Feedback
Tech
Paris Terror Attacks

Paris Attack Could Renew Debate Over Encrypted Messaging Apps

Image: People place candles to form the word "Paris"

HANNIBAL HANSCHKE / Reuters

The deadly terrorist attacks in Paris could reignite a long-running debate over whether tech companies should be required to allow law enforcement a "back door" to encrypted communications — a request some experts say may not be technically possible.

Law enforcement officials and cyberexperts have pointed to a link in the past between terrorist groups like ISIS and encrypted apps, saying the militants use them to communicate and recruit. But the tech companies say there's no way to let police and the FBI take a look at communications over a messaging app or other service without potentially giving other people — like a hacker in Russia or China or a foreign spy — a way in, too.

ISIS Uses WhatsApp, PlayStation to 'Go Dark' and Elude Surveillance 2:07

Sen. Dianne Feinstein, D-California, who represents Silicon Valley, had harsh words for tech companies on MSNBC's Andrea Mitchell Reports on Monday.

"I have asked for help and I haven't gotten any help," Feinstein said, adding that it's a "big problem" if tech firms "create a product that allows evil monsters to communicate in this way."

Apps such as Silent Circle, Facebook-owned WhatsApp and Wickr feature end-to-end encryption, which prevents hackers, corporate spies and intelligence agencies from being able to read messages. Investigators have not yet reported any information saying that these or any other encrypted service was specifically used in the Paris attacks.

Read More: Are ISIS Geeks Using Phone Apps, Encryption to Spread Terror?

On Oct. 29, the Middle East Media Research Institute released a report that said "a number of jihadis and terrorist organizations" had created channels on secure messaging app Telegram — a hugely popular app that saw 12 billion messages sent each day in September, its founder has said. Some of the content shared included "tutorials on manufacturing weapons and launching cyberattacks" and "calls for targeted killing and lone-wolf attacks," according to the report.

"It's way too soon to draw conclusions from this particular incident," said Steven Bellovin, a computer science professor at Columbia University and security expert.

No intelligence officials have publicly claimed that terrorists used encrypted communications to plan the attacks in France. On Monday, however, CIA Director John Brennan called the Paris attacks a "wake-up call" and said that "hand-wringing" over privacy was hampering intelligence agencies' ability to prevent attacks.

Cybersecurity experts told NBC News they expect similar comments from other officials in the future —especially if it's revealed that the attackers did use encrypted apps.

"If you want controls on encryption, and you see an attack where encryption might have been used, then you are going to say something," Susan Landau, a professor of cybersecurity policy at Worcester Polytechnic Institute in Massachusetts, told NBC News.

NBC News reached out to Apple, Telegram, Google, Wickr and Kik for comment on Monday but did not receive a reply.

A long-simmering debate

The debate around encryption is not new.

Last year, in a speech titled "Going Dark," FBI Director James Comey said that "encryption threatens to lead all of us to a very dark place."

Encrypted Data: Simple Idea, Complex Math 1:41

On the other side of the debate are tech companies, including Apple, Facebook, Microsoft and Yahoo, who publicly oppose creating back doors. They all signed a letter last year warning that "introducing intentional vulnerabilities" for the government's use will make their software "less secure against other attackers." Basically, if the cops can get in, anyone can get in.

"You can't have a back door that only lets the good guys in," Nicholas Weaver, a senior researcher at the International Computer Science Institute, told NBC News. "If you add one, it becomes usable by Chinese intelligence, Russian intelligence, criminals."

Read More: ISIS Has Help Desk for Terrorists Staffed Around the Clock

Worries about privacy aside, creating special access for the government is a difficult — some say an impossible — thing to do without making encrypted apps vulnerable.

"It's very hard to find someone in the academic security community who thinks this is a good idea, purely from a technical standpoint," Bellovin told NBC News.

Back in July, Comey didn't offer a solution to the technical challenges, but claimed he was simply asking for tech companies to work with him.

"Maybe this is too hard," he said. "But given the stakes, we need to give it a shot."

How to fight terrorists in the digital age

It's certainly "plausible" that encrypted apps could be used to plan an attack, Bellovin said. But even if they were, the apps shouldn't be weakened or banned, he said. Other cybersecurity experts agreed.

"We are living in a golden age of surveillance," Weaver told NBC News. "We have gone bright, not dark."

So if law enforcement can't monitor someone's Telegram conversation, how can they prevent future attacks?

"All of these encrypted chat apps still leak a lot of metadata," Weaver said. That is already being used to track connections between people and known terrorists.

Intelligence agencies can also tap the phones and computers of suspected terrorists, Landau said. She doesn't agree with Comey and other officials that back doors are needed to protect against attacks. Even if the United States had access to all encrypted communications, the sheer volume of messages and false alarms would make it very hard to stop terrorists before they strike.