Shedding Light on "Going Dark"

What is encryption and why are those government officials saying it's so dangerous?

November 19, 2015

The reason academic librarians care so much about what we call information literacy is that we think it’s important for students to be in the habit of asking questions, prepared to seek information as they make their minds up, and to be critical about sources of information. This is a fairly fundamental prerequisite for being a free human being. In the past week, I’ve been struck by how much we all need these skills and dispositions, and how easily they fly out the window.

When we’re scared and upset by things like the terrorist attacks in Paris, we feel vulnerable and want solutions fast. These events also kick people with agendas into higher gear as they tell us how we ought to respond in ways that align with their interests. A majority of U.S. Governors and at least one mayor (who apparently thinks the internment of Japanese-Americans during World War II was prudent) have announced that they want their borders closed to Syrian refugees. They can’t literally do that – they don’t have legal authority over immigration – but it makes people feel good, because we’re all worried and upset and it feels good to take a stand, even though all of the terrorists who have been identified as of this writing were French or Belgian; an unidentified terrorist carrying a false Syrian passport may have traveled through Greece with asylum-seekers, though the fingerprint evidence is not yet clearly established.

That’s just one example of how so much of what passes for policy is based on incomplete information or on ignoring available information and going for what feels right at the moment. We’ve done this before. It’s an American tradition.

Likewise, government officials are using this terrible event to redouble their efforts to strengthen mass surveillance programs and undermine encryption, often using the ominous phrase “going dark.” This, in spite of the fact that authorities already had these terrorists on their radar and that mass surveillance hasn’t so far yielded much in the way of results. This in spite of the fact that the Paris terrorists appear to have used unencrypted communications as they carried out the attacks. Encryption had nothing to do with it.

Yet too often respected media organizations fail to do their homework. The New York Times reported that the Paris terrorists had used encryption, citing unnamed European sources, but it quietly removed the story without issuing a correction. (The original story is preserved by the Internet Archive.) The Times published a more nuanced article on the encryption the following day, though the headline and lede still suggested encryption was a friend to terrorists. On Wednesday night, I was surprised by how ready PBS’s NewsHour was to report on the FBI’s claims that encrypted communication technologies were aiding terrorists without much critical distance. In a Q&A following the story, Judy Woodruff seemed hard-put to ask informed questions or to challenge her guest experts because . . . well, it seemed as if she wasn’t entirely sure what encryption is and why it might be worth having.  

Kim Zetter at Wired has a good roundup of what encryption is about and why it doesn’t make sense to ban it or build in backdoors for law enforcement and the intelligence community. We use encryption every day. Google is so bullish on security, the presence of end-to-end encryption on a site is used as a ranking signal; unencrypted websites are now pushed lower in their search results. Soon Gmail users will be warned when an unencrypted message lands in their inbox. The webfolks on my campus won’t let images or widgets that come from unencrypted sites appear on a webpage that uses our campus template. Until our online catalog had a proper security certificate, a popup window warned people who wanted to look up a book that it was risky. Did they really trust this site?

There is good reason for all this caution. Without encryption, our systems and communications are more vulnerable to attack. Without encryption, people’s legitimate needs for privacy are sacrificed for a false sense of security. Without encryption, people who aren’t terrorists would be put at risk while those who are truly determined would probably not be terribly inconvenienced. We could pass laws in the US to break encryption, but it wouldn’t stop a coder in another country from developing encrypted communication systems. Backdoors for law enforcement aren’t safe, because all kinds of people can go through them. Besides, though officials insist they must have access to all of our communications, collecting it all hasn’t worked. The resources going into mass surveillance are resources we aren’t expending on following up on potential threats, and genuine threats get hidden in the blizzard of false positives.    

So I was frustrated that none of this everyday use of encryption seemed to be part of the NewsHour story. The thing is, whether you’re a journalist or merely a citizen trying to decide what to think, you have to know something about an issue to ask good questions. You have to do more than ask experts – you have to know enough to find experts, to challenge them, and to know what might be their blind spots or agendas. We need to somehow prepare our students for that responsibility, and give them practice with the skills and critical disposition it takes, even when an event is fresh in our minds and we’re feeling especially vulnerable.

If nothing else, as news is breaking too fast for journalists to avoid errors in the first draft of history and as rumors travel instantly through social media, it’s good to turn to On the Media’s very brief but sensible Breaking News Consumer Handbook. Common sense and a bit of healthy skepticism can help.


Back to Top