What Claims Did the Intelligence Community Make about the Paris Attack to Get the White House to Change on Encryption?

I’m going to do a series of posts laying out the timeline behind the Administration’s changed approach to encryption. In this, I’d like to make a point about when the National Security Council adopted a “decision memo” more aggressively seeking to bypass encryption. Bloomberg reported on the memo last week, in the wake of the FBI’s demand that Apple help it brute force Syed Rezwan Farook’s work phone.

But note the date: The meeting at which the memo was adopted was convened “around Thanksgiving.”

Silicon Valley celebrated last fall when the White House revealed it would not seek legislation forcing technology makers to install “backdoors” in their software — secret listening posts where investigators could pierce the veil of secrecy on users’ encrypted data, from text messages to video chats. But while the companies may have thought that was the final word, in fact the government was working on a Plan B.

In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.

The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement. [my emphasis]

That is, the meeting was convened in the wake of the November 13 ISIS attack on Paris.

We know that last August, Bob Litt had recommended keeping options open until such time as a terrorist attack presented the opportunity to revisit the issue and demand that companies back door encryption.

Privately, law enforcement officials have acknowledged that prospects for congressional action this year are remote. Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

There is value, he said, in “keeping our options open for such a situation.”

Litt was commenting on a draft paper prepared by National Security Council staff members in July, which also was obtained by The Post, that analyzed several options. They included explicitly rejecting a legislative mandate, deferring legislation and remaining undecided while discussions continue.

It appears that is precisely what happened — that the intelligence community, in the wake of a big attack on Paris, went to the White House and convinced them to change their approach.

So I want to know what claims the intelligence community made about the use of encryption in the attack that convinced the White House to change approach. Because there is nothing in the public record that indicates encryption was important at all.

It is true that a lot of ISIS associates were using Telegram; shortly after the attack Telegram shut down a bunch of channels they were using. But reportedly Telegram’s encryption would be easy for the NSA to break. The difficulty with Telegram — which the IC should consider seriously before they make Apple back door its products — is that its offshore location probably made it harder for our counterterrorism analysts to get the metadata.

It is also true that an ISIS recruit whom French authorities had interrogated during the summer (and who warned them very specifically about attacks on sporting events and concerts) had been given an encryption key on a thumb drive.

But it’s also true the phone recovered after the attack — which the attackers used to communicate during the attack — was not encrypted. It’s true, too, that French and Belgian authorities knew just about every known participant in the attack, especially the ringleader. From reports, it sounds like operational security — the use of a series of burner phones — was more critical to his ability to move unnoticed through Europe. There are also reports that the authorities had a difficult time translating the dialect of (probably) Berber the attackers used.

From what we know, though, encryption is not the reason authorities failed to prevent the French attack. And a lot of other tools that are designed to identify potential attacks — like the metadata dragnet — failed.

I hate to be cynical (though comments like Litt’s — plus the way the IC used a bogus terrorist threat in 2004 to get the torture and Internet dragnet programs reauthorized — invite such cynicism). But it sure looks like the IC failed to prevent the November attack, and immediately used their own (human, unavoidable) failure to demand a new approach to encryption.

Update: In testimony before the House Judiciary Committee today, Microsoft General Counsel Brad Smith repeated a claim MSFT witnesses have made before: they provided Parisian law enforcement email from the Paris attackers within 45 minutes. That implies, of course, that the data was accessible under PRISM and not encrypted.

5 replies
  1. orionATL says:

    who gets terrorized by the possibility or the reality of a “terrorist” attack on the united states?

    it clearly is not the american people. there is no terrorist attack, even the airplane bombing in new york, the marathon bombing in boston, or the san bernardino shooting that has had the effect of making the masses of american citizens freightened as they go about their lives – freightened as those in kosovo were, or as israeli citizens in cities were when terrorist with bombs in backpacks repeatedly boarded buses and exploded them, or as american parents are about shootings of their children.

    those who are terrorized by the possibility or reality of a “terrorist” attack in the u. s. are its presidents, legislators, judges, and appointed nation security and policing officials.

    it is this group of leaders who have repeatedly since 2002 acted to increase surveillance on the american people by the national security and policing bureaucracies. they have done so in part, no doubt, as conscientous shepards, but also, no doubt, for their own political and professional protection.

