Intelligence Director James Clapper Warmly Welcomes The Internet Of Things To The NSA's Haystacks

from the my-god...-it's-full-of-data dept

The NSA isn’t too concerned about the use of encryption. Unlike the FBI, which continues to claim the sky is falling darkening thanks to the spread of math, the NSA is relatively comfortable with the march of technology in this direction.

For one thing, the NSA has made progress towards cracking some forms of encryption. On top of that, it maintains a unit that does nothing but stick implants into hardware that allows it to bypass protection schemes used by its targets.

There’s no “going dark” fear at the NSA. The Director of National Intelligence — James Clapper — has just issued a “Worldwide Threat Assessment” and nowhere in it will you find an extensive discussion about encryption’s supposed deleterious effect on national security. There is one small paragraph that notes it’s likely a part of terrorists’ efforts to hide their communications, but not the element that concerns his office the most.

Terrorists will almost certainly continue to benefit in 2016 from a new generation of recruits proficient in information technology, social media, and online research. Some terrorists will look to use these technologies to increase the speed of their communications, the availability of their propaganda, and ability to collaborate with new partners. They will easily take advantage of widely available, free encryption technology, mobile-messaging applications, the dark web, and virtual environments to pursue their objectives.

There are far too many options for those who’d like to keep the NSA out of their business, according to the report. There’s no sense in decrying a single aspect of it — especially one that also provides substantial security benefits to non-terrorists.

But the Internet giveth just as certainly as it taketh away. Echoing the sentiments of the recent report debunking the “going dark” fears of James Comey, certain legislators and a handful of smaller law enforcement agencies, Clapper points out that the Internet of Things will provide intelligence services with plenty of data to fill in their surveillance holes. (h/t Emptywheel)

Internet of Things (IoT). “Smart” devices incorporated into the electric grid, vehicles—including autonomous vehicles—and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.

The tea kettle that talks to the thermostat that shares a signal with the fridge that exposes your emails to the wardriving criminal who just obtained your Wi-Fi password from the doorbell will all be sources of useful data for law enforcement and intelligence agencies. Considering much of the industry has opted to ship smart things with dumbass defaults most users will never change, the Internet of Eminently Crackable Things will be the informants government agencies always wished they had — ones that can tell when suspects are home, what they’re doing and opening up otherwise secured networks for easy intrusion.

Also worth noting is the highly dubious use of the future tense when referring to the surveillance of targets via their Smart Things. It’s hard to believe the NSA isn’t already on top of this. It’s not as though it would need to alter its permission slips. Section 702 gives it the power to snake info from the internet from basically anywhere in the world and the government is busy arguing that people “know” their connected devices share tons of identification/location info with “the world,” so there’s really no expectation of privacy that might limit surveillance via smart objects.

While overseas terrorists may not be purchasing Nest thermostats in bulk at the moment, the march towards the interconnectedness of everything means it’s likely one object or another will provide another surveillance vector for intelligence agencies in the near future.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Intelligence Director James Clapper Warmly Welcomes The Internet Of Things To The NSA's Haystacks”

Subscribe: RSS Leave a comment
Richard Kulawiec (profile) says:

The Internet of Things

A better name would be “The Internet of Insecure Things”. I can’t name an IoT product without massive security and privacy issues — and those are just the ones that we know about. So far. The headlong rush to develop and deploy these devices is rapidly turning a bad dream into a never-ending nightmare.

And those responsible are using every possible mechanism at their disposal to prevent researchers from discovering and disclosing these problems. They’re willing to deliberately endanger their own customers in order to protect their profits.

Write it down: the IoT is going to get people killed — probably sooner rather than later. And I hate predicting that, because it’s horrible: but the writing is already on the wall in big, bold 72-point type.

nasch (profile) says:


Also worth noting is the highly dubious use of the future tense when referring to the surveillance of targets via their Smart Things.

There might not be enough of these products installed to make it worth attacking them in more than an experimental way yet. And the NSA is more about collecting all the information from everywhere and sorting through it later, rather than finding a dangerous person and surveilling the crap out of them. The CIA and FBI might be more interested in using these attack vectors now, since they seem more likely to target a specific person for surveillance.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...