So, here's my take on all this 'surveillance is good for you'.<p>It more or less proves (to me at least) that the government(s) and the various secret services have absolutely no idea who to monitor specifically. So instead of targeting their operations they want to monitor all of us, just in case something of interest pops out that then allows them to focus their attention.<p>It's a pretty scary thought: just imagine, all that money, all those resources and <i>still</i> they can't do anything other than to put their ear to the ground and <i>hope</i> that someone messes up in plaintext so they can then try to backtrack and see what they might have missed.<p>In all these attacks it never happened that everybody was under the radar. Always one or more of the attackers that were technically known or even already under surveillance. And yet the attacks happened anyway. Too many targets make for a very thinly deployed service, which then has to be automated to make it work at all.<p>It's a pretty sobering thought, it also suggests via yet another route that mass surveillance is indeed meant to attempt to 'keep us safe', and that it fails miserably. The road to hell is paved with the best of intentions.<p>Terrorists have it so easy, all they need to do is to be just a little bit unpredictable or simply old-fashioned (in person) and there won't be anything whatsoever that we can concretely do to stop them. The only thing that actually gives a bunch of actionable data is when an attack is executed or when an attack goes sour (or rather: sweet as in, it does not work) from which direct evidence of contacts or plans is gained. This will then lead to a relatively short lived number of arrests clustered around the people caught or implicated and then it burns out again where the data ends.<p>And so then we get to wait for the next attack...
Encryption backdoors are a lightning-rod topic on HN, but instead of repeating all the common-talking points, I'd suggest the following:<p>Think through something like this, outside of your expertise, that you think the powers-that-be should just do. Maybe it's something with your local municipality's approach to road resurfacing, maybe it's the quarterback on your favorite football team, maybe it's your local zoning board.<p>Chances are better than even that there is a decent technical reason why they don't do what they do. Looking at things that way will save you a lot of headache in your life, and set you on the path to getting on someone's side to affect change, rather than just being another shrill voice yelling against them.<p>So politicians and intelligence services calling for encryption want, institutionally, to keep people safe. How can tech companies do that without breaking or backdooring encryption? That's the real problem to solve, and the first person to figure out how to do that will be way ahead.
How about this: we assume terrorists can fucking talk covertly whenever they like (since there are myriads of channels and codes that they can use) and that mass surveillance is not the way to catch them plotting their next act.<p>And from then on, ONLY use surveillance on specific targets under investigation.<p>And while at it, maybe even have a limit on the number of targets each agency can investigate, so they chose them wisely.
Apparently, the terrorists that attacked the concert hall in Paris last week were using... unencrypted text messages to communicate between themselves and/or their "boss".<p>According to the newspaper Liberation [1], they sent a text message at 9:42pm telling: "we're out we begin".<p>[1] <a href="http://www.liberation.fr/france/2015/11/18/la-piste-du-sms-envoye-par-un-des-terroristes-du-bataclan_1414317" rel="nofollow">http://www.liberation.fr/france/2015/11/18/la-piste-du-sms-e...</a>
> but debates about whether the technology should have a "back door" for intelligence services are heating up again<p>What "debates"? there is absolutely nothing they can do to enforce terrorists to use backdoored encryption, any debate is just a waste of time, money, and maybe even lives. What are they thinking??
Oh and by the way - the Paris terrorists didn't even use encryption:<p><a href="https://theintercept.com/2015/11/18/signs-point-to-unencrypted-communications-between-terror-suspects/" rel="nofollow">https://theintercept.com/2015/11/18/signs-point-to-unencrypt...</a><p>How about that? Hopefully now the blame will be put where it should be: the wastefulness of mass surveillance, which dramatically increases the "noise" compared to the signals, since the agencies have to "look" at many more innocent people and waste time and resources doing so.
The line at the end that really hit me was this:<p>> <i>Almost all the attackers were known to the authorities, and if they had been watched, their use of encryption programs would have itself invited closer scrutiny.</i><p>This is precisely the scenario that Phil Zimmermann (creator of PGP) and others have been warning about (and working against) for decades. As Zimmermann said in a 1999 essay linked here not long ago, "What if everyone believed that law-abiding citizens should use postcards for their mail?" (<a href="https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html" rel="nofollow">https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html</a>) The scary part to me is not just that it's our present reality, but that it's so readily accepted. Crypto advocates need better PR. (And to be fair, better UI.)
The IRA were known to recruit top stem students from universities in Ireland during their campaign to make bombs. Surely an entity as large and as well financed and ISIS would have little trouble finding bright young engineers & technologists sympathetic to their cause to simply build their own encrypted services? And then so much for the spooks 'backdoors'
I think this article misses the most obvious point. Encryption is widely available for free and in the open. It's not about listing the devices or code they might not trust, if there's even one that they do trust, then you can backdoor everything else and it won't matter.<p>Why do they think they can put the Genie back in the bottle? The answer is they know that they can't, the backdoor only effects the people who don't care they are being tracked. It's not for terrorists, it's for people who carry smartphones. Which is almost everyone, so good enough for them. But the argument is absolutely nothing to do with "preventing terrorism".
This is like in WWII, when Churchill and Turing gave so many newspaper interviews re: how awful it was they couldn't crack Hitler's encryption anymore that he finally gave in, went back to the 3-rotor Enigma machines and we won the war.
I think the entire discussion misses the even more important point - terrorists won't care whether encryption is backdoored or not. It's a good OPSEC to assume all communication is being listened to anyway, and to rely on steganography and disappearing in the noise. Bad guys will simply use the same backdoored crypto everyone else will be using, communicating in the same way they do today, because using the unbroken crypto will be easily detected as suspicious action.
As with most things, I think that it is a trade off. There is a very delicate balance between security and privacy.<p>Too much surveillance<p>- General public feels incredibly uncomfortable due to lack of privacy<p>- An incredibly scary amount of power in the hands of whoever has access to that information ( and who knows what they will do with it )<p>- Reduced risk of terrorism and security concerns<p>Too little<p>- Increased risk of terrorism + massive security concerns due to lack of intelligence ( it's like trying to find a needle in a huge haystack )<p>- Public feels safe due to perceived increased privacy and yet feels unsafe due to ( potentially ) increased number of terrorist incidents.<p>It's a rather difficult problem to solve. How can we extract critical security information without invading people's privacy?
<i>"I was able to leave and come to Shām (Syria) despite being chased after by so many intelligence agencies. My name and picture were all over the news yet I was able to stay in their homeland, plan operations against them, and leave safely when doing so became necessary," Abaaoud claimed in the interview, according to ISIS."</i><p><a href="http://www.cnn.com/2015/11/16/europe/paris-terror-attack-mastermind-abdelhamid-abaaoud/index.html" rel="nofollow">http://www.cnn.com/2015/11/16/europe/paris-terror-attack-mas...</a>
I've gotta believe these organizations can find one or two developers among the billions of muslims on this planet. Why wouldn't they just write their own apps for android and call it a day?
I always assume these types of stories are red herrings and intelligence agencies already have back doors or decryption methods that they want to keep hush. Make a big song and dance about how encryption is secure and push criminals towards it, meanwhile its a trap. Look at all the Tor takedowns as evidence. It's all fine by me really.
This isn't about terrorists using encryption. It's about a culture of control, violence, and domination trying to extend its power to encrypted communiction.
<i>There's no evidence the plotters of the Paris terrorist attacks used encrypted communications</i><p>First sentence is already wrong.<p>They recovered smartphones that had encrypted messaging apps.<p>Still no excuse for government backdoors which will be stolen by all kinds of entities within months of their creation and allow the wrong people to spy on law enforcement itself.<p>Government had a 10 year headstart before all this, where are all the terrorists they stopped before this?
I think one thing we as a tech community overlook is the expectations on the intelligence community. The broader community expects the intelligence agencies to stop ALL terrorists attacks, and thats just not feasible. This drives the intelligence agencies to do more, which is why I think there is a big push for broad dragnet activity.
Back doors are very useful to tracking down tax evaders, political opponents or dissenters, or any other number of things which increase government revenue or power. Terrorism is just one excuse used to justify the rest of it. Crypto backdoors will be mandatory one day, it's inevitable.
Governments regularly intercept plain old SMS messages. If the government can demonstrate cases where this has prevented a terrorist incident in the past, wouldn't that suggest that similar snooping on iMessages would prevent terrorism in future?
"Almost all the attackers were known to the authorities, and if they had been watched, their use of encryption programs would have itself invited closer scrutiny."<p>Well, unless they were using WhatsApp or iMessage, which almost everyone uses.