Analysis: Rows over how Paris terror attackers used encrypted services to hide from security forces.
In the aftermath of the Paris terror attacks, security professionals and government have been trying to track down the ways the attackers used to communicate before they committed the atrocities.
This has once again put the spotlight on encryption, with some government and security professionals blaming the privacy measures for enabling the terrorist attacks.
Many in the security community said that ISIS, the terrorist group who claimed responsibility for the Paris attacks, were able to successfully hide from the security forces thanks to encryption.
Former CIA Deputy Director Michael Morell said in an interview on American new programme Face the Nation: "I think what we’re going to learn is that these guys are communicating via these encrypted apps, this commercial encryption which is very difficult or nearly impossible for governments to break, and the producers of which don’t produce the keys necessary for law enforcement to read the encrypted messages."
Many were equally quick to turn the finger of blame towards Edward Snowden, saying that their surveillance capacity had been reduced in the wake of his revelations, with former CIA Director James Woolsey saying in a CNN interview that "the blood of a lot of these French young people is on his hands."
Of course, the objections of the security services need to be put into political context. The UK and US security services are keen to get more web snooping powers, and claim that the kind of horror we saw across Paris can be prevented if they get them.
However, others argue that increased surveillance and weakened encryption would not prevent atrocities, nor make us safer. Pravin Kothari, CEO of CipherCloud said: "Diluting commercial encryption won’t prevent the bad guys from using their own proprietary encryption and won’t make us safer. Weakening the technology that companies use to protect average users misses the mark."
Attention has particularly turned to Telegram, a messaging service that promises to "encrypt personal and business secrets" and "destruct your messages with a timer".
It is believed that at least part of the time the terror cell behind the terror attacks used the service to communicate, and indeed it used the app to claim responsibility for the Paris attacks. The app has since banned its accounts, having resisted pressure to do so for a number of days.
Cloudflare has also been accused of protecting pro-ISIS websites, while the EU is looking at placing restrictions on cryptocurrency Bitcoin.
While it seems likely that the cell did use Telegram or similar services at least some of the time, there are also strong indications that in fact the attackers also did not bother to totally cover their digital tracks. Le Monde reports that a hideout used by some of the suspects was located from data from an abandoned phone at the Bataclan concert hall.
A report on The Intercept website suggests that an attack in January in Belgium was disrupted due to a failure of mastermind Abdelhamid Abaaoud to use encryption.
It’s not like ISIS doesn’t take this issue seriously though. The group has 34 page manual on the subject, according to Wired, which helps would be terrorists keep their data and location private, and guides them on what services to use including well now applications such as Tor and Hushmail.
With Annonymous declaring war on ISIS too, terrorism has well and truly moved into cyber space.