No, Strong Crypto Is Not Making The World 'Go Dark' For Intelligence Agencies: Here's Why

from the don't-be-afraid-of-the-dark dept

Last year, Techdirt noted that there was something of a concerted campaign to paint strong encryption as a real threat to intelligence agencies. That's continuing, except that for a number of recent attacks "encryption" has become a generic excuse for intelligence failures. To the extent that there was any real logic behind the attacks on crypto, the main one was that it was making things "go dark" by preventing the authorities from accessing vital information that could have stopped the attack/saved lives/led to arrests etc. if only it had been available. You can see why this phrase is such a favorite: it cleverly reminds us that once things have gone dark, all kinds of scary stuff could start happening, just like in our childhood nightmares. The only problem with this metaphor is that it is exactly wrong, as Phillip Rogaway points out in a recent interview in The Atlantic:

law enforcement has an extraordinary set of tools available to them now. An unprecedented set of capabilities, both for law enforcement and intelligence services. These aren't somehow the dark times for either law enforcement or intelligence. These are the times of extraordinary information. Nowhere in history has it been so easy to learn so much about everybody.
Critics might counter that it's easy to say that, but how are the authorities supposed to gather vital information when strong encryption has been used? An excellent column in The Washington Post by Nicholas Weaver, a computer security researcher at the International Computer Science Institute, provides step-by-step instructions that the intelligence services can follow if they are afraid of the gathering dark:
Let's examine a hypothetical investigation into Johnny Badguy. To plan and execute his crimes, Johnny uses an iPhone with encrypted features -- such as disk encryption that prevents anyone without the pass code from accessing the data and iMessage which encrypts messages in transit -- that have drawn the ire of FBI Director James Comey.
As Weaver points out, the communications metadata is actually much more useful than any encrypted content that has "gone dark":
If the investigator knows everything Johnny does, everyone he talks to and everywhere he goes, how much does it matter that the investigator doesn't know what Johnny says?
And it's not just about metadata: unless switched off, Johnny's iCloud backup will include a copy of all undeleted messages, all his contacts, his email accounts and his photographs. Moreover, Weaver notes, Google provides even more useful info:
Every IP address used to log into the Google account can recreate Johnny's movements -- the same information used by the FBI to unmask former CIA head David Petraeus's affair. If Johnny stays logged into Google through his browser, investigators have access to Johnny's search history and, thanks to how the Google+ button operates, a large number of the pages Johnny has viewed.
On top of that, a warrant to the phone company will provide:
the movements of the phone itself, as every call, text or push notification records at least the cell tower and sector, which says Johnny was in a particular wedge-shaped location occupying a few square miles.
As Weaver concludes:
Taken together, and further combined with other sources (such as the near-ubiquitous license plate readers and toll-tags), investigators have a nearly complete picture of Johnny's behavior, movements and associates without having to ever worry about the effects of cryptography.
As well as confirming that metadata is in general far more revealing than content -- despite what the UK government likes to insist -- Weaver's tale of Johnny Badguy brings out something that is insufficiently appreciated: the fact that today's mobile devices provide an amazing treasure-trove of information about their owner that is without precedent historically. In fact, Weaver's helpful analysis shows that the real threat to the intelligence agencies is not that the bad people might start using strong encryption, but that they might stop using smartphones.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 16 Dec 2015 @ 6:41am

    The other thing to realize is that law enforcement did pretty good without all of this for a long time. This sort of information collection has only been practical for about the last decade. It's not like criminals were roaming the streets en mass before.

    Standard law enforcement and investigative techniques still work

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 16 Dec 2015 @ 7:09am

      Re:

      But those techniques take effort, and are difficult, and don't always work... much easier to just whine until someone forces everyone else to hand over whatever data they want. /s

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Dec 2015 @ 7:43am

        Re: Re:

        CSI is also doing a lot of damage here.

        They magically take out all the information about someone just by using a few clicks, in a fashion way.

        Police before wanted to imitate Dirty Harry (well, they do it nowadays too), now they also want to imitae CSI Cyber and such.


        Yeah, were the bad guys are stupid enough to only use numbers in their passwords that happen to be tattooed in the skins of their members.


        And also, as said, even if you can't use all of the information provided because the badguy is smart enough (tech savvy enough, I mean), you still have the old investigation methods that work, or may not work.

        Still, in the end, the best way of taking care of crimes is taking away the cause that creates them. Poverty is the main cause in a lot of crimes, maybe moving towards that end would do more than spending trillions in "our" "security".

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 16 Dec 2015 @ 6:46am

    But

    When you are so lazy that you missed all the warning signs that told you in the clear that certain bad thing were about to happen along with when, where, and who then you need what was said encrypted as well because what is easier in court than to display someone's uncoerced confession?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2015 @ 7:18am

    if meta data was so useless, none of the security forces would be coming out with any and every excuse they can think of to ensure they can still access it!
    further, no one has yet had the balls to say, officially or otherwise, that the whole reason for wanting to be able to have access to everyone isn't in the least to do with stopping terrorism or any other bad event. it's everything to do with making sure that every government knows exactly what their citizens is going to do, when and where, when they have become so pissed off at those governments and want to put up resistance!!

    reply to this | link to this | view in chronology ]

  • identicon
    confused, 16 Dec 2015 @ 7:30am

    Seems like an overweight cop chasing an agile thief, then blaming the thief's sneakers and Converse for the crime.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Dec 2015 @ 7:56am

      Re:

      ...Seems like an overweight cop chasing an agile thief, then blaming the thief's sneakers and Converse for the crime...

      And probably wishes the thief would wear those shoes that have lights in them which light up every time the shoe hits the ground!

      http://www.lwcbooks.com/crooks.html WARNING: this link is old; story appears approx. 15% down a really long page.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2015 @ 7:47am

    If the world "goes dark", it's from watching those in the various levels and agencies within the government do it.

    reply to this | link to this | view in chronology ]

  • icon
    Pronounce (profile), 16 Dec 2015 @ 9:21am

    Why Backdoors?

    I have a theory about why the government wants backdoors. We know they collect metadata, and have been for years, so they understand the value.

    I theorize that they are worried about losing large swaths of social data that is being actively mined for analytical reasons as a way of using popular opinion to push policy.

    There seems to be a feedback loop between policy, social opinion, and media output that is to coordinated to be haphazard.

    reply to this | link to this | view in chronology ]

  • icon
    Max (profile), 16 Dec 2015 @ 10:36am

    Somewhere along that narrative I stopped cheering for the argument defending the use of crypto, and started to get seriously concerned for the fate of anyone who might disagree with anything those in power might prefer to keep under a rug. I wonder how long will it take until things get so bad that people will find the very idea of dissent preposterously unthinkable...

    reply to this | link to this | view in chronology ]

  • icon
    Steve (profile), 16 Dec 2015 @ 12:38pm

    Governments are paranoid about knowing & controling what people are thinking, not what they are doing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2015 @ 1:08pm

    Snowden in Cizizenfour said that the NSA is not going dark.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2015 @ 3:24pm

    One must remember that these same agencies that are whining and moaning about that nasty encryption, are the same units that are using it to pass their own messages around. Who's kidding which here?

    reply to this | link to this | view in chronology ]

  • identicon
    Johnny Badguy, 17 Dec 2015 @ 7:12am

    I refute the fact that I ever committed any crime.

    Just because I have an unfortunate name you paint me to be some kind of criminal. I'm going to sue you Masnick!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.