Illustration via Max Fleishman (Licensed)
The office that oversees the U.S. intelligence community released a critical response Thursday to a study that called into question government warnings about the dangers of encryption.
In a letter to Sen. Ron Wyden (D-Ore.), who requested a government analysis of the Harvard University report, Deirdre Walsh, the director of legislative affairs for the Office of the Director of National Intelligence, said the study's findings "do not fully account for the realities we face."
The report presented evidence that a decades-long push by senior law-enforcement and intelligence officials to weaken encryption to aid criminal and terrorism investigations is misplaced. Not only is unbreakable, "end-to-end" encryption far from ubiquitous, the report's authors wrote, but other sources of evidence, including unencrypted metadata and Internet of Things devices, are becoming increasingly common.
The findings bolstered the argument of the technology and privacy communities, which have pushed back on law-enforcement demands for guaranteed-access mechanisms in commercial encryption. Cryptographers and civil-liberties activists warn that these so-called "backdoors" will jeopardize everyday Americans' digital security and ruin U.S. tech firms' reputations.
But Walsh argued in her letter to Wyden that, despite the report saying end-to-end encryption was not widespread, "some of the largest providers of certain types of communications services have already implemented" it. And even if that doesn't lead to near-universal use of unbreakable encryption, she wrote, such technology is already spreading, making investigators' work harder and criminals' work easier.
Harvard's Berkman Center for Internet and Society issued the report, titled "Don't Panic: Making Progress on the 'Going Dark' Debate," on Feb. 1. Its authors include Matthew Olsen, former director of the National Counterterrorism Center; Harvard law professor Jack Goldsmith, a former senior official in President George W. Bush's Justice Department; and eminent cryptographer Bruce Schneier.
The title of the report referred to law enforcement's argument that wrongdoers are "going dark" as encryption shields their activities from discovery.
When James Clapper, the Director of National Intelligence, testified before the Senate Intelligence Committee in February, Wyden asked his office to study the report's findings.
Addressing the claim that Internet of Things data and unencrypted metadata could provide a substitute for the encrypted content of criminals' communications, Walsh wrote, "this is simply wrong." Metadata, she argued, only shed light on the circumstances of communications—where and when they happened, for example—and Internet of Things devices are not universally unencrypted.
"It is difficult to see how information obtained from a refrigerator, a washing machine, or a child's toy could mitigate the impact of the loss of" communications data, Walsh wrote. She also criticized the report for overlooking the fact that many local police departments lacked the resources to tap into those smart devices.
"Even more troubling," she wrote, "the report fails to acknowledge the different privacy implications of collecting information from these sorts of devices inside one's own home."