Officials briefed on November’s terrorist attack in Paris said the perpetrators used encrypted applications, including the Facebook-owned WhatsApp and Germany-based Telegram.
However, they did not say how substantive the use was. The applications are the two most commonly used for international texting, and both employ end-to-end encryption, which generally prevents surveillance by intelligence agencies.
The officials spoke to CNN Thursday on the condition of anonymity and provided few details. The Paris prosecutor’s office has declined to comment. Nonetheless, the report is likely to be used by lawmakers seeking to ban such applications.
“People say why didn’t you see Paris? It was under the radar because they were using an app called Telegram and they were communicating through an encrypted application,” House Homeland Security Committee Chairman Michael McCaul, R-Texas, said last week.
Senators including Sen. Dianne Feinstein, D-Calif., and Sen. John McCain, R-Ariz., have voiced support for banning end-to-end encryption. Feinstein said Dec. 9 that she would propose a bill to that effect, though it looks increasingly likely that will not materialize before the new year.
Before Paris, FBI Director James Comey has pointed to just one attack in which terrorists used encryption in a relevant fashion. That was a May 3 event in Garland, Texas, in which one of the perpetrators exchanged 109 encrypted text messages with someone overseas prior to the attack.
Regardless of how substantively encryption was used in Paris, investigators have said that unencrypted messaging applications were used as well, particularly to coordinate on the day of the attack. Critics suggest that points to a broader problem that banning encryption will not solve.
“If you know someone is communicating via an encrypted channel, you already know a lot of other information about them,” Rep. Will Hurd, R-Texas, said on Thursday. “You may know their name, you know a phone number, you know a [serial] number on their phone, you know their email address, you may know an IP address, you know the tool they’re using.”
“There’s a host of other things you can do to find out information about this person, who they’re talking with, in order to thwart a threat. And you don’t need to weaken encryption,” Hurd added.
