People are freaking out about terrorists using a popular secure messaging app - here's why it's not a big deal
AP
The militant Islamist organisation has been using a new feature in the app - the ability to make public "channels," akin to a Facebook page - to spread its message to more than 4,500 subscribers (and counting). The Yemeni branch of Al-Qaeda also apparently has a Telegram channel, as do some other terrorist organisations.
ISIS' shift comes after it has been largely forced off other social networks like Twitter. Of course, there's no reason why something similar can't happen to its public broadcasts on Telegram - as the BBC notes, the app "suggests it will take down illegal material that is made publicly available via the app," and that surely includes militant propaganda.
But there have been multiple reports in the past that Telegram - along with other secure messaging apps - have been frequently utilised by terrorists looking to evade detection by authorities. Telegram CEO Pavel Durov conceded as much last month.
Here's why that's not a big deal.
This is the new reality
REUTERS/Kevin Lamarque
Strong encryption has been increasingly incorporated into tech products after Edward Snowden's revelations about NSA surveillance provoked global privacy concerns, but the tech existed long before that.
Many authorities are concerned about the rise in encryption products. It means evidence law enforcement previously had access to is "going dark," and it can be used by terrorists, paedophiles, and other nefarious individuals to hide their communications. It's precisely this appeal that will have drawn groups like Islamic State to Telegram.
It's worth noting here that Telegram has been criticised by some cryptography experts, who have concerns about its technical implementation. One professor described it as "like someone had never seen cake but heard it described [and] tried to bake one. With thumbtacks and iron filings." But regardless of Telegram's ultimate security - the point about strong encryption products in general.
So should we be panicking?
The use of encryption products by bad actors is well-documented. But this is inescapable. Because it's not just used by criminals: Strong encryption underpins modern finance, secures our data, supports government communications. We couldn't function without it. And it's impossible to tell which uses are "legitimate" and which uses facilitate illegal activity because it's all, well, encrypted.
REUTERS/Kevin Lamarque
Michael Hayden, the former director of the NSA, disagrees with the FBI's current push to undermine encryption. After early efforts in the 1990s to regulate encryption failed, "we were still able to do a whole bunch of other things [to get the info needed]," Hayden said at a panel on Tuesday attended by Motherboard. " Some of the other things were metadata, and bulk collection and so on."
Encryption is a tool, like any other.
Flickr/pedrokwezi
In fact, a recent incident involving master keys helped demonstrate one of the key dangers of allowing back-door government access or having third-parties hold keys in escrow. The American transport agency TSA has a set of master keys for "approved" locks. Travellers don't have to use these locks, but the TSA prefers it - the logic being they can gain easy access to the luggage when required, without compromising the security of the passenger.
Except, it turns out these master keys have compromised passenger security - a lot. The Washington Post inadvertently published a photo of the set of master keys. From this photo, a security researcher was able to build a set of key designs for a 3D printer, which, when printed, were able to open the corresponding locks. So now the belongings of anyone who secures their luggage with a TSA-approved lock have been put at risk.
GitHub
This brings us back to Telegram, and encryption products in general. It's an alluring idea that we should require government access. But it would be impossible to enforce, software developers outside of Western jurisdictions would totally disregard it, and it would put ordinary people's data at risk.
Yes, terrorists use encryption, and will continue to do so. But this is our new reality. As security researcher the Grugq puts it: "If your secure communications platform isn't being used by terrorists and pedophiles, you're probably doing it wrong."
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- A centenarian who starts her day with gentle exercise and loves walks shares 5 longevity tips, including staying single
- 2 states where home prices are falling because there are too many houses and not enough buyers
- "To sit and talk in the box...!" Kohli's message to critics as RCB wrecks GT in IPL Match 45
- 7 Nutritious and flavourful tiffin ideas to pack for school
- India's e-commerce market set to skyrocket as the country's digital economy surges to USD 1 Trillion by 2030
- Top 5 places to visit near Rishikesh
- Indian economy remains in bright spot: Ministry of Finance