEO Martin Blatter said that this “plays into an utterly misleading narrative.”
Tutanota, the German end-to-end encrypted email service, has grown in popularity with terrorist groups, including ISIS. The company’s blog harshly criticizes government calls for access to encrypted communications and says police need to do better at stopping terrorism.
Each of the developers of these and other apps utilized by terrorist groups should be working to help come up with solutions. As the problem of terrorists “going dark” continues to grow — and nearly every week there is news about terrorism cases involving encryption technology — and given that lawmakers from both parties are calling for action on encryption, momentum appears to be building for arriving at solutions.
Steven Stalinsky is the executive director of The Middle East Media Research Institute (MEMRI) and the author of American Traitor: The Rise and Fall of al Qaeda’s U.S. Born Leader Adam Gadahn.