Encrypted communication
November 16, 2015DW: From what we know so far, the Paris attacks by the "Islamic State" appear to have been planned, coordinated and orchestrated in advance for some time. Can you shed some light on how the perpetrators may have managed to communicate without being detected by the seemingly broad surveillance measures applied by the French and other governments?
Jamie Bartlett: Of course it's difficult to know at this point, but I am sure in the coming days we will learn a lot more. Very generally speaking what you can say about the "Islamic State" and pretty much about most terrorist groups is that they keep a very close eye on the latest developments in terms of encrypted messaging services, in terms of using various anonymous web browsers simply to try to communicate with each other in such a way that makes it far more difficult for the intelligence agencies to monitor exactly what they are saying.
You have heard a number of intelligence agencies over the last few months saying that partly because of the Edward Snowden revelation parts of the Internet are going 'dark.' And what that usually means is that their work is getting harder because terrorists such as the "Islamic State" are particularly using encrypted messaging apps to communicate with each other. There are lots of encrypted messaging apps whereby the content of the message is what is called end-to-end encrypted. That means only the people on either side of the communication can see the message in plain text. And when the message is travelling through the Internet it is encrypted which means it is sort of a meaningless jumble. And despite the heavy surveillance of different types of Internet communication these are actually very difficult indeed to crack.
Belgium in an anti-terror probe earlier this year detained several suspects who had used the popular WhatsApp service to communicate. Three days before the Paris attacks, Belgium's Interior Minister Jan Jambon #link:http://www.politico.eu/article/why-terrorists-love-playstation-4/:said# that the most difficult communication between terrorists is via PlayStation 4, because it is extremely difficulty to decrypt. Why is communication via PlayStation 4, a popular video games console, so difficult to crack?
I can't speak so much specifically about the PlayStation. But what we have seen generally over the last couple of years is that many companies have made the communications between their users much more secure. They have used much more powerful encryption. And sometimes they use encryption that they themselves cannot crack. And they do that because consumers want that. Consumers want their communication to be very secure. And I am not taking about terrorists or the bad guys, I am talking about me and you and everybody who uses messaging services.
That is partly because we are worried about government surveillance, partly because we are worried about our data falling in the wrong hands, partly because we are worried about hackers attacking our own communications. And as a result of this most companies have really improved their communication security. And a lot of it is for very good and legitimate reasons indeed. The problem of course is that groups like 'ISIS' are constantly monitoring this as well and checking how good different communications are at keeping their communications secure and responding accordingly. And it's no surprise, because that is really what you would expect them to be doing.
Do you then think it is plausible that PlayStation 4 may have been used by the terrorists to communicate before these attacks?
I think it's plausible. I think it's plausible that they will have used some encrypted messaging apps like Telegram, although I don't know the details of which ones they have used. I think it's plausible they would have used anonymous web browsers to try to obscure there Internet protocol addresses when they were communicating. And I think it's plausible they would have used something like PlayStation 4 to communicate as well, if that is a secure way of doing it. None of this is to say that all of these messaging services are in some way guilty or complicit. Because a lot of these systems, such as TOR browser, are really principally designed for journalists and human rights activists around the world and a lot of people use them for those good purposes as well.
As you said it seems only logical that terrorists would encrypt their messages to conceal their plans. At the same time encryption, as you mentioned, is also a vital tool for human rights activists and for people generally to protect their data. What's the solution to this conundrum?
Some problems don't have easy solutions. But I think there has to be a change in the way that the intelligence agencies operate. I would say for the last ten or 15 years they have become very, very good at developing systems to monitor Internet traffic in huge volume. And that is what some of the Snowden revelations were about. But as more and more people use default encrypted messaging services and use anonymous web browsers that type of approach to intelligence is going to become less effective.
They will have to spend more time and resources on what you might consider more old-fashioned techniques of infiltrating groups, collecting human intelligence, having people who are real specialists doing directed sort of hacking-type intelligence collection work on targeted devices of known individuals and far less on the kind of broad, sweeping surveillance that we have seen over the last few years. I think this is the approach that they will have to adopt.
Finally, I think it would be quite good if the police and the intelligence agencies also saw the benefits of encryption. There is such an amount of cybercrime which could be greatly reduced if people took better care over their communication and used encryption themselves. It would save billions of dollars to the economy around the world if we did that. Maybe some of that could be reinvested into these new types of intelligence work I suggested.
Jamie Bartlett is director of the Centre for the Analysis of Social Media, a collaboration between the British think-tank Demos and the University of Sussex. He is the author of "The Dark Net: Inside the Digital Underground" (2014).
The interview was conducted by Michael Knigge.