The Cybersecurity 202: Extremists flocking to encrypted apps could restart debate over law enforcement access

Other rallies are being planned on the platform and Signal, another encrypted app that’s hard for government officials to monitor, Sheera Frankel at the New York Times reports. And the FBI is scrambling to identify those involved in the Jan. 6 violence – a task that will surely be harder if they move their open plotting to encrypted chats. 

The chances for this issue to resurface are higher if violence continues until and past President-elect Joe Biden’s inauguration – and exponentially so if law enforcement deems the encrypted apps a blind spot.  

“Law enforcement have always used fearmongering and pointed to these extreme examples in an attempt to justify misguided attacks on encryption technology,” Evan Greer, deputy director of the digital rights group Fight for the Future tells me. 

John Scott-Railton, a senior researcher at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto:

The fact that extremists were planning for violence on open channels undermines the argument for special access to encrypted messages, experts say. So does the fact that the FBI issued a bulletin explicitly warning about the risk of violence that law enforcement failed to prevent. 

Why give law enforcement access to encryption “if you couldn’t get ahead of it in plain site?” asks, Riana Pfefferkorn, a researcher scholar at the Stanford Internet Observatory. 

Greer agreed that such a move “seems absurd…when this was advertised in plain sight.” 

“It wasn’t a failure of surveillance or intelligence. It was a product of our collective unwillingness to take the threat of white supremacist violence, rightwing violence seriously,” she tells me.

Encryption advocates say they now have a more potent counterargument: That special access for law enforcement could mean these communications could be abused by individual officers. 

“It might be that it draws an uncomfortable amount of attention to those law enforcement,” Pfefferkorn says.

There are other concerns, including how weakening encryption could hurt protesters who have flocked to the apps during protests this summer and adopted the technology during the coronavirus pandemic. “There is simply not a way to undermine encryptions and put in backdoors that are only for the good guys,” says Greer. 

That doesn’t mean law enforcement won’t try.

Law enforcement has long argued that end-to-end encryption makes it more difficult for them to catch criminals from child predators to foreign terrorists. Domestic extremists could be the new rallying cry for their cause, as public anger grows – and politicians are directly targeted. 

“This was inevitable when Silicon Valley went down this road of ‘we’re going to cop-proof our apps,’” says Stewart Baker, a former NSA general counsel. “If it’s useful to terrorists, it’s going to be adopted.”

Right-wing extremism is a much more partisan issue to make the face of an issue.

“The real question is whether changes in the climate in the country on the use of the tools by people who are genuinely violent will bring the debate from behind closed doors and out in Congress again,” Baker says. “My guess is yes.”

“They all have to be thinking about what kind of tooling they have for fighting abuse on their platforms when they have no visibility into what their users are saying,” Pfefferkorn says.

That could include limiting the number of members of a group or introducing more-robust reporting mechanisms so that users who are seeing messages can report violent content, she says.

While Capitol Hill has other important priorities right now – from impeaching Trump to stimulus checks and confirming nominees – experts say getting ahead of attacks on the technology is the best way to prevent lawmakers from rehashing the debate.

“I think that the most important thing that needs to be said over and over again is that encryption makes people more safe, not less safe,” Greer said. 

He called both China and Russia top concerns. The United States accused China of trying to steal coronavirus research over the summer. North Korea has also tried to hack American companies working on a vaccine, the Wall Street Journal reported.

Evanina said that a Biden administration also needs to prepare for threats to critical infrastructure in other industries, including finance, and that a recent massive hack of government agencies much be used as a wake up call to change how the private and public sector work together. 

“We have to make sure that we can control the controllable and do the blocking and tackling that will make it harder for adversaries to get into our supply chain,” he said.

The Justice Department has developed an even longer list of 170 suspects, Spencer S. Hsu, Keith L. Alexander and Shayna Jacobs report.  

The FBI and Justice Department are also investigating links to potential foreign or domestic instigators, which could add to the security fallout of the stolen devices and national security and defense information.

Multiple devices were reported stolen from Congressional offices at the Capitol. So far the extent of the security risks posed by the threat is unknown. The stolen electronics and documents “could have potential national security equities,” Michael Sherwin, acting U.S. attorney for the District of Columbia, said last week.

Pfizer, BioNTech and Moderna all disclosed that documents related to their vaccines were accessed in an attack last month. EMA has not named affected parties.

More clips from yesterday’s interview with William Evanina: