Clueless Press Being Played To Suggest Encryption Played A Role In San Bernardino Attacks

from the gotta-try dept

The couple who launched the terrorist attack in San Bernardino, California, last week had devices with some form of encryption, making it difficult for authorities to access all potential information on phones and perhaps other devices, two senior U.S. officials told ABC News.



"Some of their digital media we have been able to exploit. Some of it we have not,” one official said.

Lawmakers say the San Bernardino shooters may have used encrypted communications in an attempt to hide their activities. This type of encryption has been seen before, however.

As many in the security world quickly pointed out, the claim is both vague and nonsensical: Every phone and computing device currently sold in the US has “levels of built-in encryption.” If they didn't, criminals would still be able to easily intercept your calls when your phone connects to a cell tower, and a common thief who steals your device would get access to your bank account info, login details, pictures, and any other sensitive data you stored on it. In other words, saying you found “built-in encryption” in a modern cellphone is about as meaningful as saying you found a battery and a touchscreen.

But this is the second attack in a row, with Paris, where Burr and others have suggested that their lack of foreknowledge of the attack makes it probable the planners used encryption. Burr doesn’t even seem to be considering a number of other things, such as good operational security, languages, and metadata failures might lead the IC to miss warning signs, even assuming they’re collecting everything (there should have been no legal limits to their ability to collect on Malik).



We’re not having a debate about encryption anymore. We’re debating making the Internet less secure to excuse the IC’s less-than-perfect-omniscience.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

As law enforcement and their friendly politicians have used the attacks in San Bernardino to renew a call to undermine and break encryption, the mainstream press has been an easy target for politicians looking to get out whatever message they want. Take, for example, the following set of stories that popped up for me in a simple Google News search:Note that the first story -- the one claiming the San Bernardino attackers had encryption actually came out the second story saying they did not. Incredibly, if you read the full text of both stories, neither fully agrees with its own headline. The ABC story is ridiculously vague:The story at The Hill that claims there's "no evidence" instead has lots of quotes from people suggesting that they just haven't found it yet, and Senator Richard Burr saying it doesn't matter because "we've still got a big problem out there that we're going to have to deal with and it's called encryption." This is the same Richard Burr who, just a couple of months ago, was warning about the dangers of "cyber" attacks in pushing CISA. Does he not realize that encryption helps protectthose attacks significantly more than the ridiculous CISA bill he supported?Anyway, it appears the same anonymous "senior US officials" who were whispering in ABC's ear were doing the same to CBS, which posted a ridiculously vague tweet , without any followup story (that I can find):Others have since run with it. The International Business Times wrote an entire story about the encryption the attackers used, with CBS's tweet as its sole source . And a local Fox affiliate ran a similar story that also is ridiculously vague, with a title breathlessly declaring "ISIS Encryption Used By San Bernardino Shooters." Even that headline goes beyond anything else I've seen, since no one had specifically claimed "ISIS encryption." But then you read the full article and it doesn't either. Here's the entire discussion of the San Bernardino attackers in the first paragraph:The rest of the article deals with the FBI's new claims that one of the Garland, Texas, shooters used encryption, not the San Bernardino attackers. And then it just mentions that ISIS has its own form of encryption at the end of the article, never tying it back to the San Bernardino attackers. A headline like that seems like journalistic malpractice.Thankfully, Joshua Koopstein at Vice's Motherboard throws some cold water on this kind of idiocy, noting thatthese days has some "built-in encryption" and that the press running with this story are being ridiculous.And, even more on point, Marcy Wheeler points out that "encryption" has just become law enforcement and the intelligence community's buzzword of choice for "failing to achieve omniscience." Indeed, that's why we pointed out that the Paris attacks were an intelligence failure , not an encryption problem. And it explains why the law enforcement and intelligence communities are so quick to blame encryption. They don't want people looking back at their own failures, so they might as well blame the technology.But, really, none of that really matters in the long run. There certainly will be attacks where encryption is used for planning -- why wouldn't there be? But the debate shouldn't be about that so much as looking at the overall setup of the world and computer security. And the simple fact is that more people are made safer by the widespread adoption of encryption than are made safer by undermining that encryption to let the FBI peek in on your communications.

Filed Under: encryption, journalism, san bernardino attacks