Ask HN: How to foil terrorist attacks if everything is encrypted? - 321yawaworht
======
mstolpm
Why do you think terrorists use (algorithmic) encryption in common
communication channels at all? There are so many ways to transport a hidden
message in plain sight that using encryption itself might give intelligence a
hint that terrorists would avoid. Embed the crucial information in videos,
photos or a text about your mothers cheese macaroni recipe. Or use a side
channel for communication, not mail or some messenger.

The idea of finding clever criminals by decryption their communications is
stupid by itself. And stupid criminals leave so many trails bragging about
their plans that you don't need decryption and back doors. Most european
terrorist attacks were done by criminals already known by intelligence, but
not monitored strongly (see Berlin). Monitoring all communications would lead
to an explosition of the number of suspects. It would not lead to more
security.

------
PaulHoule
I don't think monitoring communications is that effective at stopping
terrorist attacks.

For every terrorist there are tens of thousands of people who say something
hateful or advocate violence. There are no resources to track them all down.
Also note that many kinds of attacks require very little coordination.

I think the key is to use the intelligence you have effectively. I think of
how the Boston Bomber spent 6 months in Chechnya and the Russians gave us a
heads up about that and I think he deserved a little investigation since
hardly anybody every goes there and Chechnya is famous for having the world's
best terrorist training camps.

~~~
321yawaworht
You have to closely monitor the suspect once you've identified them to be a
credible threat.

How do you track their whereabouts and communication channels if everything is
encrypted?

~~~
manjana
"How do you track their whereabouts and communication channels if everything
is encrypted?"

You need to consider what is also unecrypted which may be used.

Given you have a username you can rather easily check whether that username is
registered on any other socialmedia-platform; a site like knowem.com lets you
search for a username across +500 socialmedia sites.

From there on you can start to interpolate information from usercontent as
well as usercontent-metadata.

I think you are the OP, so I will add this also: The security agency properly
have software toolsets which are used for hacking.. If you ain't familiar with
Vault7 you should definitely give it some reading:
[https://en.wikipedia.org/wiki/Vault_7](https://en.wikipedia.org/wiki/Vault_7)

Related to Vault7 there was also a lot of fuzz about 0-day threats which the
NSA had stockpiled, these 0-day's may be used for other things not related to
cyber-warfare, like e.g. monitoring potential terrorist activites..

Besides this you have whole pentesting-suites like Kali Linux and similars,
which may be used to exploit weaknesses on target-machines.

------
phillipseamore
I'm a lot more worried about digital terrorism than analogue. Analogue
terrorist attacks have limited scale and impact, but a digital terrorist
attack can have a country wide or even global impact. Secure and encrypted
communications are just as important to thwart digital terrorism as they are
to preserve an individuals privacy, security and rights.

------
onion2k
I imagine you'd do it in exactly the same way as when things aren't encrypted
- with good quality investigation, surveillance and informants.

~~~
321yawaworht
How do you monitor encrypted digital communication?

~~~
onion2k
Assume you can't.

