A Back Door to Encryption Won't Stop Terrorists
There's no evidence the plotters of the Paris terrorist attacks used encrypted communications, but debates about whether the technology should have a "back door" for intelligence services are heating up again. The debate, however, probably will have little effect on terrorist organizations.
Michael Morell, former deputy director of the Central Intelligence Agency, told "60 Minutes" on Sunday that after the public discussion of encryption sparked by Edward Snowden and the privacy concerns he raised, "we're now going to have another debate about that. It's going to be defined by what happened in Paris."
Islamic State has claimed responsibility for the Paris attacks and for the explosion of the Russian airliner over Egypt last month. The group used Telegram, a Russian-designed, Berlin-based secure messenger app, to get out its message. The terrorists appear to prefer this method to platforms such as Facebook and Twitter, where they are being censored and their accounts blocked.
There's no doubt that terrorist groups use these channels, and probably many other means, such as steganography, or the officially Snowden-approved messenger Signal and other apps with encryption capabilities that make it harder for governments to interfere with the communication. It's worth asking how they are using this software, however.
Propaganda and recruitment require relatively secure channels because IS needs to get its message out without interruption. And for potential Islamic State recruits getting in touch with the group is an important social experience that is made more exciting if some cloak-and-dagger stuff is involved. It's unlikely, however, that any experienced terrorist would assume that such communication channels -- almost all developed in Western countries -- are safe.
Apple chief executive Tim Cook says the encryption now used in his company mobile operating system, iOS, prevents everyone, including Apple itself and government agencies, from accessing user data. "We’re not reading your e-mail, we’re not reading your iMessages," Cook said on "Charlie Rose" last year. "If the government laid a subpoena on us to get your iMessages, we can’t provide it. It’s encrypted and we don’t have the key." Such statements aren't all that reassuring to the Islamic State, which last year specifically banned its fighters and officials from using Apple devices.
Smartphones in general are not particularly safe because they have built-in satellite navigation, and can be used to locate and eliminate terrorists. Even with navigation turned off, the phones are untrustworthy because they use operating systems from Google and Apple, both flagged by Snowden as participants in the National Security Agency's electronic surveillance programs. U.S. intelligence officials' complaints about the supposed impenetrability of publicly available encryption and the demands for access have been rejected by the administration, but to Islamic State and other terror groups, that's just a suspicious good cop, bad cop routine.
After all, even the encrypted messenger Signal was partly funded by the U.S. government as part of its effort to provide encryption technology to people fighting oppressive regimes. There is no way for the terrorists to know whether a back door was built in.
On the morning after the Paris attacks, former White House Press Secretary Dana Perino blamed Snowden for tipping off terrorists about U.S. electronic surveillance:
Yet long before Snowden leaked NSA documents, terror groups knew encryption wasn't particularly useful. Al-Qaeda was known to use encryption and steganography (according to one story, the Muslim fundamentalists used porn sites to send secret messages). But the Sept. 11 hijackers exchanged unencoded messages on Hotmail, merely substituting the phrase "The faculty of Commerce" for "World Trade Center."
From a terrorist's point of view, truly secure communication is either so routine-looking as to avoid interest -- or it is offline. If a group uses a commonly available messaging app, it's likely to get caught, as an alleged Chechen jihadist group did in Belgium last summer.
Whatever communication method the Paris assailants turn out to have used, providing back doors into commercial encryption probably won't prevent the next attack. Almost all the attackers were known to the authorities, and if they had been watched, their use of encryption programs would have itself invited closer scrutiny. There is, however, no way for intelligence services to watch every suspicious individual all the time, and the terrorists will always be able to use that to their advantage.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the author of this story:
Leonid Bershidsky at email@example.com
To contact the editor responsible for this story:
Max Berley at firstname.lastname@example.org