Published by The Lawfare Institute
in Cooperation With
Conflation obscures issues. That's what's happening now with FBI Director Comey's arguments regarding ISIS, Going Dark, and device encryption. On Wednesday, Ben, quoting the director, discussed how the changes resulting from ISIS means we ought to reexamine the whole encryption issue. "Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption," Comey said. "This is the 'going dark' problem in high definition."
Nope. Comey is looking at the right issue but in the wrong way. The possibility of ISIS attacks on US soil is very frightening. But as the New York Times reports, though the organization inspires lone wolf terrorists, it doesn't organize them to conduct their nefarious acts.
Encryption is not the difficulty in determining who the attackers might be and where their intentions lie. But encryption is important in combating our most serious national security concerns. I've quoted William Lynn here before, but the point he made is directly relevant, and it bears repeating. The Deputy Director of Defense wrote, "the threat to intellectual property is less dramatic than the threat to critical national infrastructure, [but] it may be the most significant cyberthreat that the United States will face over the long term."
The way you protect against such threats is communications and computer security everywhere. This translates to end-to-end encryption for communications, securing communications devices, etc. This is why, for example, NSA has supported technological efforts to secure devices, communications, and networks in the private sector.
Thoughts of an armed thug wielding a machete or shooting a semiautomatic rifle at a Fourth of July parade or picnic are terrifying. But one thing we expect out of government officials is rational thought and a sense of priorities. Tackling ISIS domestically is difficult, but there is no evidence that being able to listen to communications would have helped prevent the attacks on Charlie Hebdo, in Tunisia, or other ISIS-inspired efforts. Meanwhile there is plenty of evidence that securing our communications and devices would have prevented the breaches at Anthem, OPM, and elsewhere. The latter are serious long-term national security threats.
Securing the US means more than protecting against a knife-wielding fanatic; it includes securing the economy and developing the infrastructure that protects against long-term threats. We expect our leaders to prioritize, putting resources to the most important threats and making the choices that genuinely secure our nation. Director Comey's comments mixing ISIS with discussions about communications security and encryption do not rise to that level.