4 February 2016

Encryption won't stop surveillance, says Harvard study

February 2, 2016 

A Harvard University study finds that notions of a new age of untraceable criminals is overblown. Why?

Encrypting communication will continue, but authorities will not be left in the dark, according to a new study.

A new Harvard University study, which included participants from academia, government agencies, and technical fields, found that warnings of an encryption-prompted surveillance crisis are overblown. The Berkman Center for Internet and Society study stated that while some forms of communication will remain resistant to surveillance, many others will offer an increase in data for security agencies.

The finding comes in direct juxtaposition to a recent increase in pressure from federal authorities on tech companies, like Google and Apple, to install “backdoors” for government surveillance into devices. While tech companies have resisted the pressure, federal agencies have warned that without a backdoor, intelligence agencies will be “going dark,” or be unable to properly surveil suspect communication.

“Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not,” the Berkman Center study says. So far, the discussion over encryption “is largely taking place without reference to the full picture.”

This position on encryption stems from three overarching conclusions: encryption will likely not be widespread, new technology will offer a plethora of new surveillance opportunities, and most metadata will continue to be unencrypted.

End-to-end encryption, like the kind supported by Facebook, Apple, and Google, works by encrypting information and messages at the end points of communication applications, as a result only the recipient and the sender have the keys to read the information. Everyone else, including the service provider and intelligence agencies, would be unable to access the data.

While this could offer people private communication and thwart attempts of authorities to intercept messages, the chances of this technology being adopted ubiquitously are slim. As the study states, “the majority of businesses that provide communications services rely on access to user data for revenue streams.”

Beyond this, the increase in “smart” products will deliver more options to agencies for surveillance. Televisions, refrigerators, toasters, and thermostats will increasingly be built to be connected with the Internet of Things and many are attached with cameras or microphones, according to the study.

The study suggests one way that investigators will likely capitalize on the advances is seeking “orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target.”

The collected data from smart devices would be in addition to the majority of metadata that is unencrypted because devices and software need it to function. This metadata ranges from location data on cell phones to header information and more in e-mails.

“This information provides an enormous amount of surveillance data that was unavailable before these systems became widespread,” the study says.

The study, entitled Don’t Panic: Making Progress on the “Going Dark” Debate, and its counter to proposals by FBI director James B. Comey and others notable political figures, like Democratic presidential candidate Hillary Clinton, to hinder encryption carries more weight than most as a result of its variety of participants. One of the main authors of the report is Matthew G. Olsen, who was a former director of the National Counterterrorism Center under President Obama.

“Encryption is a real problem, and the FBI and intelligence agencies are right to raise it,” Mr. Olsen told The New York Times on Sunday. Olsen also said that the testimonies of intelligence agency officials about the threat of encryption lacked mention of the many new options that are currently or will soon be available for surveillance as a result of encryption and increasing technological advances.

The lack of mention to those new alternatives raises concerns that the national discussion around encryption is missing parts of the larger picture.

"From the national security perspective, we must consider whether providing access to encrypted communications to help prevent terrorism and investigate crime would also increase our vulnerability to cyber espionage and other threats," the study concludes. "From a civil liberties perspective, we must consider whether preventing the government from gaining access to communications under circumstances that meet Fourth Amendment and statutory standards strike the right balance between privacy and security."

No comments: