icon caret Arrow Down Arrow Left Arrow Right Arrow Up Line Camera icon set icon set Ellipsis icon set Facebook Favorite Globe Hamburger List Mail Map Marker Map Microphone Minus PDF Play Print RSS Search Share Trash Crisiswatch Alerts and Trends Box - 1080/761 Copy Twitter Video Camera  copyview Whatsapp Youtube
The Cybersecurity Paradox
The Cybersecurity Paradox
The Insurrection in Mozambique’s Cabo Delgado
The Insurrection in Mozambique’s Cabo Delgado
Decentralised, networked self-defence may well shape the future of national security. FLICKR/Yuri Samoilov
Commentary / Global

The Cybersecurity Paradox

There is a paradox in the quest for cybersecurity which lies at the heart of the polemics around whether or not Apple should help the U.S. Federal Bureau of Investigation (FBI) break the encryption on an iPhone used by the pro-Islamic State killers in San Bernardino.

The unexpected truth is that the world is made a safer place by allowing public access to full encryption technology and sharing responsibility for action. When it comes to encryption, it is wrong to give into fears of terrorism and to take refuge in misguided illusions of total top-down control.

Violent extremists have already understood more quickly than most states the implications of a networked world. They know that a terrorist attack in Paris or Istanbul immediately reverberates worldwide, and the so-called Islamic State (IS) makes astute use of gruesome videos to terrify as well as to recruit. The number of victims matters less than the number of “impressions”, as Twitter users would say.

States are relatively comfortable fighting for territory, whether it is to destroy the territory of the enemy – bombing IS in Syria and Iraq – or defending their own. But how does one win in the digital space?

As the FBI’s demands on Apple to help them investigate the San Bernardino shooters have shown, security officials are unsurprisingly trying to maximise the comparative advantages provided by state resources and authority. Many have the capacity to access countless sources of data, to process them with ever increasing computing power and eventually to find the terrorist needle in the haystack of law-abiding citizens. They are also keen to retain the capacity to access all digital communications through back doors, so that encryption does not protect criminal enterprises.

Human rights concerns have so far had limited impact on this trend. In the U.S. and Europe, infringements on rights are seen as a lesser evil than the alternative of more terrorist attacks, especially when one considers their potential political consequences: authoritarian populists who would go much further in the destruction of civil liberties.

But centralising state national security may not work. Behind closed doors, a growing number of professionals question the effectiveness of systematic reliance on data-mining, noting that too many false alerts mean that security services are spread thin. Most of the terrorists involved in the recent Paris attacks were not unknown to the police, but the thousands of people who are now listed in databanks could only be effectively monitored by tens of thousands of intelligence operatives.

Excessive reliance on signal intelligence generates too much noise. It may be more effective to focus on targeted electronic surveillance and focused human intelligence. The critical ingredient of volunteered help is also more likely if genuinely inclusive policies can win over allies among disadvantaged communities and countries.

The received wisdom that state surveillance requires back doors to encryption programs was being questioned well before Apple took its stand. If there are secret keys for the authorities to access data, it is wishful thinking to believe that criminals won’t find them too. In fact, making unbreakable encryption widely available might strengthen overall security, not weaken it. Violent extremists and criminals will have the benefit of secure communications, but so will many more millions of citizens and systems threatened by their hacking.

In cyberspace, attack is cheaper than defence: criminals engaged in fraudulent schemes are already exploiting that asymmetry. Perhaps already, and certainly tomorrow, it will be terrorist organisations – and legal states – which will exploit it with lethal effectiveness. Critical infrastructures, transport, and industry have become increasingly dependent on digital processes. Encryption, while it can have an offensive use, may become the ultimate defensive weapon that will help limit the imbalance between offence and defence in cyber-warfare.

This idea of decentralised defence allows individuals and corporations to become providers of security as they strengthen their firewalls and create a resilient society.

It points to a broader trend for nation states too. National security structures are not going to become redundant, but in a world that is both asymmetric and networked, the centralised organisation of power may not be the most effective organising principle. A nation state’s remit is not broad enough to effectively confront global threats; but at the same time, the concentration of power that it embodies provides an attractive target for weak but nimble enemies.

One way to fight asymmetric wars is to deprive the enemy of a strategic target by distributing power rather than concentrating it, copying the way terrorists make themselves elusive targets for states. Unarmed civilians will continue to provide easy soft targets for terrorists, but attacks against them will have less strategic impact, and therefore be less attractive, if power is more dispersed.

Distribution of security measures among a multiplicity of actors – neighbourhoods, cities, private stakeholders – will make society more resilient. And over time, smaller but well-connected communities may be more effective at preventing and identifying terrorist threats among their members. Decentralised, networked self-defence may well shape the future of national security.

Podcast / Africa

The Insurrection in Mozambique’s Cabo Delgado

This week on Hold Your Fire!, Richard Atwood and guest co-host Comfort Ero talk to Crisis Group’s Deputy Africa Director Dino Mahtani about the violence in Mozambique’s northern Cabo Delgado region, Maputo’s response and prospects for a regional intervention.

This week on Hold Your Fire!, Richard Atwood and guest co-host Comfort Ero, our Interim Vice President and Africa Program Director, talk to Crisis Group’s Deputy Africa Director Dino Mahtani about the insurrection unfolding in Mozambique’s Cabo Delgado region. The militants - known locally as al-Shabab, and now labelled by the U.S. as a branch of the Islamic State - have been terrorising the population for years now without clearly stating their demands. Dino talks about who they really are and what their interests might be. He also discusses the Southern African Development Community (SADC) meeting in Maputo coming up in two weeks’ time, when the bloc plans to lobby for the deployment of a regional force, amid growing fears that the conflict could spread beyond the borders of Mozambique. Dino unpacks the government’s response to al-Shabab, its turn to Rwanda for military support as it attempts to diversify its security partners, and what the next steps should be.

Click here to listen on Apple Podcasts or Spotify.


Interim President
Interim Vice President & Program Director, Africa
Deputy Director, Africa Program