Soon after last week’s terrorist attacks in Paris the police commissioner of New York argued it was yet more evidence of the need for “backdoors” that enable government surveillance in computing devices and software. It’s a line Bill Bratton has taken before, along with FBI Director James Comey, who has repeatedly complained that increasingly strong encryption on smartphones is making it difficult for agents at the bureau to do their jobs.
On CBS’s Face the Nation, Bratton argued the attacks in Paris showed that cell phone encryption needed to be debated immediately. “These apps, these devices that now allow these terrorists to operate without fear of penetration by intelligence services. This is the first example of this,” Bratton said. It’s too soon for anyone to publicly know how the terrorists may have been communicating during the attacks in Paris. One senior counterterrorism official in Europe did tell NBC News that authorities have been “alarmed for quite some time” by how savvy Islamic State militants are with communications technology, including highly encrypted apps like Silent Circle, Telegram and WhatsApp. An official from the Army’s Combating Terrorism Center said researchers there have concluded that Islamic State members use as many as 120 different platforms to communicate and share information. Critics have additionally argued that the Snowden leaks about the intelligence community’s surveillance methods prompted everyone — including terrorists — to seek out methods of communication that involved heavier encryption that now makes the jobs of counterterrorism investigators overly difficult.
All of that matters less if intelligence officials were given some amount of warning in advance of an attack and failed to act on it. The government in Turkey has said it twice warned France about at least one of the attackers late in 2014 and earlier this summer. The U.S. has been criticized for some of the same intelligence failures, but as Reveal wrote after the last attack in Paris, that doesn’t mean a similar incident could necessarily be replicated here. More challenging, perhaps, is what Americans believe about terrorist threats and reality. The New America Foundation concluded earlier this year that deadly right-wing attacks have outpaced the damage caused by jihadists in the United States since 9/11.
But arguments for encryption by Bratton and others are complicated by a look at the numbers. Each year, the Administrative Office of the U.S. Courts releases a report on state and federal wiretap activity by law enforcement investigators in the United States. The most recent report for 2014 says the number of state wiretaps involving encrypted communications actually dropped from the previous year by nearly half to 22, and in only two of those cases were officials unable to decipher the plain text of messages they were after. At the federal level, investigators encountered encryption during wiretaps on only three occasions in 2014, and only two of them could not be decrypted by authorities. That’s out of more than 3,500 state and federal wiretaps authorized across the country last year.
To be sure, that doesn’t tell the whole story of counterterrorism surveillance abroad. But as wiretap expert Susan Landau frequently argues, creating a “backdoor” accessible to law enforcement means establishing a vulnerability that could be exploited by others. While the government does have a need to effectively investigate dangerous people, it also is responsible for promoting a secure Internet that protects people and the economy, meaning Washington has two high-profile goals at odds with one another.
Longtime security writer Kim Zetter over at Wired added this week that backdoors forced on Silicon Valley wouldn’t affect apps developed outside of the United States. Government snoopers facing encryption would also still be able to collect valuable metadata, such as phone numbers, IP addresses and the dates and times of communications. “Metadata can be extremely powerful in establishing connections, identities and locating people,” Zetter wrote.
Meanwhile, Silicon Valley has more to worry about than serving the needs of law enforcement. Responding to consumer demand, for instance, Apple has made enhanced encryption a more visible feature in its products. In a key test earlier this year, Apple responded to a court order for text messages between suspects in a guns and drugs case by saying it couldn’t comply with the order because the messages were encrypted. It had no special access to them. Silicon Valley is under regular pressure to bolster — not weaken — encryption and security in the devices we all use everyday in order to prevent cyberintrusions by criminals. They’re also under pressure not to enable eavesdropping by government agencies under shaky legal authorizations that raise the ire of the public once exposed, as happened after the Snowden revelations.