Did the San Bernardino Shooters Use Advanced Encryption or Not?

1221_sanbernardino
Police and Sheriff's Office Crime Scene Investigators examine evidence at the scene of the investigation around an SUV where two suspects were shot by police following a mass shooting in San Bernardino, California. REUTERS/Mike Blake

Encryption has been at the forefront of the debate between privacy and security following the San Bernardino shootings. But did the two shooters actually use encrypted technology to coordinate their attacks?

The short answer has been "yes and no," so far. Yes, the shooters had "built-in encryption" on their smartphones as one "senior law enforcement official" told CBS News. But so do nearly all smartphones currently in the market.

The bigger question is if Tashfeen Malik and Syed Farook, the couple who killed 14 people and injured scores more before dying in a shootout with the police, used advanced encryption tools like PGP or TextSecure to communicate with each other. And so far, there has been no evidence released saying that has been the case.

Last Wednesday, the FBI stated that Malik and Farook had been communicating through "direct, private messages" online on their jihadist views for years before the attack. FBI director James Comey expanded to say the pair used "one of the very common Internet service providers that provides email service and direct message." It is still unclear whether Malik and Farook actually encrypted the messages themselves to avert the FBI.

As of December 10, Congress had found no evidence that Malik and Farook used any encryption in coordinating the attack, but they've still been hawkish on clamping down on encryption. Politicians and intelligence officials have insisted that technology companies must open up a "backdoor" channel to access the protected messages since the Paris terrorist attacks in November.

"We've still got a big problem out there that we're going to have to deal with and it's called encryption," Republican Senator Richard Burr told The Hill on December 10.

For those in Silicon Valley or advocates of online privacy, encryption has been a godsend, not a problem in protecting sensitive data for personal and business uses. Since last year's rollout of iOS8, Apple expanded its data encryption to become a default feature, making it technically impossible for Apple to "respond to government warrants for the extraction of this data from devices in their possession running iOS 8." And its CEO, Tim Cook, has become the de-facto face for the pro-encryption side in recent weeks, repeatedly speaking against backdoor channels supported by the FBI and CIA.

Encryption has mushroomed into an important political issue for the 2016 presidential race in recent weeks, despite the lack of evidence that Malik and Farook used encryption. The Los Angeles Times reported that Malik shared her jihadist views to two Pakistani friends via Facebook's private messages—an unencrypted channel which would have been easy for intelligence officials to access with proper warrants.

As Re/Code notes, the "real issue seems to be that Malik and…Farook were not on anyone's watch list ahead of the attacks" rather than encryption.

But this has not deterred presidential candidates from both the Republican and Democratic parties from making bold, misguided statements on encryption. Former Ohio Governor John Kasich was the most forthright of all candidates of the negative impact of encryption, saying "because the people in San Bernardino's phone was encrypted, because they couldn't see who they were talking to, it was lost."

But intelligence officials could see who they were talking to, according to The Washington Post. Through Internet service providers, officials can see everything but the message itself, including the sender and recipient of the encrypted message. Newsweek contacted Kasich's campaign to expand upon his statement but have not heard anything back.