The events following the ghastly terror attacks in Paris and Beirut last week have followed a tragically predictable formula. Once again, acts of senseless violence have left scores of innocents dead and millions around the world in mourning. Once again, we have watched these horrors unfold in real time on TV and social media, zigzagging through the maze of misinformation, anxiety and anger.
And once again, Western government officials are shamelessly exploiting tragedy to justify more surveillance, more reactionary military interventions and more draconian security policies at home. Their pitch is the same as it was after the last major attack, and the one before that, and as far back as anyone can remember: Give us just a little more power — surrender a few more civil liberties and a bit more privacy — and next time we will truly keep you safe.
Authorities wasted no time, blaming the attacks on the rise of sophisticated encryption even while admitting they have no evidence that encryption was actually used. On Monday morning, CIA director John Brennan told reporters that the Paris attacks should serve as a "wake-up call" about the need to give the government access to encrypted communications, even though he admitted there was no evidence that encryption prevented authorities from detecting the plot. The New York Times published, and later removed from their website, an article citing unnamed European officials similarly stating that those responsible for the Paris attacks “are believed to have communicated using encryption technology,” but that it is still “not clear whether the encryption was part of widely used communications tools, like WhatsApp … or something more elaborate.” On Tuesday, a Times headline declared “Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks,” despite the article’s very first sentence stating: “American and French officials say there is still no definitive evidence to back up their presumption that the terrorists … used new, difficult-to-crack encryption technologies to organize the plot.”
Of course, the point of all this speculation isn’t to determine how the terrorists actually planned the highly coordinated attacks, but rather to drum up fear by demonizing the widespread use of strong encryption, which has grown in popularity since National Security Agency whistleblower Edward Snowden’s surveillance revelations.
Until recently, the Federal Bureau of Investigation and other U.S. agencies were on the offensive, demanding backdoors into end-to-end encrypted messaging apps such as Signal and WhatsApp, which by design send private messages that even the companies themselves can’t read — and thus can’t surrender to law enforcement. Security experts and Silicon Valley pushed back, noting that creating backdoors would open vulnerabilities that any well-resourced adversary — be they Russian cybercriminals or Chinese government hackers — could find and exploit, making everyday Internet usage much more dangerous as a result. The consensus was so overwhelming that even President Barack Obama backed down, conceding that his administration wouldn’t be seeking encryption backdoors.
The attacks in Paris have now reinvigorated these demands. But what few details we know about the attacks shed doubt on how useful backdoors would have been.
A report from Le Monde early this morning suggests that the terrorists were not encrypting their communications or data while planning the attack; authorities say they were able to access data on a cellphone recovered from one of the suspects — including the location of a safe house that was raided on Wednesday, a map of the concert hall where terrorists massacred 89 people and an unencrypted text message saying “We’re off; we’re starting.” According to intelligence and law enforcement officials, three of the attackers lived in the same district in Brussels, meaning that — assuming they aren't stupid — they would have communicated in person or by courier rather than electronically. If the group had been in contact with foreign members of ISIL, as some early reports suggested, the ability to read encrypted communications would also be secondary: Determining their associations and movements would only require access to their metadata — the communications records that intelligence agencies already collect in bulk — not the encrypted messages’ contents.
It speaks volumes that the United States, the United Kingdom and France all now have systems for collecting massive troves of metadata, yet none of them were able to disrupt these attacks. Indeed, newly leaked documents published yesterday by The Intercept show that the U.S. mass surveillance programs have no record of preventing major attacks on the scale of those that occurred in Paris.
Nevertheless, these same clamors for more surveillance powers re-emerge after every terrorist attack. And every time, we give governments the powers they want, only to have them come back for more when the next attack occurs. Following the Charlie Hebdo attacks in January, the French Parliament overwhelmingly passed one of the most sweeping surveillance laws in the Western world, giving its security services access to citizens’ data without judicial approval. Clearly, this did little to prevent or even anticipate the attacks in Paris.
Given the repeated failure of Western security agencies to detect threats, despite all the surveillance tools they’ve been handed, are we now seriously expected to believe that encryption backdoors will stop these kinds of attacks forever? Are we really so foolish to uncritically accept that the true purpose of mass surveillance is fighting terrorism, when it has been proven time and again that no amount of it is ever enough to keep us safe? It’s little wonder that even the NSA privately admits it suffers from having too much data, not too little.
Terrorism is, among other things, a crime against the mind. The terrorist’s goal is to shock and traumatize us such that we fundamentally cripple our society and abandon our most cherished values. Fear is the objective — violence is merely the vessel.
Governments can never keep us truly “safe” from terrorism, because the safety they claim to offer is a myth. We’ve been given the illusion of safety because it’s simply impossible to detect every threat everywhere at all times. Yet with each new tragedy, the price we pay in terms of civil liberties and privacy to sustain this fantasy increases.
It’s only natural to be scared and angry in light of horrifying and senseless violence. It’s normal to feel compelled to do something, anything — however rash or hasty it might seem — to try and prevent these horrors from happening again. But we must resist this urge and recognize that terrorism makes us to feel this way because it is, at least in the Western world, a rare event. We are still orders of magnitude more likely to be killed by police, car crashes, falling furniture or slippery bathroom floors than by terrorists.
Instead of trying to prevent every bad thing from ever occurring, we can be resilient. We can prepare for the worst and respond to violence by offering humanitarian aid, solidarity and support instead of being consumed by fear. And if we must be afraid, we should fear those in power who claim they can keep us safe by waging wars, eroding our liberties and crippling our ability to have control over our private lives.