Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | How to Cut the Cable Cord | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

Officials Push for Encryption Backdoors after Paris Terrorist Attacks

by on November 19, 2015
in Computer Safety & Support, News, Computers and Software, Blog :: 0 comments

Encryption backdoor conceptIn the wake of the terrorist attacks in Paris that killed nearly 150 people, U.S. officials have called again for policies that would force tech companies to build 'backdoors' into their software, allowing government access to encrypted apps that may have been used to coordinate similar attacks.

On Monday, the long-running debate on personal privacy versus national security was revived in Washington, Time reported, as officials from both the Obama and former Bush administrations discussed how government intelligence agencies can monitor communications between suspected terrorists who use encrypted messaging apps such as Telegram or SilentCircle.

A recent U.N. Report says encryption is a human right, “providing the privacy and security necessary for... the right to freedom of expression in the digital age”.

But FBI director James Comey has argued often that the availability of encrypted communications apps impairs law enforcement agencies' ability to prevent crime, including terrorism.

Secure messaging apps feature end-to-end encryption that can be decrypted only by the sender's and receiver's devices, so that parent companies cannot read messages – nor grant government agencies access to do so.

It has not been confirmed whether such apps were used in coordinating the Paris attacks. But according to the Wall Street Journal, followers of the Islamic State terrorist group (ISIS), which claimed responsibility for the Paris attacks, were provided with a list of 33 chat apps, ranked by their encryption, with Telegram ranked as “safe”; and apps like SilentCircle and Redphone ranked safest. (As for more mainstream apps, WhatsApp was deemed “unsafe” while Apple's iMessage, Facebook's Messenger and BlackBerry Messenger were all deemed “moderately safe”.)

The New York Times reports that government officials said ISIS has used encryption technologies over the last year and a half, many of which the National Security Agency (NSA) has been unable to crack.

For example, according to a Middle East Media Research Institute report, jihadist groups and terrorist organisations had chat channels on the secure messaging app Telegram, sharing such content as “manufacturing weapons” and “launching cyberattacks”.

A backdoor policy that legally requires tech companies to build decryption keys into their software would enable the NSA and other law enforcement agencies to monitor communications between suspected criminals and, in theory, prevent major crime.

However, security experts have repeatedly said that such cryptographic backdoors make systems more vulnerable to attacks. Allowing a government official armed with a warrant to read communications between suspected criminals would also allow stalkers, fraudsters and other criminals to steal data from innocent people as well as companies and national agencies.

“Backdoors will only degrade our security — perhaps against the very criminals and terrorists the government is trying to protect us from in the first place,” says Jeremy Gillula, staff technologist at privacy advocacy group Electronic Frontier Foundation (EFF). “[As well] adding complexity, like a backdoor, increases the chance that bugs or vulnerabilities will be introduced to the code,”

Tech companies have taken a similar line. Re/code reports that while Google has scrubbed YouTube videos affiliated with terrorist groups and passed account information to authorities in response to direct government request, the search giant maintains that agencies do not have backdoor access to simply “help themselves to users' data”.

Similarly, Apple's CEO Tim Cook has publicly opposed government backdoors, as have other Silicon Valley companies in wake of the recent terrorist attacks.

In any case, banning full encryption is unlikely to prevent criminals from communicating unobserved. Encrypted messaging apps have not been the only means for terrorist communication; Belgian federal home affairs minister Jan Jambon claims that the Sony PlayStation 4 has been used by ISIS members. Though, he provided no evidence or examples to support this claim. Means of messaging on the PS4 include voice-chat, messages over the PlayStation networking online gaming service, and in-game messaging.

As for the recent Paris attackers, we don’t know fully yet how they handled their communications. From what we do know, some of the coordination was done via standard cell phone texts and, given that a group of the attackers lived in the same town in Belgium, likely, person-to-person communication. And unencrypted data from a cell phone found at the scene of the Paris stadium attack was successfully used to track down ringleader Abdelhamid Abaaoud and disrupt another terrorist cell.

“Additionally, there will always be developers writing other end-to-end encrypted apps, all over the world,” Gillula says. “At least some of these apps won't have backdoors and they'll become magnets for terrorist communication.”

The Electronic Frontier Foundation's
Secure Messaging Scorecard

 
  Encrypted in transit? Encrypted so the provider can’t read it? Can you verify contacts’ identities? Are past comms secure if your keys are stolen? Is the code open to independent review? Is security design properly documented? Has there been any recent code audit?
AIM Yes No No No No No No
Yahoo! Messenger Yes No No No No No No
Facebook chat Yes No No No No No Yes
Google Hangouts/Chat "off the record" Yes No No No No No Yes
iMessage Yes Yes No Yes No Yes Yes
FaceTime Yes Yes No Yes No Yes Yes
Skype Yes No No No No No No
SnapChat Yes No No No No No Yes
WhatsApp Yes No No No No No Yes
BlackBerry Messenger Yes No No No No No No
Viber Yes No No No No No No
Silent Phone Yes Yes Yes Yes Yes Yes Yes
Telegram (secret chats) Yes Yes Yes Yes Yes Yes Yes
Jitsi + Ostel Yes Yes Yes Yes Yes Yes No
Off-The-Record Messaging for Mac (Adium) Yes Yes Yes Yes Yes Yes No
Off-The-Record Messaging for Windows (Pidgin) Yes Yes Yes Yes Yes Yes Yes
TextSecure Yes Yes Yes Yes Yes Yes Yes
BlackBerry Protected Yes Yes Yes Yes Yes Yes Yes
ChatSecure + Orbot Yes Yes Yes Yes Yes Yes Yes
iPGMail Yes Yes Yes No No Yes No
Mailvelope Yes Yes Yes No Yes Yes Yes
PGP for Mac (GPGTools) Yes Yes Yes No Yes Yes No
PGP for Windows Gpg4win Yes Yes Yes No Yes Yes No
RetroShare Yes Yes Yes Yes Yes Yes No
StartMail Yes No Yes No No Yes No
SureSpot Yes Yes Yes No Yes Yes No
Telegram Yes No No No Yes Yes Yes
Threema Yes Yes Yes Yes No Yes Yes
Virtru Yes No No No No Yes Yes
CryptoCat Yes Yes Yes Yes Yes Yes Yes
Signal / RedPhone Yes Yes Yes Yes Yes Yes Yes
Silent Text Yes Yes Yes Yes Yes Yes Yes
Ebuddy XMS Yes No No No No No No
Hushmail Yes No No No No No No
Kik Messenger Yes No No No No No No
Mxit No No No No No No No
QQ Yes No No No No No Yes
Wickr Yes Yes Yes Yes No No Yes

[Image credit: encryption backdoor concept via Shutterstock] 



Discussion loading

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose