Paris attack planners used encrypted apps, investigators believe

i

French counterterrorism investigators believe that the men suspected in last month’s Paris attacks used widely available encryption tools to communicate with each other, officials familiar with the investigation said, raising questions about whether the men used U.S.-made tools to hide the plot from authorities.

Investigators have previously said that messaging services WhatsApp and Telegram were found on some of the phones of the men suspected in the November attacks that claimed 130 victims. But they had not previously said that the services had been used by the men to communicate with each other in connection with the attacks. The two services are free, encrypted chat apps that can be downloaded onto smartphones. Both use encryption technology that makes it difficult for investigators to monitor conversations.

The findings of the investigation were confirmed by four officials, including one in France, who are familiar with the investigation. All spoke on the condition of anonymity because they were not authorized to speak publicly about the ongoing inquiry. A spokeswoman for the Paris prosecutor’s office, which is leading the investigation, declined to comment.

The investigators’ belief that WhatsApp and Telegram had been used in connection with the attacks was first reported by CNN.

The revelation is likely to add fuel to calls in Congress to force services such as WhatsApp, which is owned by Facebook, to add a back door that would enable investigators to monitor encrypted communications. Such demands have grown stronger in the wake of the Paris attacks and after other attacks in the United States in which the suspects are believed to have communicated securely with Islamic State plotters in Syria.

Already, security hawks in Congress, citing the likelihood that the Paris attackers used encrypted communications, have called for legislation to force companies to create ways to unlock encrypted content for law enforcement. Sen. Dianne Feinstein, D-California, vice-chairman of the Senate Intelligence Committee, has begun working on possible legislation. And Sen. John McCain, R-Arizona, chairman of the Senate Armed Services Committee, has promised hearings on the issue, saying, “We’re going to have legislation.”

FBI Director James B. Comey last week cited a May shooting in Garland, Texas, in which two people with assault rifles attempted to attack an exhibit of cartoons of the prophet Muhammad. Investigators believe they were motivated by the Islamic State. Comey told the Senate Judiciary Committee that encrypted technology had prevented investigators from learning the content of communications between the shooters and an alleged foreign plotter.

“That morning, before one of those terrorists left and tried to commit mass murder, he exchanged 109 messages with an overseas terrorist,” Comey told the committee. “We have no idea what he said, because those messages were encrypted.”

Tech firms such as Apple have opposed such calls, saying that such a requirement would render their services and devices less secure and simply send users elsewhere. Apple began placing end-to-end encryption on its chat and video call features several years ago. Then last year, in the wake of revelations by former National Security Agency contractor Edward Snowden about the scope of U.S. surveillance, Apple announced it was offering stronger encryption on its latest iPhones. And more tech firms began to question what had once been routine law enforcement requests to comply with court-ordered wiretaps.

A spokesman for Facebook declined to comment about whether the attackers used WhatsApp. A representative for Germany-based Telegram did not respond to a request for comment.

The officials familiar with the Paris investigation did not say when the services were used, how frequently or for what purpose. One of the officials said investigators believe that the attackers used Telegram’s encrypted chat function more frequently than they used WhatsApp. It was not clear whether authorities were able to obtain “metadata,” information indicating the times and dates of chat messages from either company’s servers. Nor was it clear whether authorities had been able to recover the messages from the phones themselves.

Not all encrypted apps are equal. WhatsApp offers end-to-end encryption between two users on some platforms, such as Android phones. That means the chat content is not visible to Facebook but only to the sender and receiver. WhatsApp is in the process a rollout for Apple’s iPhones. Telegram’s Secret Chat feature is end-to-end encrypted. However, a number of experts say that Telegram is not secure.

“It’s home-brew crypto style,” said Lance James, chief scientist at Flashpoint, a threat intelligence firm. The Telegram developers have “introduced unnecessary risk by making up their own cryptography rules.” He said he was “fairly certain” that advanced spy agencies could find ways around the encryption.

The group chat functions on the apps do not offer end-to-end encryption, which means anyone with access to WhatsApp or Telegram’s servers can read the chats.

European authorities have come under heavy criticism for failing to disrupt the Paris attacks, and it is unclear whether encrypted messaging played an important role in the plot’s success. Ringleader Abdelhamid Abaaoud, a Belgian citizen, was being monitored by European authorities but nevertheless managed to travel to Syria and back this year.

