NSA Phone-Data Collection May Be Illegal, But Terrorists Stopped Using Phones Long Ago

The National Security Agency’s program to collect bulk phone data violated the Patriot Act, the United States Court of Appeals ruled on Thursday. But in fighting terrorism, zeroing in on the phone conversations of suspects also may be a waste of law enforcement’s time. Terrorists have long moved away from phones, and use various other methods of communication, many of which are much more difficult to monitor.

Monitoring phone calls of individuals suspected of illicit activity was signed into law in 2001, after the Sept. 11 terror attacks. At the time, U.S. officials believed the wiretapping would assist in thwarting future attacks. But it has been 14 years since then, and both technology and terrorists’ digital know-how have significantly evolved. Extremist groups now rely on the Internet and Internet-enabled telecommunication applications for most of their communication.

“It seems outdated, doesn’t it,” said Aaron Ross, a technology security expert and founder of Ross Backup, a cloud-based computer backup and file-syncing company.

Cell phone conversations can still be encrypted using satellite technology, but the average person -- and the average terrorist -- wouldn’t have easy access to one of these devices. With that in mind, the ease with which law enforcement is able monitor phone conversations has prompted terrorist groups like al Qaeda and the Islamic State group to turn to more text-based conversations. The method of communication depends on the type of information exchanged.

The most frequently used and easiest to obtain method of communication is social media, where users can communicate on platforms like Twitter and Facebook. Social media platforms have been an essential part of ISIS’ recruitment campaign and continue to serve as a way for the militants to disseminate propaganda to a vast and varied audience.

“It's not just Twitter and Facebook, everything from Pinterest to Instagram to WordPress, to Just Paste It, to ask.fm to private jihadi forums to You Tube,” said Veryan Khan, the editorial director and founder of the Terrorism Research & Analysis Consortium, or TRAC. “Really, you name it and I can find someone using it to recruit.”

But while useful for recruitment and public statements, social media outlets are not private enough for really sensitive communication. For individual conversations, militants have been known to use mobile phone applications like WhatsApp, Kik and Skype, a telecommunications software that allows the user to make both voice and video calls.

At the beginning of the Syrian revolution, despite a Syrian regime ban on the application, WhatsApp was a major method of communication for opposition fighters, including those with al Qaeda affiliate Jabhat al Nusra, as it was thought to be completely secure and encrypted. But as the program became more popular, authorities figured out ways to crack into the messaging platform.

“These things come and go so quickly because as they get big, people find ways to track them. WhatsApp is not safe,” Ross said. “There’s no guarantee of the encryption ... if they're trying to do something in a way that cannot be tracked.”

Law enforcement’s increasing ability to track applications has made some terrorist supporters limit communication to the exchange of documents that can easily be destroyed. For the most classified information, a militant is now far more likely to write it down and share it over a secure platform.

One particular encryption program, named Dstrux, reportedly has gained prominence with jihadist groups, Ross said. The application is available on Android and Apple devices and allows the user to send and receive documents in a completely secure way. Once the document is sent, the sender receives confirmation of its receipt. The document cannot be shared, screen-captured, saved or copied in any fashion. The user also can set a self-destruct timer on the post, and after the designated time expires, the content is completely erased. After it is received, the document is "shredded" -- the coding is overwritten until it can no longer be identified.

“We have tremendous usage in the Middle East as a region," said Nathan Hecht, founder of Dstrux, adding that Iraq and Egypt have particularly high download rates and that the app has been translated into Arabic. Aside from what Hecht called "basic analytics," Dstrux does not track or store any other user data.

The application's popularity in the region is not surprising given that many governments ban, or at least monitor, citizens using social networking sites. One of Dstrux's most popular features is the ability to post directly to social media platforms like Twitter and Facebook. The same encryption rules apply to contact shared this way, but the way it functions allows the user to "void the government monitoring systems," Hecht said.

Terrorist groups like ISIS already have shown their ability to adapt their strategy to technology’s fast-paced evolution. Earlier this year, the group issued a blanket ban on Apple products and any GPS-enabled device, claiming that such devices can be used by American intelligence agents to target airstrikes.

Most recently, an ISIS-affiliated media office in Iraq’s Anbar province put rules in place for “media concealment,” listing all the topics ISIS members were not to discuss in public, according to a statement disseminated over social media. Information regarding militant movement, weapons or attacks is not to be discussed. The statement also stressed a ban on publishing photos with location services enabled.

“Some of these guys are smart. They know the government is trying to track them,” Ross said. “These people are using the top technology.”