As internet penetration approaches saturation in parts of the Middle East, more people will be communicating through popular chat services like WhatsApp, Messenger, and Telegram. A key way these services differentiate themselves is by incorporating strong encryption of data-in-transit to keep users’ chats private. The same trend has been ongoing for encryption of data-at-rest in the smartphone market for years. The increasing ubiquity of encryption is a boon for privacy and human security, but it poses a challenge to lawful intercept imperatives for law enforcement and intelligence services around the world.
The prospect of an encryption “backdoor” for law enforcement that doesn’t undermine privacy for all users is technologically unfeasible, so the demand and market for hacking tools to bypass this encryption are set to remain and expand in 2020. Hacking tools and capabilities generally proliferate with positive intentions: disrupting terrorist plots, thwarting human trafficking, and combatting child pornography. Once a government has these tools, however, little can be done to prevent it from using them against political activists and organizers.
Neither encryption nor hacking tools are new, but 2019 has seen pointed scrutiny and rancor over both. Senator Lindsay Graham has threatened Apple and Facebook, saying that if they do not develop encryption backdoors, “we will impose our will on you.” Criticism of the Israeli hacking tool vendor NSO Group peaked in 2019 when Facebook filed a lawsuit against the firm for breaching Facebook-owned WhatsApp. These counteracting trends raise hard questions: what role, if any, should private hacking tool vendors have in counterterrorism and international security? How can their proliferation be regulated, if at all, and by whom?
This dilemma is especially pronounced in the Middle East: many companies in the hacking tool space are based in Israel; proximity to militants and lawless spaces in Yemen, Syria, and northeastern Africa drive up demand; and the Israeli government sees its dominance in the market as an effective way to make new friends. That transfer of technology and offensive capability is likely to continue and drive up risks to human and international cybersecurity in 2020.
Michael Sexton is a Fellow and the Director of MEI's Cyber Program.
Photo by Dünzl\ullstein bild via Getty Images