In the wake of the Paris terrorist attacks, U.S. officials are once again examining whether the government should restrict the use of encryption technology, which law enforcement and intelligence officials say allows terrorists to evade detection and shield their communications. The effort had lost momentum but is getting renewed attention following the attacks.
But technology and intelligence experts say that argument is a red herring, and ignores the fact that the “ringleader” of the Paris attacks was known to both American and French authorities before executing an attack that killed 130 people.
So far, officials haven’t put forth any evidence that the Paris attackers used encryption. Instead, it appears that French and U.S. security may have missed the attackers’ plotting as they moved back and forth across national borders and built suicide vests in the heart of Europe, pointing to critical weaknesses in security services on both sides of the Atlantic.
In recent days, U.S. officials have been taking the pulse of some technology companies to gauge their willingness to sit down for meetings aimed at coming up with new encryption policies, two individuals familiar with those discussions told The Daily Beast.
But the tech companies haven’t committed to any major changes and are digging in their heels for a long fight.
One executive with a prominent manufacturer of encryption technology, who asked not to be identified, told The Daily Beast that he hadn’t been contacted, a surprising fact considering that his company is central to the debate over commercially available encryption that’s nearly impossible for intelligence agencies to crack.
But he questioned whether the administration really had the stomach for a drawn-out, public debate, considering that, prior the Paris attacks, officials had tried and failed to rein in encryption.
“They know how crazy it is for anyone to talk about backdoors,” he said, referring to the idea floated by U.S. officials in recent months that encryption technology should contain some mechanism for the government to unscramble a message for intelligence purposes or during a criminal investigation.
Many technology experts ridiculed that idea as both impractical and a sure-fire way to give hackers a means to foil encryption, which is a key pillar of information security on the Internet, used to protect financial transactions and sensitive data.
A senior administration official, while not directly addressing any new encryption policies, said U.S. intelligence sharing with French authorities is increasing after the attacks.
“To further that cooperation, the President announced that the Office of the Director of National Intelligence and Department of Defense have agreed that U.S. military personnel will more easily share operational planning information and intelligence with their French counterparts on a range of shared challenges,” the official said.
Meanwhile, intelligence and technical experts said that a renewed encryption debate risked becoming a fruitless exercise.
“People will continue to create ‘unbreakable encryption,’ and others will continue to find a way around it, including the intelligence community, of course,” Bob Stasio, a former employee of the National Security Agency and military cyber officer, told The Daily Beast.
“I am a full believer in ‘if man can make it, man can break it,’ so I think saying we should limit encryption technology to prevent malicious use is not only a waste of time, but weakens legitimate cyber security as a whole,” said Stasio, who is now a fellow with the Truman National Security Project.
“Arguments focused on trying to restrain or hobble encryption technology are not the optimal path—and they strike me as reactionary,” Andrew Borene, a former associate deputy general counsel at the Defense Department, and also a Truman fellow, told The Daily Beast.
A spokesperson for the Information Technology Industry Council, a trade association that represents Apple, Facebook, Google, Microsoft, and other companies, declined to comment on any conversations with the administration.
But in a statement last week, the group said, “Weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense.”
That statement came three days after a speech by Director of the Central Intelligence Agency John Brennan, who said, “There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover” terrorist activities, without mentioning any technologies by name.
Brennan’s remarks were seen by many in the tech industry as an opening salvo in the government’s new attack on encryption. Previously, FBI Director James Comey had been warning for months about the risk that the government might not be able to understand and decipher terrorists’ and other criminals’ communications, a problem he called “going dark.” But in the face of stiff opposition from tech companies and privacy advocates, Comey and Justice Department officials effectively gave up their push for new laws and regulations.
Paris may have breathed new life into the effort, but some former officials say the encryption debate is a distraction from the bigger problem of why intelligence agencies seem unable to deter attacks by people who aren’t scrambling their communications.
Stasio and Borene argued that the U.S. should actually invest more in collecting intelligence on a large scale, and develop technology that can better analyze and piece together potential clues about attacks at the same time that it keeps track of how intelligence agencies are using that information, in order to prevent abuses.
What’s needed now, Borene said, is “better, large-scale collection (both classified and unclassified programs), with big data analytics and link-analysis systems that support the U.S. system of oversight from all three branches of government—the same system of oversight that is frequently ignored by the critics of U.S. intelligence agencies.”
Calls for more intelligence gathering will undoubtedly face opposition from civil liberties and privacy advocates, as well as skeptical lawmakers who may question whether the U.S. is already spending too much money on intelligence and not getting enough in return.
But the collect-more argument got a boost earlier last week from Michael Mukasey, who served as attorney general in the George W. Bush administration.
“As we learn more about the Islamic State-backed terror attacks in Paris…and about other threats like the one that caused Brussels to go on highest alert over the weekend, it has become increasingly clear: America and its allies have failed to gather and process the intelligence necessary to protect their citizens,” Mukasey wrote in a Wall Street Journal op-ed with Jamil Jaffer, a former senior Justice Department official and congressional intelligence staffer.
The men argued that President Obama is paring back U.S. intelligence capabilities and making it harder to monitor people like the men who carried out the attacks in Paris, “leaving in place the significant restrictions on the collection of intelligence on foreigners that he imposed in the aftermath of the illegal Edward Snowden surveillance disclosures two years ago.”
Mukasey and Jaffer said that Congress should restore the so-called metadata program that allowed the NSA to collect and store en masse records of all U.S. phone calls to find links to terrorists. They also called on Congress to “restore the full collection of national-security-related intelligence overseas.”
In the wake of the Snowden leaks, Obama instructed U.S. intelligence agencies to extend some of the same privacy rights to foreigners as they do to U.S. citizens and legal residents. Mukasey and Jaffer criticized that decision and said it had diminished U.S. intelligence capabilities.
Current and former officials have told The Daily Beast in recent months that it’s not clear how those instructions have been implemented and how, if at all, they have curtailed intelligence-gathering.
Ultimately, the encryption debate may be one piece of a larger problem facing U.S. intelligence agencies, which have also been forced to defend themselves against criticism from some in Congress that they didn’t fully appreciate or predict the rise of ISIS.
At the same time, some see the prospect of getting technology companies and government officials in the same room to discuss the encryption issue as a first step in bringing together two sides that have been increasingly alienated when Snowden revealed the government was collecting companies data without their consent.
“It’s critically important that we get these two communities together,” Jaffer, the former Justice Department official, told The Daily Beast. “In the absence of a collaboration between the government and the technology community, this problem may go unsolved until a crisis. And if we legislate after a crisis, the results could be bad.”