Encryption

Report: Encryption Is No Hurdle to Targeting Bad Guys

But it does make it harder to conduct blanket surveillance-which may be what officials are really after.

|

"[T]he FBI and other government agencies are facing a potentially widening gap between our legal authority to intercept electronic communications pursuant to court order and our practical ability to actually intercept those communications," wrote FBI General Counsel Valerie Caproni in 2011. She fretted over the growing sophistication of encryption technology and its use by the general public. "We call this capabilities gap the 'Going Dark' problem."

Caproni insisted the government needed to "find a solution that restores and maintains the ability of law enforcement agencies to intercept communications and collect related data."

Three years later, FBI Director James Comey repeated the warnings of a world of electronic communications slipping beyond the government's reach. And then last year, he called for "a productive and meaningful dialogue on how encryption as currently implemented poses real barriers to law enforcement's ability to seek information in specific cases of possible national security threat."

Oh, you poor feds. Don't panic! Really—that's the title of a new report from the Berkman Center for Internet and Society at Harvard University. Prepared by security and policy experts from inside and outside government, the authors cast a skeptical eye on Comey and company's warnings that they're wandering blind into a privacy-shrouded world—and their demands for legal limits on people's ability to ward off snoops.

"Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible?" the report asks. "We think not."

It's not that encryption isn't being embraced by those with a serious aversion to folks looking over their shoulder, the report notes. "Short of a form of government intervention in technology that appears contemplated by no one outside of the most despotic regimes, communication channels resistant to surveillance will always exist."

But that's not as big a deal for most of the population as the "going dark" crowd would have it. The majority of online services are likely to resist adopting end-to-end encryption "because the majority of businesses that provide communications services rely on access to user data for revenue streams and product functionality."

At the same time, that user data is becoming available from more and more components integrated into people's lives. The "Internet of everything" ensures that televisions, cars, thermostats, and widgets of all sorts provide more data than ever to paw through. "Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel."

And metadata—basically, the routing information for messages that reveals where information is coming from and going to—remains largely unencrypted by necessity. That's especially true since systems in a dynamic world are fragmented, with software packages and communications systems connecting to one another across multiple junctions. Each connection provides a likely weak point in security.

What this means is that it's as easy as ever to monitor most people's online activities. All but the most privacy-minded are probably more trackable than ever before, no matter the FBI's complaints about encrypted smart phones and secure apps.

Exceptionally privacy minded individuals, with or without bad intent, it should be noted, are highly unlikely to confine themselves to leaky, law enforcement-friendly products. They can acquire sturdier alternatives or develop their own in a world "in which new services and software can be made available without centralized vetting."

Interestingly, government snoops have been insisting that the sky is falling on its ability to monitor bad guys for the better part of the past two decades—the big change is just the recent adoption of "going dark" branding for their seemingly eternal battle against the equivalent of sealed envelopes.

Declan McCullagh, a journalist who covered Caproni and Comey's recent complaints and push for related expanded powers wrote very similar stories 20 years ago. Alarmingly, when Clinton administration assaults on encryption stumbled, McCullagh noted in 1999 that the feds substituted under-the-table arrangements with security firms for backdoor access to communications. "The Commerce Department and NSA could simply pressure a firm to insert flaws into its encryption products with a back door for someone who knows how to pick the lock."

Since then, though, you've had a rise of a new generation of less-cooperative companies willing to push back against official pressure. Apple and Google have led the pack in explicitly spurning federal demands for weakened privacy protections. The old unspoken deals aren't producing the same results.

But aren't the feds aware that they're not really losing the ability to monitor suspects, and that the "going dark" campaign is a lot of crap?

Of course they are—the Harvard report includes government experts as participants after all. But as security expert Bruce Schneier notes in a statement appended to Don't Panic, "Ubiquitous encryption protects us much more from bulk surveillance than from targeted surveillance… Widespread encryption forces the listener–whether a foreign government, criminal, or terrorist–to target."

Under the Fourth Amendment, that's what the government is supposed to do—identify a suspect, make the case for a warrant, and conduct surveillance subject to specific parameters. But in this post-Snowden world, is it any surprise that taking an indiscriminate vacuum cleaner to private communications seems to be the real end goal for law enforcement?

 What's "going dark" because of commercially available encryption isn't the government's ability to monitor suspected bad guys—they're not going to obey laws against secure products anyway. Darkness is falling instead on officials' ability to snoop on us all simultaneously, on the off chance that any of us are up to something the powers that be don't like.

