Blaming Encryption for Terrorist Attacks is a Mistake 

By Kate Knibbs on at

We don’t know the specifics of how the terrorist attacks were carried out in Paris last Friday but that hasn’t stopped the law enforcement community from shamelessly blaming encryption for helping terrorists, or from seizing the attack as an opportunity to defend surveillance.

Intelligence officials are blaming the Paris attacks on the free availability of encryption tools to protect private conversations, the implication being that if we could only track what the terrorists were saying to one another, we would have stopped it. But we already have a historical case of how we react to a terror plot that we have surveillance coverage over: Mumbai. We were watching. We didn’t stop it.

The 2008 Mumbai attacks are a good example of what it looks like when a terrorist organisation carries out a plot. Afterwards, the steps and missteps the intelligence community took before and during that attack were scrutinised, and some of the documents Snowden leaked shed light on what went down. The intelligence community knew about some of the attackers, it was able to track them, but it failed to identify their plan until it was too late. That failure has nothing to do with encryption.

Some of the Mumbai terrorists were known to British, Indian, and US intelligence agencies, but the agencies didn’t share enough information with each other to figure out the plot beforehand. It was only after the attacks that they swapped intel and saw how many hints they missed. The Mumbai attackers weren’t skulking around in blind spots. One of them used Google Earth to map out where they would go. The problem wasn’t that the terrorists were too wily with their privacy tools, or that those privacy tools stymied an investigation. It was that the intelligence community didn’t effectively analyse and share the ample information it collected.

“I cannot remember a single instance in my career when we ever stopped a plot based purely on signals intelligence,” retired CIA counterterrorism chief Charles Faddis told the New York Times at the time. Yet these trumped up charges against encryption don’t account for the crucial role human intelligence plays.

The same kind of shitty information-sharing among foreign agencies may have hindered the intelligence community in the Paris attacks as well. A Turkish official says that Turkey had warned France twice about one of Friday’s attackers, but did not hear back. Israeli, Iraqi, and Jordanian officials also reported that they had issued warnings to France.

Yet law enforcement officials wasted no time fingering encryption as a terrorist tool to further their agendas. New York Police Commissioner Bill Bratton said the Islamic State’s ability to go “dark” will play “a significant factor in this event”.

Bratton continued his media blitz against encryption, stating that “we, in many respects, have gone blind as a result of the commercialisation and the selling of these devices that cannot be accessed either by the manufacturer or, more importantly, by us in law enforcement, even equipped with search warrants and judicial authority,” he said. “This is something that is going to need to be debated very quickly because we cannot continue operating where we are blind.”

CIA director John Brennan called the attack a “wake-up call” during the debate around encryption, saying that “unauthorised disclosures and hand-wringing over the government’s role” made it harder for the international intelligence community to prevent attacks. The “unauthorised disclosure” he referred to is, of course, Edward Snowden’s whistleblowing, as though terrorists suddenly realised they were being tracked by law enforcement in 2013.

We don’t know exactly how the intelligence community missed what was about to happen in Paris. A mistaken Forbes report claimed that Belgium’s federal home affairs minister, Jan Jambon, stated that the terrorists used PlayStation 4 to talk to each other. But Jambon made that statement before the attacks.

Whatever platforms the terrorists used to communicate, the idea that encryption foiled the intelligence community’s efforts to stop them is still hypothetical. Even if we do learn that these attackers used the most cutting-edge, hardcore encryption tools, the argument that the solution is to dismantle these tools by making keys for government actors is absurd.

We’ve known that terrorists have used encryption since at least 2001, as US lawyer and author Glenn Greenwald pointed out. This has been happening for almost two decades. The rhetoric against privacy tools is cynical opportunism, and accusing encryption of enabling the attacks is a callous shifting of responsibility. Framing encryption as a major factor in the attacks is not only jumping to an unproven conclusion, it ignores the main reason that most terror attacks aren’t stopped: A failure to share information.

A lock on a bomb makes it harder to defuse, but we’re not going to start blaming or banning locks. Encryption provides privacy services that make the internet safer for the vast majority of its users. Instead of using it as a bogeyman to scare people into supporting a surveillance apparatus that has been proven inefficient at stopping attacks, the intelligence community should acknowledge its failures in assessing the threats it could see.

Image: AP

Want more updates from Gizmodo UK? Make sure to check out our @GizmodoUK Twitter feed, and our Facebook page.