from the my-god...-it's-full-of-data dept
The NSA isn't too concerned about the use of encryption. Unlike the FBI, which continues to claim the sky is
falling darkening thanks to the spread of math, the NSA is relatively comfortable with the march of technology in this direction.
For one thing, the NSA has made progress towards cracking some forms of encryption. On top of that, it maintains a unit that does nothing but stick implants into hardware that allows it to bypass protection schemes used by its targets.
There's no "going dark" fear at the NSA. The Director of National Intelligence -- James Clapper -- has just issued a "Worldwide Threat Assessment" and nowhere in it will you find an extensive discussion about encryption's supposed deleterious effect on national security. There is one small paragraph that notes it's likely a part of terrorists' efforts to hide their communications, but not the element that concerns his office the most.
Terrorists will almost certainly continue to benefit in 2016 from a new generation of recruits proficient in information technology, social media, and online research. Some terrorists will look to use these technologies to increase the speed of their communications, the availability of their propaganda, and ability to collaborate with new partners. They will easily take advantage of widely available, free encryption technology, mobile-messaging applications, the dark web, and virtual environments to pursue their objectives.There are far too many options for those who'd like to keep the NSA out of their business, according to the report. There's no sense in decrying a single aspect of it -- especially one that also provides substantial security benefits to non-terrorists.
But the Internet giveth just as certainly as it taketh away. Echoing the sentiments of the recent report debunking the "going dark" fears of James Comey, certain legislators and a handful of smaller law enforcement agencies, Clapper points out that the Internet of Things will provide intelligence services with plenty of data to fill in their surveillance holes. (h/t Emptywheel)
Internet of Things (IoT). “Smart” devices incorporated into the electric grid, vehicles—including autonomous vehicles—and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.The tea kettle that talks to the thermostat that shares a signal with the fridge that exposes your emails to the wardriving criminal who just obtained your Wi-Fi password from the doorbell will all be sources of useful data for law enforcement and intelligence agencies. Considering much of the industry has opted to ship smart things with dumbass defaults most users will never change, the Internet of Eminently Crackable Things will be the informants government agencies always wished they had -- ones that can tell when suspects are home, what they're doing and opening up otherwise secured networks for easy intrusion.
Also worth noting is the highly dubious use of the future tense when referring to the surveillance of targets via their Smart Things. It's hard to believe the NSA isn't already on top of this. It's not as though it would need to alter its permission slips. Section 702 gives it the power to snake info from the internet from basically anywhere in the world and the government is busy arguing that people "know" their connected devices share tons of identification/location info with "the world," so there's really no expectation of privacy that might limit surveillance via smart objects.
While overseas terrorists may not be purchasing Nest thermostats in bulk at the moment, the march towards the interconnectedness of everything means it's likely one object or another will provide another surveillance vector for intelligence agencies in the near future.