Skip to main content
Markkula Center for Applied Ethics

The Ethics of Encryption

ethics of encription

ethics of encription

After the Paris attacks

Irina Raicu

The smoldering ongoing debate about the ethics of encryption has burst into flame anew following the Paris attacks last week. Early reports about the attacks, at least in the U.S., included claims that the attackers had used encrypted apps to communicate. On Monday, the director of the CIA said that “this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people…." Also on Monday, Computerworld reports, Senator Feinstein told a reporter that she had “met with chief counsels of most of the biggest software companies to find legal ways that would allow intelligence authorities to break encryption when monitoring terrorism. ‘I have asked for help,’ Feinstein said. ‘I haven't gotten any help.’”

At the same time, cybersecurity experts are arguing, anew, that there is no way to allow selective access to encrypted materials without also providing a way for bad actors to access such materials, too—thus endangering the privacy and security of all those who use online tools for communication. In addition, a number of journalists are debunking the initial claims that encryption played a part in the Paris terror attacks (see Motherboard’s “How the Baseless ‘Terrorists Communicating Over Playstation4’ Rumor Got Started”), and questioning the assertion that weakening US-generated encryption tools is necessary in order for law enforcement to thwart terrorism (see Wired’s “After Paris Attacks, What the CIA Director Gets Wrong About Encryption”). But the initial claims, widely reported, are already cited in calls for new regulations (in the Washington Post, Brian Fung argues that “[i]f government surveillance expands after Paris, the media will be partly to blame”).

As more details from the investigation into the Paris attacks and their aftermath come to light, it now appears that the attackers in fact didn’t encrypt at least some of their communications. However, even the strongest supporters of encryption concede that terrorists have used it and will probably use it again in their efforts to camouflage their communications. The question is how to respond to that.

The ethics of generating and deploying encryption tools doesn’t lend itself to an easy answer. Perhaps the best evidence for that is the fact that the U.S. government helps fund the creation and wide-spread dissemination of such tools. As Computerworld’s Matt Hamblen reports,

The U.S.-financed Open Technology Fund (OTF) was created in 2012 and supports privately built encryption and other apps to "develop open and accessible technologies to circumvent censorship and surveillance, and thus promote human rights and open societies," according to the OTF's website.

In one example, the OTF provided $1.3 million to encryption app maker Open Whisper Systems in 2013 and 2014. The San Francisco-based company produced Signal, Redphone and TextSecure smartphone apps to provide various encryption capabilities.

The same tools that are intended to “promote human rights and open societies” can be used by terrorists, too. So far, all the cybersecurity experts seem to agree that there is no way to provide encryption backdoors that could be used only by the “good guy”: see, for example, the recently released “Keys under Doormats” paper, whose authors argue that

The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

At a minimum, these difficult problems have to be addressed carefully, with full input from the people who best understand the technical challenges. Vilifying the developers of encryption tools and failing to recognize that they are indeed helping in our efforts to uphold our values is unwarranted.

November 20, 2015

Photo by woodleywonderworks, used without modification under a Creative Commons license.

Nov 20, 2015
--

Subscribe to Our Blogs

* indicates required
Subscribe me to the following blogs: