Pages

3 February 2016

Report Finds FBI Warnings of Danger of Strong Encryption Overblown, Bureau Has Lots of Means to Monitor Internet Activity

David E. Sanger
February 1, 2016

New Technologies Give Government Ample Means to Track Suspects, Study Finds

WASHINGTON — For more than two years the F.B.I. and intelligence agencies have warned that encrypted communications are creating a “going dark” crisis that will keep them from tracking terrorists and kidnappers.

Now, a study in which current and former intelligence officials participated concludes that the warning is wildly overblown, and that a raft of new technologies — like television sets with microphones and web-connected cars — are creating ample opportunities for the government to track suspects, many of them worrying.

“ ‘Going dark’ does not aptly describe the long-term landscape for government surveillance,” concludes the study, to be published Monday by the Berkman Center for Internet and Society at Harvard. 

The study argues that the phrase ignores the flood of new technologies “being packed with sensors and wireless connectivity” that are expected to become the subject of court orders and subpoenas, and are already the target of the National Security Agency as it places “implants” into networks around the world to monitor communications abroad.

The products, ranging from “toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables,” will give the government increasing opportunities to track suspects and in many cases reconstruct communications and meetings.

The study, titled, “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” is among the sharpest counterpoints yet to the contentions of James B. Comey, the F.B.I. director, and other Justice Department officials, mostly by arguing that they have defined the issue too narrowly.

Over the past year, they have repeatedly told Congress that the move by Apple to automatically encrypt data on its iPhone, and similar steps by Google and Microsoft, are choking off critical abilities to track suspects, even with a court order.

President Obama, however, concluded last fall that any effort to legislate a government “back door” into encrypted communications would probably create a pathway for hackers — including those working for foreign governments like Russia, China and Iran — to gain access as well, and create a precedent for authoritarian governments demanding similar access.

Most Republican candidates for president have demanded that technology companies create a way for investigators to unlock encrypted communications, and on the Democratic side, Hillary Clinton has taken a tough line on Silicon Valley companies,urging them to join the fight against the Islamic State.

Apple’s chief executive, Timothy D. Cook, has led the charge on the other side. He recently told a group of White House officials seeking technology companies’ voluntary help to counter the Islamic State that the government’s efforts to get the keys to encrypted communications would be a boon for hackers and put legitimate business transactions, financial data and personal communications at greater risk.

The Harvard study, funded by the Hewlett Foundation, was unusual because it involved technical experts, civil libertarians and officials who are, or have been, on the forefront of counterterrorism. Larry Kramer, the former dean of Stanford Law School, who heads the foundation, noted Friday that until now “the policy debate has been impeded by gaps in trust — chasms, really — between academia, civil society, the private sector and the intelligence community” that have impeded the evolution of a “safe, open and resilient Internet.”

Among the chief authors of the report is Matthew G. Olsen, who was a director of the National Counterterrorism Center under Mr. Obama and a general counsel of the National Security Agency.

Two current senior officials of the N.S.A. — John DeLong, the head of the agency’s Commercial Solutions Center, and Anne Neuberger, the agency’s chief risk officer — are described in the report as “core members” of the group, but did not sign the report because they could not act on behalf of the agency or the United States government in endorsing its conclusions, government officials said.

“Encryption is a real problem, and the F.B.I. and intelligence agencies are right to raise it,” Mr. Olsen said Sunday. But he noted that in their testimony officials had not described the other technological breaks that are falling their way, nor had they highlighted cases in which they were able to exploit mistakes made by suspects in applying encryption to their messages.

Jonathan Zittrain, a professor of law and computer science at Harvard who convened the group, said in an interview that the goal was “to have a discussion among people with very different points of view” that would move “the state of the debate beyond its well-known bumper stickers. We managed to do that in part by thinking of a larger picture, specifically in the unexpected ways that surveillance might be attempted.”

He noted that in the current stalemate there was little discussion of the “ever-expanding ‘Internet of things,’ where telemetry from teakettles, televisions and light bulbs might prove surprisingly, and worryingly, amenable to subpoena from governments around the world.”

Those technologies are already being exploited: The government frequently seeks location data from devices like cellphones and EZ Passes to track suspects.

The study notes that such opportunities are expanding rapidly. A Samsung “smart” television contains a microphone meant to relay back to Samsung voice instructions to the TV — “I want to see the last three ‘Star Wars’ movies” — and a Hello, Barbie brought out by Mattel last year records children’s conversations with the doll, processes them over the Internet and sends back a response.

The history of technology shows that what is invented for convenience can soon become a target of surveillance. “Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target,” the report said.

These communications, too, may one day be encrypted. But Google’s business model depends on picking out key words from emails to tailor advertisements for specific users of Gmail, the popular email service. Apple users routinely back up the contents of their phones to iCloud — a service that is not encrypted and now is almost a routine target for investigators or intelligence agencies. So are the tracking and mapping systems for cars that rely on transmitted global positioning data.

“I think what this report shows is that the world today is like living in a big field that is more illuminated than ever before,” said Joseph Nye, a Harvard government professor and former head of the National Intelligence Council. “There will be dark spots — there always will be. But it’s easy to forget that there is far more data available to governments now than ever before.”

No comments:

Post a Comment