We all stand in shock at the horrific attacks in Paris. Our thoughts go out to the families and everybody affected. And once again we are confronted with the fact that the open society has enemies and is vulnerable.
So people are worried and are looking to their elected leaders for answers. These leaders would do well to provide the thoughtful and carefully reasoned answers that we should expect from them. And to not exploit the situation for populistic campaigning.
A blatant example of the latter is the UK PM now calling for a ban on encryption.
This line of argument is at best misleading. The underlying fallacies are:
It cannot be done: You don’t need an advanced degree in information technology to understand that this simply cannot be done. Cory Doctorow explains it well here. In a nutshell, the tools and technologies are out in the open and cannot be controlled by legislative means.
It also wouldn’t work: Imagine for a second a world without encryption and the corresponding mass surveillance of everything that floats around the net. It is inconceivable how governments would now separate the signal from the noise and generate actionable insights. Also, when we look at the catastrophes of the recent past, among them New York, London, Madrid, and now Paris, most experts agree that the obvious breakdowns in intelligence and anti-terrorism that allowed these events to take place were not at all due to a lack of data. But to inter-agency process breakdown and a lack of feet on the street to do real-world, hands-on intelligence work.
It would actually increase our risk: If we did give up protection and allowed the government to monitor every communication, how would we prevent anybody else from exploiting the same backdoors and loopholes? Naturally spies, attackers, saboteurs would use precisely the same access. The risk would be higher than the reward.
So the discussion started by David Cameron is at best naive.
Or, if you’re more cynically inclined, precisely the kind of topic politicians will jump on: Complex to understand, ultimately destined for failure, but immensely productive when you want to own a topic that will not go away and you can keep coming up with deeply concerned soundbites.
In any case it is a dangerous distraction. Protecting the open society from its enemies will require a different leadership. One where you strengthen the moral compass and respect the intelligence of your citizens rather than dumbing things down.
Even if that means telling them things they may not want to hear. That we might need to pay for more police for more hands-on old-fashioned intelligence and protection footwork.
Update: Now it turns out that we find the US intelligence agencies themselves urging more encryption to protect private data for citizens and businesses. And, just this week, the German government’s cyber security czar urged businesses to adopt more encryption to protect against espionage. Pointing specifically to PGP as the technology of choice. I agree.