Another suspect, Salah Abdeslam, is still at large despite having been stopped by French police at the Belgian-French border hours after the attacks. He used his real identity documents, but he was not yet in a database, Belgian Interior Minister Jan Jambon told the Belgian VTM broadcaster in an interview aired this week.

“We were simply unlucky,” he said.

Then, investigators believe, Abdeslam went into hiding in a building in the Molenbeek district of Brussels, and Belgian Justice Minister Koen Geens said that a Belgian law banning police raids between 9 p.m. and 5 a.m. may have played a role in his subsequent escape.

FBI chief James Comey says Calif. killers used encrypted email, but not social media

FBI chief James Comey says Calif. killers used encrypted email, but not social media

The couple who killed 14 people and wounded nearly two dozen others this month in California chatted secretly of jihad long before they married or entered the United States, not on social media as politicians have claimed, FBI Director James Comey said Wednesday at a Manhattan law enforcement conference, where he urged the public to remain alert for signs someone close to them is being radicalized online.

Comey said those messages between Syed Rizwan Farook and Tashfeen Malik were direct, private messages well before their attack in San Bernardino, California.

“So far, in this investigation we have found no evidence of posting on social media by either of them at that period in time and thereafter reflecting their commitment to jihad or to martyrdom,” he said, referring to the reports suggesting that Malik had spoken openly on social media about jihad and that background checks had not detected those comments.

Comey made his statements at 1 Police Plaza, first at the NYPD Shield Conference, which included several hundred security personnel who work in the private sector and who collaborate with the NYPD, and again at a news conference.

“The threat comes from social media, which revolutionized terrorism,” Comey said.

Comey revealed for the first time that the shooting deaths last July of five people after attacks on two military installations in Chattanooga, Tenn., have now officially been classified as a terrorist attack. The assailant in that attack, Muhammad Youssef Abdulazeez, a naturalized U.S. citizen living in Hixson, Tenn., was killed by police gunfire after he shot and killed four Marines and a sailor and wounded three other people.

The White House on Wednesday said President Obama plans to visit San Bernardino on Friday and meet with the families of shooting victims there.

Comey said he understands Americans are jittery, but citizens should try to channel their awareness into vigilance, not panic. He said the threat from the Islamic State group, known as ISIS or ISIL, has not changed — but it’s vastly different from how terror cells operated around the time of the Sept. 11 attack. “Your parents’ al-Qaida is a very different model and was a very different threat that what we face today,” he said.

For example, he said, some Twitter messages cannot be “unlocked” by law enforcement, making it impossible for them to track communications between terrorists.

Comey said Farook and Malik communicated via encrypted email which investigators have not been able to crack.

“The bottleneck here is there are a lot people who have designed these products and they can’t access it themselves because that is what the market requires,” Comey said. He said he hoped further public debate on encryption will convince the public to accept that unlocking encryptions is needed by law enforcement to battle global terrorism.

Comey said the messages relayed from foreign terrorist groups are as succinct as “I will kill where I am.” Comey said such messages have inspired homegrown terrorists, who are receiving these messages on their phones daily.

Comey also urged the public not to “freak out” because they are anxious about another homegrown terrorist attack. Instead, he said, “We need the public to be aware and not to be fearful, but instead have a healthy awareness of their surroundings and report something if they see something. Tells us [law enforcement], because we need your help, and then live your life and let us do our job.”

NYPD Commissioner William Bratton echoed Comey’s comments. “To prevent crime, disorder and now terrorism we must go where it begins . . . in the minds of those who hate and feel victimized. People who see this are moms and dads.”

Bratton said the terrorists are “propagandizing messages that are slick and professional and are inspiring attacks.”

Encrypted Messages Stymied Probe of Garland Shooting — FBI Director

Encrypted Messages Stymied Probe of Garland Shooting — FBI Director

FBI Director James Comey Jr. testifies at a Senate Judiciary Committee hearing on Capitol Hill in Washington December 9, 2015. John McCain (R-Ariz.), who said after the Paris attacks that the status quo was “unacceptable”.

He said the Federal Bureau of Investigation was focused intently on the threat of homegrown violent extremism, “the radicalization in place” of people who become inspired, influenced and/or directed by a terrorist group or extremists.

