After Paris Attacks, Beware Rush to Weaken CryptoRational Debate Required, Says Europol Adviser Brian Honan
The Paris attacks have provoked security questions about whether European countries can - and should - be sharing better actionable intelligence on terrorism-related suspects. In addition, some officials in Europe and the United States have used the attacks to repeat their calls for strong cryptography and encrypted communications tools to be weakened, and for governments to be allowed to collect, monitor and analyze more bulk communications data.
Some of those arguments have referred to a now-refuted media report that a Sony PlayStation 4 had been recovered from the Belgian residence of one of the attackers, and that the gang may have used it to plot their Paris assault.
But Brian Honan, who heads Dublin-based information security consultancy BH Consulting, and who is a cybersecurity advisor to the association of European police agencies known as Europol, says all such reports should be treated with caution. "There actually has been no evidence provided by anybody to support any of these claims," he says. "So we still don't know how the attackers planned these attacks, what tools they used, or indeed whether they used encryption or not."
Furthermore, regardless of what attackers did - or did not - use to facilitate their attacks, Honan argues that now is not the time to make snap public policy decisions that attempt to promote or restrict either cryptography or surveillance.
Required: 'Healthy Debate'
Instead, he says proponents on both sides of the debate should argue their case in public. "Then we as a society, we decide, well, what is it that we want?" he says. "Do we want strong encryption to protect our businesses, to protect our online privacy and prevent mass surveillance by rogue states? Or is the threat by terrorism and criminals so great that we feel well maybe we need to allow some ways for law enforcement and government agencies to monitor such communications?"
To date, however, "I don't think we've had a sensible debate," he says.
In this interview with Information Security Media Group (see audio link below photo), Honan also discusses:
- The need for countries fighting a common foe to share more information;
- Parallels between the information-sharing problems that plague businesses, as well as intelligence agencies;
- The need to publicly debate the use of - and potential limits on - both surveillance and encryption.
Honan heads BH Consulting, which he founded; serves as a member of advisory group on Internet security to the Europol Cybercrime Centre, or EC3; and is a member of the advisory board for cloud security firm CipherCloud. He's also the founder and CEO of the Irish Reporting and Information Security Service, which is Ireland's first computer emergency response team, and lectures on information security management at University College Dublin. He's previously served as general manager for IT security monitoring service provider Topsec Technology, headed operations for application service provider Cognotec, worked as a senior IT consultant for Swiss-based IT consultancy The COMIT Gruppe and was a network architect for life insurance and pensions company Irish Life Assurance.