ISIS turns to foreign encryption products as Apple–FBI fight rages in U.S.
FBI and Apple officials spent Tuesday afternoon on Capitol Hill, debating American encryption laws with members of Congress. Prompted by a case related to the ISIS-inspired terrorist attack in San Bernardino, the intense discussion heavily focused on thwarting the Islamic State.
But ISIS supporters online didn't seem worried at all.
Instead, they've spent the week—and longer—promoting strong encryption tools from outside the United States that the American government cannot touch with legislation.
In the last month, Islamic State supporters have promoted security software from Finland, Romania, America, France, the Czech Republic, Canada, Panama, Germany, Switzerland, Saint Kitts and Nevis, and other nations, a Daily Dot review found.
On Telegram, a popular Islamic State technology channel promoted a number of secure communications tools, including ProtonMail (from Switzerland), Ghostmail (also Swiss), and Tutanota (German) as ways to hide from Western surveillance.
Apple and the Federal Bureau of Investigation are currently embroiled in a legal battle over a court order that requires Apple engineers to create custom software that will let the FBI guess the password to San Bernardino shooter Syed Rizwan Farook's locked iPhone 5c. The technology giant is fighting the order on the grounds that doing so would jeopardize its users' security and violate the company's rights.
The international availability of encryption technology, of which Islamic State militants are well aware, underscores FBI Director James Comey's long-held desire to build an international legal regime to deal with the problems posed by encryption, what he calls “going dark.”
Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) are currently crafting legislation that may mandate so-called “backdoors” in encryption technology as a means to combat criminals and terrorists evading the reach of intelligence agents and law enforcement. Another piece of legislation, introduced this week by Sen. Mark Warner (D-Va.) and Rep. Michael McCaul (R-Texas), aims to create a commission to study encryption and other digital-security technologies.
In the Tuesday hearing before the House Judiciary Committee, Apple's top lawyer, Bruce Sewell, argued that free, open-source, foreign encryption solutions are popular and would benefit from any law weakening American encryption—an argument often repeated by technologists and other opponents of anti-encryption legislation.
“Couldn't foreign companies and bad actors generally do that, whatever we said?” Rep. Jerrold Nadler (D-N.Y.) asked Comey.
Comey was skeptical that many people would ditch American devices and adopt foreign products due to encryption and privacy issues.
Various studies have concluded that U.S. tech companies lost billions of dollars because of the privacy and security concerns raised in the wake of former NSA contractor Edward Snowden's leak of secret National Security Agency documents in 2013. The Snowden revelations prompted Apple and Google, creator of Android, to build strong encryption into their mobile operating systems in an attempt to rebuild customer trust and strengthen their security.
Susan Landau, a Worcester Polytechnic Institute cybersecurity policy professor, argued forcefully that any terrorist can simply download foreign applications with strong encryption to get around whatever legislation Congress might pass.
“If congress were to pass a law prohibiting use of encryption on Apple phones ... what it would do is weaken us but not change it for the bad guys,” Landau said, agreeing that any limits on encryption are virtually “undoable.”
Illustration by Max Fleishman