France

What Role Did Encryption Play in Paris?

By Benjamin Wittes
Monday, November 16, 2015, 7:40 AM

Glenn Greenwald has seen the big picture in Paris. With 129 people dead, terrorists still at large, and ISIS crowing over the carnage, Greenwald has jumped on the real problem: Someone, somewhere might think the Edward Snowden leaks had something to do with an attack to which our signals intelligence was blind.

"[I]t’s of course unsurprising that ever since Edward Snowden’s whistleblowing enabled newspapers around the world to report on secretly implemented programs of mass surveillance, he has been accused by 'officials' and their various media allies of Helping The Terrorists™," Greenwald writes in a lengthy tirade over at The Intercept. "The implicit premise of this accusation is that The Terrorists didn’t know to avoid telephones or how to use effective encryption until Snowden came along and told them. Yet we’ve been warned for years and years before Snowden that The Terrorists are so diabolical and sophisticated that they engage in all sorts of complex techniques to evade electronic surveillance."

I actually agree with Greenwald that one cannot blame the Snowden revelations for what happened in Paris—at least not yet, and probably not ever. The simple reason is that we don't yet know what surveillance countermeasures the attackers really took, and—just as importantly—we don't know what surveillance countermeasures they would have taken had Snowden not blown all of the programs he exposed. The most one can blame Snowden for is making it far more likely that terrorists could undertake an attack like that in Paris without having their communications intercepted and decrypted.

Just as one cannot attribute any specific weather event to climate change, it's not responsible—absent very specific evidence of terrorist tradecraft—to attribute any specific terrorist event to Snowden.

The more interesting question is what, if anything, the Paris atrocities can teach us about the "going dark" debate and encryption. Unlike the specific role of the Snowden revelations in informing the tactical choices of the attackers, this is a matter on which we can expect information to develop. Specifically, we can expect to learn whether the attackers were using encrypted channels of the type FBI Director James Comey has been warning about for the past year. And we can expect to learn as well whether the attackers avoided specific channels where they believed surveillance was possible.

So far, anyway, I haven't seen anything solid on either of these questions, though there have been hints.

The New York Times reported yesterday that:

American and French officials said the attackers had operated with high levels of sophistication, beyond what would be expected of a plot in which the assailants were merely inspired to act by a radical group rather than trained or equipped by it.

The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption.

And former CIA acting director Michael Morell, speaking yesterday with CBS's John Dickerson on Face the Nation, said:

DICKERSON: So, just to -- so these weren't kind of a bunch of lone wolves? These are people who have a connection to a headquarters?

MORELL: It seems that way, yes.

DICKERSON: And how does that communication take place?

MORELL: So, I think what we're going to learn, we don't know for sure yet, but I think what we're going to learn is that these guys are communicating via these encrypted apps, right, the commercial encryption, which is very difficult, if not impossible, for governments to break, and the producers of which don't produce the keys necessary for law enforcement to read the encrypted messages.

Even this sort of speculation has the encryption die hards—like a bunch of NRA activists after a school shooting worrying that someone might think about thinking about gun control—seeing red. Dan Froomkin, also of The Intercept, tweeted yesterday:

Froomkin is not wrong to be alarmed. Evidence that terrorists were, in fact, using strong end-to-end encryption to kill people could be game-changing in a debate that has heretofore been defined by anxieties about NSA. The tech companies won the first round of the current encryption battles in large measure because the concerns the intelligence and law enforcement community have about "going dark," while acutely real to them, are pretty hypothetical on public evidence. All that could change in an instant were it to emerge that the Paris attackers were using technology specifically chosen to secure their communications from those charged with stopping terrorist attacks.

Back in September, the Washington Post reported on an email written by DNI General Counsel Bob Litt:

Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

There is value, he said, in “keeping our options open for such a situation.”

Is this such a situation? We don't know yet. And the better part of valor is to wait until we know something real about the attackers' use of encryption before commenting on what, if anything, it means for the "going dark" debate—not to mention what means, if anything, for Snowden's personal blameworthiness.

Suffice it to say for now that the question is a legitimate one.