Among the smart, café-going crowd in Bangladesh, the Holey Artisan Bakery is an established favorite. Bright and airy, the eatery in downtown Dhaka had a dedicated following among locals and expats alike. That was before the evening last summer, when the restaurant earned a new and terrible reputation. As diners gathered to break their Ramadan fast, Islamic militants attacked the building, seizing guests and staff as hostages. At the end of a 12-hour siege, 29 people were dead, including five terrorists.
But the death toll was only part of the horror. In a macabre gesture, the militants sent out pictures of their victims, some slashed with machetes. Their chosen medium? Threema, a secure messaging app based in Switzerland, that investigators believe terrorists may also have used to plan their attack. To the dismay of security services across the region, tech-savvy militants are turning to encryption services offered by many European companies, including in Germany, to coordinate their activities and spread their propaganda.
If easy access to encryption is bad news for local intelligence agencies, it could also emerge as a source of international tension. On the one hand, remembering the widespread alarm after U.S. whistleblower Edward Snowden revealed the extent of U.S. electronic surveillance, privacy-sensitive Europeans and Americans welcome the guaranteed security offered by fast-developing encryption technologies. On the other, intelligence chiefs fighting on the front line of the war on terrorism see encryption as one more obstacle to monitoring or tracking down militants. As terrorists know all too well, encryption can effectively encode any data beyond recognition. ISIS is said to recommend Threema to its activists.
To the dismay of security services, tech-savvy terrorists and militants are turning to encryption services offered by European companies.
Certainly, encryption now appears to be a favored terrorist tool. In Bangladesh, potential recruits are reportedly identified in Facebook, then contacted through Telegram, an encrypted messaging app that says it is based in Berlin. Those found trustworthy are then given Threema identities, through which they receive instructions on possible attacks. And given the app’s technological sophistication, there is little government agencies can do. In fact, Bangladesh had tried, and failed, to block all use of Threema before the Dhaka attack.
Small wonder that security bosses in the region are alarmed. After Malaysian authorities arrested nine militants this summer, including two suspected of a grenade attack on a nightclub near Kuala Lumpur, it turned out that the group had communicated through Telegram. “Encrypted messages are almost impossible to trace without sharing the intelligence,” Ayob Khan, head of Malaysia’s counterterrorism operation told a television interviewer.
A look at the figures suggests that concern over the spreading use of encryption is well founded. Research by security expert Bruce Schneier, chief technology officer at IBM offshoot Resilient, shows there are now 619 entities – companies, non-profits and open source platforms – that now sell encryption products. More than 200 of these are in America, but the largest single supplier outside the U.S. is Germany.
Why Germany? One explanation lies with the Snowden revelations. Germans were shocked to discover the close ties between their own security service, the BND, and the U.S. As result, the utter privacy promised by encryption has proved particularly attractive even to ordinary citizens. Germany is now Threema’s biggest single market.
But Germany’s concern for privacy runs deep, rooted in memories of state snooping under past dictatorships. And the enthusiasm for encryption is endorsed, even by the state. The so-called Digital Agenda, the government’s plan for getting the country online, states explicitly, “We want to become the top location for encryption in the world. Private communication encryption for everyone should become a standard.”
Naturally, that’s a powerful selling point for companies peddling encryption services. Another leading German-based site, Tutanota, says on its website: “Data privacy regulations in the European Union are among the strictest in the world. And among all European member states, Germany has one of the strongest policies, the Federal Data Protection Act”.
Not that a base in any single country necessarily provides companies – or disreputable customers – with absolute protection against official prying. “Anyone claiming national laws give cyberspace protection is on thin ice, since traffic passes through so many jurisdictions,” says Keith Martin, a security specialist at Royal Holloway College at the University of London. “The only real protection, is technical protection”.
Besides, the climate in Europe is changing, as the continent itself increasingly comes under assault. In the wake of a spate of terrorist attacks, the French and German interior ministers discussed new measures this summer to limit the use of encrypted communications across the E.U. Whether in Europe or Asia, most politicians understand that fears for public security must sometimes trump the citizen’s concern for privacy.
This article is from the Fall 2016 issue of Handelsblatt Global Edition Magazine. Meera Selva reports for Handelsblatt Global Edition from Singapore. To contact the author: firstname.lastname@example.org