icon caret Arrow Down Arrow Left Arrow Right Arrow Up Line Camera icon set icon set Ellipsis icon set Facebook Favorite Globe Hamburger List Mail Map Marker Map Microphone Minus PDF Play Print RSS Search Share Trash Crisiswatch Alerts and Trends Box - 1080/761 Copy Twitter Video Camera  copyview Whatsapp Youtube
The Cybersecurity Paradox
The Cybersecurity Paradox
Could Talking to Mali's Jihadists Bring Peace?
Could Talking to Mali's Jihadists Bring Peace?
Decentralised, networked self-defence may well shape the future of national security. FLICKR/Yuri Samoilov
Commentary / Global

The Cybersecurity Paradox

There is a paradox in the quest for cybersecurity which lies at the heart of the polemics around whether or not Apple should help the U.S. Federal Bureau of Investigation (FBI) break the encryption on an iPhone used by the pro-Islamic State killers in San Bernardino.

The unexpected truth is that the world is made a safer place by allowing public access to full encryption technology and sharing responsibility for action. When it comes to encryption, it is wrong to give into fears of terrorism and to take refuge in misguided illusions of total top-down control.

Violent extremists have already understood more quickly than most states the implications of a networked world. They know that a terrorist attack in Paris or Istanbul immediately reverberates worldwide, and the so-called Islamic State (IS) makes astute use of gruesome videos to terrify as well as to recruit. The number of victims matters less than the number of “impressions”, as Twitter users would say.

States are relatively comfortable fighting for territory, whether it is to destroy the territory of the enemy – bombing IS in Syria and Iraq – or defending their own. But how does one win in the digital space?

As the FBI’s demands on Apple to help them investigate the San Bernardino shooters have shown, security officials are unsurprisingly trying to maximise the comparative advantages provided by state resources and authority. Many have the capacity to access countless sources of data, to process them with ever increasing computing power and eventually to find the terrorist needle in the haystack of law-abiding citizens. They are also keen to retain the capacity to access all digital communications through back doors, so that encryption does not protect criminal enterprises.

Human rights concerns have so far had limited impact on this trend. In the U.S. and Europe, infringements on rights are seen as a lesser evil than the alternative of more terrorist attacks, especially when one considers their potential political consequences: authoritarian populists who would go much further in the destruction of civil liberties.

But centralising state national security may not work. Behind closed doors, a growing number of professionals question the effectiveness of systematic reliance on data-mining, noting that too many false alerts mean that security services are spread thin. Most of the terrorists involved in the recent Paris attacks were not unknown to the police, but the thousands of people who are now listed in databanks could only be effectively monitored by tens of thousands of intelligence operatives.

Excessive reliance on signal intelligence generates too much noise. It may be more effective to focus on targeted electronic surveillance and focused human intelligence. The critical ingredient of volunteered help is also more likely if genuinely inclusive policies can win over allies among disadvantaged communities and countries.

The received wisdom that state surveillance requires back doors to encryption programs was being questioned well before Apple took its stand. If there are secret keys for the authorities to access data, it is wishful thinking to believe that criminals won’t find them too. In fact, making unbreakable encryption widely available might strengthen overall security, not weaken it. Violent extremists and criminals will have the benefit of secure communications, but so will many more millions of citizens and systems threatened by their hacking.

In cyberspace, attack is cheaper than defence: criminals engaged in fraudulent schemes are already exploiting that asymmetry. Perhaps already, and certainly tomorrow, it will be terrorist organisations – and legal states – which will exploit it with lethal effectiveness. Critical infrastructures, transport, and industry have become increasingly dependent on digital processes. Encryption, while it can have an offensive use, may become the ultimate defensive weapon that will help limit the imbalance between offence and defence in cyber-warfare.

This idea of decentralised defence allows individuals and corporations to become providers of security as they strengthen their firewalls and create a resilient society.

It points to a broader trend for nation states too. National security structures are not going to become redundant, but in a world that is both asymmetric and networked, the centralised organisation of power may not be the most effective organising principle. A nation state’s remit is not broad enough to effectively confront global threats; but at the same time, the concentration of power that it embodies provides an attractive target for weak but nimble enemies.

One way to fight asymmetric wars is to deprive the enemy of a strategic target by distributing power rather than concentrating it, copying the way terrorists make themselves elusive targets for states. Unarmed civilians will continue to provide easy soft targets for terrorists, but attacks against them will have less strategic impact, and therefore be less attractive, if power is more dispersed.

Distribution of security measures among a multiplicity of actors – neighbourhoods, cities, private stakeholders – will make society more resilient. And over time, smaller but well-connected communities may be more effective at preventing and identifying terrorist threats among their members. Decentralised, networked self-defence may well shape the future of national security.

Podcast / Africa

Could Talking to Mali's Jihadists Bring Peace?

In this episode of Hold Your Fire!, Richard Atwood and Naz Modirzadeh talk with Ibrahim Yahaya Ibrahim, Crisis Group’s Sahel expert, about whether it is time for a new strategy in Mali as the government and its allies struggle against jihadist insurgents. 

The war in the Sahel appears to have reached a stalemate. In Mali, fighting pits the Malian security forces, backed by regional militaries and French special forces and airpower, against an al-Qaeda-linked jihadist coalition, JNIM (the Group for the Support of Islam and Muslims). Since Mali’s crisis in 2012-2013, efforts to defeat jihadist militants have only seen their influence expand. Violence has spread across the Sahel at terrible human cost. Two successive coups in Bamako, Mali’s capital, have fuelled political instability. French officials appear exasperated by the lack of progress. Yet militants themselves are also under pressure, with several leaders killed over recent years. 

In this episode of Hold Your Fire! Richard Atwood and Naz Modirzadeh are joined by Ibrahim Yahaya Ibrahim, Crisis Group’s Sahel expert, to ask whether it is time for a new approach. They take stock of the insurgency’s current state, its aims and JNIM’s relationship with al-Qaeda. They discuss the future of the French presence and the consequences of the recent coups. They also speak at length about prospects for talks between the government and JNIM leaders, what such talks might entail and the challenges such a path would pose. 



Click here to listen on Apple Podcasts or Spotify.

For more information, explore Crisis Group’s analysis on our Sahel and Mali regional pages as well as our work on Jihad in Modern Conflict. Be sure to keep an eye out for Ibrahim’s upcoming report.

Contributors

Interim President
atwoodr
Naz Modirzadeh
Board Member and Harvard Professor of International Law and Armed Conflicts
Consulting Analyst, Sahel
IbrahimYahayaIb