Encryption & terrorismTerrorists used encrypted apps to plan, coordinate Paris attacks

Published 18 December 2015

The leaders of U.S. and European law enforcement and intelligence agencies have been explicit in their warnings: commercially available communication devices equipped with end-to-end encryption software make it impossible for security services to track terrorists plotting an attack – or monitor the terrorists’ communication while the attack is under way. Sources close to the investigation of the 13 November Paris terrorist attacks have now confirmed that the terrorists used the encrypted WhatsApp and Telegram messengers apps to communicate for a period before the attacks – and with each other during the attacks. What was said in those encrypted messages, and who sent and received these messages, may never be known, because the companies themselves do not have the key – or back door – to decrypt these messages. Thus, security services could not monitor such messages before an attack in order to prevent it, and cannot read these message after an attack to learn more about the terrorists’ network and support system.

The leaders of U.S. and European law enforcement and intelligence agencies have been explicit in their warnings: commercially available communication devices equipped with end-to-end encryption software make it impossible for security services to track terrorists plotting an attack – or monitor the terrorists’ communication while the attack is under way (see “Head of U.K. surveillance agency: U.S. tech companies have become terrorists’ ‘networks of choice’,” HSNW, 5 November 2014; “FBI unable to break 109 encrypted messages Texas terror attack suspect sent ahead of attack,” HSNW, 11 December 2015; “Privacy vs. security debate intensifies as more companies offer end-to-end-encryption,” HSNW, 9 July 2015).

FBI director James Comey last week told lawmakers that one of the suspects in the foiled terror attack in Garland, Texas, in May 2015 had exchanged 109 messages with sources in a “terrorist location” overseas ahead of the attack. U.S. intelligence and law enforcement agencies, however, have not been able to break into and read those messages because they were exchanged on devices equipped with end-to-end encryption software.

Was the Garland attacker receiving instructions from his handlers, and, if so, who were they and what were their instructions? If the Garland attacker was a member of a terrorist cell, were these handlers relaying messages to other cell members? Was the attack part of a larger plot to attack several targets simultaneously, as would be the case in Paris on 13 November?

The FBI was already monitoring those sources in a “terrorist location,” so they had the assume that the 109 messages coming from Texas during the run-up to the Garland attack were not innocent messages about family matters or an upcoming basketball game. Yet, the end-to-end encryption made it impossible to break into these messages, learn the details of the terrorist attack about to be carried out, and do something to prevent it from taking place. In the aftermath of the attack – when there was no longer any doubt that the Texas messages sender was a terrorist who tried to kill Americans – the end-to-end encryption made it impossible to learn more about the scope and nature of the terrorist’s support network, in the United States and abroad, thus making it impossible for the security services to dismantle it.