A 17 year-old is facing 15 years in a cage because he discussed cryptography. Specifically he discussed how members of the Islamic State could utilize cryptography to further their goals:
A 17-year-old Virginia teen faces up to 15 years in prison for blog and Twitter posts about encryption and Bitcoin that were geared at assisting ISIL, which the US has designated as a terror organization.
Dana Boente, the US Attorney for the Eastern District of Virginia, said the youth’s guilty plea “demonstrates that those who use social media as a tool to provide support and resources to ISIL will be identified and prosecuted with no less vigilance than those who travel to take up arms with ISIL.”
According to the defendant’s signed “Admission of Facts” filed Thursday, Amin started the @amreekiwitness Twitter handle last June and acquired some 4,000 followers and tweeted about 7,000 times. (The Twitter handle has been suspended.) Last July, the teen tweeted a link on how jihadists could use Bitcoin “to fund their efforts.”
According to Amin’s court admission (PDF):
The article explained what Bitcoins were, how the Bitcoin system worked and suggested using Dark Wallet, a new Bitcoin wallet, which keeps the user of Bitcoins anonymous. The article included statements on how to set up an anonymous donations system to send money, using Bitcoin, to the mujahedeen.
Some may point out that this is obviously bad because it supports the “enemies of America.” But it brings up a very important question. Where is the line drawn between aiding an enemy and simply discussing cryptography? I write a lot of posts about how encryption can be used to defend against the state. That information could very well be read by members of the Islamic State and used to secure their communications against American surveillance. Have I aided the enemy? Has every cryptographer who has written about defending against government surveillance aided the enemy?
Lines get blurry when governments perform widespread surveillance like that being done by the National Security Agency (NSA). Regular people who simply want to protect their privacy, which is supposedly protected by the Constitution in this country, and military enemies of the government suddenly find themselves using the same tools and following the same privacy guides. What works, at least in regards to secure communications and anonymization, for people wanting privacy and military enemies is the same. Therefore a guide aimed at telling people how to encrypt their e-mail so it can’t be read by the NSA also tells an agent of the Islamic State how to do the same.
Where is the line drawn? Is it the language used? If you specifically mention members of the Islamic State as the intended audience are you then guilty? If that’s the case wouldn’t the obvious solution be writing generic guides that explain the same things? Wouldn’t that mean the information written by Ali Shukri Amin would have been perfectly fine if he simply didn’t tailor it for members of the Islamic State?
As the state’s use of widespread surveillance is utilized to enforce more laws the desire of regular people to secure their communications will increase (because, after all, we’re all breaking the law even if we don’t intent to or know we are doing it). They will use the same tools and guides as members of the Islamic State could use. Will every cryptographer face the same fate as Ali Shukri Amin?