Blaming Snowden for Paris

By David Perea

Friday’s attacks are reopening the debate on whether intelligence leaks and encryption have made it too easy for terrorists to hide online.

Even as the hunt continues for suspects in the Paris terror bombings, some Western intelligence officials have already identified their culprit: Edward Snowden.
London Mayor Boris Johnson says the former National Security Agency contractor, who two years ago outed the U.S. government’s program of telephone and Internet surveillance, effectively taught terrorists “how to avoid being caught.” CIA Director John Brennan complained Monday that “a number of unauthorized disclosures” in recent years about the extent of federal snooping has made tracking terrorists “much more challenging.” Snowden also drew a borderline-profane slam on Twitter over the weekend from former George W. Bush press secretary Dana Perino.

No evidence has surfaced yet that Snowden’s revelations made a difference in this case, or that the perpetrators of Friday’s attacks used encrypted communications to conceal their activities. Many private-sector computer specialists surveyed by POLITICO were skeptical about those arguments, which if true would mesh with more than a year of warnings from intelligence officials about the growing ability of terrorists and criminals to hide their tracks online.
Still, there’s no denying the political context. The criticism of Snowden comes as intelligence officials seek to reopen a debate over the balance between security and privacy — a balance that seemed, before the deaths of 129 individuals in Paris, to have been settled firmly in favor of civil liberties. U.S. intelligence and law enforcement officials have complained publicly that encryption tools — in iPhones, laptops and mobile software like Facebook-owned WhatsApp — allow terrorists, drug dealers and other criminals to “go dark” and avoid monitoring.
“We’ve had a public debate. That debate was defined by Edward Snowden, right, and the concern about privacy,” former CIA Deputy Director Michael Morell said Sunday on “Face the Nation.” “I think we’re now going to have another debate about that. It’s going to be defined by what happened in Paris.”
In his memoirs earlier this year, Morell said Snowden’s revelations had a near-immediate effect on intelligence gathering: Within weeks, “communications sources dried up, tactics were changed.”
The charges are echoing on the campaign trail, where former Florida Gov. Jeb Bush called Monday for restoring the NSA’s ability to vacuum up telephone and Internet records, which Congress eliminated in a June rewrite of the 2001 PATRIOT Act.
Still, a push by some in the Obama administration to put limits on encryption have run aground amid opposition from the tech industry and privacy advocates in Congress. Just last month, FBI Director James Comey told lawmakers that the administration was abandoning its hopes for legislation that would compel companies to leave a “back door” allowing the authorities access. Companies in the cross-hairs — such as Apple and Google — oppose such measures, saying they would leave their products vulnerable to hackers as well as law enforcement.
Federal prosecutors have also run into resistance in the courts, most recently in a Brooklyn case in which a judge has expressed skepticism about the government’s ability to force Apple to unlock the iPhone of an accused meth distributor.
For now, the debate isn’t waiting for the facts. European officials have suggested that the terrorists used encrypted messaging software to plan Friday’s murders, without pinpointing a particular app, but media speculation quickly focused on a Sony video game system based on a statement one Belgian official had made three days before the attacks. “The most difficult communication between these terrorists is via PlayStation 4,” Interior Minister Jan Jambon said during a policy discussion last week hosted by POLITICO Europe. “It’s very, very difficult for our services — not only Belgian services but international services — to decrypt the communication that is done via PlayStation 4.”
In fact, investigators have released no information on the communications channels used by the attackers in Paris to communicate with Islamic State commanders in Syria. And Joe Tartaro, a senior security consultant for Seattle-based cybersecurity firm IOActive, said it’s highly unlikely that Sony or other video game makers encrypt their systems.
The main use of PlayStation messaging channels is for “13-year-old kids to yell at each other,” he said. “Nobody is monitoring it.”
But it is true that strong encryption tools that can defeat government spying are available like never before, including one free software package called Tor that the U.S. has funded with the aim of helping activists and political dissidents elude spying by oppressive governments. Snowden has championed the same tool as a way to bypass NSA surveillance.
Sen. Dianne Feinstein of California, the top Democrat on the Senate Intelligence Committee, said Monday that she has “never been more concerned” about the threat of the Islamic State. She pointed to the terrorist group’s use of “apps to communicate on that cannot be pierced, even with a court order.”
ISIL leaders are “sophisticated,” Feinstein said during an interview on MSNBC, and are using encrypted technologies that give them a “secret way of being able to conduct operations and operational planning.”
Not everyone is convinced. Journalist Glenn Greenwald, a Snowden ally, argued in The Intercept that U.S. officials had complained of difficulty tracking terrorist communications long before the NSA whistleblower emerged.
Bruce Schneier, a renowned cryptologist, dismissed out of hand the possibility that terrorists have put themselves beyond the reach of surveillance.
“No, of course not. That’s dumb,” he said. “It’s the golden age of surveillance, because there are hundreds of ways to surveil people.”
The emergence of popular encrypted messaging apps makes intercepting the content of communications harder, but anyone using the Internet still leaves a conspicuous digital trail — so-called metadata, the routing information that network devices need to make sure messages get to their destination. The metadata “can’t be encrypted, by definition,” Schneier said.
Metadata, because it’s already structured to be easily read by computers, can be even more useful for intelligence purposes than actual content — but in June, Congress passed the USA Freedom Act, which ended the NSA’s authority to collect and hold customers’ telephone metadata.
Jeb Bush criticized that restriction during an MSNBC interview. “I think we need to restore the metadata program which was part of the PATRIOT Act,” he said. “I think that was a useful tool to keep us safe and to also protect civil liberties.”
Amid the rush to blame Snowden — whom former CIA Director James Woolsey accused of having “blood on his hands” — for a possible intelligence failure in Paris, some experts urged caution.
“I would hope that most people in this discussion would wait until we have the facts,” said Ari Schwartz, until recently a senior director for cybersecurity on the National Security Council staff. “We don’t know what they used.”