20 November 2015

Unproven Allegations That Paris Attackers Used Encrypted Communications Driving New Debate on Electronic Spying

Damian Paletta and Siobhan Hughes

Paris Attacks Fuel Debate Over Spying 

WASHINGTON—A growing belief among intelligence officials that the terrorists behind Friday’s Paris attacks used encrypted communications is prompting a far-ranging re-examination of U.S. policy on data collection and surveillance.

Sen. Richard Burr (R., N.C.), chairman of the Senate Intelligence Committee, said Tuesday his panel will launch a review of encryption use. Sen. Tom Cotton (R., Ark.) introduced a bill to extend a sweeping telephone data-collection program due to expire at month’s end.

Mr. Burr, emerging from a briefing by senior intelligence officials, said it appeared the terrorists used extensively shielded communications.

“It is likely that end-to-end encryption was used to communicate in Belgium and France and Syria,” Mr. Burr said. He said encryption was likely because no direct communication among the terrorists was detected.

U.S. counterterrorism officials haven’t yet found evidence that the Paris suspects—who are believed linked to Islamic State—used encrypted communications to plan or carry out the attacks. But they expect that as the investigation advances they will find some communications among them were encrypted, according to multiple officials.

Since the attacks of Sept. 11, 2001, the public and policymakers have swung between emphasizing the need for security agencies to have access to data, and protecting personal privacy. That pendulum has arguably shifted more toward privacy in recent years—a position promoted by technology companies that sell products based on the promise that corporate data will be secure from hackers and government surveillance.

But initial signs suggest the Paris attacks have the potential to push it back toward security, a move opposed by many public-interest groups, especially since the 2013 revelations by Edward Snowden about government data-collection practices.

A renewed push to give law enforcement and intelligence investigators more power to decrypt commercially sold technology could set Washington on a collision course with Silicon Valley. Many technology companies have rejected law enforcement requests for “back door” coding that would give investigators access to secure communications. Software products are being marketed with a promise that they can’t be decoded, Mr. Burr said, and that might have to change.

“We don’t have a responsibility to sell their products,” the senator said. “We have a responsibility to keep America safe…And if it means that people are going to have to change their business models, then so be it.”

Mr. Cotton’s bill would pause the expiration of a broad phone data-collection program run by the National Security Agency, which is set to end Nov. 29, until the president certifies that a planned replacement is equally effective.

The NSA program sweeps up data on millions of calls, such as who called whom, though not the content of the conversations. Under the new version, the NSA could get the information from phone companies only if it obtains a court order. “If we take anything from the Paris attacks, it should be that vigilance and safety go hand-in-hand,” Mr. Cotton said.

Senate Majority Leader Mitch McConnell (R., Ky.) agreed that it makes sense to review the nation’s security laws.

“Every time we have one of these attacks, I think it’s appropriate to take a look at what the laws are on the books and be open to considering changing them if they don’t reflect the modern threat,” Mr. McConnell said.

Still, the concerns about government intrusiveness that have welled up on the right and left in recent years, especially since the NSA program was revealed by Mr. Snowden, won’t suddenly melt away.

Rep. Michael McCaul (R., Texas), chairman of the House Committee on Homeland Security, warned Tuesday against a thoughtless reaction to the attacks, and suggested a commission be set up to make recommendations to Congress.

“I don’t want us to do a knee-jerk response in legislation and make an unintended consequence,” Mr. McCaul said.

For years, intelligence and law enforcement officials, pushing for greater access to personal information, have squared off against privacy advocates and technology firms who fear government overreach. The question is whether the Paris attacks could change that dynamic.

On Monday, Central Intelligence Agency Director John Brennan blasted “a lot of handwringing over the government’s role,” saying the resulting curbs on investigators have made efforts to track terrorists “much more challenging.” He added, “I do hope that this is going to be a wake-up call.”

Attorney General Loretta Lynch agreed Tuesday that encryption is posing challenges for law enforcement. “It does cause the loss of a very valuable source of information,” she told the House Judiciary Committee.

The attacks have already renewed a sharp debate over whether technology companies should install “back doors” to encrypted data. The White House has sought the cooperation of technology companies in this area, but concluded recently that forcing the issue would only stir up resistance. That issue may now be revisited.

Sen. Dick Durbin (D., Ill.), the second-ranking Democrat in the Senate, said the U.S. needs to be sure it has the tools to fight the kind of terrorism that unfolded in Paris.

“We know that we need to change the approach when it comes to the encryption of data in communications,” Mr. Durbin said.

Privacy advocates argue that back doors would build vulnerabilities into programs that could be exploited by terrorists as well as overzealous government officials.

Mr. McCaul, speaking at an event organized by the Software and Information Industry Association, waved his own phone and declared, “You don’t want to put a backdoor in this device, because then you open it up to hackers, and also people think the government is in their iPhones or Androids.”

Rep. Will Hurd (R., Texas), a former CIA officer, also warned against overreaction. “Our civil liberties are what make our country great, and they’re not burdens,” he said. “Encryption is good and we shouldn’t do anything to weaken it.“

No comments: