A terrorist deplanes in New York, walking from the jetway to baggage claim and U.S. Customs. Halfway to the baggage carousel, his iPhone vibrates. He checks it, reading the iMessage text that lists locations in Cleveland where he intends to position a number of car bombs near schools and businesses. He has no concerns about the FBI or NSA intercepting the message because he knows Apple designed its operating system to encrypt all iMessages — indeed, all important data — in a way that even the company cannot decrypt.
Before approaching customs, the terrorist powers off the iPhone. As he passes through U.S. customs, he is detained because his passport shows recent travel through Syria, much of which is occupied by the Islamic State, a brutal terrorist organization that even al-Qaida has shunned.
Customs agents search his belongings, but when they get to his phone, they are stymied when the man refuses to unlock it or provide his passcode. Copying the phone's memory is not a viable option; breaking the phone's encryption will take years of computer time. After several hours of delay, U.S. Customs releases him; they have no solid evidence to hold him or deny him entry to the country.
After the Snowden leaks, the need for encrypted data became starkly clear for technology companies seeking to preserve their customer confidence and market share. Encryption is the best protection for medical records, financial transactions and personal communications.
However, encryption can also be used to hide negative activity. Criminals want strong encryption to hide their human trafficking and narcotics smuggling efforts, money laundering and other criminal enterprises. Nation state adversaries and terrorists want strong encryption to thwart intelligence agencies. Recent news stories in the New York Times and Washington Times have covered the Islamic State's use of the Snowden leaks to improve its communications security with encryption to thwart coalition and U.S. intelligence efforts.
That's why law enforcement and intelligence agencies must be able to crack the codes when necessary. Finding the balance between privacy and legitimate national security goals is far from an all or nothing solution as advocates from both sides posit, and it requires legislative action.
The Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications carriers to cooperate in the interception of communications for law enforcement and other purposes by making their equipment amenable to the needs of law enforcement under a court order. Encrypting everything to the point where government, backed by a court order, can't get the manufacturer/seller of a smartphone or tablet to aid in its decryption — as the information technology purists and citizens concerned about government overreach desire — is not the solution. Such actions passively enable criminals, adversary nations and terrorists.
Nor can the solution be weakening encryption in ways that bad actors may discover, or providing government agencies access to encrypted data stored by telecommunications providers unchecked by court and congressional oversight.
The best solution is legislation that mandates encryption usage with telecommunications provider assisted decryption processes, prudent transparency reporting and corporate liability limitations, all operating under court supervision to address both the need for privacy and government's legitimate need to monitor very real criminal activity and threats to our national security.
If we choose instead blanket encryption with no possibility of government access, we also elect to accept responsibility for the consequences of successful criminal endeavors and acts of domestic and international terrorism.
Tom Wither is an intelligence professional with more than 25 years of experience, and the author of two military/intelligence thrillers: "The Inheritor" (Turner Publishing, June 2014) and "Autumn Fire" (Turner Publishing, September 2014). His email is firstname.lastname@example.org.