The Paris Attackers Didn't 'Go Dark'—They Used Burner Phones

Encryption was not the reason authorities were in the dark about the planned Islamic State terrorist attacks in Paris last fall. It was a method of escaping or avoiding surveillance known to police and viewers of The Wire everywhere: "burner phones," smartphones that were purchased and used briefly before being disposed of in order to avoid tracking or wiretapping.

Authorities still believe that encryption did play some sort of role in communications in the planning stages (and the information about that is still very vague). But according to a report analyzed over the weekend at the New York Times, encryption didn't appear to play a role in the unfolding of the actual attacks:

The attackers seized cellphones from the hostages and tried to use them to get onto the Internet, but data reception was not functioning, Mr. Goeppinger told the police. Their use of hostages' phones is one of the many details, revealed in the police investigation, pointing to how the Islamic State had refined its tradecraft. Court records and public accounts have detailed how earlier operatives sent to Europe in 2014 and early 2015 made phone calls or sent unencrypted messages that were intercepted, allowing the police to track and disrupt their plots. But the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.

The report noted that they have found absolutely no email or online chat between the terrorists on any of the phones they've recovered. And they found dozens of boxes of unused cellphones in the apartment they raided after the attacks.

The report prompted a Twitter exchange between surveillance whistleblower Edward Snowden and The Wire creator David Simon. Snowden joked that authorities would seek out Simon for "questioning" at the news that burner phones had been used (the joke being that Simon, like Snowden, would be held accountable for passing along information about surveillance methods). Simon responded by wondering whether, actually, the tactics used by the terrorists vindicated phone metadata collection, and Snowden responded to him by pointing out that foreign terrorists (unlike American drug dealers) would dispose of the phones so quickly as to render the metadata gathering less useful in preventing attacks. And the exchange went on. You can read the tweets here. Keep in mind that Snowden and other critics of mass metadata surveillance have not been objecting to the tool, but rather the mass, unwarranted collection of data from millions of Americans. Nothing that has changed about metadata collection (or has been argued) would have prevented the National Security Agency (NSA) from collecting information about these terror suspects' phones assuming the NSA did know of their existences.

As for encryption, it's not clear to the extent that it played in the planning stages. Ars Technica analyzed the piece and was suspicious of the claim that much encryption happened at all:

A witness reported seeing a terrorist with a laptop, and told the investigators that as the computer powered up, "she saw a line of gibberish across the screen: "It was bizarre—he was looking at a bunch of lines, like lines of code. There was no image, no Internet," she said." The New York Times writes: "Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks."

But as many were quick to point out online, the witness probably wasn't looking at some encryption software in action, because such systems show the decrypted message, not the encrypted form. The former Ars Technica editor Julian Sanchez wrote on Twitter: "It's suggestive of a verbose boot. Using encryption looks like 'reading a message' because you decrypt it first."

The Times notes that authorities hope the arrest of suspected attack planner Salah Abdeslam in Belgium Friday will lead to more answers, including what type on encryption the terrorists used to plan the attacks, if any.

And that's an important reminder about the issue with trying to demand encryption "back doors" from large companies: There are hundreds of independent encryption software tools out there. When the authorities go after Apple like they're doing in the San Bernardino case, what they're actually doing is potentially weakening the "industry"-level encryption or security measures that protect average law-abiding folks from criminals and hackers. In order to fight organized terrorism, authorities are really going to have no choice but to figure out how to break each encryption system on their own. There is no realistic way in this world to police independently produced and released software tools.

There's more information about the Paris attacks coming out today. Read more here.