Though he said the Obama administration was not seeking to address concerns over data encryption on smartphones, he said he remained concerns that criminals, terrorists and spies were using such technology to evade detection. This is why technologists must continue to dispel the myths behind the arguments against encryption. ”

This isn’t going to solve the whole problem”, Comey said. “I’m not questioning their motivations”, Comey said.

In response Comey appeared to counter his previous statement on the lack of a “technical issue”, and essentially admitted he doesn’t know how companies would comply with the order, but it would be their burden to figure it out. “In fact, the makers of phones that today can’t be unlocked, a year ago they could be unlocked”.

He also says tech companies should just accept that they would be selling less secure products.

William Binney, veteran NSA codebreaker and early whistleblower, said good intelligence is much more a matter of collecting the destinations and origins of communications – the “metadata”, which will not work if encrypted – than of breaking into people’s private messages to see what’s there.

Comey said he is engaged in ongoing and productive conversations with Silicon Valley. “I promise you that’s the way we conduct ourselves”. “We care about the same things”.

One of the attackers “exchanged 109 messages with an overseas terrorist” on the morning of the shooting, Comey said. “That is a big problem”, he said.

If firms have already decided that strong encryption is in their best interest, Sen. “Encryption is always going to be available to the sophisticated user”. FaceTime, Apple’s video call feature, has had end-to-end encryption since 2010.

In the wake of National Security Agency contractor Edward Snowden’s revelations about mass surveillance in 2013, there have been several discussions about governments’ need to be able to look at citizen data and individual privacy. Feinstein offered to pursue legislation herself, citing fear that her grandchildren might start communicating with terrorists over encrypted Playstation systems. ”

US tech companies do not want to be the middleman between law enforcement and their customers”, observed Utah Republican Orrin Hatch to Comey, who said he “wasn’t sure what [Hatch] meant by “middleman”. “Our ability to monitor them has not kept pace”. “We ought to remember the limits on what we can do legislatively, it wouldn’t necessarily fix the problem”. But law enforcement agents still have powerful tools to surveil suspects and gain information on terror plots.

FBI Director: Silicon Valley’s encryption is a “business model problem”

FBI Director: Silicon Valley’s encryption is a “business model problem”

Leaders in both major political parties have increasingly been calling on tech companies to give law enforcement encryption backdoors in the wake of recent terror attacks in Paris and California.

Today, FBI director James Comey has suggested that Silicon Valley isn’t faced with a serious technical problem, but rather a “business model problem,” according to a report on his comments in The Intercept, based on C-SPAN video of the hearing.

On the face of it, Comey’s statement would seem to back away from earlier suggestions that tech companies can and should find a way to allow access to data when law enforcement wanted it, but provide otherwise secure services. Critics have pointed out that any encryption backdoors that can be used by the “good guys” also lead to widespread insecurity, since they can also be exploited by not-so-good guys.

At one point, Comey identified the problem as encryption “by default,” leading even unsophisticated users to have encrypted phones. The exchange looked like a veiled jab at Google and Apple.

“There are plenty of companies today that provide secure services to their customers and still comply with court orders,” said Comey. “There are plenty of folks who make good phones who are able to unlock them in response to a court order. In fact, the makers of phones that today can’t be unlocked, a year ago they could be unlocked.”

Comey also provided a specific example of a situation in which he said encryption was an obstacle for law enforcement.

“In May, when two terrorists attempted to kill a whole lot of people in Garland, Texas, and were stopped by the action of great local law enforcement,” he said. “That morning, before one of those terrorists left to try to commit mass murder, he exchanged 109 messages with an overseas terrorist. We have no idea what he said, because those messages were encrypted. That is a big problem.”

In the end, Comey didn’t really make clear exactly what measures he expects tech companies to take, or whether he’d favor legislation to force them to do it. But he made clear, in a fairly confusing way, that he’s not satisfied with the current drive to encrypt devices.

McCaul wants new commission on encryption and law enforcement

McCaul wants new commission on encryption and law enforcement

The chairman of the House Homeland Security Committee said he plans to introduce legislation that would allow the creation of a “national commission on security and technology challenges in the Digital Age.”

The legislation “would bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground,” Chairman Rep. Michael McCaul (R-Texas) said in a Dec. 7 speech at National Defense University. “This will not be like other blue ribbon panels, established and forgotten.”

