If Wikipedia is to be believed, in the entire history of commercial aviation there have been fewer than 90 known instances of individuals covertly taking a bomb on to a plane with the intention of blowing it up. 53 of these resulted in deaths. The number of people in the world willing to take an explosive device on to a flight is likely to be vanishing small. It probably always has been, but look what they have achieved. Tens of millions of wholly innocent individuals are annoyed and inconvenienced every day because of security measures taken at airports.
If the potential consequences of a given event are large, seriously affecting many people, or catastrophic for an individual then, even if the risk of an occurrence or re-occurrence is tiny, one cannot use the math as an alibi for inaction. That’s true even if whatever you do will not guarantee everybody’s safety. If it only helps reduce the number of incidences of the awful event you still have to make the effort. No one is entitled to play dice with other people’s lives. Also in the case of death by bombs on planes it is not just the loss of human life that is a factor. If many people started to believe flying was unsafe untold damage might be done to the world economy as well as international diplomacy.
It is no answer to say you think there are other issues in other people’s bailiwicks which are probably more important or which ought to be given a higher priority. That sounds like special pleading. You still have to deal with the observed potential danger on your own patch. The fact that more people might die in a single week as a result of smoking cigarettes or car accidents than have ever died as the result of a terrorist bomb does not mean anyone can be indifferent towards the possibility of another terrorist bomb.
And the risk of a bad thing happening is absolutely bound to increase if would-be perpetrators believed there is little or no chance of them being prevented from doing their worst or of being caught afterwards.
I guess it’s not difficult to work out where I am going with this. Is the internet a vehicle which can be used by very bad people to do or plan wicked things? No question. Is anyone going to argue that law enforcement and the security services should be forbidden from taking any measures to try to detect bad things that are being planned in such a way as to give them at least a fighting chance of stopping them? Or must the police always wait until the bad thing has happened? The answers to both questions are obvious.
In relation to their work on the internet, does the fact that the police or the security services cannot or will not prove they have been able to detect and stop lots of bad things from happening in the past mean they should be prevented from trying to do the same in the future? Of course not although it would certainly be good if law enforcement and the security services were able to be a bit more open otherwise there will be a lingering suspicion they are mindlessly grabbing new powers or going on fishing expeditions as a cover for their impotence.
Obviously the police and security services are extremely unlikely to know who the bad guys are in advance, and if they did they could target them quite specifically. That being so there has to be some scope for the mass collection of data, but how and where the data is stored and the power to access or interrogate it is what needs to be controlled and properly scrutinized by people who know what they are doing and are adequately resourced to do it.
Simply upping the strength or reliability of the cryptography and making its use more widespread is not a complete answer although, in principle, there would be nothing wrong with doing either.
Thus we may be moving towards a world where we all need to know that using the internet can be as private as we want it to be, but that, as in real life, if circumstances emerge which bring us into the orbit of a criminal investigation, following due process and with the appropriate warrants the relevant authorities could see what we had been up to. In other words everyone would know there is little or nothing they can do to put themselves beyond the reach of the law.
This discussion puts me in mind of a debate I took part in many years ago when PGP, a strong encryption protocol, started being made freely available on the internet. I asked this guy from Silicon Valley if he had any worries at all about making encryption available to everyone, including organized crime. He dismissed my question by saying that, in his eyes, there was little to choose between organized crime and the US Federal Government so, no, he had no qualms about PGP being freely available to everyone online. I thought only nutjob survivalists who lived in caves in the Appalachians thought like that. I hope there are not that many on the IETF.
As I have mentioned before, one of the things that has saddened me most about what we have learned post-Snowden is the extent to which Governments around the world have been spending billions on developing super-sophisticated tools and methods of tracking down certain types of crime, but seem to have been ignoring others. Yes even those Governments that say protecting our children on the internet is the highest priority.
Imagine if a fraction of the money had gone on attacking the distribution of child abuse images on the internet. My worry now is that in the reaction to the Snowden revelations the engineers who are planning to strike back will make the bad guys’ job even easier and the good guys’ jobs harder.
Desiderata 