The attacks in Paris in November 2015 have left their mark: Not just the families of the victims and the survivors but the entire world is asking themselves how to counter extremism and terrorism linked to it. At the same time, people are investigating the causes: How were the attacks planned and executed? Could they have been stopped? If so, why weren’t they?

These questions are important, and their careful investigation is even more so. Despite this, it only took very few hours until for politicians and other lobbyists to cry for more surveillance. They made encrypted communications channels the main culprit for the fact that the planning went undetected and the attacks could be carried out without being stopped and blood was shed. Experts decided that encrypted messaging systems are to blame for the undetected planning before the communication used by the terrorists had been analyzed.

After Edward Snowden’s leaks and their immediate consequences, CIA director John Brennan recently complained about the back-and-forth that makes secret services’ work dealing with this difficult. ArsTechnica reports of an article that the New York Times pulled that assumed that organizations with terroristic backgrounds used intelligence gathered from Snowden’s leaks to improve their own security.

It’s debatable if and how accurate this information is. After the hunt for Osama Bin Laden by the US government it was discovered that the leader of Al-Qaida had only used couriers before his death at the hands of SEAL Team Six and didn’t use any computers connected to the internet. The approximately 100 USB flash drives that investigators discovered offered valuable insight into the communications between Bin Laden and his contacts that were spread out over the entire globe. It is naïve to think that other organizations such as the Islamic State of Iraq and the Levant (ISIL) – who are known for their tech savvy – have not been aware of the fact that e-mails and phone calls can be eavesdropped on or intercepted before Snowden’s leaks.

This stands in contrast to the public who has not been aware of the technological extent of the NSA surveillance. While hardly anyone objects to the targeted surveillance of potential terrorists, the broad surveillance of entire peoples is reason for discussion.

Phrases like «I have nothing to hide», often coupled with «if it helps to stop events such as the ones in Paris» are heard often. And in this specific context, the mind-set is understandable. But questioning the effective use of a broad surveillance and puts it in context of risks of abuse, that’s when the situations gets complicated.

In an article on The Intercept by Jenna McLaughlin the journalist quotes an internal unclassified document of the Department of Homeland Security that details the arrests of 64 persons linked to ISIL. There is not a single instance where evidence exists that as much as indicates that the extensive surveillance by the NSA has contributed to their arrest. The arrested were discovered by classic means such as border control or by search warrants legitimized by regular points of suspicion. This information match the basic statement made by earlier data that were compiled and discussed in journalist and author Glenn Greenwald’s book No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Greenwald’s data also indicates that all terror strikes that were stopped before they could happen were stopped after traditional means of investigation yielded results.

The condition «if events like the ones in Paris can be stopped from happening» is only given in a very limited capacity. The only thing remaining is the classic argument of «I have nothing to hide». While this statement might be true in context of the speaker, it is highly dependent on context. Cardinal Richelieu, a French aristocrat, statesman and clergyman (1585 – 1642) is often cited as follows:

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

It is not the question if someone has something to hide. It is, in fact, irrelevant. It is the right to not have to divulge something publicly that needs to be protected. Those who demand that nobody is to have a right to secrets opens doors for the discrimination of minorities and the pursuit of unpleasant political or cultural people by not just the state but also potentially by other organizations who could gain access to the incriminating data by corrupt officials or other data leaks.

The question remains, which choice a modern society should make in this regard: Security or Privacy. Or as cryptographer Bruce Schneier puts it: Control or Freedom.

Our demand for security is at an all-time high after the attacks in recent months. But is it worth sacrificing our privacy taking into account the questionable effectiveness of mass surveillance? This discussion will have to be had. But not in the aftermath of fear and insecurity but matter-of-factly and with a clear goal in mind. Because while the threat by extremists such as ISIL will most likely pass, this decision will be with us for good.

Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety. (Benjamin Franklin)

About the Author

Stefan Friedli is a well-known face among the Infosec Community. As a speaker at international conferences, co-founder of the Penetration Testing Execution Standard (PTES) as well as a board member of the Swiss DEFCON groups chapters, he still contributes to push the community and the industry forward.

Links

• http://arstechnica.com/information-technology/2015/11/isis-encrypted-communications-with-paris-attackers-french-officials-say/
• http://www.amazon.com/No-Place-Hide-Snowden-Surveillance/dp/1250062586/
• https://csis.org/files/attachments/151116_GSF_OpeningSession.pdf
• https://en.wikipedia.org/wiki/Edward_Snowden
• https://en.wikipedia.org/wiki/November_2015_Paris_attacks
• https://en.wikipedia.org/wiki/SEAL_Team_Six
• https://nytimes.com
• https://theintercept.com/2015/11/17/u-s-mass-surveillance-has-no-record-of-thwarting-large-terror-attacks-regardless-of-snowden-leaks/
• https://www.documentcloud.org/documents/2515184-isil-related-arrests-in-homeland-from-jan2014.html#document/p1
• https://www.schneier.com