An intelligence official with the New York Police Department says encrypted communications are enabling terror attacks.
John Miller, the department’s deputy commissioner of intelligence and counterterrorism, told CBS Evening News anchor Scott Pelley Tuesday that terror groups are becoming increasingly elusive through utilization of “impenetrable” communication systems.
“We’re seeing not just iPhones that can’t be cracked, but entire communication systems that are designed to be impenetrable, and we’re seeing those become the primary tools of terrorists,” Miller said. “So when you ask a question like ‘How could they miss this?’ technology is becoming a big enabler.”
Although intelligence agencies are reported to have had precise and advanced knowledge prior to Tuesday’s attack on the Brussels airport, which took the lives of 31 and injured 270, politicians and many in law enforcement have begun echoing the same sentiment as Miller, demanding greater surveillance capabilities while placing blame on encryption.
“I think the real point here is we’re looking at we call ‘going dark,’ whether it’s the app Telegram… which was all encrypted, or the app Wickr, which comes out of San Francisco, not Russia, that is all encrypted,” Miller claimed.
Despite attempts by many to paint apps like Telegram as a way to totally conceal one’s activity, such software does little to stop an advanced adversary from collecting a wealth of metadata at minimum.
As noted by security expert the grugq, “Even if Telegram’s encryption is solid, there are serious problems with the safe operational use of the program.”
“Anything using a mobile phone exposes a wide range of metadata. In addition to all the notification flows through Apple and Google’s messaging services, there is the IP traffic flows to/from those servers, and the data on the Telegram servers,” he writes. “If I were a gambling man, I’d bet those servers have been compromised by nation state intelligence services and all that data is being dumped regularly.”
Aside from not employing end-to-end encryption by default, many users also make the mistake of using their personal cell phone when enabling Telegram as well.
“Telegram requires a working phone number to register, and then uses this as the primary identifier for the account,” the grugq says. “Users will make security mistakes and register with their personal mobile numbers”
A jihadist sympathizer learned this the hard way last year after inadvertently linking his real identity to his Telegram account.
Shumukh thread dump. Bros signs up for Telegram with own phone #. Others tell how to fix his “security catastrophe” https://t.co/WMyzWYJECU
— switched (@switch_d) November 17, 2015
“When registering an account with Telegram, the app helpfully uploads the entire Contacts database to Telegram’s servers (optional on iOS),” the grugq continues. “This allows Telegram to build a huge social network map of all the users and how they know each other. It is extremely difficult to remain anonymous while using Telegram because the social network of everyone you communicate with is known to them (and whomever has pwned their servers).”
While superior cell phone apps exist, all apps designed for communication, not just Telegram, suffer from security issues related to metadata.
As far as claims that intelligence agencies are “going dark” due to increased use of encryption, a 37-page report produced earlier this year by security and policy experts in conjunction with Harvard’s Berkman Center for Internet & Society found the claim to be false.
“The increased availability of encryption technologies certainly impedes government surveillance under certain circumstances, and in this sense, the government is losing some surveillance opportunities,” the panel said. “However, we concluded that the combination of technological developments and market forces is likely to fill some of these gaps and, more broadly, to ensure that the government will gain new opportunities to gather critical information.”
Most notably, the growing prevalence of connected devices and the Internet of Things will undoubtedly provide intelligence operatives with unprecedented access to personal data.
“In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” James Clapper, US director of national intelligence, said before the Senate February.
While more targeted surveillance, as opposed to bulk collection, would likely enable intelligence analysts to better focus in on legitimate threats, leaders of the surveillance state seem much more interested in the “collect it all” method.
Brussels is 4th straight attack involving brothers & people from same community: in-person planning makes encryption/surveillance irrelevant
— Glenn Greenwald (@ggreenwald) March 23, 2016
Authorities have yet to provide any evidence pointing to the use of encryption in the planning of the Brussels attack. Although encryption was also scapegoated following the attacks in Paris, reports indicate the perpetrators relied most heavily on burner phones.