Editorials

Beware of unintended consequences while trying to nab terrorists

By The Editorial Board

Updated November 22, 2015 6:00 PM

A man identified only as Sherif waves the French flag and shouts anti-radical Islam slogans after Friday prayer at the Paris mosque Nov. 20. Cold rain extinguished the flickering candles and drenched the packets of flowers outside the Paris attacks sites, but people came anyway to pay tribute, to mourn, to reflect on their city’s losses one week later. Amr Nabil The Associated Press

It’s logical to rethink national security after an attack like the one in Paris. But the drumbeat for more government surveillance power – and, in particular, more access to civilians’ encrypted phone data – is not only futile but likely to backfire.

Federal officials and law enforcement understandably want to hold on to every means of intercepting potential terrorist attackers. And they have lost ground, both politically and technologically, since 9/11.

But their obsession with encryption feels less based on need than on political impulse not to want to waste a crisis. That, and the desire to force Apple, Google, Facebook and other tech companies to weaken security on new smartphones and messaging services, a tactic that President Barack Obama rejected last month.

Central Intelligence Agency Director John Brennan said last week that Paris is a “wake-up call” for more high-tech surveillance power. FBI Director James Comey chimed in that modern messaging apps let Islamic State operatives “go dark” to avoid detection.

Sen. John McCain, R-Ariz., wants legislation. Sen. Dianne Feinstein, D-Calif., wants Silicon Valley firms to “take a look at their products” and stop enabling clandestine communications.

All that would be fine if Paris could be blamed solely, or even mostly, on the attackers having some unique technological advantage. But as the investigation in Paris unfolds, it’s increasingly clear that the young jihadists involved were no more tech masterminds than the average drug dealer.

The attackers booked hotel rooms in their own names and paid with their own bank cards. One of the clues French police used to trace them was a cellphone found in a trash can near the concert hall where 89 hostages were murdered. The “let’s go” text message it held – “on est parti on commence” – was chilling, but hardly encoded.

The online conduits the Islamic State has been known to use – apps like the Berlin-based Telegram, where users can create secret group chats for 200 and self-destructing video messages – are popular with all sorts of young Europeans. A guide to the group’s security protocols, obtained by researchers from forums and chat rooms and posted by Wired, advised members who couldn’t afford a $799 secure Swiss Blackphone to use the iMessage app on an ordinary iPhone.

And experts say fitting existing apps and devices with “back doors” for decryption would just open other data to identity theft and foreign spying, or push terrorists toward homegrown encryption that might be even harder to decipher.

The tech genie can’t be put back in the bottle. Even if knowledge could be rolled back, more reams of surveillance data wouldn’t necessarily make a difference. The bulk phone data collection at the National Security Agency that was uncovered by Edward Snowden may have been shocking and impressive, but repeated investigations have found no evidence that it averted a single terrorist attack.

What might help is doubling down on the old-fashioned police work and coordination that actually has made a difference. That, and perhaps harnessing more of the civilized world’s own cunning. The hackers at Anonymous may be like so many bulls in a china shop, but who knows what might come of their declaration of cyberwar on the terrorists if someone bothered to properly channel their efforts.

This story was originally published November 22, 2015 at 10:00 AM with the headline "Beware of unintended consequences while trying to nab terrorists."

Get unlimited digital access

#ReadLocal