Encryption Ban Wouldn't Have Affected Paris Attackers' Plans

NEWS ANALYSIS: Despite the inconvenient findings in Paris that the terrorists didn't actually use encryption, the call in Congress for backdoors persists.

encryption ban

Despite the bluster in Congress about the need to press forward with laws banning the use of encryption in the United States following the Nov. 13 terrorist attacks in Paris, the truth is out. It turns out that the Paris attackers didn't encrypt anything, but instead communicated openly, in some cases publically, about their plans.

Instead of using sophisticated message encryption and brilliant tradecraft, it seems that the reason the attackers were able to communicate so effectively is because of the low-tech nature of their communications, and because the intelligence community simply missed it.

What actually happened is that the terrorists did the one thing that is hard for big spy agencies to deal with—they mostly talked among themselves. The attacks were planned and carried out by the Abdeslam brothers, who lived in the small town of Molenbeek, Belgium. Most of their co-conspirators lived or visited nearby. The close proximity of the bulk of the attackers meant that they simply discussed their plans in person.

While the attackers were apparently known to French police, it appears that little, if anything, was done to keep tabs on them or on their communications. According to press reports, the brothers may have discussed their plans in the jihadist online magazine Dabiq months before the attack, but apparently nobody picked up on that.

Likewise, phone metadata had already identified the Abaaoud brothers as having been in contact with participants in earlier attacks in France when the Thalys train was attacked (and thwarted by three American travelers) on the way to Paris. They were also identified by metadata as having been in contact with terrorists who attacked a Jewish museum in Belgium in 2014.

With the information that the intelligence community apparently already had on the terrorists, especially on the leadership, it probably wouldn't have mattered if their electronic communications had been encrypted. But they weren't. French investigators have revealed in their post-attack press conferences that while the attackers communicated using Short Message Service (SMS) texting, nothing was encrypted. The messages were sent in the clear.

This information provides insight into the collection of metadata by the National Security Agency, which has been the subject of controversy since the existence of the program was revealed by former contractor Edward Snowden. That is that the existence of such metadata can indeed be critical in identifying and exposing activities such as those by the Paris attackers. But to be effective, somebody has to be paying attention, and in the case of the attacks in Paris, apparently nobody was.

The encryption blather is also revealed for what it is, which is simply so much hot air. A ban on encryption would have made no difference at all in revealing the plans of the Paris attackers because they didn't encrypt their communications.

But suppose they had used encryption, and suppose the collection of phone metadata had worked as intended? The fact that people known to be in contact with other terrorists were communicating using encrypted messages would have been enough to alert the intelligence community that something was up, and a properly timed investigation would have revealed the terrorist plans.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...