As soon as some picture of the Paris attacks began to come into focus, the debate over Edward Snowden started again. Senior officials are now saying the former contractor’s leaks made it harder to catch the perpetrators of the atrocity in France. The known facts so far tell a different story.
Last Monday, CIA director John Brennan said terrorists had practiced more “operational security” after leaks about some intelligence programmes. The next day, Politico published an interview with Brennan’s predecessor, Michael Morell, who said Snowden’s leaks helped contribute to the rise of Daesh (the self-proclaimed Islamic State of Iraq and the Levant) and that had they not occurred, the West would have had a “fighting chance” to prevent the terror in Paris. Former CIA director James Woolsey over the weekend was more explicit, saying Snowden has “blood on his hands”.
The case against Snowden emerged after some European officials said the attack’s plotters in Belgium, France and Syria likely used encrypted messaging applications. FBI Director James Comey has said easy-to-use encrypted communications technology creates “dark spaces”, making it harder (though not impossible) for the bureau to intercept these conversations.
The question now is whether Snowden’s disclosures caused terrorists to be more cautious, and use this technology to foil the efforts of governments to find them. Senior US officials have made variations of this claim since 2013. Morell, for example, wrote in his memoir published this year that terror networks monitored by US intelligence “went dark” after some of the Snowden stories were published.
Public evidence to support these claims is lacking. The US intelligence community, for example, has never explained what specific leaks from Snowden caused what specific terrorists to go dark. Current and former US intelligence officials didn’t provide such information last week either. When we asked Senator Dianne Feinstein, the vice-chairman of the Senate Select Committee on Intelligence, whether Snowden helped make it harder to catch the perpetrators of the Paris attack, she referred us back to Brennan’s comments. The cyber-security firm Recorded Future released a study in 2014 that said Al Qaida was improving its own encryption tools after Snowden’s disclosures, but other studies have challenged this claim. Another study last year, from another cyber-security firm, Flashpoint, found no evidence that online extremists changed their cyber security practices because of Snowden. Al Qaida has used its own encryption programmes since 2007.
Intelligence coup
Derek Harvey, a former intelligence officer who specialised in terror networks in Iraq and Afghanistan, said Snowden’s disclosures were far more valuable to states such as Russia and China than to terrorist groups like Daesh. “The general tradecraft vulnerabilities exposed in how terrorists were being monitored and exploited were well known to the sophisticated members of the terrorist and criminal communities,” he said.
While he was still in Hong Kong, Snowden provided to the South China Morning Post the IP addresses of machines in China that were targeted by the National Security Agency (NSA). This was an intelligence coup for the Chinese government, but of no value to terrorists like Daesh.
While there’s no public evidence that Snowden’s leaks spurred extremists to recognise the usefulness of encrypted communications, his disclosures are responsible for creating a schism between the US government and US internet companies. Those companies have doubled down on making encryption standard for many products since his first disclosures in 2013. This trend began before Snowden’s disclosures; Apple’s FaceTime and iMessage have been encrypted since 2011. But the move has accelerated since.
“The engineering teams and security teams are as ideologically opposed as it gets to surveillance, and they were long before Snowden,” Chris Soghoian, the chief technologist for the American Civil Liberties Union, said. “What Snowden did is wake up the executives of the tech companies.”
Snowden disclosed that the NSA was skimming content from popular messaging applications like Yahoo and Skype, using obscure legal authorities. After Snowden’s leaks, many tech companies began to better protect their customers from the prying eyes of the US government. Last Friday both Apple and Google said they will make encryption standard on their smartphones. As Google CEO Eric Schmidt told Bloomberg five months after Snowden’s leaks in November 2013: “The solution to government surveillance is to encrypt everything.”
All of this has worried the FBI and the US intelligence community. But as of last month, the tech companies appeared to have won the debate. The FBI dropped its request in October for a “back door” to encrypted communications.
Then came Paris. This issue is now back in play. Senator Richard Burr, the Republican chairman of the Senate Select Committee on Intelligence, said last week that he anticipated that all terrorist communications from now on would use encryption. He predicted that tech companies would not react kindly to new government and Congressional efforts to force them to give law enforcement access to their applications, but that wasn’t a concern of lawmakers.
The irony in all of this is that many Democrats supported making encryption standard on web products back in 2010 and 2011, when this technology was seen as a defence against hackers and a way for dissidents to shield their conversations from dictatorships like Iran. One such Democrat was Hillary Clinton, when she was secretary of state.
This could now change in the aftermath of the Paris attacks. And if the US tech companies are forced to reverse their drive for standardised encryption, the lost privacy will not be because of Snowden’s leaks or Clinton’s policies, but because Daesh uses the same technology as the rest of us.
— Washington Post
