Editorials

Is encryption really why Paris was attacked?

The Eiffel Tower illuminated in the French colors in honor of the victims of the terrorist attacks in Paris. The tragedy has prompted calls for more government surveillance power and weaker encryption on cellphones and messaging apps.
The Eiffel Tower illuminated in the French colors in honor of the victims of the terrorist attacks in Paris. The tragedy has prompted calls for more government surveillance power and weaker encryption on cellphones and messaging apps. The Associated Press

It’s natural to rethink national security after an attack like the one in Paris. But the drumbeat for more government surveillance power – and, in particular, more access to civilians’ encrypted phone data – is not only futile but likely to backfire.

Federal officials and law enforcement understandably want to hold on to every means of intercepting potential terrorist attackers. And they have lost ground, both politically and technologically, since 9/11.

But their obsession with encryption feels less based on need than on the political impulse not to want to waste a crisis. That, and the desire to force Apple, Google, Facebook and other tech companies to weaken security on new smartphones and messaging services, a tactic that President Barack Obama rejected last month.

Central Intelligence Agency Director John Brennan said Monday that Paris is a “wake-up call” for more high-tech surveillance power. Federal Bureau of Investigation Director James Comey chimed in that modern messaging apps let Islamic State operatives “go dark” to avoid detection.

Sen. John McCain, R-Ariz., wants legislation. Sen. Dianne Feinstein, D-Calif., wants Silicon Valley firms to “take a look at their products” and stop enabling clandestine communications.

All that would be fine if Paris could be blamed solely, or even mostly, on the attackers having some unique technological advantage. But as the investigation in Paris unfolds, it’s increasingly clear that the young jihadis involved were no more tech masterminds than the average drug dealer.

Unsourced reports that they used encrypted communiqués have had no confirmation. They booked hotel rooms in their own names and paid with their own bank cards. One of the clues French police used to trace them was a cellphone found in a trash can near the concert hall where 89 hostages were murdered. The “let’s go” text message it held – “on est parti on commence” – was chilling, but hardly encoded.

The online conduits the Islamic State has been known to use – apps like the Berlin-based Telegram, where users can create secret group chats for 200 and self-destructing video messages – are popular with all sorts of young Europeans. A guide to the group’s security protocols, obtained by researchers from forums and chat rooms and posted by Wired, advised members who couldn’t afford a $799 secure Swiss Blackphone to use the iMessage app on an ordinary iPhone.

And experts say fitting existing apps and devices with “back doors” for decryption would just open other data to identity theft and foreign spying, or push terrorists toward homegrown encryption that might be even harder to decipher.

The problem is, the tech genie can’t be put back in the bottle. And even if knowledge could be rolled back, more reams of surveillance data wouldn’t necessarily make a difference. The bulk phone data collection at the National Security Agency that was uncovered by Edward Snowden may have been shocking and impressive, but repeated investigations have found no evidence that it averted a single terrorist attack.

What might help is doubling down on the old-fashioned police work and coordination that actually has made a difference. That, and perhaps harnessing more of the civilized world’s own cunning. The hackers at Anonymous may be like so many bulls in a china shop, but who knows what might come of their declaration of cyberwar on the terrorists if someone bothered to properly channel their efforts.

Time will tell what allowed the Paris attack to slip by the national security apparatus that the U.S. and Europe have built since 9/11. Let’s not force solutions before we know what the problem is.

  Comments