When CIA Director John Brennan took the stage at the Center for Strategic and International Studies in Washington, D.C., Monday, he told the audience his remarks would be different than the ones he had prepared to give before Friday’s attacks in Paris. “They are different because our sensibilities and our souls have been jarred once again by the horrific and wanton violence perpetrated upon the innocent in the streets, cafes and concert halls of the beautiful city of Paris,” Brennan said.
His remarks may have been different than planned, but they were in keeping with what privacy advocates have come to expect from government officials following terrorist attacks over the last 14 years: grabbing for expanded surveillance powers while the public is still scared enough to let them.
This time, privacy advocates say, the government is targeting Apple and Google, using the Paris attacks to try to pressure the tech companies to install “backdoors” in their systems that would give law enforcement access to encrypted data.
This is not a new ask — the Obama administration has been campaigning for this change for over a year — but now, in the direct aftermath of a tragedy like Friday’s, is when government leaders stand the best chance of succeeding.
Nate Cardozo, staff attorney at the non-profit Electronic Frontier Foundation, calls the effort to focus on encryption in the wake of the Paris attacks “a cynical and frankly disgusting use of this tragedy for political purposes.”
But at least it’s predictable: This is a pattern that has repeated itself, not just in the United States, where the September 11 attacks were used to justify an unprecedented broadening of government surveillance powers, but around the world. The U.K. passed the controversial Terrorism Act 2006 after the attacks on the London Underground; the Australian government introduced sweeping anti-terrorism laws after foiling an ISIS plot to carry out “demonstration executions” on its soil; and in Canada, three separate measures expanding police powers were introduced after last year’s terrorist attacks. And after the siege at the offices of satirical newspaper Charlie Hebdo in January, French officials pushed through a far-reaching surveillance law that allows the government to monitor and analyze the metadata of all web users, as well as the phone calls and emails of suspected terrorists, without a warrant.
Friday’s attacks are already being used to justify a multi-lateral assault on encryption capabilities. In the U.K., lawmakers are calling for a fast-tracking of a bill nicknamed the “Snoopers Charter,” which, besides codifying the collection and storage of web users’ Internet browsing history for up to a year, would require tech companies to turn over users’ unencrypted communications at the request of police and spy agencies.
In his remarks Monday, Brennan previewed the argument privacy advocates expect governments to make in the coming months, saying that such advocates’ “handwringing” is in part to blame for making the efforts “to find these terrorists much more challenging.”
Referring to encryption specifically, Brennan said the terrorists “have gone to school on what… they need to do to in order to keep their activities concealed from the authorities.”
The problem with that statement, Cardozo tells Rolling Stone, is that as of now there is no evidence the Paris terrorists used encryption to protect their communications.
In an appearance on CBS’s Face the Nation Sunday, Michael Morell, deputy director of the CIA from 2010 to 2013, allowed that “we don’t know for sure yet” whether the terrorists communicated via encryption, but said, “I think what we’re going to learn is that these guys are communicating via these encrypted apps…. commercial encryption, which is very difficult, if not impossible, for governments to break, and the producers of which don’t produce the keys necessary for law enforcement to read the encrypted messages.”
Apple has categorically refused to create a backdoor in its system, as requested by the federal government. “Any backdoor is a backdoor for everyone,” Apple CEO Tim Cook told The Telegraph earlier this month. “Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a backdoor can have very dire consequences.”
Access of the kind the U.S. government wants, Cardozo says, “would weaken the security for everyone — would make all of our communications and all of our data susceptible to interference and interception by just about anybody with a decent amount of technological sophistication.”
“The CIA is quite explicitly using the Paris attacks to try to pressure tech companies into rolling over,” Cardozo says, even though it does not appear “an Apple backdoor or a Google backdoor wouldn’t have made a difference” in Paris.
Morell said on Sunday Americans need to have a public debate about surveillance in the wake of the attacks. Whereas the previous debate “was defined by Edward Snowden and the concern about privacy, I think we are now going to have another debate, and it’s going to be defined by what happened in Paris.”
“It’s the same debate,” Jillian York, also of the Electronic Frontier Foundation, says, and it’s a debate many privacy advocates would welcome. When they have it, they’ll mention the fact that France enacted one of the most far-reaching surveillance laws in the world months before these most recent attacks occurred.
“France is one of the most heavily surveilled countries in the world; the French intelligence agencies have sweeping legal and technological powers to conduct surveillance within the borders of France,” Cardozo says.
Ironically, he adds, that level of surveillance may have hindered efforts to stop terrorist attacks. “In the wake of the Snowden revelations,” Cardozo says, “one of the things that we saw most clearly was… the ‘collect-it-all’ mentality that Western intelligence agencies have has led to too much data.”
York notes, “The onus is on governments to prove that this is working.”