The Cybersecurity Paradox
The Cybersecurity Paradox
What to Watch at the UN General Assembly, plus Ukraine’s Kharkiv Offensive and the Armenia-Azerbaijan Border Clashes
What to Watch at the UN General Assembly, plus Ukraine’s Kharkiv Offensive and the Armenia-Azerbaijan Border Clashes
FLICKR/Yuri Samoilov
Decentralised, networked self-defence may well shape the future of national security. FLICKR/Yuri Samoilov
Commentary / Global

The Cybersecurity Paradox

There is a paradox in the quest for cybersecurity which lies at the heart of the polemics around whether or not Apple should help the U.S. Federal Bureau of Investigation (FBI) break the encryption on an iPhone used by the pro-Islamic State killers in San Bernardino.

The unexpected truth is that the world is made a safer place by allowing public access to full encryption technology and sharing responsibility for action. When it comes to encryption, it is wrong to give into fears of terrorism and to take refuge in misguided illusions of total top-down control.

Violent extremists have already understood more quickly than most states the implications of a networked world. They know that a terrorist attack in Paris or Istanbul immediately reverberates worldwide, and the so-called Islamic State (IS) makes astute use of gruesome videos to terrify as well as to recruit. The number of victims matters less than the number of “impressions”, as Twitter users would say.

States are relatively comfortable fighting for territory, whether it is to destroy the territory of the enemy – bombing IS in Syria and Iraq – or defending their own. But how does one win in the digital space?

As the FBI’s demands on Apple to help them investigate the San Bernardino shooters have shown, security officials are unsurprisingly trying to maximise the comparative advantages provided by state resources and authority. Many have the capacity to access countless sources of data, to process them with ever increasing computing power and eventually to find the terrorist needle in the haystack of law-abiding citizens. They are also keen to retain the capacity to access all digital communications through back doors, so that encryption does not protect criminal enterprises.

Human rights concerns have so far had limited impact on this trend. In the U.S. and Europe, infringements on rights are seen as a lesser evil than the alternative of more terrorist attacks, especially when one considers their potential political consequences: authoritarian populists who would go much further in the destruction of civil liberties.

But centralising state national security may not work. Behind closed doors, a growing number of professionals question the effectiveness of systematic reliance on data-mining, noting that too many false alerts mean that security services are spread thin. Most of the terrorists involved in the recent Paris attacks were not unknown to the police, but the thousands of people who are now listed in databanks could only be effectively monitored by tens of thousands of intelligence operatives.

Excessive reliance on signal intelligence generates too much noise. It may be more effective to focus on targeted electronic surveillance and focused human intelligence. The critical ingredient of volunteered help is also more likely if genuinely inclusive policies can win over allies among disadvantaged communities and countries.

The received wisdom that state surveillance requires back doors to encryption programs was being questioned well before Apple took its stand. If there are secret keys for the authorities to access data, it is wishful thinking to believe that criminals won’t find them too. In fact, making unbreakable encryption widely available might strengthen overall security, not weaken it. Violent extremists and criminals will have the benefit of secure communications, but so will many more millions of citizens and systems threatened by their hacking.

In cyberspace, attack is cheaper than defence: criminals engaged in fraudulent schemes are already exploiting that asymmetry. Perhaps already, and certainly tomorrow, it will be terrorist organisations – and legal states – which will exploit it with lethal effectiveness. Critical infrastructures, transport, and industry have become increasingly dependent on digital processes. Encryption, while it can have an offensive use, may become the ultimate defensive weapon that will help limit the imbalance between offence and defence in cyber-warfare.

This idea of decentralised defence allows individuals and corporations to become providers of security as they strengthen their firewalls and create a resilient society.

It points to a broader trend for nation states too. National security structures are not going to become redundant, but in a world that is both asymmetric and networked, the centralised organisation of power may not be the most effective organising principle. A nation state’s remit is not broad enough to effectively confront global threats; but at the same time, the concentration of power that it embodies provides an attractive target for weak but nimble enemies.

One way to fight asymmetric wars is to deprive the enemy of a strategic target by distributing power rather than concentrating it, copying the way terrorists make themselves elusive targets for states. Unarmed civilians will continue to provide easy soft targets for terrorists, but attacks against them will have less strategic impact, and therefore be less attractive, if power is more dispersed.

Distribution of security measures among a multiplicity of actors – neighbourhoods, cities, private stakeholders – will make society more resilient. And over time, smaller but well-connected communities may be more effective at preventing and identifying terrorist threats among their members. Decentralised, networked self-defence may well shape the future of national security.

Podcast / Global

What to Watch at the UN General Assembly, plus Ukraine’s Kharkiv Offensive and the Armenia-Azerbaijan Border Clashes

This week on Hold Your Fire! Richard Atwood talks to Crisis Group’s UN Director Richard Gowan about the state of the UN as world leaders meet for General Assembly week, and also catches up with Europe and Central Asia Program Director Olga Oliker about the latest from Ukraine and violence on the Armenia-Azerbaijan border.

World leaders are gathering this week in New York for UN General Assembly week, in an event that looks set to be overshadowed by Russia’s war in Ukraine and skyrocketing food and fuel prices. In a two-part episode, Richard talks first to Crisis Group’s Europe and Central Asia Program Director Olga Oliker to get the latest on Russia’s war in Ukraine, particularly how Ukrainian forces recaptured large chunks of Russian-held territory in the Kharkiv region in a matter of days, and what their advance might mean for the war. They also catch up on the recent clashes between Armenia and Azerbaijan, and whether the fallout from the Ukraine war might have emboldened Baku.

Richard then talks to Crisis Group’s UN Director Richard Gowan about what we should be watching during UN General Assembly week. They talk about UN Security Council politics over Ukraine and how the world body, including the Secretary-General, has responded to the crisis more broadly. They also discuss other crises the UN is dealing with, from peacekeepers struggling in parts of Africa to UN envoys’ efforts in the Middle East and the UN’s role in Afghanistan. Lastly, they look at prospects for UN reform, what appetite there is on the UN Security Council, particularly among its permanent five members, for change and – more broadly – what we can expect of the world body in an era of fraught geopolitics and resurgent nationalism.

Click here to listen on Apple Podcasts or Spotify.

For more analysis ahead of the UN General Assembly’s 77th session, check out Crisis Group’s special briefing: Ten Challenges for the UN in 2022-2023.