Security experts, digital-privacy advocates, and tech companies have pushed back against Comey and other encryption-phobic officials, warning that carving out access to encrypted communication for law enforcement would compromise the security that underpins much of what happens on the Internet every day.
And for now, it’s not yet clear that the Paris attackers used encrypted messaging. A U.S. official told Reuters that the mode of communication the attackers used remains unknown.
More importantly, encryption is not just a tool for scheming and plotting. Strong encryption is essential to much of what the average Internet user does, whether it's texting on iMessage or WhatsApp, banking online, or shopping for a new pair of shoes. Without it, a hacker could more easily snag sensitive information in transit, like personal correspondence or bank information.
If encryption were weakened, in the way that a proposed law in the U.K. requires, it would keep online security out of the hands of ordinary tech users, while barely posing an obstacle to those who use it to guard dangerous secrets. Indeed, it's not clear that undermining strong encryption would do anything to prevent terrorism.
“Unfortunately, for an organization like ISIS that has pretty much gone to the extreme of everything that they've done, I don't think that just loosening encryption standards is going to thwart and bring them down,” said Jasper Graham, a former technical director at the National Security Agency.
Graham, now the chief technology officer at Darktrace, a cybersecurity company, says enforcing a law like the U.K. encryption proposal would be very difficult. “If you're going to break the law, the last thing you're worried about is getting a fine for encryption,” he said.
(Of course, Graham's online-security business has different interests than the intelligence community, which may explain his support for encryption, even after spending years at the NSA.)
But even without access to the contents of an electronic message, law enforcement is not without recourse. As targets exchange messages on a platform like WhatsApp, agents can still extract useful information about the people who are communicating.
This information about the communication, known as metadata, can paint a vivid picture of a social network, or tip agents off to a threat before it ripens. Metadata is the basic building block of one of the NSA's most powerful spying programs, revealed by Edward Snowden in 2013.
“It's up to our intelligence agencies to adapt, by focusing on what encryption can’t stop—like tracking who the bad guys are talking to, when, and where—and by focusing energy on breaking into their devices where the messages are decrypted, instead of breaking the security of everyone who uses the Internet,” says Ross Schulman, the senior policy counsel at New America's Open Technology Institute.