He said the ability of terrorist groups to use encrypted applications while communicating is one of his biggest fears. “We cannot stop what we cannot see,” he said in reference to recent attacks in San Bernardino, Calif., and Paris.

McCaul described the Islamic State as not a “terrorist group on the run” but a “terrorist group on the march.” He said 19 Islamic State-connected plots in the U.S. have been thwarted by government officials. But he added that terrorist groups are using the Internet to expand.

“Americans are being recruited by terrorist groups at the speed of broadband while we are responding at the speed of bureaucracy,” he said.

FBI Director James Comey has been a vocal critic of end-to-end encryption in commercial devices, and his advocacy has received a mixed reception on Capitol Hill. During an Oct. 27 hearing, Rep. Will Hurd (R-Texas), a former CIA officer who has private-sector cybersecurity experience, criticized Comey for saying encryption thwarts counterterrorism efforts and for “throwing certain companies under the bus by saying they’re not cooperating,” a charge that Comey denied.

In an interview, Hurd welcomed McCaul’s proposed commission by saying, “I think getting a group of industry experts from all sides of this issue to talk — and to not talk past one another — is ultimately a good thing.”

Hurd, a member of the Homeland Security Committee, said he would planned to speak with McCaul to make sure the commission had the “right folks in the room.”

He added that the right people would be leaders of technology firms whose encryption services have been at the center of debate and law enforcement officers who might be able to identify situations in which agencies would need to get around encryption, Hurd said.

But those situations still seem elusive. When he was a CIA officer working on cybersecurity issues, Hurd said he did not think of encryption as an insurmountable roadblock.

“Guess what? Encryption was around back then,” he said.

Hurd pointed out that intelligence can be gleaned from the contours of encrypted channels — such as communications between IP addresses — without decrypting the communications.

“I still haven’t gotten anybody to explain to me a very specific case where the investigation went cold” because of encryption, he said of his conversations with law enforcement officials.

McCaul sounded a more dire note by saying, “I have personally been briefed on cases where terrorists communicated in darkness and where we couldn’t shine a light, even with a lawful warrant.”

He said countering Islamic State’s use of encrypted messaging is “one of the greatest counterterrorism challenges of the 21th century.” At the same time, he was careful not to target encryption technology itself, which he described as “essential for privacy, data security and global commerce.”

In a Dec. 6 speech from the Oval Office, President Barack Obama announced plans to seek public/private cooperation on challenges posed by encrypted communications. He said he will “urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice.”

However, it is not clear if that message represents more than a change in tone from current policy. The administration had previously said it would not seek legislation to push companies to retain customers’ encryption keys and share them with law enforcement agencies.

U.S. CIO Tony Scott told FCW in a November interview that “at the end of the day, I think the better policy is probably not to require these backdoors” for law enforcement.

Although a new law could potentially cover U.S.-based providers and devices manufactured by U.S.-based companies, encryption applications would still be widely available beyond the country’s jurisdiction.

“All the really bad people who are highly motivated to keep their stuff secret are going to use the encryption method that doesn’t have a backdoor,” Scott said.

McCaul used the bulk of his speech to call for tighter restrictions on the Visa Waiver Program, as outlined in a bill introduced this week that would require high-risk individuals who have visited a terrorist hot spot to undergo an intensive screening process before entering the United States. He said that approach would also strengthen intelligence sharing with allies and help prevent passport fraud.

Apple, Google encryption is a blow to public safety

Apple, Google encryption is a blow to public safety

A November 2015 report of the Manhattan District Attorney’s Office in New York City sets forth succinctly a huge public safety problem of which most Americans are unaware:

“Most people today live their lives on smartphones, and, in this regard at least, criminals are no different. While in the past criminals may have kept evidence of their crimes in file cabinets, closets and safes, today that evidence is more often found on smartphones. Photos and videos of child sexual assault, text messages between sex traffickers and their customers, even a video of a murder victim being shot to death — these are just a few of the pieces of evidence found on smartphones and used to prosecute people committing horrific crimes.

“Last fall a decision by a single company changed the way those of us in law enforcement work to keep the public safe and bring justice to victims and their families. In September 2014 Apple announced that its new operating system for smartphones and tablets would employ, by default, what is commonly referred to as “full-disk encryption,” making data on its devices completely inaccessible without a pass code. Shortly thereafter, Google announced that it would do the same.

