In-brief: A report from a leading legal think tank argues that the spread of the Internet of Things will provide ample opportunities for law enforcement and intelligence agencies to spy on citizens, despite more widespread use of encryption.
A report from a leading legal think tank warns that the spread of the Internet of Things will provide ample opportunities for law enforcement and intelligence agencies to spy on the activities of citizens, regardless of whether the use of encryption spreads.
In a report released on Monday, scholars from The Berkman Center For Internet & Society at Harvard University makes the case that arguments against the use of strong encryption by public figures like FBI chief James Comey are unfounded. Rather, technology adoption and current technology business models based on the monetization of data and metadata will create ample opportunities for online surveillance.
“Communications in the future will neither be eclipsed into darkness nor illuminated without shadow,” wrote the authors of the report in a blog post.
The report is a rebuke to arguments by Mr. Comey and others that the adoption of strong encryption technology by Google, Facebook, Apple Computer and others threaten to blind law enforcement to the doings of criminals, terrorists and others.
In response, members of The Berkman Center’s Berklett Cybersecurity Project concluded that those fears are overblown. “End-to-end encryption and other technological architectures for obscuring user data are unlikely to be adopted ubiquitously by companies, because the majority of businesses that provide communications services rely on access to user data for revenue streams and product functionality,” the group wrote. With so many businesses built on the practice of harvesting and monetizing data collected by mobile devices, encryption and data privacy will remain a low priority for the private sector, the report said.
Beyond that, “software ecosystems tend to be fragmented,” the researchers observe. “In order for encryption to become both widespread and comprehensive, far more coordination and standardization than currently exists would be required.”
Finally, law enforcement- and intelligence organizations stand to benefit tremendously from the expansion of devices connected to The Internet of Things.
“Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance,” the author notes. “Still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.”
The question about whether the government should require “back doors” on encryption technology that gives law enforcement and intelligence agencies access to encrypted communications is decades old, but has heated up in the wake of revelations of widespread government surveillance by former NSA contractor Edward Snowden – on the one hand – and serial terrorist- or terrorist inspired attacks in Paris and San Bernardino, California.
Those attacks prompted lawmakers, longtime civil servants and presidential candidates to suggest that technology companies accommodate the needs of law enforcement by providing “back doors” in encryption technologies used on mobile devices, laptops and cloud-based servers. Technology firms including Google, Apple, Facebook and Microsoft have strongly resisted such efforts, arguing that it is impossible to compromise encryption technology in ways that would not also empower cyber criminals and foreign nations in their efforts to spy.
The technology firms are joined by others, including former NSA Chief Mike Hayden, who said at a conference in January that he disagrees with Comey of the FBI. “I think end to end encryption is good for America,” Hayden told attendees at the S4 Conference in Miami. “I know that it represents challenges for FBI. But on balance it creates more security for Americans than the alternative – back doors.”
In an interview with Security Ledger in January, one of the Berkman report’s authors, cryptography expert Bruce Schneier of the firm Resilient Systems, said that encryption back doors are entirely unnecessary, given the lax data security practiced by most technology firms.
“Back doors are not needed because the front doors are opened so wide,” he said. In practice, government agencies that want to conduct surveillance can simply piggyback on corporate surveillance. “It’s not like Facebook is terribly trustworthy, either,” Schneier said. “Everybody is punch drunk on data.”
Schneier said the calls for more surveillance preyed on the public’s fears more than they addressed real problems. “People are scared, and when they’re scared, they’ll agree to anything,” Schneier said.