X
Tech

Why the CIA wanting encryption backdoors is a failure of leadership, not intelligence

Analysis: The question shouldn't be if encryption should have backdoors, but why intelligence agencies have begun shifting the blame onto those who push for privacy.
Written by Zack Whittaker, Contributor
france1.jpg
"We are not afraid."
(Image: Al Jazeera/Twitter)

It took about three days for the CIA director and former intelligence officials to reignite the debate over the use of encryption, with some speculating that it may have been the reason why French and other Western intelligence agencies were unable to prevent the Paris attack earlier this month.

The attack, the greatest assault on French soil the end of World War II, left 129 dead and hundreds injured.

French prosecutors leading the investigation said Saturday that the final body count may rise. The motives of the attackers and whether or not they used encryption were not confirmed by authorities.

That didn't stop sister-site CBS News contributor and former CIA deputy director Michael Morell from stating, on little more than a hunch -- apparently, that the perpetrators of the attack "used encrypted apps to communicate." (Disclosure: ZDNet is also owned by CBS.)

He said:

"Commercial encryption. . . is very difficult -- if not impossible -- for governments to break. The producers of this encryption do not produce the key for either them to open this stuff up or for them to give to governments to open this stuff up. This is the result of Edward Snowden and the public debate. I now think we're going to have another public debate about encryption, and whether government should have the keys, and I think the result may be different this time as a result of what's happened in Paris."

He, like many others before him, laid the blame at the steps of the companies who, inclined by or regardless of Edward Snowden's leak to journalists two years ago of classified materials detailing the intelligence community's mass surveillance programs, want to keep users' data secure and protected.

To Morell's credit, his remarks were somewhat tame compared to Fox News contributor Dana Perino, who said on Twitter about Snowden: "F**k him to you know where and back." (Fox News's slogan is "fair and balanced.")

Wired's Kim Zetter, who wrote a strong rebuttal of the anti-encryption brigade's controlled and often contradictory rhetoric, pointed to vague comments made by incumbent CIA director John Brennan, who said on Monday:

"There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it. I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve."

He added:

"And in the past several years because of a number of unauthorized disclosures and a lot of handwringing over the government's role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging. And I do hope that this is going to be a wake-up call, particularly in areas of Europe where I think there has been a misrepresentation of what the intelligence security services are doing by some quarters that are designed to undercut those capabilities."

The "too-long, didn't read" version is, it's Snowden's fault the tech companies are pushing for stronger security, and he hopes that terrorist attacks will shift the public opinion in favor of open, unencrypted, and readable communications to both the intelligence agencies and hackers alike.

He neglects to mention that in the months prior to the September 11 attacks, al-Qaeda was known to have used encryption in which "may lie the... blueprints of the next terrorist attack against the US or its allies."

It's no wonder that intelligence officials, who have since the attacks in 2001 striven for a "collect it all" mantra about data collection on law-abiding citizens, are calling for backdoors in strong, uncrackable encryption.

Traditionally, when terrorists were successful, it used to be a "failure" by an intelligence agency or government.

After the September 11 attacks, people said the government did not not know anything about them in advance which former insiders called an intelligence failure. British intelligence agency MI5 said it was a "lack of resources" that the five suicide bombers were not caught prior to their attacks on the London subway system in 2005. After the chaos of the Boston bombing, the biggest terrorist attack on US soil since 2001, the FBI was accused of intelligence-sharing shortcomings.

Since 2013, when you first heard Edward Snowden's name, the government finally had a scapegoat. Any person or company who acts in his name, or doubles-down on security in the wake of the leaks is now to blame, accused of being traitorous, or impeding investigations or intelligence gathering.

Yet, in the latest attack, encryption has yet to be determined as a cause -- or even a factor.

As Vice notes, there are more than enough reasons why intelligence failures happen -- in spite of strong encryption: a lack of sharing intelligence across borders, a lack of language-speaking translators, and a deluge of data that authorities struggle to sift through.

Even former National Security Agency employees turned whistleblowers have said the daily deluge of data drowns analysts in too much information, meaning finding that needle in the vast haystack of intelligence is impossible.

Yet that bulk dragnet of metadata may not be the answer. It may have been "designed to detect a Mumbai/Paris-style attack," according to a tweet by former NSA general counsel Stewart Baker, but as intelligence expert Marcy Wheeler notes, simply, "it didn't."

With a number of reportedly missed opportunities from sifting through so much intelligence that they can't identify potential attackers before they struck, the notion of wanting access to even more intelligence is weak, and diversionary at best.

The intelligence community is fighting a public debate it never wanted in the first place. The question shouldn't be if encryption should have backdoors, but why intelligence agencies have begun shifting the blame onto those who push for privacy.

If the administration's intelligence directors are demanding access to even more data than their agencies know what to do with, that points to a failure of leadership rather than a fault of intelligence.

Editorial standards