By Stewart Baker August 3 at 9:39 PM
The evidence is mounting that Edward Snowden and his journalist allies have helped al Qaeda improve their security against NSA surveillance. In May, Recorded Future, a predictive analytics firm, publisheda persuasive timelineshowing that Snowdens revelations about NSAs capabilities were followed quickly by a burst of new, robust encryption tools from al-Qaeda and its affiliates:
This is hardly a surprise for those who live in the real world. But it was an affront to Snowdens defenders, whove long insisted that journalists handled the NSA leaks so responsibly that no one can identify any damage that they have caused.
In damage control mode, Snowdens defenders first responded to the Recorded Future analysis by pooh-poohing the terrorists push fornew encryption tools. Bruce Schneierdeclared that the change might actually hurt al Qaeda: I think this will help US intelligence efforts. Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight.
Schneier is usually smarter than this. In fact, the product al Qaeda had been recommending until the leaks, Mujahidin Secrets,probably didqualify ashome-brew encryption.Indeed, Bruce Schneier dissedMujahidin Secretsin 2008 on precisely that ground, saying No one has explained why a terrorist would use this instead ofPGP.
But as a secondRecorded Future postshowed,the products that replacedMujahidin Secretsrelied heavily on open-source and proven encryption software.Indeed, one of them uses Schneiers own, well-tested encryption algorithm, Twofish.
Faced with facts thatcontradicted his original defense of Snowden, Schneier was quick tooffer a new reason why Snowdensleaks and al Qaedas response to them still wouldnt make any difference:
Whatever the reason, Schneier says, al-Qaidas new encryption program wont necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. Thats why he ended up resorting to couriers.
Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said.It is relatively easy to find vulnerabilities in software, he added. This is why cybercriminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using.
So, if you were starting to think that Snowden and his band of journalist allies might actually be helping the terrorists, theres no need to worry, according to Schneier, becauseall encryption software is so bad that NSA will still be able to break the terrorists communications and protect us. Oddly, though, thats not what he says when he isnt on the front lines with the Snowden Defense Corps. Ina 2013 Guardian articleentitled NSA surveillance: A guide to staying secure, for example, he offers very different advice, quoting Snowden:
More here:
Volokh Conspiracy: As evidence mounts, it’s getting harder to defend Edward Snowden