“Apple’s and Google’s decisions to enable full-disk encryption by default on smartphones means that law enforcement officials can no longer access evidence of crimes stored on smartphones, even though the officials have a search warrant issued by a neutral judge.

“Apple and Google are not responsible for keeping the public safe. That is the job of law enforcement. But the consequences of these companies’ actions on public safety are severe.”

Smartphone encryption will hamper many criminal investigations. E-mails, text messages, voice messages, photos and other data — all of which could lead to the perpetrator of a crime or finding an abducted victim — will now be fully encrypted simply so Apple and Google can increase their profits by advertising enticing claims of privacy.

And this is not just about domestic criminal investigations. What happens when the U.S. military captures or kills the next global terrorist, locates his phone and acquires … nothing.

This is not an issue of government overreaching into the private lives of citizens, as some make it out to be. No smartphone or other device can be accessed by law enforcement without a search warrant issued upon probable cause assessed by a neutral magistrate.

This isn’t about privacy, and it shouldn’t be about profits. It’s about the safety of American citizens and others around the world.

Congress can stop this serious public safety risk tomorrow by its inherent powers under the Commerce Clause of the Constitution. The time to act is now.

Encrypted messaging app Signal now available for desktops

Encrypted messaging app Signal now available for desktops

The much-lauded encryption app Signal has launched a beta program for a desktop version of the app, which will run through Google’s Chrome browser.

Signal Desktop is Chrome app that will sync messages transmitted between it and an Android device, wrote Moxie Marlinspike, a cryptography expert who had helped develop Signal, in a blog post on Wednesday.

The app comes from Open Whisper Systems, which developed Signal’s predecessors, Redphone and TextSecure, which were two Android applications that encrypt calls and messages. Both have been consolidated into Signal.

Signal Desktop won’t be able to sync messages with iPhone just yet, although there are plans for iOS compatibility, Marlinspike wrote. It also won’t support voice initially.

Signal, which is free, has stood out in a crowded field of encrypted messaging applications, which are notoriously difficult to engineer, and has been endorsed by none other than former U.S. National Security Agency contractor Edward Snowden.

The mobile version of Signal for the iPhone and Android uses end-to-end encryption for voice calls, messaging and sending photos.

Open Whisper Systems itself can’t see the plain text of messages or get access to phone calls since it doesn’t store the encryption keys.

Signal is open source, which allows developers to closely inspect its code. There has been growing concern that software vendors may have been pressured into adding capabilities in their products that would assist government surveillance programs. In theory, having open-source code means such tampering could be identified.

Why Government and Tech Can’t Agree about Encryption

Why Government and Tech Can't Agree about Encryption

Your g better and better at protecting your privacy. But Uncle Sam isn’t totally comfortable with that, because it’s also complicating the work of tracking criminals and potential national-security threats.
For decades, tech companies have steadily expanded the use of encryption — a data-scrambling technology that shields information from prying eyes, whether it’s sent over the Internet or stored on phones and computers. For almost as long, police and intelligence agencies have sought to poke holes in the security technology, which can thwart investigators even when they have a legal warrant for, say, possibly incriminating text messages stored on a phone.

The authorities haven’t fared well; strong encryption now keeps strangers out of everything from your iMessages to app data stored on the latest Android phones. But in the wake of the Paris attacks, U.S. officials are again pushing for limits on encryption, even though there’s still no evidence the extremists used it to safeguard their communications.

While various experts are exploring ways of resolving the impasse, none are making much headway. For now, the status quo favors civil libertarians and the tech industry, although that could change quickly — for instance, should another attack lead to mass U.S. casualties. Such a scenario could stampede Congress into passing hasty and potentially counterproductive restrictions on encryption.

“There are completely reasonable concerns on both sides,” said Yeshiva University law professor Deborah Pearlstein. The aftermath of an attack, however, “is the least practical time to have a rational discussion about these issues.”

Encryption plays a little heralded, yet crucial role in the modern economy and daily life. It protects everything from corporate secrets to the credit-card numbers of online shoppers to the communications of democracy advocates fighting totalitarian regimes.

At the same time, recent decisions by Apple and Google to encrypt smartphone data by default have rankled law enforcement officials, who complain of growing difficulty in getting access to the data they feel they need to build criminal cases and prevent attacks. For months, the Obama administration — which has steered away from legislative restrictions on encryption — has been in talks with technology companies to brainstorm ways of giving investigators legal access to encrypted information.

