A day after claiming responsibility for the attack, ISIS posted a message on one of its websites—which had been moved to the so-called Dark Web—encouraging its followers to download the app, called Telegram, which also allows users to set their message to self-destruct after a certain period of time.
Telegram and similar apps have been vexing intelligence and security officials, who say they have prevented the U.S. from locating and tracking ISIS militants in Iraq and Syria.
Telegram in particular has been adopted by a lot more people than ISIS—as of a year ago, the company claimed more than 50 million users sending 1 billion messages per day.
Somewhere in that mix are an unknown number of jihadists, and, ISIS hopes, more to come. Of course, there could also be drug dealers, gangsters, and other assorted criminals. But apps such as Telegram are coming in for particular scrutiny by intelligence officials for their potential role in facilitating attacks. ISIS issued its claim of responsibility for the attacks via Telegram.
CIA Director John Brennan wasted no time Monday in highlighting the threat that he thinks such technologies pose when placed in terrorists’ hands.
“There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover” terrorist activities, Brennan said at a security conference in Washington, without mentioning any technologies by name.
Brennan linked one of the worst terrorist attacks in Europe to the profusion of 21st century technologies that, he said, are being abused in such a way that “20th century laws cannot effectively deal with [them].”
By tying the emergence of apps like Telegram to the threat posed by ISIS, and the Paris attacks in particular, Brennan may have opened a new front in the government’s efforts to rein in technology that, while it can significantly protect personal privacy, is nevertheless an obstacle to surveillance.
“I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve,” Brennan said.
FBI Director James Comey had been trying for several months to push some legislative or regulatory solution for what he saw as the risk of “going dark” if the bureau and other agencies that conduct electronic surveillance cannot easily decrypt text messages, emails, and other communications used by criminals.
Comey and his Justice Department colleagues had effectively stood down from that quest. But the Paris attacks may have revived the effort. Brennan is the most senior U.S. official since the assault to speak publicly about the issue.
Terrorists’ use of ubiquitous and highly-secure technologies demonstrates that they have studied American intelligence operations and exploited leaks about government surveillance techniques, Brennan said.
“There has been a significant increase in the operational security of a number of these operatives and terrorist networks as they have gone to school on what it is that they need to do in order to keep their activities concealed from the authorities,” he said.
Of course, terrorists didn’t need the CIA to tell them that the U.S. government monitors their communications. Telegram is only one in a string of messaging systems ISIS has employed to protect its communications, U.S. officials told The Daily Beast. And some apps that have marketed their privacy-enhancing features, such as Snapchat and Secret, have either disclosed their users’ supposedly private information, or have been shown to be vulnerable to hacking. In other words, they’re not-so-secret after all.
But Telegram is ISIS’s new “it” app—until they find another.
Founded in 2013, Telegram is the brainchild of a pair of Russian brothers, Pavel and Nikolai Durov. Pavel, the 31-year-old founder of Russia’s biggest social network, VKontakte, or VK, is a vocal critic of Vladimir Putin’s government and provides the financial backing. Nikolai is the technical brains behind the outfit.
Not surprisingly, Telegram doesn’t market its product to terrorists. But being a force against government surveillance is built into the company’s philosophy.
“The No. 1 reason for me to support and help launch Telegram was to build a means of communication that can’t be accessed by the Russian security agencies,” Durov told TechCrunch last year.
The company says that Telegram has no connections to the Russian government. In fact, its headquarters are in Berlin.
Durov may have been trying to frustrate the Russians, who are waging their own war against Islamist militants. But he’s also piqued the Americans. And, it turns out, the Iranians, who this week arrested administrators of more than 20 Telegram groups, accusing of them of spreading “immoral” content, Reuters reported. Smartphone messaging apps are popular among Iranian youth, who compose the majority of the country’s population, and Iranian hardliners have been cracking down on potential subversion as the country opens up more to the West with the lifting of economic sanctions.
Telegram may be a tool for pro-democracy activists. But its anti-surveillance capabilities won’t win it any points in the CIA’s eye.
In his remarks Monday, Brennan was forceful in his assertion that technologies and policies set up in part to counter government overreach were making his agency’s job harder.
“In the past several years, because of a number of unauthorized disclosures and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging,” Brennan said.
He didn’t mention any names, but one in particular hung unspoken in the air: Edward Snowden.
Brennan seemed to give voice publicly to what dozens of his colleagues have argued privately: that a chain of events starting with the Snowden leaks in 2013 has worked against their efforts to stop terrorist attacks. Following the disclosures, some European governments moved to enact stricter data protection rules seen as a bulwark against American surveillance. And the European Court of Justice recently invalidated an agreement that allows the free flow of personal information from European countries to the U.S., based on allegations of surveillance found in press articles based on Snowden’s leaks.
“I do hope that this is going to be a wake-up call, particularly in areas of Europe where I think there has been a misrepresentation of what the intelligence security services are doing by some quarters that are designed to undercut those capabilities,” Brennan said.