The guide also dispels some myths. Not surprisingly, there's no mention of using PlayStation systems (or any other game console) for chats, as was briefly rumored following the Paris attacks. And while the US has frequently claimed that WhatsApp is a security risk, ISIS actively avoids it due to flawed encryption practices.
Do these tools sound familiar? They should -- they're the same tools used by human rights advocates, whistleblowers and others trying to avoid oppressive governments and overreaching surveillance. That, in turn, illustrates the troubles with arguing both for and against encrypted services. The technology lets ISIS hatch plots in secret, but it's also the key to protecting pro-democracy protests and other vital forms of free speech. And since there's no such thing as an encryption backdoor that's only available to the 'right' people (anyone can use those vulnerabilities), cracking down on these tools could hurt privacy and security across the board.
As it stands, there's a big difference between delivering advice and following it. The Paris attackers didn't actually use encrypted chat (they leaned on SMS for at least part of their assault), and they made classic mistakes like tossing a working phone in the trash. This isn't to say that there aren't smarter, encryption-savvy terrorists, but the rush to blame security tools can sometimes ignore the practical reality of how these organizations operate.
Update: You know how we said there were similarities between the strategies in this manual and those used by human rights advocates? Well, that's because it was written for those advocates. In a statement, Kuwaiti security firm Cyberkov says that it wrote the manual for "journalists and activists" trying to evade oppressors. The outfit accuses West Point of not only botching its translation job, but giving governments one more excuse to weaken encryption and reduce your privacy. We apologize for contributing to those excuses.
[Image credit: AP Photo/Biswaranjan Rout]