Investigators of the Paris attacks have evidence they believe indicates that some of the terrorists used encrypted apps to plan the strikes, officials briefed on the inquiry told CNN.
{mosads}This is the first time investigators have said definitively that the attackers communicated through encrypted technology, the focal point of a fierce debate between Silicon Valley and officials in Washington.
The attackers used the popular apps Telegram and WhatsApp to communicate, according to officials. Both services use end-to-end encryption, giving only the sender and the receiver access to the communication.
The contents of those messages may never be known. Officials declined to reveal how investigators know that the attackers used the apps to cloak their plot from law enforcement surveillance.
In the wake of the attacks, which left 130 people dead, authorities revived warnings that terrorists are able to communicate beyond the reach of law enforcement by using encrypted technology.
“If they communicate in darkness and you can’t shine a light on it, quite honestly you just can’t stop it,” House Homeland Security Committee Chairman Michael McCaul (R-Texas) said at a Christian Science Monitor panel last week. “People say why didn’t you see Paris? It was under the radar because they were using an app called Telegram and they were communicating through an encrypted application.”
Law enforcement officials and some lawmakers have argued that the proliferation of messaging services featuring end-to-end encryption is a danger to national security.
FBI Director James Comey told the Senate Judiciary Committee last week that there is “no doubt the use of encryption is part of terrorist tradecraft now” because “they understand the problems [law enforcement] has getting court orders.”
Comey noted that one of the shooters who attacked a May contest to draw the Prophet Mohammed in the Garland, Texas, exchanged 109 encrypted messages with overseas terrorists.
“We have no idea what he said, because those messages were encrypted,” Comey said.
Anti-encryption rhetoric picked up after the attack earlier this month in San Bernardino, Calif., though lawmakers briefed on that said there was no evidence yet that the two shooters used encryption to hide from authorities.
“We’ve still got a big problem out there that we’re going to have to deal with, and it’s called encryption,” Sen. Richard Burr (R-N.C.) said. He is currently working on a piece of legislation with Sen. Dianne Feinstein (D-Calif.) that would force companies to comply with court orders requesting encrypted data.
Security experts — including Apple CEO Tim Cook — almost unanimously argue that weakening encryption by providing guaranteed access to law enforcement undermines overall Internet security.
Other researchers say that even if law enforcement had full access, it still would not have prevented the attacks on Paris.
“Having a backdoor into encryption for police or spy agencies generally only matters if investigators have identified their targets but can’t read their communications,” Jason Healey, a former director of cyber infrastructure protection at the White House, wrote in a recent op-ed. “That wasn’t the case prior to the Paris attacks.”
The debate has caused a rift between Silicon Valley and federal officials in Washington.
McCaul is pushing an initiative that would create “a national commission on security and technology challenges in the digital age” that would be tasked with providing specific policy recommendations.
“A legislative knee-jerk reaction could weaken Internet protections and privacy for everyday Americans, while doing nothing puts American lives at risk and makes it easier for terrorists and criminals to escape justice,” he said in remarks at the National Defense University in Washington, D.C.
“It is time for Congress to act, because the White House has failed to bring all parties together — transparently — to find solutions.”