“I do hope that this is going to be a wake-up call,” Brennan said.
Brennan’s comments reflect growing pressure to grant new digital authorities to law enforcement days after the blasts in Paris. Speaking in Washington Monday, European Justice Commissioner Vera Jourova said “targeted access” to personal data is becoming “crucial” to terror investigations. And British officials debated Sunday whether to fast-track sweeping new legislation that would allow police to monitor citizens’ Web browsing.
The renewed push to empower intelligence services undercuts a years-long backlash against domestic spying triggered by the revelations of former NSA contractor Edward Snowden. It also revives a major debate over the effectiveness of surveillance laws, months after France approved a controversial expansion of police authority in the wake of attacks against satirical magazine Charlie Hebdo.
Despite giving the government greater powers, the new law “did nothing to stop these attacks,” said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation.
The French law, passed in May and reviewed by the country’s highest constitutional authority in July, gives officials the ability to monitor the phone calls and e-mails of terror suspects without a warrant. It also requires Internet providers to collect and analyze information about French Internet users, and make that information available to intelligence agencies.
The draft British law, known as the Investigatory Powers Bill, would force telecom companies to keep records of their customers’ Web activities for up to a year, allowing officials to search through that online history. It would also require tech companies to give law enforcement access to consumers’ encrypted Internet communications — a controversial proposal among privacy advocates. British Prime Minister David Cameron, along with a former U.K. terrorism legislation official, have suggested speeding the bill to passage. But others, such as Home Secretary Theresa May, cautioned against the move.
In the United States, Sen. Ron Wyden (D-Ore.), a vocal surveillance critic, warned Monday against rushing to establish new government powers in the wake of the Paris bombings.
“While some people seem eager to seize on this crisis to resurrect failed policies of the past, the facts show mass surveillance doesn’t protect us from terrorist attacks,” he said.
It remains unclear how the Paris attacks were coordinated, but some have speculated or cited unnamed officials who say the attackers may have used encrypted methods to communicate.
As part of an attempt to gain access to terrorist and criminal communications, the Obama administration has been mired in a debate over electronic encryption — the security technology that helps keep sensitive digital data from prying eyes. By promoting encryption that they themselves cannot unlock, even with a warrant, tech companies are making it more difficult to apprehend criminals and terrorists, some U.S. officials warn. Those officials have pressured companies to build ways to unlock such data. But privacy advocates and tech companies say doing so would undermine the security of their products, potentially leaving all users at increased risk.
In recent months, the White House said it wouldn't pursue legislation requiring companies to cooperate with authorities on encrypted content at this time. But some pushed to keep that option on the table: In an August internal e-mail obtained by the Post, Robert Litt, a senior intelligence agency lawyer, argued the tide could turn in favor of a legislative mandate “in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
Some civil liberties advocates are warning against using the Paris attacks to re-open the debate.
“We cannot let fear drive us to make irrational decisions that will only make us less safe—reducing both our cybersecurity and our economic security,” said Kevin Bankston, the director of New America’s Open Technology Institute.
In the month after the Sept. 11, 2001 terror attacks, the U.S. passed the USA Patriot Act. Congress reauthorized and built on the legislation, which gave the government expanded surveillance powers, in the following years. But revelations from Snowden published by The Washington Post and other outlets in recent years shed new light on how those surveillance powers were wielded and resulted in some revisions. And to some, the documents from Snowden indicated that government surveillance had gone too far to be useful.
“We learned that what's happening with the NSA and other national intelligence agencies isn't a lack of information, it's too much information,” said EFF’s Cardozo. “They couldn't put two and two together because they had too much to process.”
Members of the intelligence community disagree. Stewart Baker, a former senior Department of Homeland Security and National Security Agency official, says that programs like one that collects Americans' domestic phone records en masse enable investigators to “pull out targeted information from bulk surveillance,” and can give them broad insight into a suspected terrorist's social network.
However, a White House group set up to review NSA surveillance found that the phone records program was “not essential to preventing attacks.” It is set to end this month and be replaced with a system where phone companies store the data for officials to query with judicial oversight.
Baker also worries that reporting on NSA capabilities and encryption tools have given terrorists a technological edge. “If you pay attention, you've got a very good idea of where our blind spots are," he said. Some level of secrecy is necessary to preserve intelligence capabilities, he argues.
However, civil liberties activists raise concerns about how to balance that secrecy with oversight and accountability.
In the Paris attack, Center for Democracy and Technology human rights and surveillance fellow Sarah St. Vincent said lack of transparency about the country’s new surveillance laws makes it hard to tell to what went wrong.
“There hasn't been enough information available that could give the legislature or the public a way to evaluate if they are effective,” she said.