Harvard Study Refutes Law Enforcement 'Going Dark' Warnings
After spending a year looking at current concerns about surveillance and encryption, a group of security, policy and intelligence experts has a message for law enforcement officials: Don't panic.
However, end-to-end encryption might make it harder in some cases for intelligence agencies to listen in on electronic communications while investigating suspected criminals and terrorists, according to a report issued today by Harvard University's Berkman Center's Berklett Cybersecurity Project.
But, at the same time, a rapidly expanding network of sensors and Internet-of-Things devices are adding many new channels of electronic data, images, audio and video that can be useful in investigations.
What's more, it's unlikely that large areas of communications will ever be end-to-end encrypted, and metadata will probably also remain mostly accessible to surveillance, the report noted. As a result, law enforcement and security authorities' concerns about networks "going dark" are overblown, and "communications in the future will neither be eclipsed into darkness nor illuminated without shadow," according to the report.
'A Future Abundant in Unencrypted Data'
The Cybersecurity Project was launched in response to a growing chorus of calls for encryption backdoors from officials in the Federal Bureau of Investigation, National Security Agency (NSA) and other organizations. Such calls have become increasingly frequent in the wake of former NSA contractor and whistleblower Edward Snowden's revelations about widespread surveillance by the NSA and other agencies, as well as after recent terrorist attacks in Paris and San Bernardino, Cailf.
As tech companies like Apple, Google and others have added default end-to-end encryption in recent years, officials like FBI Director James Comey and former CIA Director James Woolsey have been especially vocal about their concerns. Apple CEO Tim Cook and other technology and privacy/security advocates have countered that creating backdoors for the "good guys" would also leave openings for the "bad guys."
"Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible?" the report's authors asked. "We think not."
Rather they said, "Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves, and the trajectory of technological development points to a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will 'go dark' and beyond reach."
Encryption Necessary for Many Reasons
Today's report, "Don't Panic: Making Progress on the 'Going Dark' Debate" (an apparent homage to the "Don't Panic" cover text on novelist Douglas Adams' fictional "Hitchhiker's Guide to the Galaxy"), reached several key conclusions. The reported noted that the need for user data by commercial businesses makes it unlikely that end-to-end encryption will ever be universal. In addition, the fragmented nature of software ecosystems also makes widespread and comprehensive encryption unlikely, according to the report.
Meanwhile, the growth of the Internet of Things will create many other streams of content that could potentially be monitored for law enforcement purposes, the report noted. "Metadata is not encrypted, and the vast majority is likely to remain so . . . This information provides an enormous amount of surveillance data that was unavailable before these systems [cellphones, e-mail, etc.] became widespread," the report said.
The report concluded that ongoing discussions about encryption raise "difficult questions about security and privacy."
In his comments in an appendix to the report, cybersecurity expert Bruce Schneier reiterated a view he has made many times in the past: encryption is necessary to protect average citizens making financial transactions online; businesses handling customer data; journalists communicating with sources; and dissidents operating in many repressive governments of the world.
"Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society's capabilities and infrastructure: cars, restaurants, telecommunications," Schneier said. "In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest."
Image Credit: Logo Courtesy of Harvard University's Berkman Center/Cybersecurity Project.>