But technology experts and their allies say there’s no way to grant law enforcement such access without making everyone more vulnerable to cybercriminals and identity thieves. “It would put American bank accounts and their health records, and their phones, at a huge risk to hackers and foreign criminals and spies, while at the same time doing little or nothing to stop terrorists,” Sen. Ron Wyden, D-Ore., said in an interview Monday.

Lawmakers on the U.S. Senate Select Committee on Intelligence remain on what they call an “exploratory” search for options that might expand access for law enforcement, although they’re not necessarily looking at new legislation.

The FBI and police have other options even if they can’t read encrypted files and messages. So-called metadata — basically, a record of everyone an individual contacts via phone, email or text message — isn’t encrypted, and service providers will make it available when served with subpoenas. Data stored on remote computers in the cloud — for instance, on Apple’s iCloud service or Google’s Drive — is also often available to investigators with search warrants. (Apple and Google encrypt that data, but also hold the keys.)

Some security experts suggest that should be enough. Michael Moore, chief technology officer and co-founder of the Baltimore, Maryland-based data security firm Terbium Labs, noted that police have managed to take down online criminals even without shortcuts to encryption. He pointed to the 2013 take down of Silk Road, a massive online drug bazaar that operated on the “dark Web,” essentially the underworld of the Internet.

“The way they figured that out was through good old-fashioned police work, not by breaking cryptography,” Moore said. “I don’t think there’s a shortcut to good police work in that regard.”

Others argue that the very notion of “compromise” makes no sense where encryption is concerned. “Encryption fundamentally is about math,” said Mike McNerney, a fellow on the Truman National Security Project and a former cyber policy adviser to the Secretary of Defense. “How do you compromise on math?” He calls the idea of backdoors “silly.”

Some in law enforcement have compromise ideas of their own. The Manhattan District Attorney’s office, for instance, recently called for a federal law that would require smartphone companies to sell phones they could unlock for government searches — in essence, forcing them to hold the keys to user data.

In a report on the subject, the office called its suggestion a “limited proposal” that would only apply to data stored on smartphones and restrict searches to devices that authorities had already seized. Privacy advocates and tech companies aren’t sold, saying it would weaken security for phones that are already too vulnerable to attack.

Marcus Thomas, the chief technology officer at Subsentio and former assistant director of the FBI’s operational technology division, argued that it’s too late to turn back the clock on strong encryption, putting law enforcement in a “race against time” to obtain investigatory data whenever and wherever it can. But he urged security experts to find ways to help out investigators as they design next-generation encryption systems.

The idea of allowing law enforcement secure access to encrypted information doesn’t faze Nathan Cardozo, a staff attorney for the San Francisco-based Electronic Frontier Foundation, provided a warrant is involved. Unfortunately, he says, cryptographers agree that the prospect is a “pure fantasy.”

The secret American origins of Telegram, the encrypted messaging app favored by the Islamic State

The secret American origins of Telegram, the encrypted messaging app favored by the Islamic State

An encrypted communications app called Telegram has been in the news a lot this week, amid fears that the Islamic State has adopted it as its preferred platform for messaging.

On Nov. 18, Telegram reportedly banned 78 ISIS-related channels, “disturbed” to learn how popular the app had become among extremists. Those extremists had used the app both to spread propaganda, according to an October report, and to crowdfund money for guns and rockets, according to Vocativ.

Telegram makes an obvious choice for both activities: In media interviews and on his Web site, the app’s founder — Pavel Durov, often called the “Zuckerberg of Russia” — has boasted that Telegram is technologically and ideologically unsurveillable. In the wake of the terrorist attacks in Paris, however, questions have begun to emerge about how trustworthy Telegram actually is.

Multiple cryptologists and security experts have claimed that Telegram is actually not all that secure: a flaw that may reflect the fact that Telegram wasn’t initially conceived as an encrypted messaging platform.

On top of that, while Telegram is typically described as a highly principled, Berlin-based nonprofit, that hasn’t always been the case: Up until about a year ago, Telegram was an opaque web of for-profit shell companies — mired in conflict and managed, in large part, from the United States.

“Pavel is really unpredictable,” said Axel Neff, the estranged co-founder and former chief information officer at the company. “His biggest drive has always been notoriety.”