And there's certainly no reason to panic over that.

NEXT: Donald Trump Says "Pussy," Which Is One of the Least Awful Things He's Ever Said

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I always thought Jackie Chan should play Snowden.

    1. They are certainly of the same level ? but, as I also indicated below, the “Berkman” Center should put their money where their mouth is. We were grateful for their assistance in discreetly hushing any lingering opposition there may have been to our efforts to stop the inappropriately deadpan “parody” in New York, but now this? Now they stab us in the back? This is an outrageous act of hypocrisy ? surely we have the right to expect better from our academic collaborators in law enforcement. See the words of the “Berkman” judge in America’s leading criminal “satire” case at:

      http://raphaelgolbtrial.wordpress.com/

  2. But even if encryption did make targeting bad guys more difficult, we should still choose freedom over safety. We might be able to increase our safety from Bad Guys by making it mandatory to have surveillance devices installed in everyone’s homes, but it would be cowardly and unethical to do so. Of course, this makes the assumption that the government can’t be the bad guy, which everyone who isn’t completely ignorant knows is false.

    If we are really “the land of the free and the home of the brave”, I would expect more people to understand this. Yet, whenever there is a discussion about unconstitutional surveillance or restrictions on encryption, the people who take objection to the government overreach rarely make it clear that they would oppose the rights violations even if they increased our safety.

    The government’s proposals must be completely rejected on all possible levels.

  3. There’s no need for all this fear of our government.

    I mean it’s not like they have built a power structure too big to answer to the people.

    No Such Agency … where one could say “Give me a report of who visits / contributes to Non-approved websites”.

    It’s Ridiculous Stuff … to think they could say “Give me a list of deductions claimed by the people on this report”.

    Fanatic Believers In ? fairytales and WACkOs would think the government might say “There might be assault weapons in this house. A no knock raid is needed to be sure”.

    Every Person Agrees ? that they couldn’t target companies that don’t play the right song. GIve me a Break, SON!

    So you see, there’s no need to worry about the Government handling our health care. They’d never abuse that power to favor some over others.

    1. health care = phone records. This post was written for a Health Care discussion but never used. I thought it appropriate for this discussion.

    2. THE + IRS = THEIRS

  4. Look. Law enforcement can’t prevent crime by waiting for it to happen and then asking for a warrant to investigate. It must act proactively by combing through every bit of private information out there. What is there to worry about? If you aren’t doing anything wrong then you have nothing to hide.

    1. Is that a Minority Report reference?

      1. No. It’s what pants-shitters really believe.

    2. Generally speaking law enforcement can’t prevent crime at all. When was the last time you heard about a cop stopping a rape “just in time”?

      Mostly what they do is file reports and draw chalk lines while shooting the periodic teenager but only when in season.

    3. “Law enforcement can’t prevent crime by waiting for it to happen and then asking for a warrant to investigate. It must act proactively by combing through every bit of private information out there. What is there to worry about? If you aren’t doing anything wrong then you have nothing to hide.”

      Remember when Republicans used that same line of reasoning to justify Bush’s 4A abuses, and Democrats actually stood up and rebuked it? Now they use the same line to dismiss the abuses that have continued and expanded under Obama.

  5. Only extremists believe in the 4th Amendment.

    1. Only extremists believe in the 4th Amendment Constitution.

      ftfy

  6. Serious question: When (phone) “wiretapping” became a thing, was there this kind of, um, discussion about it?

  7. The “Berkman” Center should put their money where their mouth is. After the excellent job they did in discreetly hushing any lingering opposition there may have been to our efforts to put an end to inappropriately deadpan “parody” in New York, now they stab us in the back? This is an outrageous act of hypocrisy ? surely we have the right to expect better from our academic collaborators in law enforcement. See the words of the “Berkman” judge in America’s leading criminal “satire” case at:

    http://raphaelgolbtrial.wordpress.com/

  8. I don’t see how “going dark” would prevent the FBI from using their usual techniques of entrapment, planted evidence, lying informants, perjury, and enhanced interrogation.

    In any case, strong, widely available encryption is a fact, and cannot be stopped.

  9. The technology is so developed that we can watch videos, live streaming, TV serials and any of our missed programs within our mobiles and PCs. Showbox
    All we need is a mobile or PC with a very good internet connection. There are many applications by which we can enjoy videos, our missed programs, live streaming etc.

Please to post comments

Comments are closed.