Following the terrorist attacks in Paris Friday, advocates of government surveillance jumped on television to say that encrypted communications technology aids terrorism. A British newspaper reported that PlayStation 4 game consoles had become terrorist planning tools, citing a Belgian government official who actually said something quite different.
Yet there's no evidence, or at least none yet made public, that the Paris attackers used WhatsApp, Apple iMessage, the PlayStation Network or any other widely used encrypted messaging tool. For all we know, the attackers could have used their own homegrown encryption, or carrier pigeons or semaphore signals, or — as Osama bin Laden apparently did — human couriers to transmit messages.
The truth is that police, spies and government officials are using the attacks as an opportunity to push for government "backdoors" in encrypted communications, which the FBI gave up on less than a month ago. They don't want to lose the huge surveillance advantage they gained when everyone on the planet started using email and other electronic communications 20 years ago.
But such backdoors won't stop terrorist attacks. What they may do is destroy the American software industry.
The Paris attacks happened Friday. The next day, former deputy CIA director Mike Morell, now a CBS News analyst, was on TV arguing that encrypted communications may have aided the planning and execution of the Paris attacks.
Morell was followed by New York City deputy police commissioner John Miller, who said the same thing. On Sunday, Miller's boss, New York City Police Commissioner Bill Bratton, turned up on both CBS and ABC to reinforce the message.
"I think what we're going to learn is that these guys are communicating via these encrypted apps," Morell said on CBS' Face the Nation. "The commercial encryption, which is very difficult, if not impossible, for governments to break, and the producers of which don't produce the keys necessary for law enforcement to read the encrypted messages."
"I think what you're seeing here is what FBI Director Jim Comey calls 'going dark,'" Miller told CBS' 48 Hours. "In the time following the Snowden debate about privacy and government overreaching and all of those allegations, a series of apps have come out that are encrypted, that have messages that self-destruct, set to a timer, that can hold group chats that are completely protected from surveillance for up to 200 people."
Britain's Daily Mail misquoted a Belgian official as saying that the PlayStation 4 was being used to plan attacks.
"ISIS is using the PlayStation 4 network to recruit and plan attacks because it is 'more secure than WhatsApp.' intelligence experts warn," the Daily Mail wrote.
What Belgian Deputy Prime Minister and Interior Minister Jan Jambon actually said during an international conference in Brussels last Tuesday, Nov. 10 — three days before the Paris attacks — was that Sony's PlayStation Network (PSN) was being used by ISIS to recruit new members, and that the PSN was harder to monitor than WhatsApp. He didn't say why it was harder to monitor.
Encryption — not just for terrorists any more
Could encrypted communications tools help terrorists? Absolutely. They also help political dissidents living under repressive regimes, companies sending confidential documents over the Internet, diplomats and spies posted overseas, and you, when you don't want advertisers reading your email and following where you go on the Internet.
Twenty years ago, the government pushed through a law called the Communications Assistance for Law Enforcement Act (CALEA) that required telephone companies to let the government tap their lines. The law was later extended to cover Internet service providers, such as Time Warner Cable or Comcast.
For the past five years, the FBI has led a push to extend CALEA to cover software-based communications, such as Facebook, Apple Messaging, Google Talk, Gmail and other email and messaging services. Some of this stuff can already be read because it isn't encrypted, or is decrypted and then re-encrypted at some point along the chain where it can be intercepted.
But Apple Messages, WhatsApp, Silent Test, Wickr, Signal, Telegram, BlackBerry Messenger and several other messaging applications encrypt messages end-to-end — they're never decrypted along the way. Some of them can't even be decrypted by the companies that run them. And the people who run such services have been touting them as essential to personal privacy.
Demand for those services soared after Edward Snowden spilled the beans on how much information the NSA was getting. But the greater message of Snowden's leaks was that the electronic age has been a gold mine for spies, cops and other information gatherers. When something's written down, it creates a record, and all you have to do is find that record.
For the past two decades, law enforcement and intelligence agencies have had it easy, and they don't want to lose that newfound advantage. That's what "going dark" really means — it resets the clock to 1995, when it wasn't so easy to keep track of what everyone on the planet was saying.
Due to lack of support from the White House and the Justice Department, the FBI recently said it would give up the fight for backdoors — for now. After 2016, the next president might be more receptive to the idea.
What we know we don't know
There are two more "known unknowns" to consider, to quote Donald Rumsfeld. One is that ISIS and other groups may be using their own encryption applications. There's plenty of open-source software out there to let even a moderately skilled developer create his or her own secure IM client, and to generate long encryption keys that would be difficult to crack. No law enforcement agency is going to be able to activate a backdoor on software that's run from a server in ISIS-occupied Syria.
The other unknown is that the NSA may already be able to crack many of the commercial and widely-known encryption software. Security experts like to say that the NSA is 10 years ahead of everyone else when it comes to cracking encryption; the agency may have ways of opening up encrypted apps that we haven't even thought of.
But here's a known known: Encryption backdoors can be exploited by malicious hackers and will undermine trust in American technology. If backdoors are built into commercial apps, criminals will find them and use them to steal corporate and government secrets, blackmail private individuals and spread malware.
Meanwhile, if people in other countries know that American technology lets the American government read their messages, then they’ll stop buying American technology. They'll stop buying Apple and Android phones and Microsoft operating systems, and they'll stop using Google and Facebook. And terrorist attacks will still happen.