How to unite privacy and security — before the next terrorist attack
Sunday, December 27, 2015
By Michael McCaul and Mark Warner
Michael McCaul, a Republican from Texas, is chairman of the House Homeland Security Committee. Mark Warner, a Democrat from Virginia, is a member of the Senate’s Banking, Finance and Intelligence committees.
This month it was revealed that the Paris attackers used hard-to-monitor, encrypted applications to coordinate their acts of terrorism, a reminder that we face an enemy that is difficult to find and adapting quickly.
No longer do terrorists plot using couriers and caves. Today they use social media to radicalize and recruit. And when individuals show interest in their cause, they move their communications to encrypted applications and other secure platforms to evade detection.
This presents an extraordinary security challenge for the United States and our allies. Because extremists are “going dark,” law enforcement officials warn that we are “going blind” in our efforts to track them.
For instance, the Islamic State has made communications security a key element of its training and propaganda. Followers have distributed a 32-page manual featuring tips for jihadist aspirants to conceal their messages through end-to-end encryption, secure apps and other tradecraft.
But the problem isn’t limited to terrorists. Similar tactics are also used by drug traffickers and child predators to avoid getting caught, creating a much broader public safety crisis.
Frustratingly, there are no easy answers. The same tools that terrorists and criminals are using to hide their nefarious activities are those that everyday Americans rely on to safely shop online, communicate with friends and family, and run their businesses.
Encryption is a bedrock of global commerce, and it has helped enhance individual privacy immeasurably. It is also integral to our cybersecurity efforts — protecting individuals, U.S. businesses, intellectual property and our nation’s critical infrastructure.
As a result, digital innovations present us with a paradox. We are no longer simply weighing the costs and benefits of “privacy vs. security” but rather “security vs. security.”
Some have proposed mandating “backdoors” into encrypted platforms so that such messages can be accessed by law enforcement with a lawful warrant. Yet such a law could weaken Internet privacy for everyone and could have the unintended consequence of making our information systems more vulnerable to attack.
Moreover, in our globalized world, a U.S.-only solution would likely have only a limited impact and could encourage offenders to simply use technology developed overseas instead. But at the same time, doing nothing puts American lives at risk and makes it easier for terrorists and criminals to escape justice.
Solving this problem requires establishing a dialogue that takes fuller account of technological limitations, investigative tools and legal needs.
That is why we are proposing a national commission on security and technology challenges in the digital age.
We cannot wait for the next attack before we outline our options, nor should we legislate out of fear. Instead, Congress must be proactive and should officially convene a body of experts representing all of the interests at stake so we can evaluate and improve America’s security posture as technology — and our adversaries — evolve.
Leaders here in Washington have failed to do this, and the relevant parties have not been brought together in an open, transparent manner. As a result, Americans have heard a lot of bluster and not enough substance. Complex issues have been reduced to simple talking points and vague demands.
We want that to change, which is why we are seeking the brightest minds from the technology sector, the legal world, computer science and cryptography, academia, civil liberties and privacy advocates, law enforcement and intelligence to collaboratively explore the intersection of technology and security.
This would not be a group of politicians debating one another. We believe the individuals most capable of finding creative ways to protect our security — both public and private — are the stakeholders themselves.
Nor would the commission be like other blue-ribbon panels, quickly established but soon forgotten. Rather, it would be charged with generating much-needed data and developing a range of actionable recommendations that can protect privacy and public safety.
The threats we face are very real. As we saw in Garland, Tex. , in May, the first sign of a hatched plot might be an Internet hashtag, tweeted mere minutes before an attack. In that case, the attacker allegedly was in touch with an overseas terrorist while he was plotting, but authorities have been unable to access the secure messages they exchanged.
We must find more ways to stop terrorist attacks during the planning phase — not while they are underway. And as we work together on these vital challenges, we must never lose sight of our Constitution and America’s core democratic values.
Article originally appeared in the Washington Post, here.