Encryption technology has just become a political battleground. It should have been obvious that, like powerful weapons, it can be used to do bad as well as good.
Here is the stark reality of this technology. One of the two radical Islamic terrorists in the Garland, Texas incident, who attempted to massacre participants at a “Draw Mohammed Contest” (and who were not known terrorists then) communicated with another, known terrorist using encrypted messages. As part of its criminal investigation after the fact, the FBI wanted to read those messages. A federal judge allowed the FBI to retrieve these messages, but because of encryption, such order by the judge was meaningless. The FBI could not read the encrypted messages. Even the NSA, with all their computing capability, could not read the messages. Neither could the company that built the phone used by the terrorists. In fact, not even the programmer or chip designer himself, who built the encryption program or chip, can read the messages. NO ONE could read the messages except the two terrorists who exchanged the encrypted messages.
Why? Because modern encryption is designed to be so: unintelligible except to individuals who have the decoding key. That key, that password, if kept secret and known only to you, grants you enough power that not even the most powerful country in the world can take from you. May be in the future we can invent a computer powerful enough to crack your password, but for now it’s practically impossible.
The downside is that this thing, this encryption technology that grants you such power, is also available to terrorists.
The only chance that the FBI can read encrypted messages exchanged among terrorists is to somehow obtain the password or key used to encrypt such messages. People often make the mistake of writing passwords somewhere, may be in a note app, because difficult passwords (by definition) are difficult to remember. Terrorists can make this mistake also. If I were an FBI agent given the task of deciphering the messages, the first thing I am going to do is look for any password in the notes files stored in the smart phones used to encrypt and transmit the messages. May be such password was not used directly to encrypt the messages; it could be a shorter password used to the encrypt or hide a longer key or password, but the point is that any password found in the notes files or other kinds of files written by any terrorist should be useful.
We are all scared because what happened in San Bernardino is just too close to home. Politicians are fooling us by implying that the government can “work with” technology companies to prevent terrorists from encrypting their messages. The are implying that this technology, which you and I use whenever we sign-in to our bank accounts using the internet, can be kept away from terrorists. Here is the bad news: the Apples and Microsofts and Facebooks of the world cannot do it. How can they determine who, among their billions of users, are terrorists? Even the government cannot determine beforehand who the bad guys are, how can we expect high tech companies to be able to do it? There is nothing in a terrorist’s account that would indicate that he is a terrorist, unless it’s a Facebook account and he announces his intentions or allegiance to ISIS.
When modern encryption technology was just being standardized, there were certain camps who wanted to add a second decoding key to any encrypted message, kind of a “god key”. So called because whoever has this key can decipher any message. In practice, of course, each encrypted message can have a unique god key. Before internal use, such key can be produced by the encrypting machine itself (in addition to the user key), according to some algorithm, and the idea was to give the capability only to the authorities to know this algorithm. The idea eventually did not win out because it introduced more problems than it solved. Chief among these problems was the question: what if the algorithm was leaked? Then the whole encryption scheme would be “open” and useless.
The public needs to understand that modern encryption standards are designed to be almost impossible to decipher by anybody except the individual who encrypts and sends a message, or by the intended recipient who can read such message (using their respective passwords). Encryption is a powerful weapon; and, just like any other weapon, it is available to both ordinary citizens and terrorists alike. Powerful weapons in the hands of bad guys make it very difficult to fight them, and there’s no magic bullet that can keep these away from the hands of terrorists. We just have to fight more intelligently because these days, what appears to be asymmetric warfare may not be so.