A question I have been asked frequently over the past few months is one concerning encryption. This discussion is not new as the use of encryption raises security, economic, and human right considerations. Of interest to my research is how encryption impacts security and human rights. Security and human rights are mutually reinforcing, therefore when looking to approach the problem of the use of encryption by terrorists’ organizations like Da’esh it is important to keep in mind the complex interplay between security and human rights concerns and avoid favouring one interest above another. The resolution of this issue cannot be done in absolute terms the support only a security perspective as has been proposed by many Nations directly impacted by terrorist attacks.
Organizations like Da’esh and its supporters use the Internet for a wide range of purposes: recruitment, financing activities, propaganda, training, planning, and incitement to commit acts of terrorism. All of these are things are occurring at some level in spaces that are encrypted, we can all agree that these elements need to be prevented. However the means to this end is where the problem lies.
One of the first means that were used were the limiting of the spaces these individuals and groups in habited. It is widely known that when social media platforms began taking down official and pro-Da’esh accounts. For a while Da’esh was able to adapt but in the long run they were no longer able to enjoy the general freedom of operation online they had at their inception. As J.M. Berger stated in his newly released ICCT report, “As of March, the median Arabic-language account openly supporting IS on Twitter had about 14 followers and could only stay online for about a day before being suspended.”
The result of shutting down these accounts on open facing social media platforms was a shift towards encrypted communications and platforms that were not shutting down their accounts as effectively. WhatsApp, Telegram, Surespot should sound familiar to you, as these apps have all been featured in reporting of many of the terrorists’ attacks committed by Da’esh in the past year. Some political leaders and police forces have called for “decryption” or “backdoors” as there have been concerns that have been raised about terrorists “going dark”, making it difficult to investigate or lawfully listen in on conversations of individuals of interests and therefore ultimately inhibit the ability to uncover criminal activities or terrorist plots. Alternatively, some experts argue that creating keys to encryption apps or backdoors could compromise the Internet for all of us users if nefarious actors would gain and take advantage of the access created to encrypted apps by government agencies (as wannacry has shown even the NSA cannot guarantee these keys will not be compromised by external agents).
One point I would like to highlight that is often left out of this discussion is the Human rights proponent, in particular the need to protect individual privacy and to avoid adverse impacts on freedom of expression and association. I know if one simply consumes the daily news they probably have a grim perspective as it pertains to the imminence of potential terrorist attacks and how they have been using encryption to communicate and plan attacks. Though this is true in some cases, this represents only a minute percentage of what encryption is being used for. However the use of encryption is not only negative, it has been used to protect and enable individuals and groups. Let us use Telegram as a case study for a moment:
In my research I have had the opportunity to examine this from multiple lenses and perspectives and it is difficult to answer this question. Personally, I seek to do what I can to prevent terrorism and violent extremism. However, I don’t think we any nation should have a backdoor to encrypted communications. The risk to human rights, the risk to individuals in vulnerable situations outweighs the security risks, in my personal opinion (I know many would disagree). Governments have many tools at their disposals to protect their citizens, and if they honestly want to most states can bypass encryption through human intelligence or via cyberattacks, we do not need to give them a universal key. Individuals, on the other hand, are limited in what tools they have at their disposal to protect their human rights. As it pertains to the security risks posed by groups like Da’esh, I believe there is much more government (at home, bilaterally and multilaterally), private corporations, CSOs/NGOs and individuals can do to prevent violent extremism and terrorism. We all have a role to play, one that is continually changing as the threats evolve. I do not have a magic solution, but like many I am doing my best to understand the issue and find out what can be done.