Encryption Was Most Certainly Not the Reason Why the Paris Attacks Weren't Foiled

Investigators find phone data wasn't even protected at all.

Scott Shackford | 11.19.2015 10:10 AM

(Yu. Samoilov / photo on flickr)

Not the problem. — Credit: Yu. Samoilov / photo on flickr

Not long after the Paris attacks, surveillance state advocates were quick to try to blame technological privacy for the failure to gather enough intelligence to prevent the bloodshed. Folks like CIA Director John Brennan and Sen. John McCain (R-Ariz.) have attempted to paint targets on reforms to mass surveillance privacy protections and encryption that keeps data out of just anybody's (but particularly the government's) hands.

As I've previously noted, any claims that the USA Freedom Act surveillance reform played any role in intelligence failures surrounding the Paris attacks are politically motivated bunk. I'm talking to you, Sen. Marco Rubio (R-Fla.). To the modest extent that the USA Freedom Act scaled back mass metadata collection, the law applies only to Americans on U.S. soil. There was nothing in the law that restrained our intelligence agencies from tracking the terrorists who attacked Paris. And, as a reminder, the reforms of the surveillance powers don't even come into play until the end of this month anyway.

Similarly, the claims that encryption may have played a role in keeping knowledge of the plot out of the hands of intelligence agencies are also proving to likely be untrue. The theory they had used PlayStation 4 to communicate is probably not true. And more importantly, as the investigation continues, it's becoming clear that the attackers were not using any sort of encryption on their smartphones around the time of the attack. From Dan Froomkin at The Intercept:

European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying "we're off; we're starting." Police were also able to trace the phone's movements.

The Telegraph reported that "eyewitness accounts and surveillance of mobile telephone traffic" suggested that Abdelhamid Abaaoud, the suspected strategist of both the Paris attack and one that was foiled in Belgium, was staying at the safe house.

Details about the major ISIS terror plot averted 10 months ago in Belgium also indicate that while Abaaoud previously attempted to avoid government surveillance, he did not use encryption.

A prescient bulletin sent out in May by the Department of Homeland Security assessed "that the plot disrupted by Belgian authorities in January 2015 is the first instance in which a large group of terrorists possibly operating under ISIL direction has been discovered and may indicate the group has developed the capability to launch more complex operations in the West."

Abaaoud was just apparently killed in the most recent raids in France. Abaaoud was a well-known terrorist and one of his previous plots was thwarted, Froomkin notes, because officials were able to intercept his and his accomplices' communications.

Whatever the reason Western countries didn't know enough to stop this attack from happening clearly had little to do with technology or privacy protections. As such, we should reject demands from government officials to weaken the privacy and security of our own communications and data to serve their alleged needs.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Blind Girl Denied Use of Cane in School Because It's a Tripping Hazard

Hide Comments (69)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

sarcasmic 9 years ago

They're not going to let silly things like facts get in the way of the narrative.
Crusty Juggler 9 years ago

But encryption could have been used.
1. BigT 9 years ago
  
  They might speak Navajo! Ban it!!
Just say Nikki 9 years ago

Look, Scott, if the federal government managed to convince every CNN anchor on TV to mention encryption in every single sentence about the Paris attacks, clearly there must be something to it.
Old.Mexican 9 years ago

Encryption Was Most Certainly Not the Reason Why the Paris Attacks Weren't Foiled

And encryption has become in the last 24 hours the scapegoat of choice for power-hungry politicians, just like guns are after a high-profile shooting or massacre. Problem is, this will never stop as long as there are no voices in the media that serve to bring back reason to the discussion. I fear we're again moving towards blissful conformism.
tarran 9 years ago

Arrggghhh!

This is again as stupid as the "syrian passport was fake therefore we need not fear real Syrians" argument of two days ago.

If you are of the opinion that monitoring cell phone traffic is helpful to the central state's ability to quickly ID and neutralize state enemies, and that neutralizing them is good, then encryption is bad.

