Brennan: Paris Is A ‘Wakeup Call’ To Europe On Encryption

French police in full bulletproof gear returns after a false alert, sent hundreds running off the place de la Republique in Paris, France, Sunday Nov. 14, 2015.

AP Photo/Jerome Delay

AA Font size + Print

French police in full bulletproof gear returns after a false alert, sent hundreds running off the place de la Republique in Paris, France, Sunday Nov. 14, 2015.

The ability to shield communications from anyone but the intended recipient via encryption and other digital means will now face unprecedented challenges.

Just days after terrorists in Paris killed more than 130 people, members of the U.S. intelligence community, lawmakers and law enforcement sounded the alarm about terrorists talking to each other using end-to-end encryption to “go dark,” or in other words, to effectively thwart law enforcement efforts to intercept digital messages. One privacy group sounded the alarm that encryption helps everyone trade messages securely, making the Internet itself safer.

In many ways, the events of the weekend portend a sea change in the debate over end-to-end user encryption. That refers to some apps, like What’sApp, web services and other means for individuals to encrypt data and messages to ensure that no one else can read them except for the intended recipient. Perfect encryption means that even the manufacturer of the device can’t access encrypted messages, even when law enforcement presents that manufacturer with warrant.

Encryption is popular among consumers especially in the wake of Edward Snowden’s 2013 revelations about NSA programs targeting the metadata of millions of Americans. In 2014, Apple and Google announced that iPhones and Android phones would begin to encrypt users’ data. Shortly thereafter, FBI Director James Comey began a very public crusade to weaken encryption services. Those efforts have just been put into hyper drive based on still unconfirmed—but widely circulated—reports that the terrorists traded messages using either encryption services or apps (as well as off-the-shelf video game systems).

Privacy advocate group the Electronic Frontier Foundation, or EFF,  reacted with concern to the developments. “We were shocked and saddened to learn of the attacks in Paris and Beirut. But these heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy.” EFF Executive Director Cindy Cohn told Defense One in an email. “At this point there is no confirmation that end-to-end encryption was used by the attackers, much less that the use of that encryption is what led the world’s intelligence services to fail to detect the plot before the tragedy. What we do know is that strong encryption is crucial to allow political organizers, government officials, and ordinary people around the world to protect their security, privacy and safety from criminals and terrorists alike. Any ‘backdoor’ into our communications will inevitably (and perhaps primarily) be used for illegal and repressive purposes rather than lawful ones.”

Opponents of encryption in law enforcement and elsewhere took a different approach to the problem.

CIA Director John Brennan appeared before the Center for Strategic International Studies, a Washington think tank, to say that the ability of intelligence professionals “to monitor and surveil these individuals…is under strain … There has been a significant increase in the operational security of a number of these operatives and terrorists networks as they have gone to school on what it is that they need to do to keep their activity concealed from the authorities … There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence security services to have the insight they need to uncover it.”

He went on to predict that the governments of France and elsewhere were likely to warm to intrusive signals intelligence in the days and weeks ahead.

“Time for us to take a look and see if there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people they are asked to serve. … I do hope this will be a wakeup call particularly in areas of Europe.”

New York City Police commissioner Bill Bratton appeared on Morning Joe to say that similar attacks “could” happen in New York and that, “yes,” the ability of terrorists to use encryption to go dark was a major concern. “We’re encountering that all the time. We have a huge operation in New York working with Joint Terrorism Task Force and we encounter that, frankly, where we are monitoring and they go dark … the technology has been purposefully designed by the manufacturers so that even they claim they can’t get into their own devices … We’re seeing it everyday where we are losing the ability to gather intelligence.”

Sen. John McCain, R-Ariz, also made the case for law enforcement backdoors into encrypted devices, despite concerns from encryption experts that such back doors would weaken the encryption and could be exploited by criminals. “It’s time we had another key that would be kept safe and only revealed by means of a court order. Right now, the recruitment, training, and equipping can happen in secure sites and we can not let that continue to happen, with all due respect to my friends in Silicon Valley,” McCain said, on the same show.

What happens now will depend on what new intelligence comes to light and how it was obtained. Even if it is revealed that the terrorists used encryption to hide messages from law enforcement, there’s no evidence to suggest that making widely available technology suddenly illegal would hurt anyone but people using encryption lawfully.

Regardless, the enemies of encryption have their knives drawn.

Close [ x ] More from DefenseOne