Beyond the collection of data, a related problem is encryption, which allows people to communicate so securely that even spy services such as the NSA cannot crack messages by brute force. The director of America’s FBI, James Comey, notes that the jihadists of Islamic State use encryption to communicate with new recruits, “going dark”, as he puts it. John Brennan, director of the CIA, says new capabilities make it “exceptionally difficult both technically as well as legally” to intercept terrorists’ communications. The Manhattan district attorney, Cyrus Vance, says “encryption blocks justice”: he cites 111 criminal cases in which his office had been unable to tap encrypted phones. A few days before the Paris attacks Jan Jambon, the Belgian interior minister, expressed concern that terrorists were communicating through internet-linked gaming consoles, saying: “PlayStation 4 is even more difficult to keep track of than WhatsApp.”
Law-enforcement officials worry about any kind of “no go” zones where their search warrants cannot reach. Just as child-abusers, gangsters and money-launderers can be hunted always and everywhere in the real world, the same should apply to cyberspace, they argue. Western spymasters, long used to having the upper hand because of their colossal abilities to collect, sift and crunch the data flowing across the internet, note with dismay that there are now some areas where an individual with a cheap computer may have the advantage: it is easy to scramble messages, and can be fiendishly hard to unscramble them without the encryption keys.
Security hawks want to counter the spread of encryption with four powers. First (in rising order of controversy), technology firms should be obliged to store messages that their clients send across their networks and from their devices, meaning that the government code-crackers at least have the raw material they need to work on. Second, companies should be required to crack any code they sell, when presented with a warrant. Third, they should be banned from selling computer programs (or apps, in the case of smartphones) which encrypt messages in a way that the provider of the service cannot break. And fourth, companies that sell encryption programs should build in deliberate weaknesses so that police (or spooks) can break the codes themselves.
The trouble with such proposals is that encryption is already widespread. Some law-abiding citizens and malefactors will switch to providers in countries that are not subject to tighter rules on encryption, or devise their own systems. Protonmail, for example, is a provider of heavily encrypted e-mail based in Switzerland, where it is protected by that country’s strong privacy laws. But even if foreign law-enforcement officials or intelligence agencies surmounted that obstacle, they would encounter another. Protonmail by design does not store its users’ messages on its servers, or hold copies of their encryption keys. Even the most ferocious government intervention cannot force firms to hand over things they do not have, or betray secrets they do not know.