If you are of the opinion that monitoring cell phone traffic is the helpful to the central state's ability to quickly ID and neutralize state enemies, and that neutralizing them is sometimes very bad (such as when they go after guys protesting the "President can rape any woman he wants act"), then encryption is good.

If you are of the opinion that monitoring cell phone traffic is the helpful to the central state's ability to quickly ID and neutralize state enemies, then encryption is irrelevant.

The fact that this particular batch of scumbags didn't use encryption *in no way* alters the calculus.
1. tarran 9 years ago
  
  Edit:
  
  If you are of the opinion that monitoring cell phone traffic is the helpful not important to the central state's ability to quickly ID and neutralize state enemies, then encryption is irrelevant.
2. tarran 9 years ago
  
  Rereading the article, I think *I* am being the idiot:
  
  Whatever the reason Western countries didn't know enough to stop this attack from happening clearly had little to do with technology or privacy protections. As such, we should reject demands from government officials to weaken the privacy and security of our own communications and data to serve their alleged needs.
  
  is spot on.
  1. Citizen X 9 years ago
    
    Whatever the reason Western countries didn't know enough to stop this attack from happening clearly had little to do with technology or privacy protections.
    
    Of course, but why let a tragedy go to waste?
3. Just say Nikki 9 years ago
  
  The fact that this particular batch of scumbags didn't use encryption *in no way* alters the calculus.
  
  Okay...but since everyone on the news is saying "they used encryption and that's how they pulled it off so now we need to check your asshole," but they didn't even use encryption, I fail to see why it's so stupid to have a post about how the news is bullshitting you.
  1. Just say Nikki 9 years ago
    
    I should have refreshed, tarran, you called yourself out.
4. John 9 years ago
  
  The position that the state can effectively protect itself by monitoring cell phone traffic is flawed. No state has the resources to listen to every cell phone call and read every text. And no matter what they claim, no one has yet nor are they likely to ever develop any kind of computer algorithm that can sift through all of that traffic and find the people who are actually a threat.
  
  Encryption is only a problem if you know you need to read what is encrypted. And if you know that, you likely already know who the enemy is. Encryption can pose some problems, namely that it can make the files of someone you have caught unreadable and thus make if very hard to figure out everyone else who is in the cell. Even that however, is a fairly uncommon hypothetical. For the encryption to cause any harm, the encrypted files would have to be the only way that the police could connect the person to the rest of the cell, which seems a bit unlikely.
  1. robc 9 years ago
    
    Thid is dead on. Contect doesnt matter nearly as much as drawing the connection. Is you have suspect X, subpoenaing who he called is way, way more important than the call messages.
    1. John 9 years ago
      
      I have made that point over and over to intel people and I have yet to have one give me a good answer. Most agree with me or try to point to the algorithm unicorn.
      1. DEATFBIRSECIA 9 years ago
        
        +1 Blackbriar
5. kbolino 9 years ago
  
  The number of people who can effectively encrypt their traffic in ways that the major nations' intelligence agencies can't break is vanishingly small. That takes a significant level of skill and expertise.
  
  Lest anyone say that, well, it only takes one such individual working for a large organization or service provider:
  
  1. It will almost certainly be undermined by the end users, who will make casual mistakes that will expose the encryption key or the messages themselves, or otherwise enable capable attackers of compromising the devices.
  
  2. Any service provider operating in one of these countries is working with the agencies in question. Even if Apple or Microsoft or AT&T or whomever establishes a policy of strong encryption and makes it effective in general, there are ways to work around it. Targeted software updates, for example. Do you check to see that all your friends got the same update you did? How many people have the skills and knowledge to disassemble and examine the machine code of a software program? And how many of them would do so with every update to a phone's software? And of course the updates could be hidden from the user.
  
