Brennan: Paris Is A ‘Wakeup Call’ To Europe On Encryption

French police in full bulletproof gear returns after a false alert, sent hundreds running off the place de la Republique in Paris, France, Sunday Nov. 14, 2015.

AP Photo/Jerome Delay

AA Font size + Print

French police in full bulletproof gear returns after a false alert, sent hundreds running off the place de la Republique in Paris, France, Sunday Nov. 14, 2015.

The ability to shield communications from anyone but the intended recipient via encryption and other digital means will now face unprecedented challenges.

Just days after terrorists in Paris killed more than 130 people, members of the U.S. intelligence community, lawmakers and law enforcement sounded the alarm about terrorists talking to each other using end-to-end encryption to “go dark,” or in other words, to effectively thwart law enforcement efforts to intercept digital messages. One privacy group sounded the alarm that encryption helps everyone trade messages securely, making the Internet itself safer.

In many ways, the events of the weekend portend a sea change in the debate over end-to-end user encryption. That refers to some apps, like What’sApp, web services and other means for individuals to encrypt data and messages to ensure that no one else can read them except for the intended recipient. Perfect encryption means that even the manufacturer of the device can’t access encrypted messages, even when law enforcement presents that manufacturer with warrant.

Encryption is popular among consumers especially in the wake of Edward Snowden’s 2013 revelations about NSA programs targeting the metadata of millions of Americans. In 2014, Apple and Google announced that iPhones and Android phones would begin to encrypt users’ data. Shortly thereafter, FBI Director James Comey began a very public crusade to weaken encryption services. Those efforts have just been put into hyper drive based on still unconfirmed—but widely circulated—reports that the terrorists traded messages using either encryption services or apps (as well as off-the-shelf video game systems).

Privacy advocate group the Electronic Frontier Foundation, or EFF,  reacted with concern to the developments. “We were shocked and saddened to learn of the attacks in Paris and Beirut. But these heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy.” EFF Executive Director Cindy Cohn told Defense One in an email. “At this point there is no confirmation that end-to-end encryption was used by the attackers, much less that the use of that encryption is what led the world’s intelligence services to fail to detect the plot before the tragedy. What we do know is that strong encryption is crucial to allow political organizers, government officials, and ordinary people around the world to protect their security, privacy and safety from criminals and terrorists alike. Any ‘backdoor’ into our communications will inevitably (and perhaps primarily) be used for illegal and repressive purposes rather than lawful ones.”

Opponents of encryption in law enforcement and elsewhere took a different approach to the problem.

CIA Director John Brennan appeared before the Center for Strategic International Studies, a Washington think tank, to say that the ability of intelligence professionals “to monitor and surveil these individuals…is under strain … There has been a significant increase in the operational security of a number of these operatives and terrorists networks as they have gone to school on what it is that they need to do to keep their activity concealed from the authorities … There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence security services to have the insight they need to uncover it.”

He went on to predict that the governments of France and elsewhere were likely to warm to intrusive signals intelligence in the days and weeks ahead.

“Time for us to take a look and see if there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people they are asked to serve. … I do hope this will be a wakeup call particularly in areas of Europe.”

New York City Police commissioner Bill Bratton appeared on Morning Joe to say that similar attacks “could” happen in New York and that, “yes,” the ability of terrorists to use encryption to go dark was a major concern. “We’re encountering that all the time. We have a huge operation in New York working with Joint Terrorism Task Force and we encounter that, frankly, where we are monitoring and they go dark … the technology has been purposefully designed by the manufacturers so that even they claim they can’t get into their own devices … We’re seeing it everyday where we are losing the ability to gather intelligence.”

Sen. John McCain, R-Ariz, also made the case for law enforcement backdoors into encrypted devices, despite concerns from encryption experts that such back doors would weaken the encryption and could be exploited by criminals. “It’s time we had another key that would be kept safe and only revealed by means of a court order. Right now, the recruitment, training, and equipping can happen in secure sites and we can not let that continue to happen, with all due respect to my friends in Silicon Valley,” McCain said, on the same show.

What happens now will depend on what new intelligence comes to light and how it was obtained. Even if it is revealed that the terrorists used encryption to hide messages from law enforcement, there’s no evidence to suggest that making widely available technology suddenly illegal would hurt anyone but people using encryption lawfully.

Regardless, the enemies of encryption have their knives drawn.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download
  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Top 5 Findings: Security of Internet of Things To Be Mission-Critical

    As federal agencies increasingly leverage these capabilities, government security stakeholders now must manage and secure a growing number of devices, including those being used remotely at the “edge” of networks in a variety of locations. With such security concerns in mind, Government Business Council undertook an indepth research study of federal government leaders in January 2017. Here are five of the key takeaways below which, taken together, paint a portrait of a government that is increasingly cognizant and concerned for the future security of IoT.

    Download
  • Coordinating Incident Response on Posts, Camps and Stations

    Effective incident response on posts, camps, and stations is an increasingly complex challenge. An effective response calls for seamless conversations between multiple stakeholders on the base and beyond its borders with civilian law enforcement and emergency services personnel. This whitepaper discusses what a modern dispatch solution looks like -- one that brings together diverse channels and media, simplifies the dispatch environment and addresses technical integration challenges to ensure next generation safety and response on Department of Defense posts, camps and stations.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download

When you download a report, your information may be shared with the underwriters of that document.