If you listen to FBI Director James Comey or GOP US presidential candidate John Kasich, encryption is a dangerous techno-blight that lets bad guys “go dark” and plot in secret. Actual tech experts are puncturing these scaremongering claims, and a new report tells a very different story: “Going dark” is alarmist nonsense. Technology provides myriad novel opportunities to spy on enemies.
According to “Don’t Panic”, a report from Harvard’s Berkman Center for Internet & Society, the US government is gaining access to digital communications, despite the privacy barrier encryption puts in place. For instance, “Internet of Things” devices from Nest cameras to Mattel’s interactive Barbies can offer other ways to spy:
When, say, a television has a microphone and a network connection, and is reprogrammable by its vendor, it could be used to listen in to one side of a telephone conversation taking place in its room — no matter how encrypted the telephone service itself might be.
What’s more, the report makes it clear that many different web services are unlikely to start offering encryption, which undermines the whole “wah we can’t see anything terrorist-y because everything’s encrypted” argument. Tech companies like Facebook rely on user data to make money, and end-to-end encryption would make it harder to do business. This means that many extremely popular services are just as easy to monitor as they have always been. The same goes for cloud-based services that need access to plaintext data — even Apple’s iCloud:
While Apple says that it encrypts communications end-to-end in some apps it develops, the encryption does not extend to all of its services. This includes, in particular, the iCloud backup service, which conveniently enables users to recover their data from Apple servers. iCloud is enabled by default on Apple devices. Although Apple does encrypt iCloud backups, it holds the keys so that users who have lost everything are not left without recourse. So while the data may be protected from outside attackers, it is still capable of being decrypted by Apple. Since Apple holds the keys, it can be compelled through legal process to produce user data that resides in iCloud.
Jonathan Zittrain, one of the report authors and co-founder of the Berkman Center, explained why government hand-wringing about “going dark” is so misguided in a blog post about the report:
The label is “going dark” only because the security state is losing something that it fleetingly had access to, not because it is all of a sudden lacking in vectors for useful information.
This is a point that has been largely drowned out in debates about whether encryption is a privacy protection or a terrorist tool — encryption is a way to make it harder to intercept digital communications, but it’s not some impenetrable and ubiquitous instrument.
Turning the “dangers” of encryption into a canard to push for increased surveillance isn’t just alarmist. It also betrays how stupid officials’ discussions about technology are. If a porch door is locked, a house doesn’t become a fortress. Pretending like encryption is this horrific, dangerous boon for bad guys doesn’t just ignore its privacy benefits — it also ignores the truth about the current capabilities of the US surveillance apparatus.