New Report Debunks FBI's 'Going Dark' FUD

from the it-only-seems-dark-because-you've-been-staring-at-the-sun dept

The way things are going, pretty soon FBI Director James Comey is going to be out there alone, flipping off light switches and blowing out candles, all the while cursing the going darkness.

A new report by Harvard's Berkman Center for Internet and Society debunks law enforcement's fearful statements about encroaching darkness. (h/t New York Times) As the report points out, there may be some pockets that are darker than others, but the forward march of technology means other areas are brighter than they've ever been. In particular, the growing Internet of Things is pretty much just the Internet of Confidential Informants.

Three trends in particular facilitate government access. First, many companies’ business models rely on access to user data. Second, products are increasingly being offered as services, and architectures have become more centralized through cloud computing and data centers. A service, which entails an ongoing relationship between vendor and user, lends itself much more to monitoring and control than a product, where a technology is purchased once and then used without further vendor interaction. Finally, the Internet of Things promises a new frontier for networking objects, machines, and environments in ways that we just beginning to understand. When, say, a television has a microphone and a network connection, and is reprogrammable by its vendor, it could be used to listen in to one side of a telephone conversation taking place in its room – no matter how encrypted the telephone service itself might be. These forces are on a trajectory towards a future with more opportunities for surveillance.
On top of the additional opportunities for surveillance, there's encryption itself. The best friend of Public Enemies #1 -- whatever is far from the insurmountable obstacle Comey and others have presented it as. While some companies are offering encryption by default and others are specializing in secure communications apps and tools, this is still mostly in service to niche markets.
[C]ompanies typically wish to have unencumbered access to user data – with privacy assured through either restricting dissemination of identifiable customer information outside the boundaries of the company (and of governments, should they lawfully request the data). Implementing end-to-end encryption by default for all, or even most, user data streams would conflict with the advertising model and presumably curtail revenues.
Even Apple and Google -- the two companies that added encryption-by-default to their devices -- aren't interested in encrypting everything.
Google offers a number of features in its web-based services that require access to plaintext data, including full text search of documents and files stored in the cloud. In order for such features to work, Google must have access to the plaintext. While Apple says that it encrypts communications end-to-end in some apps it develops, the encryption does not extend to all of its services. This includes, in particular, the iCloud backup service, which conveniently enables users to recover their data from Apple servers. iCloud is enabled by default on Apple devices. Although Apple does encrypt iCloud backups, it holds the keys so that users who have lost everything are not left without recourse. So while the data may be protected from outside attackers, it is still capable of being decrypted by Apple.
In short, far more surveillance doors have been opened in the past decade than have been closed. As the authors point out, smart devices and online services have implemented voice commands, giving them the capability to record conversations far more private than those that might take place over other encrypted channels. As a case in point, the report notes the FBI exploited in-car microphones more than a decade ago, using a luxury auto "concierge" service to eavesdrop on conversations between organized crime members.

They also point out that encryption isn't always surveillance-proof. NSA officials have encouraged the use of encryption -- not just because it protects ordinary citizens from attacks, but also because it can crack some of it and grab tons of metadata no matter what form is being used. Not only that, but officials have admitted that the use of encryption "lights up" potential surveillance targets, making its haystack trawling much more efficient.

Comey is the odd man out here, abandoned by the NSA, administration and, with few exceptions, other law enforcement agencies. The solution isn't bans or backdoors. The solution is the exploitation of every new attack vector willingly created by social media apps, smart devices and the general interconnectedness of the world wide web. If he persists in this fashion, it won't be too long before he's considered no more credible than the ranting doomsayers who prowl city streets and subway platforms.

And let's not forget law enforcement agencies solved crimes and captured criminals for over two hundred years in this country -- and never found the lack of access to smartphone contents to be a hindrance.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, exaggeration, fbi, going dark, james comey, surveillance

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    mcinsand, 1 Feb 2016 @ 7:05am

    if security were really important, perspective would be reverse!

    Our so-called security agencies should be slapping wrists when people fail to encrypt, not whine about the other way around!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.