No, Strong Crypto Is Not Making The World 'Go Dark' For Intelligence Agencies: Here's Why

from the don't-be-afraid-of-the-dark dept

Last year, Techdirt noted that there was something of a concerted campaign to paint strong encryption as a real threat to intelligence agencies. That’s continuing, except that for a number of recent attacks “encryption” has become a generic excuse for intelligence failures. To the extent that there was any real logic behind the attacks on crypto, the main one was that it was making things “go dark” by preventing the authorities from accessing vital information that could have stopped the attack/saved lives/led to arrests etc. if only it had been available. You can see why this phrase is such a favorite: it cleverly reminds us that once things have gone dark, all kinds of scary stuff could start happening, just like in our childhood nightmares. The only problem with this metaphor is that it is exactly wrong, as Phillip Rogaway points out in a recent interview in The Atlantic:

law enforcement has an extraordinary set of tools available to them now. An unprecedented set of capabilities, both for law enforcement and intelligence services. These aren’t somehow the dark times for either law enforcement or intelligence. These are the times of extraordinary information. Nowhere in history has it been so easy to learn so much about everybody.

Critics might counter that it’s easy to say that, but how are the authorities supposed to gather vital information when strong encryption has been used? An excellent column in The Washington Post by Nicholas Weaver, a computer security researcher at the International Computer Science Institute, provides step-by-step instructions that the intelligence services can follow if they are afraid of the gathering dark:

Let’s examine a hypothetical investigation into Johnny Badguy. To plan and execute his crimes, Johnny uses an iPhone with encrypted features — such as disk encryption that prevents anyone without the pass code from accessing the data and iMessage which encrypts messages in transit — that have drawn the ire of FBI Director James Comey.

As Weaver points out, the communications metadata is actually much more useful than any encrypted content that has “gone dark”:

If the investigator knows everything Johnny does, everyone he talks to and everywhere he goes, how much does it matter that the investigator doesn’t know what Johnny says?

And it’s not just about metadata: unless switched off, Johnny’s iCloud backup will include a copy of all undeleted messages, all his contacts, his email accounts and his photographs. Moreover, Weaver notes, Google provides even more useful info:

Every IP address used to log into the Google account can recreate Johnny’s movements — the same information used by the FBI to unmask former CIA head David Petraeus’s affair. If Johnny stays logged into Google through his browser, investigators have access to Johnny’s search history and, thanks to how the Google+ button operates, a large number of the pages Johnny has viewed.

On top of that, a warrant to the phone company will provide:

the movements of the phone itself, as every call, text or push notification records at least the cell tower and sector, which says Johnny was in a particular wedge-shaped location occupying a few square miles.

As Weaver concludes:

Taken together, and further combined with other sources (such as the near-ubiquitous license plate readers and toll-tags), investigators have a nearly complete picture of Johnny’s behavior, movements and associates without having to ever worry about the effects of cryptography.

As well as confirming that metadata is in general far more revealing than content — despite what the UK government likes to insist — Weaver’s tale of Johnny Badguy brings out something that is insufficiently appreciated: the fact that today’s mobile devices provide an amazing treasure-trove of information about their owner that is without precedent historically. In fact, Weaver’s helpful analysis shows that the real threat to the intelligence agencies is not that the bad people might start using strong encryption, but that they might stop using smartphones.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “No, Strong Crypto Is Not Making The World 'Go Dark' For Intelligence Agencies: Here's Why”

Subscribe: RSS Leave a comment
Anonymous Coward says:

The other thing to realize is that law enforcement did pretty good without all of this for a long time. This sort of information collection has only been practical for about the last decade. It’s not like criminals were roaming the streets en mass before.

Standard law enforcement and investigative techniques still work

Anonymous Coward says:

Re: Re: Re:

CSI is also doing a lot of damage here.

They magically take out all the information about someone just by using a few clicks, in a fashion way.

Police before wanted to imitate Dirty Harry (well, they do it nowadays too), now they also want to imitae CSI Cyber and such.

Yeah, were the bad guys are stupid enough to only use numbers in their passwords that happen to be tattooed in the skins of their members.

And also, as said, even if you can’t use all of the information provided because the badguy is smart enough (tech savvy enough, I mean), you still have the old investigation methods that work, or may not work.

Still, in the end, the best way of taking care of crimes is taking away the cause that creates them. Poverty is the main cause in a lot of crimes, maybe moving towards that end would do more than spending trillions in “our” “security”.

Anonymous Coward says:

Re: Re: Re:2 Re:

First, I’m talking about fighting poverty, not about patching a few things to claim that you fight against poverty. As an example, the Medicare and Medicaid programmes are quite limited in scope (they even leave out some poor people because they aren’t eligible).

From reading it, I’d say it didn’t work because it didn’t really address poverty in a significative way.

It won’t do miracles, I know. And crime won’t disappear just because of that.

But I’d say that not people who don’t have the bare essentials to live, or that live in broken homes, are more likely to turn into criminals than people who got all their basics covered at least.

Btw, here are a few papers about why my argument is pretty much spot on:

And yeah, poor people are more likely to be involved in crimes, either as culprits or victims:

It’s common sense. If I have no money and no food, it’s more likely that I won’t give a fuck about others, about rules, about the society or whatever.

As an example, crimes from people who migrated from Balkans (Kosovo, Serbia…) after the war were more likely to end in violence (such as beating the owner of a house you were robbing or shooting him) because, let’s be honest, they didn’t give a fuck about killing anymore (they had their share of deaths in their own countries).

Anonymous Coward says:

if meta data was so useless, none of the security forces would be coming out with any and every excuse they can think of to ensure they can still access it!
further, no one has yet had the balls to say, officially or otherwise, that the whole reason for wanting to be able to have access to everyone isn’t in the least to do with stopping terrorism or any other bad event. it’s everything to do with making sure that every government knows exactly what their citizens is going to do, when and where, when they have become so pissed off at those governments and want to put up resistance!!

Anonymous Coward says:

Re: Re:

…Seems like an overweight cop chasing an agile thief, then blaming the thief’s sneakers and Converse for the crime…

And probably wishes the thief would wear those shoes that have lights in them which light up every time the shoe hits the ground! WARNING: this link is old; story appears approx. 15% down a really long page.

Pronounce (profile) says:

Why Backdoors?

I have a theory about why the government wants backdoors. We know they collect metadata, and have been for years, so they understand the value.

I theorize that they are worried about losing large swaths of social data that is being actively mined for analytical reasons as a way of using popular opinion to push policy.

There seems to be a feedback loop between policy, social opinion, and media output that is to coordinated to be haphazard.

Max says:

Somewhere along that narrative I stopped cheering for the argument defending the use of crypto, and started to get seriously concerned for the fate of anyone who might disagree with anything those in power might prefer to keep under a rug. I wonder how long will it take until things get so bad that people will find the very idea of dissent preposterously unthinkable…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...