    from my interested citizen (as opposed to knowledgeable specialist) viewpoint, i see only an unbroken line of increasing surveillance and its janus face, decreasing privacy, from 2002 to 2016 thru two presidencies of two political parties. i see these increases in surveillance as directly contravening portions of the bill of rights and as creating an extremely unhealthy social climate nationwide, which will eventually become freightening (later still, perhaps, terrorizing in its own right) to the entire american population.

    there is every reason to examine closely what happened to cause american officials to seek yet more authority to spy on u. s. citizens after a terrorist attack in france. this is what historians, among other specialists, do to be able to paint an accurate picture of what happened in a particular time period and thence over longer periods of time. this close examination reigns in urban myths and other inaccurate generalizations.

    but the technical means available to spy and the repeated authorizations by our government to use them to spy on us have moved in tandem ever upward, unbroken since at least 2002.

  2. bloopie2 says:

    I have a question. USA Today: “FBI Director James Comey has been particularly outspoken in arguing that law enforcement efforts are hobbled by encryption, which he calls a safe haven for terrorists.” Compare with Orin Kerr: “Recall my earlier scale of 1 to 10 [the level of security that is provided by a physical box], with 1 being a paper bag and 10 being a mythical state of perfect security. Until computers, levels of physical box security have generally stayed around a 1 or 2 or 3, with an occasional rare 4 or 5. Computers have changed that incredibly quickly. The iPhone is the most obvious implementation of the shift. Suddenly a large proportion of the population is walking around with physical boxes in their pockets that might have had a security score of (say) 7 in 2014 and (say) 8 today. Looking ahead, a 9 in 2017 seems possible, with 9.5 or 9.7 looking possible for a few years beyond that. It’s an incredible change.”


    Is Kerr right? Has the computer made it, for the first time in history, possible to achieve (almost) perfect security for information? Is that why Comey is so up in arms? Because, that “perfect security” Would affect law enforcement.

    • emptywheel says:

      Apple certainly aspires to it for the content on the phone. But Kerr ignores (and I told him so) that you can’t turn off the metadata leaking out of the perfect box, which makes it a not very perfect box at all.

    • IAN TURNER says:

      In addition to emptywheel’s (Marcy’s) comments about “metadata” leaking out of the secure box, recall:
      i) what Silent Circle say to their customers about using their fully & automatically encrypted with military grade encryption smartphone/ cellphone—don’t use the speaker phone on your device,don’t make your calls from a public place [if I overhear “your side of the conversation” I can guess much of what the other end was saying] & other similar simple rules
      ii) some of Mr.Snowden’s documents dealt with GCHQ’s “counter-hackers” team efforts at targeting Anonymous & such groups who use Tor to “be invisible”. As skilled computer users themselves– GCHQ staff said Anonymous didn’t worry them because “their OpSec [Operational Security] was lousy”.
      iii)You have already had press reports in this country about individuals who left their smart/cellphone’s turned ON when entering confidential meetings & broadcast the content of these confidential meetings.
      iv) Finally OpSec is an attitude, it is a way of thinking–it has nothing to do with encryption–or $ cost of equipment.
      The difference between the stringent American rules during WWII on how to handle decrypted German,Japanese & Italian messages & the 2013 rules of the NSA who shortly after Mr Snowden made himself known to the world announced that for the 1st time that 1000 “System Administrators positions” were to be compacted down to 100 System Administrators [by automating the function?] & every 1 of those positions had to be staffed like the USAF nuclear missile silos in this country–always 2 officers on duty at all times,double key required–
      or the 2015 rules of the IT function of the OPM holding the personal details of 10’s of millions of personal files—is ALL about ATTITUDE

  3. orionATL says:

    if u. s. officialdom is determined to do what manifestly cannot be done through mass surveillance, stop a “terrorist” attack before it can harm anyone, maybe freedom from arbitrary search and seizure thru mass surveillance is not the civil liberty to attack.

    i recall that belgian and french police knew of and in some cases had recently stopped and intertogated some of those involved in the paris attacks. perhaps arbitrary detention and accompanying interrogation of suspected operatives for, say, a maximum of six months would be a more effective attack on a civil liberty, one that would be less intrusive for milllions of citizens not involved.

    but all this presumes stopping a terrorist attack is the true objective of american political leaders in the white house and congress rather than a stalking horse for increased surveillance to make police work and prosecution easier to undertake and easier to hide from the courts in criminal cases.

Comments are closed.