NSA blames Paris attacks on encryption, of course

18 Feb 2016

The NSA has continued its attack on all things encrypted – that isn’t belonging to it, perhaps – by blaming the Paris attacks, which saw 129 people killed, on “some” communications between the perpetrators being encrypted.

How on Earth modern tech companies have the gall to offer their customers encrypted, secure modes of communication is beyond me. Offering customers a paid-for service, and (maybe) delivering that is shocking, and downright irresponsible.

Wait. Nope, that seems fairly logical, good business and completely beneficial to customers who don’t like their personal, daily information streaming into the most powerful spy agency in history.

Of course, if you were in charge of a spy agency, and these encrypted messages to-ing and fro-ing around the globe were just too slippery to latch on to, it’s easy to see why the frustration grows.

And so, to the standard trope of NSA officials blasting encryption. Its director Michael Rogers is quoted in Yahoo News today as blaming the horrid Paris attacks on encryption, saying “some of the communications” of the Paris attackers “were encrypted”.

As a result,  “we did not generate the insights ahead of time. Clearly, had we known, Paris would not have happened.”

“Is it harder for us to generate the kind of knowledge that I would like against some of these targets? Yes. Is that directly tied in part to changes they are making in their communications? Yes. Does encryption make it much more difficult for us to execute our mission? Yes.”
– MICHAEL RODGERS, NSA DIRECTOR

Not so sure

It’s these definites that annoy me. If encryption didn’t exist, the NSA could fix it all. It’s like Santa, only more comprehensive. Of course, this ignores the fact that awful events happen quite regularly around the world and, by Rogers’ logic, the NSA is culpable for letting anything about which communications aren’t encrypted happen.

It also ignores reports from the French police after the attack, with an unlocked phone outside one of the crime scenes containing an SMS message that read, “On est parti on commence”. (‘Let’s go, we’re starting).

The message also reportedly included a map of the Bataclan, the location where the phone was found and the scene of the largest death toll of the attacks. This wasn’t encrypted, so Rogers’ logic implies his agency knew.

What’s far more likely, of course, is the weight of all the live information gathered by US (and French) officials is simply too immense to stay on top of in any timely manner. So, when small groups of people take it upon themselves to strike out in any way they see fit, it’s remarkably difficult to stop.

French president Francois Hollande addresses his nation after the attacks, via Hadrian/Shutterstock

French president Francois Hollande addresses his nation after the attacks, via Hadrian/Shutterstock

Warnings galore

As Arstechnica notes, both the US and Turkey warned France of imminent threats in the lead up to the Paris attacks, encryption or not.

“Despite mass surveillance, France was unable to keep tabs on the [suspects] – possibly because it had too much information to work with,” writes Sean Gallagher. “So it’s not clear that an absence of cryptography would have made the work of French officials any easier.”

This is all playing out at a time when Apple, a company which has one of the better reputations for encrypted services for its customers, has been ordered to aid the FBI in accessing details on a dead man’s phone, the man in question being the shooter in the San Bernardino attack that took place in California last year.

“The US government has demanded that Apple take an unprecedented step which threatens the security of our customers,” said Apple CEO Tim Cook in a statement after the ruling.

“We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.”

In this together

And it looks like Apple won’t be standing alone, as WhatsApp and Google have weighed in on the issue of device encryption. Google CEO Sundar Pichai posted five tweets on the matter supporting Tim Cook.

Pichai said that Cook was right in pointing out that forcing companies to enable hacking could compromise users’ privacy.

“We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism. We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders.

“But that’s wholly different than requiring companies to enable hacking of customer devices and data. Could be a troubling precedent.”

The precedent that Pichai mentions is forever at risk of being set. US security officials have been banging on about stopping certain modes of encryption, or putting in ‘of course this is a good idea just trust me it will be fine’ backdoors into devices.

Stewart Baker, a former lawyer for the NSA, said as far back as 2014 that encryption is pitting tech companies against governments.

Only days prior, in what can be considered his opening address upon taking the reins at the UK surveillance agency GCHQ, Robert Hannigan claimed tech giants unwittingly help foster terrorism around the globe.

Encryption is okay, until it is not okay

And so back to Rogers, who has changed tack slightly from the usual line, saying encryption is “foundational to our future”, and that arguing over backdoors was “a waste of time,” despite his job getting more difficult.

“Is it harder for us to generate the kind of knowledge that I would like against some of these targets? Yes,” Rogers said. “Is that directly tied in part to changes they are making in their communications? Yes. Does encryption make it much more difficult for us to execute our mission? Yes.”

Consider this a soft approach on encryption. Calling arguments on backdoors a waste of time is merely politicking, waiting for the right moment. For example, a few months ago, The Washington Post got its hands on an email sent by the CIA’s lawyer, Robert S. Litt, which the news agency alleges said although “the legislative environment is very hostile today” towards ending mass encryption of online messaging, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement”.

Eerily prescient. Still, not every customer cares.

Paris image via Furyk Nazar/Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com