J.D. Candidate, Columbia Law School, 2017
Three days prior to the Paris attacks, Belgium’s Deputy Prime Minister Jan Jambon warned of the growing use of gaming consoles by terror networks at a debate organized by POLITICO. “[T]he most difficult communication between these terrorists is via PlayStation 4 (PS4),” he stated, adding that, the communications through the gaming console’s network are “even more difficult to monitor than WhatsApp” and other networks. Mr. Jambon was likely referring to the PS4 Network’s (PSN) Party Chat feature, which creates a medium for gamers to exchange text messages and voice communications in individual or group chats. The feature can be accessed via an IOS and Android app, adding to the ease of access.
Although the PSN is not a technically more complicated platform to monitor, its breadth may make it more difficult to monitor. It also offers creative ways of avoiding text-filtering, for example, by making symbols or patterns with a character in an actual live game. Additionally, it adds to the difficulty of monitoring different media platforms, particularly those that are encrypted (For example, mobile messenger platforms like WhatsApp, Snapchat, and Apple iMessage). Encryption makes it more difficult for European authorities to eavesdrop on online communication. As a result, encrypted smartphones, messaging, and social media platforms open up more avenues for terrorist groups to communicate undetected.
Since the Paris attacks, there have been a number of terror threats made in Europe, with Mr. Jambon’s own Brussels under highest terror alert on November 22, highlighting the need for authorities to detect communications by potential attackers. Terrorist groups develop and use encryption and other techniques—such as steganography and “dead dropping”—as a planning and operational tool.
One response, posited by British Prime Minister David Cameron in the wake of the Charlie Hebdo attack, is to outlaw “strong encryption,” used by tech companies including Apple and WhatsApp, that lacks a “backdoor,” or secret messages written into encryption software, for law enforcement authorities to access. Even ignoring technical considerations, implementation of a blanket ban on strong encryption would be unwise.
First, a forced opening of backdoors by the British government could be dangerous as a practical matter. While backdoors provide law enforcement authorities with a useful tool to detect and capture criminals, the same vulnerabilities can be found and used by criminals and state-sponsored enemies.
Second, some products and apps that utilize secure encrypted connections would not or cannot decrypt. For example, credit-card details are generally sent through encrypted connections. Pretty Good Privacy is an encryption service used by journalists, activists, and dissidents, and a ban on strong encryption would challenge the ability of British journalists to communicate with sources. Apple itself lacks the capability to decrypt the current version of its mobile operating system, iOS, and access user data. WhatsApp, similarly, provides its users with “end-to-end” (E2E) encryption of its messages that even the company cannot decrypt.
Third, such a policy would have a limited effect on terror networks, which have likely developed their own proprietary encryption applications and other crypto tools, as discussed briefly above. These groups are likely distrustful of Western-produced apps, many which may have a backdoor built in that the public is unaware of, and may favor platforms sufficiently routine-looking so as to avoid law enforcement’s interest. Within days of the Paris attacks, ISIS encouraged followers to download Telegram, which creates an option for users to have messages self-destruct after a set period of time.
In light of these new challenges, European law enforcement must constantly adjust and adapt to cut off terrorist group’s operational and recruitment communications. Mr. Cameron is one of a number of European leaders advocating a total ban on strong encryption. However, such a ban would jeopardize individual privacy but provide limited security benefits. A less extreme alternative could focus on better coordination between countries and sharing information on potential terror suspects.