  The only thing that mass, strong encryption prevents is the sort of thing the agencies swear up and down they're not doing: looking at absolutely every communication of every individual on the planet.
  1. John 9 years ago
    
    Most of these people plan to die in whatever attack they participate in. Terrorism of this sort is not quite the going concern the way something like a criminal gang is. By the time the cops figure out the need to read their mail, they likely will have already pulled off their attack and be dead anyway. So it is doubtful these groups will ever put a lot of effort into encryption.
  2. Detroit Linguist 9 years ago
    
    Eloquent, and right on.
6. Agammamon 9 years ago
  
  If you are of the opinion that the state couldn't pour piss out of a boot with the instructions printed on the sole - then the whole argument over 'encryption good or bad' is moot.
Hugh Akston 9 years ago

If the terrorists had PS4s, they certainly wouldn't plan to kill themselves just as Fallout 4 was dropping.
1. Citizen X 9 years ago
  
  Probably the most salient point anyone's made about the Paris attacks yet.
  1. Hugh Akston 9 years ago
    
    Not to mention Battlefront!
kinnath 9 years ago

They killed the alleged mastermind of the attacks less than one week after the attack. Either the authorities were already watching the guy and failed to stop the attacks. Or the guy was ratted-out by someone who knew he was involved.

Massive data surveillance doesn't work; it just buries the investigators under millions and millions of false leads. So encryption is not fucking relevant to the problem.
1. John 9 years ago
  
  Bingo. Once they realized who was involved in the attacks, it wasn't hard to figure out who was associated with them. Very few people if any are slick enough even with encryption to totally cover their tracks.
2. chipper me timbers 9 years ago
  
  Also massive surveillance is not about encryption. Two different things
  1. kinnath 9 years ago
    
    As stated above, if you have suspects, then encryption is a nuisance not a show-stopper.
    
    If you don't have suspects, then wide-spread use of encryption prevents data-mining (mass surveillance) to find suspects. Except data-mining (mass surveillance) doesn't and can't work.
    
    So all arguments to ban encryption are bullshit in either situation.
3. Rhywun 9 years ago
  
  I thought it was already reported that they knew about this guy for awhile. As is so often the case.
  1. BigT 9 years ago
    
    Didn't they find him from cell tower info? That's not encrypted AFAIK. So encryption is irrelevant.
Enjoy Every Sandwich 9 years ago

As I've previously noted, any claims that the USA Freedom Act surveillance reform played any role in intelligence failures surrounding the Paris attacks are politically motivated bunk.

Especially since the French do have their own intelligence services, and they're not bound by U.S. law.
Ken Shultz 9 years ago

What we call "the news" has devolved into a never ending war of noble lies, where the implications of every fact are already assumed. All parties are simply trying to control the facts.

Yesterday I was arguing that it's possible to agree with Hillary Clinton's interpretation of the AUMF--and still be against it and want to get rid of it--but I'm starting to wonder if that logic is true anymore...anywhere outside of this eminently rational forum.

Yeah, you wouldn't want to let a crisis go to waste--and a new crisis is born every minute. So we have to criminalize encryption, and Snowden should be crucified. Because of Paris.

Except if it hadn't been for Snowden, the terrorists would never have thought of encryption, and, oh, by the way, the terrorists weren't using encryption anyway?

Don't worry, they'll think of another excuse--for whatever they want to do next. And it'll be a crisis, too. What, are you on the side of the terrorists? Well, ARE YOU?!

