Top Republican congressman blames Paris attacks on encryption

The facts of the Paris attack are considerably more complex than McCaul lets on.

The American debate over encryption reached a new intensity on Tuesday, when Republican Rep. Mike McCaul (R-Texas) blamed the Islamic State’s deadly terrorist attacks in Paris directly on encryption.

“Why didn’t we know about Paris?” he said on MSNBC’s morning show Morning Joe, referring to the November attacks, which left 130 dead and 368 wounded. “Why did that go under the radar? Because they were using encrypted apps like Telegram.”

McCaul, the chair of the House Committee on Homeland Security, visited several cable news morning shows this week to promote his new book Failure of Imagination, an attempt to describe eight possible violent threats against the United States in Tom Clancy-style fiction.

His assertion, which went unchallenged on MSNBC, parallels in key ways the environment in the Senate where Sen. Dianne Feinstein (D-California) and Sen. Richard Burr (R-N.C.) are writing legislation aiming to “pierce” through encryption by legally mandating backdoor access for the government.

Eighteen politicians from the French conservative party, also known as Republicans, recently introduced legislation aimed to ban strong encryption and mandate backdoors within the country.

The facts of the Paris attack are considerably more complex than McCaul indicated, however.

It is true that the attackers sometimes used Telegram, an encrypted messaging app, and that French authorities say “blank spots remain” as investigators piece together the events that lead to the attacks.

However, the attackers also used unencrypted text messages, phone calls, and emails in the lead up to the attacks, including to coordinate with senior operatives and to launch the attack itself. Most of the attackers, including the ringleader, were already well known as terrorists to European security officials. French intelligence lost track of several suspects.

At least three of the attackers announced their intentions publicly online, making their occasional use of encryption seem less important in hindsight. In addition to Tweets on the subject and boisterous brags in an Islamic State magazine, another attacker posted pictures of his weapon on Facebook.

“One element that is important is that the Belgian federal police don’t have any Arabic speakers who understood the Moroccan dialect that the terrorists spoke,” security researcher “The Grugq” told the Daily Dot. “So the attackers would have been able to speak freely on mobile phones, like the code talkers of WWII. There is even evidence that they did use simple phone calls to coordinate.”

McCaul’s claim that encryption is squarely to blame for the Paris attack quickly comes undone once the evidence is examined.

“Given how many operational security fails the ISIS terrorists committed, I can’t see how encryption would have provided them much protection against actual surveillance,” Grugq continued. “The key issue here is that they were not under surveillance.”

McCaul’s book, an early Amazon bestseller, imagines a series of devastating cyberattacks against New York City financial institutions—and then the entire nation—as one of the largest looming and potentially deadly threats against the United States. That’s a scenario many technologists can imagine as well.

In his interview, however, he also claimed his book shows how encryption makes it more difficult for law enforcement to catch terrorists. 

“One of the things I write about in this book, and it’s a real fear for the FBI, is the ability of the terrorist to communicate in dark space. We cannot see what they’re saying in a wiretap.”

Many of those same technologists disagree with McCaul there. A consensus of academics and professionals argue that encryption is crucial for cybersecurity and that legally mandating backdoors would instead better enable international hackers to attack the U.S.

Screengrab via Twitter

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.