MENU

Reason.com

Free Minds & Free Markets

Encryption Was Most Certainly Not the Reason Why the Paris Attacks Weren’t Foiled

Investigators find phone data wasn’t even protected at all.

Not the problem.Credit: Yu. Samoilov / photo on flickrNot long after the Paris attacks, surveillance state advocates were quick to try to blame technological privacy for the failure to gather enough intelligence to prevent the bloodshed. Folks like CIA Director John Brennan and Sen. John McCain (R-Ariz.) have attempted to paint targets on reforms to mass surveillance privacy protections and encryption that keeps data out of just anybody’s (but particularly the government’s) hands.

As I’ve previously noted, any claims that the USA Freedom Act surveillance reform played any role in intelligence failures surrounding the Paris attacks are politically motivated bunk. I’m talking to you, Sen. Marco Rubio (R-Fla.). To the modest extent that the USA Freedom Act scaled back mass metadata collection, the law applies only to Americans on U.S. soil. There was nothing in the law that restrained our intelligence agencies from tracking the terrorists who attacked Paris. And, as a reminder, the reforms of the surveillance powers don’t even come into play until the end of this month anyway.

Similarly, the claims that encryption may have played a role in keeping knowledge of the plot out of the hands of intelligence agencies are also proving to likely be untrue. The theory they had used PlayStation 4 to communicate is probably not true. And more importantly, as the investigation continues, it’s becoming clear that the attackers were not using any sort of encryption on their smartphones around the time of the attack. From Dan Froomkin at The Intercept:

European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying “we’re off; we’re starting.” Police were also able to trace the phone’s movements.

The Telegraph reported that “eyewitness accounts and surveillance of mobile telephone traffic” suggested that Abdelhamid Abaaoud, the suspected strategist of both the Paris attack and one that was foiled in Belgium, was staying at the safe house.

Details about the major ISIS terror plot averted 10 months ago in Belgium also indicate that while Abaaoud previously attempted to avoid government surveillance, he did not use encryption.

A prescient bulletin sent out in May by the Department of Homeland Security assessed “that the plot disrupted by Belgian authorities in January 2015 is the first instance in which a large group of terrorists possibly operating under ISIL direction has been discovered and may indicate the group has developed the capability to launch more complex operations in the West.”

Abaaoud was just apparently killed in the most recent raids in France. Abaaoud was a well-known terrorist and one of his previous plots was thwarted, Froomkin notes, because officials were able to intercept his and his accomplices’ communications.

Whatever the reason Western countries didn’t know enough to stop this attack from happening clearly had little to do with technology or privacy protections. As such, we should reject demands from government officials to weaken the privacy and security of our own communications and data to serve their alleged needs.

Photo Credit: Yu. Samoilov / photo on flickr

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • sarcasmic||

    They're not going to let silly things like facts get in the way of the narrative.

  • Crusty Juggler||

    But encryption could have been used.

  • BigT||

    They might speak Navajo! Ban it!!

  • ||

    Look, Scott, if the federal government managed to convince every CNN anchor on TV to mention encryption in every single sentence about the Paris attacks, clearly there must be something to it.

  • Old.Mexican||

    Encryption Was Most Certainly Not the Reason Why the Paris Attacks Weren’t Foiled


    And encryption has become in the last 24 hours the scapegoat of choice for power-hungry politicians, just like guns are after a high-profile shooting or massacre. Problem is, this will never stop as long as there are no voices in the media that serve to bring back reason to the discussion. I fear we're again moving towards blissful conformism.

  • tarran||

    Arrggghhh!

    This is again as stupid as the "syrian passport was fake therefore we need not fear real Syrians" argument of two days ago.

    If you are of the opinion that monitoring cell phone traffic is helpful to the central state's ability to quickly ID and neutralize state enemies, and that neutralizing them is good, then encryption is bad.

    If you are of the opinion that monitoring cell phone traffic is the helpful to the central state's ability to quickly ID and neutralize state enemies, and that neutralizing them is sometimes very bad (such as when they go after guys protesting the "President can rape any woman he wants act"), then encryption is good.

    If you are of the opinion that monitoring cell phone traffic is the helpful to the central state's ability to quickly ID and neutralize state enemies, then encryption is irrelevant.

    The fact that this particular batch of scumbags didn't use encryption *in no way* alters the calculus.

