Bring technologists and members of the intelligence community together to figure out what to do about unbreakable encryption and guess what they conclude?
They conclude that they don’t really need to worry about it.
Unbreakable encryption — which prevents easy, conventional surveillance of digital communications — isn’t a big problem for law enforcement, says a new report published by Harvard’s Berkman Center for Internet and Society on Monday. The report, titled “Don’t Panic,” finds that we are probably not “headed to a future in which our ability to effectively surveil criminals and bad actors is impossible” because of companies that offer end-to-end encryption, such as Apple.
That’s because the technology isn’t universally marketable and there are so many other spying options on the table, as everything from fitness trackers to fridges is getting hooked up to the internet and transmitting vast amounts of data about our everyday lives.
The Berkman Center convened a diverse group of technologists, cryptographers, and former and current government officials — from think tanks, universities, the NSA, FBI, ODNI, and others — to hold meetings over the course of a year to discuss encryption privately, and then publish their conclusions.
A very public debate over encryption was taking place simultaneously. FBI Director James Comey, in hearings and speeches, has repeatedly stressed the dangers of “going dark” — saying that law enforcement is losing the ability to get its hands on digital evidence because end-to-end encryption scrambles messages for everyone except for the sender and the receiver. Even the company that sends the message can’t decrypt it when served with a warrant.
The public response from scientists and privacy advocates has largely focused on the technological impossibility of creating a secure way to give law enforcement special access to those communications without tearing a hole in the protection encryption provides.
While the signers of the report (excluding government attendees, who were unable to sign on “because of their employment”) mention this cybersecurity risk — the bigger takeaway is about why end-to-end encryption, likely here to stay, doesn’t pose an existential threat to law enforcement investigations.
First, the signatories conclude, not every company is going to jump on the end-to-end encryption bandwagon, because it’s not going to make them money. All the data that applications and cloud services and social media networks amass about their users — what kind of clothing you like to buy, what sports you play, where you eat out — is incredibly valuable to advertisers.
Facebook has claimed it can send you ads you’ll care about with 89 percent accuracy, based on where you live, your online behavior, the things you like, and other information about you, like your age and gender. Plus, in case you forget your password, the company can send you the backup data kept on its own servers.
“Internet companies more recently have been shifting towards data-driven advertising, and the technology that facilitates advertising delivery has become more reliant on user data for targeting ads based on demographics and behaviors,” the report says. “Implementing end-to-end encryption by default for all, or even most, user data streams would conflict with the advertising model and presumably curtail revenues.”
Some companies have concluded that end-to-end encryption isn’t user friendly. While Facebook has supported third-party plugins for encryption on its messaging platforms, and reportedly has the ability to end-to-end encrypt its platforms by default, its former Chief Security Officer Joe Sullivan said in 2014 that encryption makes it “hard for the average person to communicate.”
Plus, different applications, software systems, and cloud computing services are not end-to-end encrypted, even if the data is encrypted on a specific device. An Apple phone running on iOS8 or later will have its data encrypted — but many of its social media applications, as well as the automated iCloud backups, will not. This leads to “fragmentation in software ecosystems,” the report concludes, which can “impede the degree to which new conventions and architectural changes — especially those that would enable user-to-user encryption across different devices and services — become widespread.”
And even if end-to-end encryption were ubiquitous, metadata — or information about the communications — is not encrypted. Phone numbers, email addresses, email subject lines, and other information is still accessible to law enforcement, and will continue to be, because it’s impossible for the company to send something somewhere without knowing its destination. “Encryption does not prevent intrusions at the end points, which has increasingly become a technique used in law enforcement investigations,” the authors write.
Finally, the ever-growing Internet of Things presents a whole swath of new spying possibilities, the authors of the report suggest. “Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance,” the report says. “The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access.”
Gartner, a technology consulting firm, estimates that there will be about 6.4 billion objects connected to the internet in the world this year — including light bulbs, watches, security systems, cameras, bracelets, digital ice cubes, digital socks, digital diapers, and more.
And unless everyone is encrypting everything all the time, investigators might be able to spy on you from the person sitting next to you on the metro, or in the office next door. “Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel,” the report says.
“In this report, we’re questioning whether the ‘going dark’ metaphor used by the FBI and other government officials fully describes the future of the government’s capacity to access communications,” Berkman Center fellow Bruce Schneier said in a press release. “We think it doesn’t. While it may be true that there are pockets of dimness, there are other areas where communications and information are actually becoming more illuminated, opening up more vectors for surveillance.”
The US has a history of abusing its law enforcement powers. J. Edgar Hoover’s FBI, Dulles’ CIA, the DEA et.c The NSA is a little harder to pin down due to its culture of non-existance(No Such Agency). The NRO etc. But these days you need to look to inter-agency task forces, so-called fusion centers and state and city intelligence departments. I
I may come as a surprise to some people that large metropolitan police departments have their won intelligence departments.
For an interesting book on these matter you might try “An Absense of Light.” I recommend the Audible book version. It has an excellent narrator.
http://www.amazon.com/An-Absence-of-Light/dp/B001LNK97O
Mindless fools who fall for the claim that “government spying keeps us safe” never stop to ask themselves what’s keeping them safe from the government itself.