Neff makes an odd protagonist in a tale of international corporate intrigue. Raised in rural ski country south of Buffalo, N.Y., and schooled in engineering, Neff was essentially working in construction when Durov founded Russia’s largest social network, Vkontakte, in 2006. Neff’s a salt-of-the-earth guy — a Bills fan and the co-owner, with his mother, of a train-themed restaurant — who seems to have stumbled into Russian tycoon circles entirely by accident. (Neither Pavel nor Telegram returned the Post’s request for comment.)

In college, one of his high school buddies studied abroad in Russia, where he was fortuitously placed in a study group with Durov and a guy named Ilya Perekopsky. Neff befriended Perekopsky when he came to Buffalo for a summer to practice English; Perekopsky went on to help found VK. Before he knew it, a random 28-year-old who drove an old Toyota and lived in rural New York state was the assistant director of international operations at one of the world’s largest social networking companies.

Neff was pretty good at his job, according to court documents made public in 2014 that shed light on the business practices and dealings of Telegram — although he did depart, that same year, under sketchy circumstances. After joining VK in 2008, Neff helped develop the site in foreign markets and transition it away from vkontakte.com URL. By 2011, when the political situation in Russia was making business perilous for social networks and other Internet companies, Neff was good friends with both Durov and Perekopsky. In 2012, they and several other VK executives began discussing a new app; Neff began researching server space and renting a downtown Buffalo office.

At the time, Neff said, the concept for the company was simple: a series of messaging apps — of which Telegram would be the first — that relied not on cellphone carriers but on data networks.

Encryption Debate Erupts Post-Paris Attacks But Don’t Expect Any Change Soon

Encryption Debate Erupts Post-Paris Attacks But Don't Expect Any Change Soon

Despite the lack of evidence, the Obama Administration has revived the encryption debate, pointing to encryption as an aid to the terrorists behind the Nov. 13 Paris attacks.

Investigators from France and the U.S. have conceded that there has been no evidence backing up their conclusion that the terrorist behind the attacks relied on the latest, high-level encryption techniques being offered to consumers by Google and Apple.

Yet, the debate over government-grieving encryption is back in high gear.

Decrypting the Encryption Debate

The Great Encryption debate kicked into full swing about a year ago, when current and former chiefs of the U.S. Department of Justice began calling on Apple and Google to create backdoors in iOS 8 and Android Lollipop.

The encryption built for the two mobile operating systems is so tough, that the world’s best forensic scientists in all of computing wouldn’t be able to crack devices running the software in time for a seven-year statute of limitations.

While it’s possible to crack the encryption in less time, each misstep would push back the subsequent cool-down period before the software would allow for another go.

A few weeks before the Nov. 13 attacks on Paris, the DOJ employed a new strategy to coerce Apple into handing over the keys to iOS – and it’s a good one. The tech world is still awaiting Apple’s counterpunch.

Roughly a year ago, then U.S. Attorney General Eric Holder frame the debate on encryption and stated the DOJ’s stance while speaking at the Global Alliance Against Child Sexual Abuse Online.

“Recent technological advances have the potential to greatly embolden online criminals, providing new methods for abusers to avoid detection,” Holder said, adding that there are those who take advantage of encryption in order to hide their identities and “conceal contraband materials and disguise their locations.”

The Information Technology Industry Council, which speaks on behalf of the high-tech industry, sees all of the above issues as reasons everyone needs encryption.

“Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety,” said Dean Garfield, president and CEO of ITI.

While stating the ITI’s deep “appreciation” for the work done by law enforcement and the national security community, Garfield said there is no sense in weakening the security just to improve it.

“[W]eakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy,” he explained.

Paris as a Talking Point

In the wake of the recent Paris Attack, U.S. officials have again reissued their call for software developers – Apple, Google and others – to provide law enforcement agencies with keys to the backdoor of operating systems with government-grade encryption.

While there is still no evidence that law enforcement agencies, with encryption keys in hand, could have given police on the ground in Paris a game-changing heads up of the attacks. Nevertheless, Paris has been turned into a talking point said Michael Morell, a former deputy director of the CIA, who stated that the tragic events will reshape the encryption debate.

“We have, in a sense, had a public debate [on encryption],” said Morell. “That debate was defined by Edward Snowden.” Although, instead of what the former NSA contractor and leaker had done, the issue of encryption will now be “defined by what happened in Paris.”