New Report Debunks FBI's 'Going Dark' FUD

from the it-only-seems-dark-because-you've-been-staring-at-the-sun dept

The way things are going, pretty soon FBI Director James Comey is going to be out there alone, flipping off light switches and blowing out candles, all the while cursing the going darkness.

A new report by Harvard's Berkman Center for Internet and Society debunks law enforcement's fearful statements about encroaching darkness. (h/t New York Times) As the report points out, there may be some pockets that are darker than others, but the forward march of technology means other areas are brighter than they've ever been. In particular, the growing Internet of Things is pretty much just the Internet of Confidential Informants.

Three trends in particular facilitate government access. First, many companies’ business models rely on access to user data. Second, products are increasingly being offered as services, and architectures have become more centralized through cloud computing and data centers. A service, which entails an ongoing relationship between vendor and user, lends itself much more to monitoring and control than a product, where a technology is purchased once and then used without further vendor interaction. Finally, the Internet of Things promises a new frontier for networking objects, machines, and environments in ways that we just beginning to understand. When, say, a television has a microphone and a network connection, and is reprogrammable by its vendor, it could be used to listen in to one side of a telephone conversation taking place in its room – no matter how encrypted the telephone service itself might be. These forces are on a trajectory towards a future with more opportunities for surveillance.
On top of the additional opportunities for surveillance, there's encryption itself. The best friend of Public Enemies #1 -- whatever is far from the insurmountable obstacle Comey and others have presented it as. While some companies are offering encryption by default and others are specializing in secure communications apps and tools, this is still mostly in service to niche markets.
[C]ompanies typically wish to have unencumbered access to user data – with privacy assured through either restricting dissemination of identifiable customer information outside the boundaries of the company (and of governments, should they lawfully request the data). Implementing end-to-end encryption by default for all, or even most, user data streams would conflict with the advertising model and presumably curtail revenues.
Even Apple and Google -- the two companies that added encryption-by-default to their devices -- aren't interested in encrypting everything.
Google offers a number of features in its web-based services that require access to plaintext data, including full text search of documents and files stored in the cloud. In order for such features to work, Google must have access to the plaintext. While Apple says that it encrypts communications end-to-end in some apps it develops, the encryption does not extend to all of its services. This includes, in particular, the iCloud backup service, which conveniently enables users to recover their data from Apple servers. iCloud is enabled by default on Apple devices. Although Apple does encrypt iCloud backups, it holds the keys so that users who have lost everything are not left without recourse. So while the data may be protected from outside attackers, it is still capable of being decrypted by Apple.
In short, far more surveillance doors have been opened in the past decade than have been closed. As the authors point out, smart devices and online services have implemented voice commands, giving them the capability to record conversations far more private than those that might take place over other encrypted channels. As a case in point, the report notes the FBI exploited in-car microphones more than a decade ago, using a luxury auto "concierge" service to eavesdrop on conversations between organized crime members.

They also point out that encryption isn't always surveillance-proof. NSA officials have encouraged the use of encryption -- not just because it protects ordinary citizens from attacks, but also because it can crack some of it and grab tons of metadata no matter what form is being used. Not only that, but officials have admitted that the use of encryption "lights up" potential surveillance targets, making its haystack trawling much more efficient.

Comey is the odd man out here, abandoned by the NSA, administration and, with few exceptions, other law enforcement agencies. The solution isn't bans or backdoors. The solution is the exploitation of every new attack vector willingly created by social media apps, smart devices and the general interconnectedness of the world wide web. If he persists in this fashion, it won't be too long before he's considered no more credible than the ranting doomsayers who prowl city streets and subway platforms.

And let's not forget law enforcement agencies solved crimes and captured criminals for over two hundred years in this country -- and never found the lack of access to smartphone contents to be a hindrance.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 1 Feb 2016 @ 6:54am

    If only we could get the FUD to go dark so we could have rational decisions.

    reply to this | link to this | view in chronology ]

  • identicon
    mcinsand, 1 Feb 2016 @ 7:05am

    if security were really important, perspective would be reverse!

    Our so-called security agencies should be slapping wrists when people fail to encrypt, not whine about the other way around!

    reply to this | link to this | view in chronology ]

  • icon
    Adam (profile), 1 Feb 2016 @ 8:04am

    Yup. you lost me at the title of the document in the PDF...

    All I can think of now is:

    "First, it is slightly cheaper; and secondly it has the words Don't Panic inscribed in large friendly letters
    on its cover."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2016 @ 6:09pm

    "Let's not forget"...REALITY and HONESTY

    "And let's not forget law enforcement agencies solved crimes and captured criminals for over two hundred years in this country -- and never found the lack of access to smartphone contents to be a hindrance."

    To be clear, law enforcement solved crime for the PREVIOUS two hundred years without finding lack of access to smartphones to be a hindrance for the same reasons that criminals didn't do a lot of bad stuff using smartphones, i.e., there were no smartphones. Don't be or pretend your readers are stupid; technology has evolved - the laws have lagged. We need new interpretations of law that reflect a mature understanding of the new technology in light of a properly evolved grasp of the Fourth Amendment.

    That the current cop-ish models are wrong I do not debate. That we employ empty arguments gives away the battle for foolish reasons.

    reply to this | link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 2 Feb 2016 @ 5:42am

      Re: "Let's not forget"...REALITY and HONESTY

      That seems reasonable to me but we need to discuss this properly: should the contents of a smartphone be treated with the same confidentiality as the contends of a sealed letter or zipped-up suitcase? Most of us think so.

      reply to this | link to this | view in chronology ]

  • icon
    klaus (profile), 2 Feb 2016 @ 1:00am

    Depressing

    True, this report debunks the FBI's claim that things will be "going dark" (what a ridiculous expression). But it does this by saying law enforcement shouldn't worry because there will be ever more opportunities to snoop because trends.

    IT should be evolving towards ever greater security, not less.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Feb 2016 @ 11:28am

    What is certainly going dark,

    is the living rooms of a lot of people who refuse to own equipment with network enabled integrated microphones and cameras.

    Probably good for healthcare though. Less couch potato, more running from trungeon wielding hoodlums in balaclavas.

    Who'd have thought ten years ago that Samsung and Comcast would be at the center of an American weight loss fad?

    reply to this | link to this | view in chronology ]

  • icon
    tqk (profile), 2 Feb 2016 @ 11:28am

    Comey's just greedy.

    It's just average, every day greed. They can paint a target onto the back of anybody they damned well please any time they want to, but they want more. It's almost like he wishes more people were committing crimes so he could bust more lawbreakers. Which, for a lawman, is really missing the point of the whole thing he was hired to do. A lawman should be happy he can't find anyone committing crimes because no one's committing crimes.

    Comey's got it bass-ackwards. What a dipshit.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.