Paul Swaddle, CEO of Pocket App, considers the challenges to anti-terrorist agencies posed by mobile and games console messaging systems.

If the recent TalkTalk data breach brought the topic of security sharply back into the nation’s focus, the atrocities in Paris on 13 November, which saw 129 people killed by militants in seven coordinated terror attacks, acted as a major catalyst in bringing the perceived security, or lack thereof, surrounding communication apps into the cross hairs of the public psyche.

In the immediate aftermath of those abhorrent events we saw a plethora of news stories circulating, all attempting to decipher just what methods of communication were being used to plan these attacks, and moreover how these conversations were able to take place without detection from intelligence agencies.

With schools of thought ranging from mobile messaging applications such as WhatsApp and Telegram, to in-game messaging on the world’s most popular gaming device, the PS4, the general public could be forgiven for asking the question: “If they are communicating via a form of online messaging, why aren’t the authorities able to monitor them?” In this article we will explore the challenges that communication apps and in-game messaging present for the intelligence agencies in their bid to curtail future situations like this.

End-to-end encryption
Tackling communication apps first, applications such as the ones mentioned above still allow people to converse with relative freedom by keeping their services encrypted. This brings to the fore yet again the age-old privacy versus security debate. On one side, we have the pro-security brigade and the belief that legislation should be passed to enable Governments to ban applications using end-to-end encryption to ensure user security.

Post-Paris, this argument has gathered momentum, as advocates argue that with access to encrypted communications there is a chance that these tragic events could have been averted. They protest that a ‘backdoor,’ aka a hidden way of circumventing an app’s security, should be afforded to law enforcement for just such an occurrence, enabling them to view suspicious content if required.

This isn’t just a UK or Europe-wide position, I remember reading a quote from CIA Director John O. Brennan recently in which he blamed privacy concerns for undermining the security work his organisation carries out. “We should be sharing a lot more information than we are as a nation, but programmatic, technical, and legal challenges as well as concerns about privacy and the role of government have hampered progress.”

Malicious entry
The counter to this argument, the privacy position, contests that the obvious flaw in this plan is that this ‘backdoor’ would no doubt present opportunities for malicious entry. Moreover, it’s argued that given the increased reliance on encryption from a range of online businesses, the dissolution of end-to-end encryption would serve the death knell to essential online offerings like internet banking.

A survey by BBA and EY showed that mobile and internet banking is now being used for transactions worth nearly £1bn per day, however, how many would feel comfortable knowing that application security had been compromised to allow a middleman from the government to ‘wiretap’ communications?

As I alluded to earlier, it’s not only communication apps which are under the microscope at present, as in-game messaging is also rumoured to be a potential enabler in the communication of terrorist groups. In fact, Belgian Federal Home Affairs Minister, Jan Jambon, has said outright that the PS4 is used by ISIS agents to communicate, and was selected due to the fact that it’s notoriously hard to monitor. “PlayStation 4 is even more difficult to keep track of than WhatsApp,” he said.

To many, the following may sound more in keeping with a science fiction movie or the literary works of George Orwell. However, the non-peripheral based communication on consoles may provide terrorists with a channel to effectively converse with one another, from sending messages through the PlayStation Network (PSN) online gaming service and voice-chatting, to even communicating through a specific game.

Non-verbal communication
As far-fetched as it may sound, many gaming experts are of the opinion that an ISIS agent could spell out an attack plan not merely via in-game voice or text chat, but via one of many in-game methods of non-verbal communication, i.e. two Call of Duty players could write messages to each other on a wall in a disappearing spray of bullets or spell out an attack plan in Super Mario Maker’s coins and share it privately with a friend. To monitor this would require tapping all the activity on an entire console and that may not even be technically possible at this point.

PSN has close to 65m active users, which is an almost impossible number of people to monitor, and while government agencies are well versed in building profiles of suspected terrorists based on their internet or communication history, it would be far more difficult, if not impossible, to do so based on their console usage.

This recent tragedy has rekindled the age-old question of how much freedom, liberty and privacy we should give up in order to be kept safe. However, the IT community seems to be speaking in unison on this topic, arguing that the removal of end-to-end encryption would not only be potentially unworkable and somewhat detrimental to the status quo, but would also expose users to greater threats from the very people the government wants to protect them from.

Adding into the equation the fact that the world’s most popular gaming devices are now not only the most effective platform for connecting the world’s friends but also the world’s enemies, and you begin to see the myriad of challenges intelligence agencies are faced with in the ongoing war against a more sophisticated terrorist threat.

Paul Swaddle is CEO of Pocket App