Anyone with the vaguest familiarity with history knows that governments — especially big, centralized governments — have a track record of killing their own citizens by the tens of millions. And this is to say nothing of the countless more citizens who have suffered brutality, unjust imprisonment, or other forms of oppression at the hands of their own governments.
If government and police were absolutely trustworthy and benevolent, then there would be no reason not to allow them any power they desired. We could let them fill our homes with cameras and microphones and not be the least bit bothered about it. But government and police are not trustworthy. In many countries, including the US, they are downright corrupt and evil. Privacy, along with freedom of speech and the possession of effective weapons, is a crucial aspect of security against government.
This article provides a good reminder of why the manufactured trend of connecting more personal items to the Internet should be vigorously resisted. We should REFUSE to buy or use any product that can be wirelessly connected to the Internet other than computers and cell phones. The latter items should be used with simple security precautions: e.g., cover up cameras when not in use; don’t have sensitive conversations within earshot of any microphone; carry your cell phone as little as possible, or keep it turned off and inside a Faraday bag. There are many such low-tech solutions to high-tech problems.
quote”While it may be true that there are pockets of dimness, there are other areas where communications and information are actually becoming more illuminated, opening up more vectors for surveillance.”unquote
Pockets of dimness. right. Hahahaha. Perfect. Off the top of my head I’d submit WDC is the Big Bang of the dimness list. Pockets of dimness. hahahahaha.. oh man, I have to remember that one. ..hahahaha… hohohoho..haha..
thanks..I needed that.
Who needs a fucking backdoor when all you need is a stranger who thinks you are a terrorist for reading the Atlantic…
http://observer.com/2016/02/the-fbi-and-nypd-interrogated-me-for-reading-an-article-about-isis/
If that doesn’t tell you how far down the Stasi cesspool we’ve sunk..nothing will. Notwithstanding the goddamned insane mindset of these fascist bastards. The Surveillance State is now as real as it gets.
We’ve arrived folks. The only difference between the Gestapo and the FBI is the swastika. Paid informants in the hundreds of thousands, digital dossier’s on every single citizen, the NSA, the CIA, the SOD, local militarized police, overzealous prosecutors who lie through their teeth to acquiescent Judges, Stingray’s, parallel construction, and the insidious fear inducing propaganda of the War on Terror turning every paranoid moron in Amerika into psychotic snitches… indeed. And then you have the Private Corporate Prison Complex. Orwell would faint at his own naivety. You can’t make this shit up. WE HAVE ARRIVED. And our great grandchildren will spit on our graves for allowing it to happen.
They haven’t changed even a line or two since the Snowden revelations.
Encryption, don’t bother we’ll get you anyway, even by ‘someone next to you’ proxy.
Live with it, vote independent in the US.
To refute the FBI-CIA-NSA claims, as parroted by Congress, how about a Snowden quote?
“They say it is done to keep you safe. They’re wrong.
There is a huge difference between legal programs, legitimate spying, legitimate law enforcement – where individuals are targeted based on a reasonable, individualized suspicion – and these programs of dragnet mass surveillance that put entire populations under an all-seeing eye and save copies forever.
These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.” – Snowen (letter to Brazil)
Consider for example the FBI’s terrorist identification / recruiting / entrapment programs (heavily used against ‘eco-terrorists’, and incidentally, that plays into the whole Oregon federal reserve Bundy scene, as the ranchers who were charged fell under ‘eco-terrorism’ statues aimed at, for example, giving long sentences to people who do damage corporate property as part of a political protest – see ‘Operation Backfire’ wiki) – first, they don’t rely at all on bulk data collection, so the FBI can continue to run such operations, although they are of dubious value and seem more about generating positive media coverage for the FBI, for budgetary PR purposes, in true Hoover fashion, than anything else.
These Patriot Act-based mass surveillance programs operate just like the STASI in East Germany during the Cold War – organs of state security who claimed to be ‘protecting national security’ but whose real underlying concern was monitoring and interfering with citizens who were bent on exposing the criminality and corruption endemic to the East German regime.
quote”Consider for example the FBI’s terrorist identification / recruiting / entrapment programs (heavily used against ‘eco-terrorists’, and incidentally, that plays into the whole Oregon federal reserve Bundy scene, as the ranchers who were charged fell under ‘eco-terrorism’ statues aimed at, for example, giving long sentences to people who do damage corporate property as part of a political protest”unquote
You don’t know the half of it. Just as most people don’t understand the REAL reason behind BLM’s assault on property owners whose property is adjacent to some Federal lands. Follow the money. BIG money. And they’ll even murder you if you start interfering too much. Unless of course, you have a hundred guns aimed at them. This is why they set up a road block in the middle of nowhere, on a blind curve to do kill LeVoy. The video the FBI released is bullshit. They killed him in cold blood.
