U.S. officials and policymakers have seized on the Paris terror attacks to highlight their concerns about extremists’ use of encrypted communications, after suicide attackers claimed by ISIS were able to plan and execute a complex series of coordinated deadly attacks in the French capital, apparently without leaving a digital footprint.
Speaking Monday at a Center for Strategic and International Studies event, CIA Director John Brennan said that though “it’s not a surprise that this attack was carried out” and there was “strategic warning,” terrorist networks are becoming more sophisticated in their use of communications technology.
“We knew that these plans or plotting by ISIL was under way, looking at Europe in particular as the venue for carrying out these attacks,” Brennan said. “But I must say that there has been a significant increase in the operational security of a number of these operatives and terrorist networks as they have gone to school on what it is that they need to do in order to keep their activities concealed from the authorities. And as I mentioned, there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it.”
It remains unclear exactly how the terrorists coordinated such an intricate operation — four separate gun and suicide-vest attacks within minutes of one another that killed at least 129 people within less than an hour. But the airwaves were abuzz over the weekend with speculation — and so-called “end-to-end” or “zero-knowledge” encryption, where even the provider of the service cannot unscramble messages without the subscriber’s key, was the leading suspect.
“We don’t know for sure yet, but I think what we’re going to learn is that these guys are communicating via these encrypted apps, right, the commercial encryption, which is very difficult, if not impossible, for governments to break, and the producers of which don’t produce the keys necessary for law enforcement to read the encrypted messages,” Michael Morell, former CIA deputy director, said on CBS’ “Face the Nation” Sunday.
Jan Jambon — federal home affairs minister of Belgium, the believed home of Abdelhamid Abaaoud, the man French authorities suspect plotted the attacks — said this type of encryption troubles his country, a hotbed for terrorism recruitment. Jambon said terrorist groups have been know to use unconventional technologies, like video game systems, to communicate, plan and recruit.
“The thing that keeps me awake at night is the guy behind his computer, looking for messages from IS and other hate preachers,” he said, as reported by Belgian publication the Bulletin. “PlayStation 4 is even more difficult to keep track of than WhatsApp.” Other tools like TOR, or the The Onion Router, allow users to navigate the deep Web anonymously with encryption.
Last year, U.S. intelligence and law enforcement officials renewed their campaign — defeated in the 1990s — for technology providers to implant “backdoors” in their encryption products, so they can be decoded and read by court authorized police authorities. FBI Director James Comey has lead the effort to convince companies to give intelligence and security officials access to keep criminals and terrorists from “going dark,” or communicating in untraceable ways.
“With going dark, those of us in law enforcement and public safety have a major fear of missing out,” Comey said in October 2014. “Missing out on predators who exploit the most vulnerable among us; missing out on violent criminals who target our communities; missing out on a terrorist cell using social media to recruit, plan and execute an attack.
But then this year, following an outcry from technologists and cryptographers, the Justice Department acknowledged that — for the time — the administration was not proposing any legislation to impose a backdoor requirement.
But many observers believe the attacks in Paris and the apparent use of encrypted communication will change the administration’s calculation.
“Evidence that terrorists were, in fact, using strong end-to-end encryption to kill people could be game-changing in a debate that has heretofore been defined by anxieties about NSA,” said Benjamin Wittes, editor-in-chief of Lawfare and a senior fellow in governance studies at the Brookings Institution, adding that the public has mostly been in favor of companies’ stronger privacy through encryption, especially in the wake of whistleblower Edward Snowden exposing the National Security Agency’s mass collection of digital metadata.
“All that could change in an instant were it to emerge that the Paris attackers were using technology specifically chosen to secure their communications from those charged with stopping terrorist attacks,” Wittes added.
Morell said the attacks could dramatically impact the argument for encryption, one that, for the moment, is “defined by Edward Snowden and the concern about privacy.”
“I think we’re now going to have another debate about that. It’s going to be defined by what happened in Paris,” he said. “This event is, in many respects, similar to the events of 9/11, in terms of the game-changing aspect of it.”