I don't know how many of you are against invading Syria, but Sweden is now the rape capital of the world--and the implications of that are obvious...to everyone who want to invade Syria. And the ice is melting. Either that or it's getting thicker--depending on what you want to do about it either way.
1. Citizen X 9 years ago
  
  this eminently rational forum
  
  YOU TAKE THAT BACK.
  1. DEATFBIRSECIA 9 years ago
    
    Drink?
    1. retiredfire 9 years ago
      
      The most tee-totaling drinking game - you take a drink every time someone refers to REASON as "rational".
R C Dean 9 years ago

To the modest extent that the USA Freedom Act scaled back mass metadata collection,

My understanding is that it did not cut back metadata collection, it just shifted it from the NSA to the service providers.
1. John 9 years ago
  
  As illegal and infuriating as that data collection is; take heart in the fact that they have no idea what to do with that data and make almost no use of it. It is certainly a violation of the 4th Amendment, but don't forget it is also a monumental waste of taxpayer dollars that does nothing to make the country safer.
  1. R C Dean 9 years ago
    
    They make almost no legitimate use of it. Having it is very handy, I am sure, for going after carefully selected Wrong People when they engage in BadThink, or when the local popo is too incompetent to bust a low-level dealer without massively violating due process.
    1. John 9 years ago
      
      You give them too much credit. And even if they did do that, most people's lives are pretty fucking boring. It is like the conspiracy theory that the Obama used the NSA to blackmail Roberts into changing his vote on Obamacare. The problem with that is that it assumes that listening to Roberts phone calls would give Obama any blackmail material. Most people don't have dark secrets or secrets dark enough to make them give into blackmail.
      
      If the NSA is listening to my phone calls, it would infuriate me but it would do so because of my commitment to principle not because I am worried anyone would give a shit if they read all of my emails and listened to my phone calls.
      
      Also we live in a world where virtually nothing is private. If some political enemy of Obama has a drug habit or a mistress, Obama wouldn't need the NSA to find that out.
      1. Michael S. Langston 9 years ago
        
        You may be giving them too little credit here - as while you're right that sifting through that much data is unlikely to yeild anything but information overload and impotence, RC is absolutely correct that they do have the tools to narrow the search against specific targets.
        
        And while I have no doubt that some of those efforts are directed at people we want then to be directed at, as RC stated, they will use this against wrong thinkers, whistleblowers, etc.
        
        Additionally, the information overload is a problem which has a solution - more computing power, faster data access, better algorithms, etc, etc, etc - all things that are likely better today than most think possible and getting better constantly giving the resources and brains dedicated to these very problems.
        
        We're talking about the NSA, brains through DARPA, etc, etc. If history is our guide, the technology they use and have developed is more than a generation better than anything commercially available. I think given what we know, we shouldn't underestimate them.
2. Ken Shultz 9 years ago
  
  Yeah, they didn't scale it back; they gave it a fig leaf to hide behind.
  
  And who has standing to sue anyway?
  1. dantheserene 9 years ago
    
    I don't even want to go down the "standing" path today. I'm not up to the task.
meister574 9 years ago

The argument that authorities need a back door for encryption will do the exact opposite of what they claim they want. How long do you think it will take for hackers to get a hold of the back doors? You think ID theft and cyber warfare is bad now?
1. Ken Shultz 9 years ago
  
  The software companies can keep those back doors closed to hackers. :..using computers. You can do anything with computers. Some of the people who program them wear lab coats and everything.
  
  Besides , this will be like open borders. When you know he route everyone is taking the bad guys will be easier to detect!
  
  Don't you know anything about computers?
straffinrun 9 years ago

OT: Ranking Vodkas. How do you put Gordon's that high?
1. John 9 years ago
  
  I am not a Vodka guy so allow me to ask someone who is a serious question; what is the difference between a good and a bad Vodka? Isn't vodka supposed to be tasteless?
  1. Just say Nikki 9 years ago
    
    Yes. The more tasteless and odorless, the better.
    1. John 9 years ago
      
      That leads to another question. The best way to get it tasteless and odorless is though really big industrialized processes. In something like bourbon or wine you want variety and quirks. So smaller craft production can have real advantages. In vodka, however, the last thing you want is quirks. It is all supposed to be uniformly tasteless. And the best way to get something uniform is to make it in mass quantities. Given that, how in the hell are these "craft vodkas" selling to anyone?
      1. robc 9 years ago
        
        Marketing, local movement, and at the very high end, the quirks.
      2. Rhywun 9 years ago
        
        Is that a thing? I'm not aware of any.
        
        John 9 years ago
        
        Yes it is. The one I am aware of is Titos which comes out of Austin I think.
  2. Lee G 9 years ago
    
    Ever since I developed migraines, it all tastes like crap. Something about migraines alters your taste receptors.
    
    Beer, thank FSM, was not affected.
  3. robc 9 years ago
    
    Good vodka is more tasteless, to a point.
    
    That is why you can upgrade really cheap vodka with a Brita filter.
    
    At the very high end, things change.
    1. John 9 years ago
      
      How do they change at the very high end? Sorry for my ignorance.
      1. robc 9 years ago
        
        No clue, I dont drink vodka.
        
        Pro tasters in blind taste tests can rank vodkas by number of passes thru filter, and still rank expensive above them.
    2. Rhywun 9 years ago
      
      That is why you can upgrade really cheap vodka with a Brita filter.
      
      *adds this experiment to my todo list*
      1. John 9 years ago
        
        Me too.
        
        robc 9 years ago
        
        4-5 passes to make a noticeable difference. And the filter cant be used for water any more.
    3. Detroit Linguist 9 years ago
      
      I had not known this. Even better reason to frequent this valuable site.
  4. straffinrun 9 years ago
    
    However you like it is best. Back in my bartender days we used Gordon's for our well Vodka. I think George Brett used it on his bat handle.
2. Rhywun 9 years ago
  
  I agree that Ketel One is the best.
  
  Gordon's is actually my go-to - it's cheap and "good enough". I wouldn't say it's better than Stoli or Grey Goose or even Smirnoff though.
3. Somalian Road Corporation 9 years ago
  
  Absolut also bizarrely high. That ranking seems highly dubious to me.
  1. John 9 years ago
    
    The only high end Vodka I have ever drank are Stoli and Grey Goose. They are nice. I get how they are better than rot gut like McCormick's but after you move beyond rot gut and into something better, I can't see how it makes much difference.
DEATFBIRSECIA 9 years ago

New Amsterdam has great Vodka and Gin. Very inexpensive.
Loki 9 years ago

Abaaoud was a well-known terrorist and one of his previous plots was thwarted...

Wait a minute... This guy was "a well known terrorist" who had a previous plot thwarted, and he was still walking around free? Why wasn't he arrested for conspiracy to commit murder/ terrorism (or whatever the formal name for charges related to the planning of a failed terrorist plot would be)? Not enough evidence to convict? More "important" cases like teenagers shoplifting or traffic tickets tying up court resources? WTF?!
1. John 9 years ago
  
  Good question. If the police knew he was a terrorist, shouldn't he have been in jail? Is planning terrorist attacks not a contact sport in France as long as the police foil them?
  1. tarran 9 years ago
    
    Maybe he wasn't a full terrorist, but of lower rank: an alarmist, a concernist or perhaps even a mere annoyist.
2. Rhywun 9 years ago
  
  I think "government incompetence" sums it up.
  1. chipper me timbers 9 years ago
    
    as always
3. BigT 9 years ago
  
  Maybe they couldn't prove anything. Cutouts sand all. They should have been watching, however.
4. Scott S. 9 years ago
  
  He was indeed wanted (and was convicted in absentia in Belgium), but they couldn't find him.

Please log in to post comments

Encryption Was Most Certainly Not the Reason Why the Paris Attacks Weren't Foiled

Investigators find phone data wasn't even protected at all.

Latest

Report: California Continues To Spend a Lot of Money on Poor Quality Roads

Mahmoud Khalil Is an Easy Call

The 10 Worst Republican Budget Gimmicks

Elon Musk, Who Promised To Be 'Maximally Transparent,' Makes DOGE's Numbers Even Harder To Check

Trump's Threatened 200 Percent Tariffs on European Booze Are His Least Sensible Trade Move Yet

Recommended

Login Form