  • tarran||

    Edit:

    If you are of the opinion that monitoring cell phone traffic is the helpful not important to the central state's ability to quickly ID and neutralize state enemies, then encryption is irrelevant.

  • tarran||

    Rereading the article, I think *I* am being the idiot:

    Whatever the reason Western countries didn’t know enough to stop this attack from happening clearly had little to do with technology or privacy protections. As such, we should reject demands from government officials to weaken the privacy and security of our own communications and data to serve their alleged needs.

    is spot on.

  • Citizen X||

    Whatever the reason Western countries didn’t know enough to stop this attack from happening clearly had little to do with technology or privacy protections.

    Of course, but why let a tragedy go to waste?

  • ||

    The fact that this particular batch of scumbags didn't use encryption *in no way* alters the calculus.

    Okay...but since everyone on the news is saying "they used encryption and that's how they pulled it off so now we need to check your asshole," but they didn't even use encryption, I fail to see why it's so stupid to have a post about how the news is bullshitting you.

  • ||

    I should have refreshed, tarran, you called yourself out.

  • John||

    The position that the state can effectively protect itself by monitoring cell phone traffic is flawed. No state has the resources to listen to every cell phone call and read every text. And no matter what they claim, no one has yet nor are they likely to ever develop any kind of computer algorithm that can sift through all of that traffic and find the people who are actually a threat.

    Encryption is only a problem if you know you need to read what is encrypted. And if you know that, you likely already know who the enemy is. Encryption can pose some problems, namely that it can make the files of someone you have caught unreadable and thus make if very hard to figure out everyone else who is in the cell. Even that however, is a fairly uncommon hypothetical. For the encryption to cause any harm, the encrypted files would have to be the only way that the police could connect the person to the rest of the cell, which seems a bit unlikely.

  • robc||

    Thid is dead on. Contect doesnt matter nearly as much as drawing the connection. Is you have suspect X, subpoenaing who he called is way, way more important than the call messages.

  • John||

    I have made that point over and over to intel people and I have yet to have one give me a good answer. Most agree with me or try to point to the algorithm unicorn.

  • DEATFBIRSECIA||

    +1 Blackbriar

  • kbolino||

    The number of people who can effectively encrypt their traffic in ways that the major nations' intelligence agencies can't break is vanishingly small. That takes a significant level of skill and expertise.

    Lest anyone say that, well, it only takes one such individual working for a large organization or service provider:

    1. It will almost certainly be undermined by the end users, who will make casual mistakes that will expose the encryption key or the messages themselves, or otherwise enable capable attackers of compromising the devices.

    2. Any service provider operating in one of these countries is working with the agencies in question. Even if Apple or Microsoft or AT&T or whomever establishes a policy of strong encryption and makes it effective in general, there are ways to work around it. Targeted software updates, for example. Do you check to see that all your friends got the same update you did? How many people have the skills and knowledge to disassemble and examine the machine code of a software program? And how many of them would do so with every update to a phone's software? And of course the updates could be hidden from the user.

    The only thing that mass, strong encryption prevents is the sort of thing the agencies swear up and down they're not doing: looking at absolutely every communication of every individual on the planet.

  • John||

    Most of these people plan to die in whatever attack they participate in. Terrorism of this sort is not quite the going concern the way something like a criminal gang is. By the time the cops figure out the need to read their mail, they likely will have already pulled off their attack and be dead anyway. So it is doubtful these groups will ever put a lot of effort into encryption.

  • Detroit Linguist||

    Eloquent, and right on.

  • Agammamon||

    If you are of the opinion that the state couldn't pour piss out of a boot with the instructions printed on the sole - then the whole argument over 'encryption good or bad' is moot.

  • Hugh Akston||

    If the terrorists had PS4s, they certainly wouldn't plan to kill themselves just as Fallout 4 was dropping.

  • Citizen X||

    Probably the most salient point anyone's made about the Paris attacks yet.

  • Hugh Akston||

    Not to mention Battlefront!

  • kinnath||

    They killed the alleged mastermind of the attacks less than one week after the attack. Either the authorities were already watching the guy and failed to stop the attacks. Or the guy was ratted-out by someone who knew he was involved.

    Massive data surveillance doesn't work; it just buries the investigators under millions and millions of false leads. So encryption is not fucking relevant to the problem.

  • John||

    Bingo. Once they realized who was involved in the attacks, it wasn't hard to figure out who was associated with them. Very few people if any are slick enough even with encryption to totally cover their tracks.

