Encryption may not protect criminals as much as we have been led to believe.
The FBI and other law enforcement authorities are exaggerating the extent that criminals are using encryption to avoid surveillance, or “go dark,” according to a study released Monday by Harvard. The study, which included participation from current and former intelligence officials, found that myriad new Internet-connected technologies such as smart-home products allow new opportunities for surveillance activities.
“The ‘going dark’ metaphor does not fully describe the future of the government’s capacity to access the communications of suspected terrorists and criminals,” said the study (PDF), published by the Berkman Center for Internet and Society at Harvard.
The report conceded that the increased availability of encryption products impedes government surveillance under certain circumstances. But it also concluded that the burgeoning market for Internet-connected devices will “likely fill some of these gaps and…ensure that the government will gain new opportunities to gather critical information from surveillance.”
The study’s findings come amid a mounting war of words between tech companies and policy makers, who contend that terrorist groups are benefiting from encryption, the technology that jumbles communications and files so that only the intended recipient can read them. Tech companies have become increasingly diligent about including encryption in products and services in the wake of revelations about US government surveillance programs from documents leaked by former NSA contractor Edward Snowden.
- Feds say ‘Oops!’ in anti-hacking deal
- Tech and politics clash over protecting your data
- California wants to ban encrypted phones
Apple’s iMessage text message program uses encryption, as does Facebook’s WhatsApp. Google, Yahoo and a bunch of other tech companies have begun scrambling information sent between their servers. These security features, which aim to keep prying eyes from seeing what’s going on inside, are often now turned on by default and easy to use.
After deadly attacks in Paris late last year, questions arose about whether the technology industry has a duty to help the government view encrypted conversations in the name of stopping terrorism. Tech companies have countered that it’s impossible to let government agencies break encryption without letting criminals do the same.
The Harvard study predicted that a host of Internet-connected devices, including TVs, cars, cameras, thermostats and even toasters, come packed with sensors and wireless connectivity that offer new opportunities for tracking suspects.
“Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target,” the study said. “These are real products now.”
The plethora of Internet-connected devises also raises difficult questions about consumer privacy that need to be addressed, the study suggested.
“We should be thinking now about the responsibilities of companies building new technologies, about new operational procedures and rules to help the law enforcement and intelligence communities navigate the thicket of issues that will surely accompany these trends,” the study concluded.
The FBI did not respond to a request for comment on the study.