If the Paris attackers weren't using crypto, the next ones will, and so should you

Lots of law enforcement agencies hate crypto, because the technology that helps us protect our communications from criminals and griefers and stalkers and spies also helps criminals keep secrets from cops. With each terrorist attack there's a fresh round of doom-talk from spooks and cops about the criminals "going dark" — as though the present situation, in which the names and personal information of everyone who talks to everyone else, all the time, where they are then they talk, where they go and who they talk to next, is somehow less surveillant than the past, when cops could sometimes use analog tape-recorders to wiretap the very few conversations that took place on landlines.

The NYT bought some of the fresh manure being peddled by snoops and spooks who want to capitalize on the dead in Paris (another story had it that stock PS4 voice-chat was some kind of super-unbreakable crypto used by savvy terrorists — as though an unencrypted, centralized messaging service that you need to have a credit-card number to use was ninja-grade opsec).

But the reality is that criminals will be using crypto soon, if they aren't already, for the same reason they're using computers. Using crypto is the best way to communicate. It prevents data-leakage to adversarial parties, makes throwing away or losing your devices less risky, protects you from physical theft, and also gives you a high degree of certainty about who you're communicating with and whether your communications have been tampered with. Who wouldn't want that from their communications?

It would be newsworthy if people prepared to commit suicide for their beliefs weren't also willing to google "How do I communicate securely?" beforehand. But it should also be noteworthy if you and the people you rely upon aren't asking the same question.

On Sunday, the Times published a story citing unidentified "European officials" who told the outlet the attackers coordinated their assault on the French capital via unspecified "encryption technology."

"The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly," the article, which has since been removed, stated.

"It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption."

A link to the NYT article now redirects readers to a separate, general article on the attacks, which does not contain the word "encrypt." The original piece can be found on the Internet Archive.

The Times later posted a second article citing an anonymous "European counterterrorism official" who was quoted saying authorities' "working assumption is that these guys were very security aware," but clarified officials "offered no evidence."

NYT Quietly Pulls Article Blaming Encryption in Paris Attacks [Giuseppe Macri/Inside Sources]

(via /.)