Reason.com

Free Minds & Free Markets

Paris Terrorism No Excuse for Anti-Encryption Efforts

Inconveniently for the U.S. intelligence community, the Paris attacks had nothing to do with encrypted communications.

Mr_Renart/FlickrMr_Renart/FlickrTerrorist attacks like this month’s atrocities in Paris are intended to sow discord and confusion. They also provoke an unfortunately predictable reaction from government authorities, who quickly took to the airwaves following the violence to declare jihad against strong encryption techniques. Such techniques, they claimed (with little evidence), surely figured in planning the Paris attacks. 

This narrative serves to justify a decades-long campaign to undermine encryption—and with it, our security online.

The presence of even a single encryption vulnerability can expose massive portions of Internet activity to gaping security holes for years, as the recent FREAKLogjam, and Heartbleed fiascos remind us. And these breakdowns occurred when our best and brightest were not trying to purposefully weaken already delicate security. The enormous risks to which we would expose ourselves through an intentional handicap on security technologies should immediately outweigh any theoretical benefits. Yet for some reason, much of the U.S. intelligence community cannot internalize this simple wisdom.

The intelligence community's latest  offensive against encryption technologies was opposed by virtually every technology player that would be needed to actually implement their wild schemes, including Apple and Google, and buttressed only by authorities' active imaginations. They were certain that lurking baddies evaded their sophisticated grasp through encryption, but found it very hard to come up with even one real example of this ever occurring. For a while, it looked like their fantasy of conquering encryption would have to be shelved yet again this year.

But top intelligence attorney Robert S. Litt encouraged his colleagues to keep their chins up—all that was needed was some "terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement," he told colleagues in August, in an email obtained by The Washington Post. Best to keep their "options open for such a situation," he counseled. Eventually, some "dead child or terrorist act" would present itself, allowing the government to persuade the public of the perils of secure encryption once and for all.

This opportunity arose with Paris. The intelligence community wasted little time in tailoring a narrative amenable to their interests. Former CIA official Michael Morell took to television to inform us of his suspicion that "what we’re going to learn is that [the attackers] used these encrypted apps, right?" CIA Director John Brennan quickly blamed the catastrophe on "hand-wringing" over mass surveillance and government back-doors into secure-message technologies. FBI director and long-time crypto-Cassandra James Comey emphasized that encryption is a "prominent feature of … a group like ISIL," while Attorney General Loretta Lynch called upon the technology industry to work with law enforcement so that none of their "services or devices [are] used by these psychotic killers."

Poor reporting helped spur this rhetorical offensive. The New York Times published one article stating that the attackers communicated with ISIS using encryption, only to mysteriously remove it later without explanation and redirect the link to another piece. Other outlets, including Yahoo News and ABC, likewise reported that the Paris attackers employed encryption techniques, without much in the way of evidence.

One memorably absurd report from Politico featured a Belgian minister’s colorful theory that terrorists encrypt communications over the PlayStation 4 network. A few outlets ran with this hot scoop about the Paris attackers until it was pointed out that the PlayStation network does not allow end-to-end encryption and this minister’s comments preceded the attacks by three days. Oops.

Inconveniently for the intelligence community, it looks like the Paris attacks had nothing to do with encryption at all. Recent reports from France and Belgium suggest that most planning for the attacks took place over good, old-fashioned, unencrypted text messages that investigators were able to access using good, old-fashioned law enforcement techniques.

Interestingly, the suspects and their associates implicated in earlier plots were aware of this traditional government surveillance and actively tried to evade it. But they did not "go dark," despite all the squawking we hear from the intelligence agents tasked with watching them. Rather, the conspirators merely changed cell phones and numbers sporadically to throw the spooks off their trail.

What’s more, many suspects actively collaborated in the online equivalent of broad daylight: Facebook groups that were explicitly labeled for ISIS members. The modern jihadi is no stranger to social media and can often be found loudly advertising his (or her) bloody dreams of conquest after many a haram night of boozing and brotherhood. These punks are despicable, but they are hardly the "masterminds" that officials would have us believe.

But the particular facts of the Paris case are ultimately irrelevant to the authorities who broached this public conversation. Their intention all along has been to subvert encrypted communications, be it via government access points (or "back doors") integrated into encryption standards or an effective ban on encryption through hamfisted legislation.

The same arguments wielded during the "War on Crypto" in the 1990s are being applied to the ongoing "Jihad on Crypto" today. In particular, anti-encryption opportunists—both then and now—have argued that law enforcement will be unable to monitor terrorists, child predators, and all-around ne’er-do-wells if such individuals are able to communicate in ways that evade traditional surveillance methods.

As computer security experts continue to warn us, however, terrorist attacks like those in Paris do not justify government destruction of the encryption technologies that keep us safe online. There is no evidence that the Paris terrorists used any encryption at all. Yet in our current rhetorical climate, expect to hear much more about the Paris attacks from encryption opponents eager to clamp down on these technologies once and for all.

Photo Credit: Mr_Renart/Flickr

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • JPyrate||

    FIST !!!

  • Reflections||

    According to Edward Snowden-Surveillance is not about safety, its about power and control. So of course the Old guards Gestapo will use any excuse to spy and data mine. Fear is the enemy of reason. Be afraid be very afraid. Law enforcement must keep fear alive. If you want to protect your rights, then you must protect the rights of others.

  • Quixote||

    Indeed, if we want to protect our own rights, then we must protect the rights of others—including certain faculty members at New York University and elsewhere who have been the victims of illegally offensive Gmail "parodies." With encryption, even the most well-connected members of the community can be ridiculed in this manner without any recourse to our system of laws and justice. So of course terrorism is not grounds for anti-encryption efforts, but there are other very good grounds for ensuring that law enforcement can rapidly penetrate behind the screen of anonymity. See the documentation of America's leading criminal satire case at:

    http://raphaelgolbtrial.wordpress.com/

  • Azstec||

    Plus the encryption horse has already left the proverbial barn. There are already so many encryption libraries available that any two bit programmer could make a secure communication system if they wanted. A bit more satirical take on the subject, but shows how important unhindered encryption is in our daily lives.

    http://articles.azstec.com/?p=132

  • ATXChappy||

    It's not just the encryption horse, It's the entire technical revolution. You don't have to use encryption to fly under the radar. Any two bit Raspberry PI user can set up a Peer to Peer system without encryption that would be extremely difficult to track. The anti terror guys are chasing the low hanging fruit of commercial communications apps/networks. It's amazing how cheap and simple it is to set up your own communications app/network these days. If team Hillary can do it, the terrorist can too. But, spooks and LEO's want to blame Snowden so people don't peek behind the curtain and see the Wizard is a fraud.

  • centipedefarmer||

    Ask the NSA whether they would include any encryption algorithm with a backdoor in it among those they recommend for government/military use. When they say no, ask them why not. Maybe then they'd get it?

    Here's another idea: let's allow everybody who supports banning encryption to opt out of using it. Require all websites they use to store their passwords and data in clear-test and always use unencrypted connections. Let them see how it works out for them.

  • Alan@.4||

    Most any event the least unusual or terrifying can and will become the rational for bureaucratic aggrandizement.

  • Honeymoon in Paris||

    Honeymoon in Paris is a different thing, Are you searching for the perfect honeymoon destination? If you are, you will be pleased with your options
    http://viralrang.com/5-reasons.....is-france/

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online