Monday, August 15, 2016

French Government Wants A 'Global Initiative' To Undermine Encryption And Put Everyone At Risk

from the this-is-a-bad,-bad-idea dept

Some bad ideas never seem to die. It appears that the French government is working to enlist other countries to try to undermine encryption and put us all at much greater risk. That's about the only way to read the news that French Interior Minister Bernard Cazeneuve is promoting a "global initiative" to "fight" messaging encryption used by ISIS.
Messaging encryption, widely used by Islamist extremists to plan attacks, needs to be fought at international level, French Interior Minister Bernard Cazeneuve said on Thursday, and he wants Germany to help him promote a global initiative.

He meets his German counterpart, Thomas de Maiziere, on Aug. 23 in Paris and they will discuss a European initiative with a view to launching an international action plan, Cazeneuve said.
Remember, of course, that much of the planning and communications for the Paris attacks last year were done without encryption, and in fact much of the planning was done fairly out in the openwith little effort to mask what was happening. Of course, that won't always be true -- and certainly it's quite likely that people are plotting all sorts of nasty stuff with encryption -- but even then that doesn't actually result in law enforcement "going dark" as they'd have you believe. First of all, encryption is still difficult to use and easy to mess up. In fact, most reports suggest that ISIS is pretty bad about its opsec when it comes to encryption. And, even if they are successfully using encryption, they still leave plenty of other breadcrumbs for law enforcement and the intelligence community to track.

On top of that, any effort to weaken encryption is both dangerous and pointless. A mandate for backdoors or something similar only introduces vulnerabilities into encryption that will be targeted by criminals (and possibly terrorists!) putting many, many, many more people at risk. And it's pointless because there are enough open source encryption products at this point that trying to regulate other products won't help much. ISIS will just focus on using code they already have access to.

So none of this adds up, other than as a stupid reactionary move out of fear and ignorance. A "global initiative" to fight encryption ignores the fact that encryption isn't some invisibility cloak that masks all terrorist activity. It also makes us all less safe, and probably won't stop ISIS from actually using strong encryption. So what is the point other than shadowboxing and making it look like politicians are doing something, when they're not sure what to do about possible attacks?


No comments :

Post a Comment