http://www.captainsjournal.com/2016/01/31/why-did-robert-lavoy-finicum-have-to-die-the-connection-between-malheur-putin-the-clinton-foundation-and-big-money/
Well, actually the ‘eco-terrorism’ program dates back to the late 1990s, but the ranchers in Oregon who received long jail sentences for starting fires that spread to federal lands – well, the Justice Department couldn’t very well charge Earth First! members who started fires while ignoring ranchers who started fires, could they? (Personally, I think labeling such activity ‘terrorism’ is idiotic, but this is the history)
https://en.wikipedia.org/wiki/Operation_Backfire_%28FBI%29
“The indictments of the 18 activists for alleged acts of eco-terrorism have drawn condemnation from activists and alternative media organizations. The National Lawyers Guild condemned the operation and the resulting indictments, arguing that “life sentences for property damage offenses where the actor has no intent to harm an individual are simply unconstitutional.”[31] Animal liberation activist and physician Jerry Vlasak accused the FBI of targeting “a bunch of above-ground, well-known, peaceful animal-rights activists and environmental activists and charg[ing] them with being members of the ALF and the ELF.”[32]”
The Hammonds (the Oregon ranchers) were setting backfires to protect their property, thereby damaging federal reserve land. What if environmental activists set fires to burn private ranch property in order to protect a wildlife refuge? In both cases, it’s called eco-terrorism, probably prosecuted by the same Oregon FBI department.
One could make a strong argument that warrantless spying greatly INCREASES crime overall.
By essentially legalizing unconstitutional “fishing expeditions” it increases the number of violations of federal “color of law” statutes – the federal statutes that define and clarify the U.S. Constitution – what a constitutional violation is and the range of penalties.
For example: your federal, state or local law enforcement agency performs unconstitutional fishing expeditions on Facebook and other social media. Not only do police officials search for criminal activity but they subvert the legal First Amendment rights of law abiding citizens. If you support police body cameras you will likely be harassed by police within 6 months after posting or liking (which the U.S. Supreme Court ruled as protected speech).
The warrantless search violates federal criminal statutes and the subsequent police harassment is a federal crime as well. Although there is no agency that currently enforces these “color of law” crimes to this degree, overall warrantless spying produces far more crime than it prevents. It also produces lifelong blacklisting which is also a federal crime – although unenforced.
Studies have shown that terrorists stop doing fitness exercises, on average, about 3 weeks before a mission. So if you have recently purchased a fitness tracker device, for your own sake, please don’t stop exercising.
My refrigerator has end-to-end encryption.
Believe me, the NSA does NOT want to know what I have lurking in my fridge. ;o)
The 4th Amendment is still the “supreme law of the land” – it has never been amended. A judicial warrant should be required under any circumstances with criminal penalties for illegal searches.
The letter & spirit of the 4th Amendment is worded very clearly – fishing expeditions are illegal!
Law enforcement: “Encryption keeps us from doing our jobs!”
Harvard: “No, it doesn’t. It just makes you have to WORK (a little) to do your job.”
Law enforcement: “Awwwwww.”
Agreed, It’s almost like the justice department is saying “We are going to break the law, and you need to make it easier for us”
I have a hard time supporting government entities that don’t believe the constitution is worth the hard work. Like what did they do before the internet? (except intercept all phone traffic)
This puts a new spin on “going dark” – where “dark”=”evil”
Indeed, the internet of things is the newest peephole into our most private of lives.
The Nest thermostat knows when you’re home and when you’re away, and for how long.
Your smart fridge knows how much beer you drink every week.
And now the NSA knows, too.
Yes, they don’t need a back door to encryption when the front door of your house is wide open to anyone with or without a key.
Yep. Embracing the latest IOE technology is simply inviting everybody you don’t know into your home. Now your private abode has multiple peepholes all looking in. Creepy.
Fortunately, we don’t have to buy “Internet of Things” crap, and I will never do so unless it’s something I truly can’t live without. In the latter case, disabling the antenna to prevent wireless communication is always an option.
In addition, we should all spread the word to others in our social circles about why we’re rejecting the Internet of Things, and why it’s important for them to do so as well.
I haven’t seen an article yet that includes the other “elephant” that comes with encryption… If it’s encrypted the people storing the information loose about 5:1 compression on their storage media. So instead of using 1TB per day for disk storage, maybe it will require 5TB per day… Which adds up…
That does not sound like an essential feature of encryption to me. Do you have some references to back that up?
So basically this article is saying we shouldn’t claim end-to-end end encryption is bad because…lots of companies won’t use it? Erm, Jenna have you thought that one through?
Bruce Schneier! Lol. He has so many axes to grind he employed a blacksmith. Still, good to know TI doesn’t mind the FBI using the internet of things to spy on you.
Still, good to know TI doesn’t mind the FBI using the internet of things to spy on you.
Reporting that something is either happening, or going to happen, is not the same as approving of it or not minding that it’s happening.
I am curious to know what part of the article convinced you that TI doesn’t mind the FBI using the internet of things to spy on you. Quoting a few of those bits might be helpful to those of us who read no such thing in this article.
What!? You mean we are supposed to read the article before posting our comments? Doesn’t that in some way limit our freedom of expression?
“We are supposed to read the article?” Reading TI articles has an added benefit of gaining membership of a very exclusive club.