  • chipper me timbers||

    Also massive surveillance is not about encryption. Two different things

  • kinnath||

    As stated above, if you have suspects, then encryption is a nuisance not a show-stopper.

    If you don't have suspects, then wide-spread use of encryption prevents data-mining (mass surveillance) to find suspects. Except data-mining (mass surveillance) doesn't and can't work.

    So all arguments to ban encryption are bullshit in either situation.

  • Rhywun||

    I thought it was already reported that they knew about this guy for awhile. As is so often the case.

  • BigT||

    Didn't they find him from cell tower info? That's not encrypted AFAIK. So encryption is irrelevant.

  • Enjoy Every Sandwich||

    As I’ve previously noted, any claims that the USA Freedom Act surveillance reform played any role in intelligence failures surrounding the Paris attacks are politically motivated bunk.

    Especially since the French do have their own intelligence services, and they're not bound by U.S. law.

  • Ken Shultz||

    What we call "the news" has devolved into a never ending war of noble lies, where the implications of every fact are already assumed. All parties are simply trying to control the facts.

    Yesterday I was arguing that it's possible to agree with Hillary Clinton's interpretation of the AUMF--and still be against it and want to get rid of it--but I'm starting to wonder if that logic is true anymore...anywhere outside of this eminently rational forum.

    Yeah, you wouldn't want to let a crisis go to waste--and a new crisis is born every minute. So we have to criminalize encryption, and Snowden should be crucified. Because of Paris.

    Except if it hadn't been for Snowden, the terrorists would never have thought of encryption, and, oh, by the way, the terrorists weren't using encryption anyway?

    Don't worry, they'll think of another excuse--for whatever they want to do next. And it'll be a crisis, too. What, are you on the side of the terrorists? Well, ARE YOU?!

    I don't know how many of you are against invading Syria, but Sweden is now the rape capital of the world--and the implications of that are obvious...to everyone who want to invade Syria. And the ice is melting. Either that or it's getting thicker--depending on what you want to do about it either way.

  • Citizen X||

    this eminently rational forum

    YOU TAKE THAT BACK.

  • DEATFBIRSECIA||

    Drink?

  • retiredfire||

    The most tee-totaling drinking game - you take a drink every time someone refers to REASON as "rational".

  • R C Dean||

    To the modest extent that the USA Freedom Act scaled back mass metadata collection,

    My understanding is that it did not cut back metadata collection, it just shifted it from the NSA to the service providers.

  • John||

    As illegal and infuriating as that data collection is; take heart in the fact that they have no idea what to do with that data and make almost no use of it. It is certainly a violation of the 4th Amendment, but don't forget it is also a monumental waste of taxpayer dollars that does nothing to make the country safer.

  • R C Dean||

    They make almost no legitimate use of it. Having it is very handy, I am sure, for going after carefully selected Wrong People when they engage in BadThink, or when the local popo is too incompetent to bust a low-level dealer without massively violating due process.

  • John||

    You give them too much credit. And even if they did do that, most people's lives are pretty fucking boring. It is like the conspiracy theory that the Obama used the NSA to blackmail Roberts into changing his vote on Obamacare. The problem with that is that it assumes that listening to Roberts phone calls would give Obama any blackmail material. Most people don't have dark secrets or secrets dark enough to make them give into blackmail.

    If the NSA is listening to my phone calls, it would infuriate me but it would do so because of my commitment to principle not because I am worried anyone would give a shit if they read all of my emails and listened to my phone calls.

    Also we live in a world where virtually nothing is private. If some political enemy of Obama has a drug habit or a mistress, Obama wouldn't need the NSA to find that out.

  • Michael S. Langston||

    You may be giving them too little credit here - as while you're right that sifting through that much data is unlikely to yeild anything but information overload and impotence, RC is absolutely correct that they do have the tools to narrow the search against specific targets.

    And while I have no doubt that some of those efforts are directed at people we want then to be directed at, as RC stated, they will use this against wrong thinkers, whistleblowers, etc.

    Additionally, the information overload is a problem which has a solution - more computing power, faster data access, better algorithms, etc, etc, etc - all things that are likely better today than most think possible and getting better constantly giving the resources and brains dedicated to these very problems.

    We're talking about the NSA, brains through DARPA, etc, etc. If history is our guide, the technology they use and have developed is more than a generation better than anything commercially available. I think given what we know, we shouldn't underestimate them.

