[Cryptography] FBI Says TX Gunman Used Encryption

Thu Dec 10 08:01:43 EST 2015

FYI --

'"You can't delete encryption software off the Internet or delete all the textbooks telling people how to write it," Mr. Kocher said.'

http://www.nytimes.com/2015/12/10/us/politics/fbi-chief-says-texas-gunman-used-encryption-to-text-overseas-terrorist.html

F.B.I. Chief Says Texas Gunman Used Encryption to Text Overseas Terrorist

By DAVID E. SANGER and NICOLE PERLROTH DEC. 9, 2015

WASHINGTON -- The F.B.I. director, James B. Comey, said Wednesday that investigators could not read more than 100 text messages exchanged by one of the attackers in a shooting this year in Garland, Tex., because they were encrypted, adding fuel to law enforcement agencies' contention that they need a way to circumvent commercially available encryption technology.

Mr. Comey, who two months ago appeared to have lost a battle inside the Obama administration over forcing companies like Apple and Google to give investigators a way to decode messages, told the Senate Judiciary Committee that one of the attackers "exchanged 109 messages with an overseas terrorist" the morning of the shooting.

"We have no idea what he said because those messages were encrypted," Mr. Comey said.  "And to this day, I can't tell you what he said with that terrorist 109 times the morning of that attack.  That is a big problem.  We have to grapple with it."

The testimony was the first time Mr. Comey, a longtime critic of the technologies that he contends are creating a "going dark" problem for law enforcement agencies, had cited a specific example of a terrorist using encrypted communications.  He said he would not comment on whether similar technology was involved in the time before the Paris attacks or the shooting rampage in San Bernardino, Calif.

In the Texas shootings, two men armed with rifles and wearing armor opened fire near an exhibit that was showing cartoon images of the Prophet Muhammad.  Depictions of the prophet are considered offensive in most interpretations of Islam. The attackers were killed by the police, and the Islamic State claimed responsibility.

There is no indication that the F.B.I. saw that such messages were exchanged before the shootings began or recognized that one of the suspects was talking to a foreign terrorist group member -- something that might have been detected even if the authorities could not read the messages themselves.

The White House concluded recently that there was merit to the arguments of companies like Apple that it is extremely difficult to create a "back door" for police or intelligence agencies to read such conversations without also creating a breach that Russian, Chinese or other determined hackers could exploit.

But Mr. Comey argued in his testimony on Wednesday that the technology companies' defense of "end-to-end encryption," in which only specific users of a phone or computer hold the keys, was rooted in business decisions.

"It's a business model question," he said.  "Good people have made a decision to design products and sell products where court orders are ineffective.  And I'm not impugning their motives.  I understand they see it as a competitive issue or they think it's just the right thing to do."

But he asked if that model could be changed, and "if that can't be done voluntarily, what are the other alternatives?"

For Mr. Comey, whose 10-year term extends well beyond President Obama's, the recent attacks have provided renewed arguments to pressure technology companies.

Cyrus R. Vance, the Manhattan district attorney, and William J. Bratton, New York City's police commissioner, have faulted the encryption used by Apple, Facebook and Google for thwarting terrorism investigations.

But to many business executives and some technology experts, their accusations seemed premature, because there was little evidence that encryption had been used in the planning of any attacks.

"It was fairly clear, months ago, that law enforcement was laying the public relations groundwork to blame encryption for whatever happened to go wrong," said Paul Kocher, a cryptographer and president of the Rambus Cryptography Research division, who has called for stronger encryption.  "But in a couple cases, they blamed encryption and got it wrong."

In the case of the attacks in Paris last month, there is still no evidence that the attackers used encrypted messages to plot their attacks.  In fact, a cellphone belonging to one of the attackers suggested that they had communicated using unencrypted text messages.  There is also no evidence that the married couple who waged the attack in a San Bernardino office building last week communicated digitally about the attacks.

Yet it is clear that terrorists are looking for the strongest encryption they can find.  In a technology tutorial produced by the Islamic State militant group that was circulated last January, the group offered its members a guide to encrypted messaging apps, pointing out which it believed were "safest," "safe," "moderately safe" and "unsafe," according to the SITE Intelligence Group, which monitors terrorists' communications.

In the wake of the Paris attacks, Mr. Vance's office published a report asking why Apple could not roll back its latest encryption system, which puts the keys to unlock encrypted iPhone communications on the device itself so that Apple cannot unlock the communications for law enforcement even if presented with a court order.

In the past, Apple could unlock communications under such circumstances, but the current scheme forces law enforcement agents to go directly to their target to read their communications.

But even if Apple rolled back its technology -- which Tim Cook, the company's chief executive, has emphatically insisted will never happen -- it is unclear whether it would make it easier for American law enforcement to track terrorists.

Of the encrypted mobile apps recommended in the Islamic State tutorial, the top five "safest" encryption schemes recommended by the group were made by companies outside the United States -- in places like Switzerland, where a United States court order would not be enforceable.

"We have far more to lose by having our information attacked than gained from weakening everyone's information security," Mr. Kocher said.  He added that rolling back encryption in those products would only drive terrorists to use other products, or create their own.

"You can't delete encryption software off the Internet or delete all the textbooks telling people how to write it," Mr. Kocher said.

David E. Sanger reported from Washington, and Nicole Perlroth from New York.

A version of this article appears in print on December 10, 2015, on page A14 of the New York edition with the headline: F.B.I. Chief Says Gunman Used Encryption to Text Terrorist.