There is an ongoing debate in many societies on how much power security intelligence and law enforcement agencies should be allowed to have and how technology is making catching the bad guys really difficult. I commented on this during the Apple-FBI tussle some months ago when the law enforcement agency wanted to get the contents of the I-phone of dead terrorist Syed Rizwan Farook who, together with his wife, shot and killed 14 of his workmates in San Bernardino, California. If you recall that heated debate, Apple said it was technically impossible to give the FBI that data and even if it could doing so would undermine the public’s trust in their products. I did not agree with Apple. In the end, the data was gained through “non-traditional” means (i.e. hacking).
So where are we now, almost a full year later on after the attacks in California? Truth be told, the threat has certainly not gone away but the issue has taken a very interesting turn. .
The Commissioner of the RCMP, Bob Paulson, has gone public with a very illuminating piece of insight into how increasingly sophisticated encryption is rendering law enforcement and security intelligence officers “blind” to the activities of those who wish us harm. According to Mr. Paulson, Canada lags behind its partners in this regard and he noted that ” there’s criminal activity going on every day that’s facilitated by technology that we aren’t acting on”. In other words, investigations are seriously hampered by their inability to analyse data relevant to the case. The RCMP has even taken the unprecedented step of giving journalists an inside peak of what they are up against.
As a case in point, remember Aaron Driver, the young man in Strathroy, Ontario who had a bomb and who had pledged allegiance to Islamic State? Well, it turns out that he was using unbreakable encryption which in part hid his true intentions at causing mayhem.
So what does all this mean? I find it telling that a majority of Canadians support giving the police more digital powers but also worrisome that one-fifth do not want to grant any backdoor to law enforcement (so-called “privacy purists”). What is reasonable access and what should be done?
As a side note I want to address the belief held by some that authorities already have enough tools at their disposal to break codes and disrupt plots. No, they don’t. I worked in cryptanalysis 25 years ago and it was clear even back then that the tide was turning on codebreaking. I can only imagine that the situation has become infinitely worse.
We need a solution to this problem. Access must be carefully administered and not used improperly. It must be centrally controlled and granted only in the most serious of circumstances. But granted it must be when warranted.
There has to be a trusted dialogue between service providers, technology manufacturers and the State. This dialogue has to recognise the vested interests of the private sector and the threat environment we live in. If nothing is done, people will die. That is not an exaggeration. I am confident we can get the balance right. Let’s get to it.