  • Ken Shultz||

    Yeah, they didn't scale it back; they gave it a fig leaf to hide behind.

    And who has standing to sue anyway?

  • dantheserene||

    I don't even want to go down the "standing" path today. I'm not up to the task.

  • meister574||

    The argument that authorities need a back door for encryption will do the exact opposite of what they claim they want. How long do you think it will take for hackers to get a hold of the back doors? You think ID theft and cyber warfare is bad now?

  • Ken Shultz||

    The software companies can keep those back doors closed to hackers. :..using computers. You can do anything with computers. Some of the people who program them wear lab coats and everything.

    Besides , this will be like open borders. When you know he route everyone is taking the bad guys will be easier to detect!

    Don't you know anything about computers?

  • straffinrun||

    OT: Ranking Vodkas. How do you put Gordon's that high?

  • John||

    I am not a Vodka guy so allow me to ask someone who is a serious question; what is the difference between a good and a bad Vodka? Isn't vodka supposed to be tasteless?

  • ||

    Yes. The more tasteless and odorless, the better.

  • John||

    That leads to another question. The best way to get it tasteless and odorless is though really big industrialized processes. In something like bourbon or wine you want variety and quirks. So smaller craft production can have real advantages. In vodka, however, the last thing you want is quirks. It is all supposed to be uniformly tasteless. And the best way to get something uniform is to make it in mass quantities. Given that, how in the hell are these "craft vodkas" selling to anyone?

  • robc||

    Marketing, local movement, and at the very high end, the quirks.

  • Rhywun||

    Is that a thing? I'm not aware of any.

  • John||

    Yes it is. The one I am aware of is Titos which comes out of Austin I think.

  • Lee G||

    Ever since I developed migraines, it all tastes like crap. Something about migraines alters your taste receptors.

    Beer, thank FSM, was not affected.

  • robc||

    Good vodka is more tasteless, to a point.

    That is why you can upgrade really cheap vodka with a Brita filter.

    At the very high end, things change.

  • John||

    How do they change at the very high end? Sorry for my ignorance.

  • robc||

    No clue, I dont drink vodka.

    Pro tasters in blind taste tests can rank vodkas by number of passes thru filter, and still rank expensive above them.

  • Rhywun||

    That is why you can upgrade really cheap vodka with a Brita filter.

    *adds this experiment to my todo list*

  • John||

    Me too.

  • robc||

    4-5 passes to make a noticeable difference. And the filter cant be used for water any more.

  • Detroit Linguist||

    I had not known this. Even better reason to frequent this valuable site.

  • straffinrun||

    However you like it is best. Back in my bartender days we used Gordon's for our well Vodka. I think George Brett used it on his bat handle.

  • Rhywun||

    I agree that Ketel One is the best.

    Gordon's is actually my go-to - it's cheap and "good enough". I wouldn't say it's better than Stoli or Grey Goose or even Smirnoff though.

  • ||

    Absolut also bizarrely high. That ranking seems highly dubious to me.

  • John||

    The only high end Vodka I have ever drank are Stoli and Grey Goose. They are nice. I get how they are better than rot gut like McCormick's but after you move beyond rot gut and into something better, I can't see how it makes much difference.

  • DEATFBIRSECIA||

    New Amsterdam has great Vodka and Gin. Very inexpensive.

  • Loki||

    Abaaoud was a well-known terrorist and one of his previous plots was thwarted...

    Wait a minute... This guy was "a well known terrorist" who had a previous plot thwarted, and he was still walking around free? Why wasn't he arrested for conspiracy to commit murder/ terrorism (or whatever the formal name for charges related to the planning of a failed terrorist plot would be)? Not enough evidence to convict? More "important" cases like teenagers shoplifting or traffic tickets tying up court resources? WTF?!

  • John||

    Good question. If the police knew he was a terrorist, shouldn't he have been in jail? Is planning terrorist attacks not a contact sport in France as long as the police foil them?

  • tarran||

    Maybe he wasn't a full terrorist, but of lower rank: an alarmist, a concernist or perhaps even a mere annoyist.

  • Rhywun||

    I think "government incompetence" sums it up.

  • chipper me timbers||

    as always

  • BigT||

    Maybe they couldn't prove anything. Cutouts sand all. They should have been watching, however.

  • Scott S.||

    He was indeed wanted (and was convicted in absentia in Belgium), but they couldn't find him.

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online