[Cryptography] [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

Tue Dec 1 11:38:48 EST 2015

At 09:19 PM 11/30/2015, dan at geer.org wrote:
>In dealing with high level decision makers, the best strategy is always to provide three options and have the decision maker choose amongst them.
>
>Taking the American electorate as that high level decision maker, I would find it refreshing were Brennan to present said electorate with the choice between
>
>[1] content analysis (hence crypto side doors and the exposure of content),
>
>[2] traffic analysis (hence data retention at a level heretofore unseen and the cataloged exposure of real social networks), and
>
>[3] a willing resolve to tolerate the occasional terrorist success.
>
>It is a choice amongst losses.

Dan, you'll have to explain a little more about what exactly these choices consist of and why they are the 3 primary choices.

---
The following NYTimes article shows how *decentralized*, *independent* groups are almost impossible to thwart ahead of time -- i.e., the level of surveillance and control required to stop such small decentralized/independent groups is incompatible with any notion of a free society with free thought.

If you believe in the First, Second, Third, Fourth and Fifth Amendments, then you're going to have to tolerate some level of damage from an occasional suicide terrorist, and find other ways to mitigate & lessen this damage; e.g., we tolerate some number of car crashes in order to allow for a functioning economy, but have mitigations -- seatbelts, airbags, car insurance -- to deal with the inevitable damage.

It is also possible that the Paris terrorists were intentionally misdirecting intel agencies with incorrect and confusing messages that may or may not have been encrypted.  If so, then simply piling more "hay" on the "haystack" gets the intel analyst no closer to understanding.

In any case, as the quotes below indicate, Crypto War II is nowhere close to a conclusion.

'Mr. Abaaoud kept security services busy and distracted with these mini-plots while preparing the real attack.'

http://www.nytimes.com/2015/12/01/world/europe/how-the-paris-attackers-honed-their-assault-through-trial-and-error.html

"After phone taps uncovered the Verviers plan, Mr. Abaaoud began using encryption technology and may have concealed his communications in that way with his Paris team, intelligence officials said."

"Mr. Abaaoud ... had given Mr. Hame an email address to reach him on and a USB stick with an encryption key he was to download on his computer."

"Others bought cheap burner phones that are often discarded in an effort to avoid detection"

"With hindsight, some suggest the lone-wolf style attacks  single gunmen sent on missions to kill  that were thwarted in recent months were never the main focus.  Whatever his intention, Mr. Trévidic said, Mr. Abaaoud kept security services busy and distracted with these mini-plots while preparing the real attack."