In the wake of the Charlie Hebdo attacks in France, the UK government has announced plans to increase monitoring and limitation of free speech on the web. Cameron’s comments on 12th January have been widely decried in the technology industry as “knee-jerk” reactions to situations in which the ‘ability to monitor private conversations’ is neither the problem nor the solution.
How does monitoring free speech on the web prevent terrorist attacks?
Incidents of serious public disorder in the 21st century often implicate web-based services as key organisational tools. In 2011, riots across London were allegedly organised over the encrypted messaging service Blackberry Messenger. The Metropolitan Police were unable to gain access to the service because it is Triple DES encrypted and sent over cellular networks instead of via the public internet. The press were quick to suggest that if the Police had been given “backdoor” access to these systems, riots and looting could have been prevented. These calls to break into security features resulted in updates to RIPA, the UK legislation that allows encrypted communications to be intercepted by security services on demand. Islamic terrorist groups have been bold in their use of web-based services – many of their communications use popular public platforms like youtube and twitter to garner large audiences. In addition, the dark web is both a forum for sharing information and successfully hiding plans and transactions. The legislation proposed by Cameron’s government in response to terrorist attacks includes measures to filter access to “extremist content” on the web from UK ISPs and IP addresses. Monitoring public forums is a simple if time-consuming exercise compared to attempting to control activity on the dark web. To suggest banning services because they are time-consuming to monitor is a dangerous path indeed. Governments have been calling for greater ability to see and control communications on the web since the early 2000s. The reasons why this is a bad idea have not changed.
Why banning encrypted messaging isn’t the answer
Immediately after events like the murders at Charlie Hebdo, it is clear that reactions need to aim to prevent similar attacks. Increasing national security threat levels and making the response visible to the man on the street are key in regaining or improving trust amongst the population. Monitoring or limiting the way terrorists communicate with each other is a powerful way of intercepting planned attacks, but banning encryption does not achieve this.
What does encryption do?
Encryption allows data to be communicated across the internet without being read. Simple security features like passwords are encrypted to allow us to perform tasks that could otherwise not be securely done online. More complex encryption is used to store and transmit data. To suggest banning them misunderstands the basics of how the internet functions and does nothing to protect us against terrorism. In fact, it is the very aim of terrorists to force us to change the way we behave in response to their demands.
Technology takes the blame
Politicians are at pains to ensure that they are seen to respond but run the risk of creating the wrong focus, or in the view of some, are using a tragedy to push through legislation with ulterior motives. The over-simplified rhetoric that conflates the way terrorists use the web with the processes necessary to keep the web secure is a misuse of facts in trying to garner support for changes to the laws governing the web. Language like Cameron’s, promising to “ensure there would be …“ no no-go areas” on the net where terrorists can hide” does exactly that. The rhetoric is correct, we certainly want to be better able to monitor forums terrorists use, but this is not a reason to ban encryption, nor limit the freedom to publish content on the web. Technology tends to suffer from panic reactions and fear-mongering because the necessary complexity of the systems and processes that allow us to use the internet to improve our personal and professional lives is obscure to the average member of the public, or even the average politician. Those terrorists might communicate in forums that the security services cannot intercept is an understandably frightening concept. However, it is exactly those systems that allow you to communicate with your bank or wife without prying eyes. The internet as we use it today could not function without encryption and to “ban” it is both a misunderstanding of the problem and the appropriate response.
The human-computer interface
The work of a UX Designer involves creating a well-designed solution that allows humans and computers to interact (HCI). The fault of a poorly designed solution sits with the designer, not the solution itself. Blaming encryption for acts of terror is blaming the solution for being poorly designed. People commit acts of terror, not technological systems.
We cannot overcome terrorism by trying to design our way out of the misuse of technology. The human element in the HCI is the key: we need to work on the reasons the humans want to commit terrorist acts, not their use of technology to facilitate them.