Don't Blame Snowden for Terror in Paris
As soon as some picture of the Paris attacks began to come into focus, the debate over Edward Snowden started again. Senior officials are now saying the former contractor's leaks made it harder to catch the perpetrators of the atrocity in France. The known facts so far tell a different story.
On Monday, CIA director John Brennan said terrorists had practiced more "operational security" after leaks about some intelligence programs. The next day, Politico published an interview with Brennan's predecessor, Michael Morell, who said Snowden's leaks helped contribute to the rise of the Islamic State and that had they not occurred, the West would have had a "fighting chance" to prevent the terror in Paris. Former CIA director James Woolsey over the weekend was more explicit, saying Snowden has "blood on his hands."
The case against Snowden emerged after some European officials said the attack's plotters in Belgium, France and Syria likely used encrypted messaging applications. FBI Director James Comey has said these easy-to-use encrypted communications technology create "dark spaces," making it harder (though not impossible) for the bureau to intercept these conversations.
The question now is whether Snowden's disclosures caused terrorists to be more cautious, and use this technology to foil the efforts of governments to find them. Senior U.S. officials have made variations of this claim since 2013. Morell, for example, wrote in his memoir published this year that terror networks monitored by U.S. intelligence "went dark" after some of the Snowden stories were published.
Public evidence to support these claims is lacking.
The U.S. intelligence community for example has never explained what specific leaks from Snowden caused what specific terrorists to go dark. Current and former U.S. intelligence officials didn't provide such information to us either this week either. When we asked Senator Dianne Feinstein, the vice chairman of the Senate Select Committee on Intelligence, whether Snowden helped make it harder to catch the perpetrators of the Paris attack, she referred us back to Brennan's comments.
The cyber-security firm Recorded Future released a study in 2014 that said al Qaeda was improving its own encryption tools after Snowden's disclosures, but other studies have challenged this claim. Another study last year, from another cyber-security firm, Flashpoint, found no evidence that online jihadis changed their cyber security practices because of Snowden. Al Qaeda has used its own encryption programs since 2007.
As Derek Harvey, a former intelligence officer who specialized in terror networks in Iraq and Afghanistan, told us Snowden's disclosures were far more valuable to states like Russia and China than to terrorist groups like the Islamic State. "The general tradecraft vulnerabilities exposed in how terrorists were being monitored and exploited were well known to the sophisticated members of the terrorist and criminal communities," he said. While he was still in Hong Kong, Snowden provided to the South China Morning Post the IP addresses of machines in China that were targeted by the NSA. This was an intelligence coup for the Chinese government, but of no value to terrorists like the Islamic State.
While there's no public evidence that Snowden's leaks spurred jihadis to recognize the usefulness of encrypted communications, his disclosures are responsible for creating a schism between the U.S. government and U.S. Internet companies. Those companies have doubled down on making encryption standard for many products since his first disclosures in 2013. This trend began before Snowden's disclosures; Apple's FaceTime and iMessage have been encrypted since 2011. But the move has accelerated since.
"The engineering teams and security teams are as ideologically opposed as it gets to surveillance, and they were long before Snowden," Chris Soghoian, the chief technologist for the American Civil Liberties Union, told us. "What Snowden did is wake up the executives of the tech companies."
The post-Snowden relationship between Silicon Valley and Washington is vastly different from the relationship that emerged after 9/11. Snowden disclosed that the NSA was skimming content from popular messaging applications like Yahoo and Skype, using obscure legal authorities. After Snowden's leaks, many tech companies began to better protect their customers from the prying eyes of the U.S. government. Today both Apple and Google have said they will make encryption standard on their smartphones. As Google CEO Eric Schmidt told Bloomberg five months after Snowden's leaks in November 2013: "The solution to government surveillance is to encrypt everything."
All of this has worried the FBI and the U.S. intelligence community. But as of last month, the tech companies appeared to have won the debate. The FBI dropped its request in October for a "back door" to encrypted communications.
Then came Paris. This issue is now back in play. Senator Richard Burr, the Republican chairman of the Senate Select Committee on Intelligence, said earlier this week that he anticipated that all terrorist communications from now on would use encryption. He predicted that tech companies would not react kindly to new government and Congressional efforts to force them to give law enforcement access to their applications, but that wasn’t a concern of lawmakers. “We don’t have a responsibility to sell their products,” he said. “We have a responsibility to keep America safe. If it means people are going to have to change their business models, then so be it.”
Feinstein agreed, telling us: "I think there has to be a way we have to get this information. Why should somebody in Syria be able to plot with someone in Belgium to plot an attack in France, if in fact what has been reported is correct, and do it all in a way that nobody can ever pierce it to know?"
The irony in all of this is that many Democrats supported making encryption standard on web products back in 2010 and 2011, when this technology was seen as a defense against hackers and a way for dissidents to shield their conversations from dictatorships like Iran. One such Democrat was Hillary Clinton, when she was secretary of state.
Clinton's State Department created new grant programs to promote easy-use-encryption technology aimed at helping dissidents. In some cases, these programs provided the initial grants that helped fund the development of products that today create some of the dark spaces that worry the FBI. These grant programs funded Open Whisper Systems, which is used in the Android version of WhatsApp -- providing what Soghoian called "best of class encryption." He told us: "The reason these communications are secure is far more because of Hillary Clinton than because of Edward Snowden."
This could now change in the aftermath of the Paris attacks. And if the U.S. tech companies are forced to reverse their drive for standardized encryption, the lost privacy will not be because of Snowden's leaks or Clinton's policies, but because the Islamic State uses the same technology as the rest of us.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the editor responsible for this story:
Philip Gray at email@example.com