view counter

EncryptionParis terrorist attacks reignite debate over end-to-end encryption, back doors

Published 18 November 2015

The exact way the terrorists who attacked France last Friday communicated with each other, and their handlers, in the run-up to the attack is not yet clear, but the attack has prompted law enforcement and intelligence agencies in Europe and the United States to renew their call to regulate the use of new encryption technologies which allow users to “go dark” and make it difficult, if not altogether impossible, to retrieve the contents of communication.

The exact way the terrorists who attacked France last Friday communicated with each other, and their handlers, in the run-up to the attack is not yet clear, but the attack has prompted law enforcement and intelligence agencies in Europe and the United States to renew their call to regulate the use of new encryption technologies which allow users to “go dark” and make it difficult, if not altogether impossible, to retrieve the contents of communication.

In the wake of Edward Snowden leaks about the NSA domestic spying, several tech giants have begun to equip the devices they sell customers with end-to-end encryption which makes it technically impossible for the companies to retrieve customer communications, even if ordered to do so by a court since the companies themselves no longer have the keys to decrypt communications.

The heads of the FBI, NSA, MI5, and other intelligence and law enforcement agencies publicly stated that these advanced encryption technologies turn the Internet into a “safe haven” for terrorists and criminals.

Gadgets notes that several media reports have said the Islamic State organization has increasingly turned to encrypted communications and applications to avoid detection.

CIA director John Brennan, speaking at a Washington forum Monday, warned that some technologies – he did not specifically named encryption — “make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it.”

Brennan’ warning were similar to concerns expressed by the heads of the FBI and NSA that terrorists and criminals have begun to use sophisticated encryption to evade law enforcement monitoring.

I think what we’re going to learn is that these guys are communicating via these encrypted apps, right, the commercial encryption, which is very difficult, if not impossible, for governments to break,” former deputy CIA director Michael Morell told the CBS program Face the Nation.

New York City Police Commissioner William Bratton said the NYPD has often been frustrated by encryption which has increased with new smartphones powered by Apple and Google encryption software.

We’re encountering that all the time,” Bratton told broadcaster MSNBC Monday. “We have a huge operation in New York City working closely with the Joint Terrorism Task Force and we encounter that frequently. We are monitoring (suspects) and they go dark. They are going onto an encrypted app, they are going onto sites that we cannot access. The technology has been purposely designed by our manufacturers so that even they cannot get into their own devices.”

Benjamin Wittes, a Brookings Institution fellow who edits the blog Lawfare, told Gadgets that although leading technology companies have so far resisted government calls for “backdoors” into encrypted devices, the Paris attacks may prove to be a game changer.

Evidence that terrorists were, in fact, using strong end-to-end encryption to kill people could be game-changing in a debate that has heretofore been defined by anxieties about NSA,” Wittes said.

The tech companies won the first round of the current encryption battles in large measure because the concerns the intelligence and law enforcement community have about ‘going dark,’ while acutely real to them, are pretty hypothetical on public evidence,” he added.

All that could change in an instant were it to emerge that the Paris attackers were using technology specifically chosen to secure their communications from those charged with stopping terrorist attacks.”

Steve Vladeck, an American University law professor and editor of the Just Security blog, told Gadgets that the Paris attack will inevitable renew the debate over end-to-end encryption.

“I don’t think we know nearly enough yet to assess whether anything about the Paris attacks ought to tilt the scales in the ongoing debate over encryption,” he said.

The most immediate focus of post-Paris discussions of national security law and policy reform is going to be surveillance, with a special focus on encryption and back doors.”

Privacy advocates and technology experts disagree with the call to create back doors into encrypted devices.

We’ve never been able to create a ‘back door’ that can discriminate between good guys and bad guys,” Joseph Hall of the Center for Democracy & Technology told AFP. Creating special access “would mean engineering vulnerabilities” Hall said.

Bruce Schneier, a fellow at the Harvard Berkman Center for Internet and Society, a cryptographer, chief technology officer at the security firm Resilient Systems, and a long-time critic of what he sees as unjustified fear-mongering by law enforcement and intelligence agencies, told AFP that the Paris attacks may be used “to scare people” to weaken encryption.

They are going to use this to convince people we need back doors,” he said. “It might change the debate because people are scared.”