- PDF Association dunks on Mueller report PDF Friday 7:33 PM
- Robert Downey Jr. says ‘Endgame’ finale is ‘best 8 minutes’ of any MCU film Friday 4:42 PM
- Elizabeth Warren calls on Congress to impeach Trump Friday 3:43 PM
- BlackBerry Messenger is still a thing—but not for much longer Friday 2:56 PM
- Matt Gaetz hires speechwriter fired by White House for attending white nationalist event Friday 1:33 PM
- Here’s why Elon Musk is a sheep on Twitter Friday 12:14 PM
- Trump is already running Facebook ads on the Mueller report Friday 12:07 PM
- 20 thoughtful gifts grads actually want Friday 12:00 PM
- 7 of the best psychological thriller movies on Shudder Friday 11:44 AM
- Seth Abramson’s epic Mueller thread finally comes to a conclusion Friday 11:40 AM
- Netflix is testing out a random play feature Friday 11:28 AM
- Teen star Danielle Cohn faked pregnancy for YouTube prank Friday 10:55 AM
- How to watch ‘A Discovery of Witches’ for free Friday 10:42 AM
- Rev up your own family rivalries with these ‘Game of Thrones’ board games Friday 10:29 AM
- Mueller’s ‘harm to ongoing matter’ is the best way to stay silent about your life Friday 10:21 AM
Encryption does not allow criminals and terrorists to ‘go dark,’ study finds
Technology is making it easier to catch the bad guys, the authors found.
As the global debate over encryption continues to escalate, a new study asserts that the FBI Director James Comey’s worries about criminals and terrorists “going dark” by using encrypted communications is wrong.
“In this report, we’re questioning whether the ‘going dark’ metaphor used by the FBI and other government officials fully describes the future of the government’s capacity to access communications,” cryptographer Bruce Schneier wrote in the report. “We think it doesn’t. While it may be true that there are pockets of dimness, there other areas where communications and information are actually becoming more illuminated, opening up more vectors for surveillance.”
Encryption technology is used to protect data from eavesdroppers, ensure the integrity of communications, and thwart tampering. It’s used all over the Internet, including anytime you visit a website with an HTTPS connection. The latest debate was sparked when Apple and Google began to encrypt their mobile software by default.
The report, titled “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” is authored by prominent technologists as well as American intelligence and law enforcement officials. Its conclusions are supported by an almost unanimous consensus of technical, academic, and industrial figures who have argued for strengthening encryption’s legal foundations in recent years.
Some of the points are supported by figures like Michael Hayden, former director of the National Security Agency and the Central Intelligence Agency, who argues that encryption is crucial to American security. Hayden also insists that metadata—e.g., location data from phones or header information in emails—allows investigators to “use other paths” besides breaking encryption.
Senate Intelligence Committee Chairman Richard Burr (R-N.C.) is currently writing legislation that aims to give U.S. authorities special access to encrypted data when they possess a warrant.
The study takes aim at points made by authorities like Comey and Attorney General Loretta Lynch who have argued that action—whether by law or voluntarily—must be taken to allow law enforcement special access to encrypted data.
The study makes five major conclusions, quoted in full here:
End-to-end encryption and other technological architectures for obscuring user data are unlikely to be adopted ubiquitously by companies, because the majority of businesses that provide communications services rely on access to user data for revenue streams and product functionality, including user data recovery should a password be forgotten.
Software ecosystems tend to be fragmented. In order for encryption to become both widespread and comprehensive, far more coordination and standardization than currently exists would be required.
Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.
Metadata is not encrypted, and the vast majority is likely to remain so. This is data that needs to stay unencrypted in order for the systems to operate: location data from cell phones and other devices, telephone calling records, header information in e-mail, and so on. This information provides an enormous amount of surveillance data that widespread.
These trends raise novel questions about how we will protect individual privacy and security in the future. Today’s debate is important, but for all its efforts to take account of technological trends, it is largely taking place without reference to the full picture.
You can read the full study here:
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.