Encryption May Hurt Surveillance, but Internet Of Things Could Open New Doors

Tech companies and privacy advocates have been in a stalemate with government officials over how encrypted communication affects the ability of federal investigators to monitor terrorists and other criminals. A new study by Harvard’s Berkman Center for Internet and Society convened experts from all sides to put the issue in context.

The report concluded that information from some apps and devices like smartphones may be harder for government investigators to intercept because of stronger encryption. But, it said, we are connecting so many more things to the Internet (light bulbs, door locks, watches, toasters) that they could create new surveillance channels.

Encryption May Hurt Surveillance, But Internet Of Things Could Open New Doors

The encryption debate has reheated recently following the attacks in Paris and to some extent San Bernardino, Calif., with CIA and FBI officials warning about their investigation channels “going dark” because of the stronger encryption placed on communications tools like WhatsApp or FaceTime.

(The distinction is this: With things like emails, Web searches, photos or social network posts, information typically gets encrypted on your phone or laptop and then decrypted and stored on a big corporate data server, where law enforcement officials have the technical and legal ability to get access to the content, for instance, with a subpoena. But with messages that are encrypted end-to-end, data gets encrypted on one device and only gets decrypted when it reaches the recipient’s device, making it inaccessible even with a subpoena.)

The agencies have asked for “back doors” into these technologies, though the Obama administration cooled off its push for related legislation late last year over concerns that such security loopholes would also attract hackers and other governments.

But the Harvard report (which was funded by the Hewlett Foundation) argues that “going dark” is a faulty metaphor for the surveillance of the future, thanks to the raft of new technologies that are and likely will remain unencrypted — all the Web-connected home appliances and consumer electronics that sometimes get dubbed the Internet of Things.

Some of the ways the data used to be accessed will undoubtedly become unavailable to investigators, says Jonathan Zittrain, a Harvard professor who was one of the authors. “But the overall landscape is getting brighter and brighter as there are so many more paths by which to achieve surveillance,” he says.

“If you have data flowing or at rest somewhere and it’s held by somebody that can be under the jurisdiction of not just one but multiple governments, those governments at some point or another are going to get around to asking for the data,” he says.

The study team is notable for including technical experts and civil liberties advocates alongside current and former National Security Agency, Defense Department and Justice Department officials. Another chief author was Matthew Olsen, former director of the National Counterterrorism Center and NSA general counsel.

Though not all 14 core members had to agree to every word of the report, they had to approve of the thrust of its findings — with the exception of current NSA officials John DeLong and Anne Neuberger, whose jobs prevented them from signing onto the report (and Zittrain says nothing should be inferred about their views).

The results of the report are a bit ironic: It tries to close one can of worms (the debate over encryption hurting surveillance) but opens another one (the concerns about privacy in the future of Internet-connected everything).

“When you look at it over the long term,” says Zittrain, “with the breadth of ways in which stuff that used to be ephemeral is now becoming digital and stored, the opportunities for surveillance are quite bright, possibly even worryingly so.”

Paris attacks reignite debate over encryption,surveillance and privacy

Paris attacks reignite debate over encryption,surveillance and privacy

WASHINGTON — Friday’s terrorist attacks in Paris have revived the debate over whether U.S. tech companies should be required to build “backdoors” into encrypted phones, apps and Internet sites to let law enforcement conduct surveillance of suspected terrorists.

There has been widespread speculation among law enforcement authorities and the media that the Islamic State terrorists who attacked Paris were using some kind of encryption technology to communicate. However, American and French authorities have said there is no hard evidence to back up that assumption.

Still, the possibility has been enough to renew criticism of commercial encryption, putting pressure on U.S. companies that are increasingly using the technology to thwart hackers and reassure customers that their data will be kept private.

“When individuals choose to move from open means of communication to those that are encrypted, it can cause a disruption in our ability to use lawful legal process to intercept those communications and does give us concern about being able to gather the evidence that we need to continue in our mission for the protection of the American people,” Attorney General Loretta Lynch told the House Judiciary Committee Tuesday.

Lynch said the FBI and other Justice Department agencies work with Internet providers to try to find a way to enforce court orders to conduct surveillance of suspected terrorists. However, companies are increasingly employing encryption that even they cannot break to access their customers’ data.

In those cases, federal agents use other types of surveillance and intelligence-gathering tools, Lynch said.

“But it (encryption) does cause us the loss of a very valuable source of information,” she told the committee.

Despite strong criticism of encryption by the FBI, the White House announced in October that it would not seek legislation to force U.S. tech companies to build backdoors to let law enforcement get around the technology to access people’s messages and other information.