There is no tech solution to terrorism, but that won’t stop people from asking.
It’s been a day since the latest major terrorist attack in Europe, when suicide bombers in two different locations in Brussels detonated bombs and killed at least 30 people people.
In times of crisis, our world leaders often turn to Silicon Valley, hoping there is some not-yet-made technology they can put in place that will prevent attacks like this in the future. There isn’t, but that won’t stop people from asking. Here are several examples of the kinds of tech people want to stop terrorism that won’t.
In the United States, the FBI is fighting a legal battle with Apple over the contents of a locked iPhone possessed by one of the San Bernardino shooters. The FBI is asking for a backdoor around encryption, something that will let the agency get into the phone despite the security features enabled in it. After Tuesday’s attack in Belgium, we can expect to see the FBI and other law enforcement or counter terror agencies again bring up the risk of terrorists communicating secretly and securely over encryption. It’s an appealing line, one with a lot of emotional heft, but it’s mostly wrong.
And if the attackers in Maelbeek and the Brussels airport are anything like those in Paris, it wasn’t encryption that kept them safe when planning attacks. Instead, it’s likely it was old-fashioned tradecraft and disposable, burner phones. Terrorist attacks are convenient moments to push for the expansion of law enforcement powers, but encryption backdoors aren’t materially relevant, and no one can say that they’d prevent an attack like this, especially this soon after an attack.
In the hours after the attack, rumors and half-truths circulated on Twitter. One from Michael S. Smith II, an executive at Kronos, a counter-terrorism consulting firm, tweeted:
The sourcing is suspect, as noted by pseudonymous security researcher The Grugq, who pointed out that the posting came from a public channel for ISIS supporters, and not a secure channel for ISIS operatives. In a post at Medium, The Grugq expanded on the lack of tradecraft evident in this warning:
The author tells their audience to avoid accessing the Internet unless they are using “encryption Software[sic] — (Tor — i2P — VPN).” These tools — Tor, I2P, VPNs — mask the user’s IP address. They do not provide end to end encryption. They are privacy and anonymity tools, not encryption tools.
These are not encryption tools. These are privacy tools. This fundamental error should raise a red flag for any reader, indicating that the is author ignorant of the subject matter.
If the ISIS associates who launched the bomb attack read and follow this advice (there is possibly at least suspected attacker one still at large), then they’re at best masking their tracks a little bit. What they are not doing is making it so that the contents of their messages are still secret even if discovered. It’s the difference between passing notes and hoping the teacher doesn’t see them and writing notes in a complicated code that a teacher can’t break, even if they found them.
Before asking for new ways around encryption, law enforcement agencies should see if there was other evidence of attack planning that they could have seen plainly, in the open. Rather than being desperate for leads, Belgian police have more information to go on in terror investigations than they can properly pursue. What little we know of the attack indicates a bomb made from common materials, but at the hands of a skilled bomb maker.
In times of crisis, our world leaders often turn to Silicon Valley, hoping there is some not-yet-made technology they can put in place that will prevent attacks like this in the future. There isn’t.
In fact, police were already pursuing someone connected to the attackers. Salah Abdeslam, the prime suspect in last year’s deadly Paris attacks, was arrested just days before the bombings in Brussels. He has already been connected to the recent bombers, who may have accelerated their plans before they were apprehended.
Decrypting communication gives police more information for a case, but I’m not entirely convinced that it’s a lack of information that’s the problem here. Instead, it seems that overworked law enforcement officials, already on high alert after the Paris attacks, were simply unable to process all the information on hand and follow leads fast enough.
Solving that isn’t a technology problem. It’s much more basic: It’s a labor problem.
Kelsey D. Atherton is a Washington, D.C.-based technology journalist. His work appears regularly in Popular Science, and has appeared in Popular Mechanics and War Is Boring. Follow him on Twitter @AthertonKD.
Photo via The White House