Study says law enforcement can make do without encryption override
Some in law enforcement want the keys to commercial encryption for investigative purposes, but a new study suggests there are other ways to capture the digital lives of criminal suspects.
What: "Don't Panic: Making Progress in the 'Growing Dark' Debate" -- a report from Harvard University's Berkman Center's Berklett Cybersecurity Project, released Feb. 1.
Why: Law enforcement and intel agencies have warned that criminals and terrorists are "going dark" -- using increasingly strong, commercially available encryption for their communications to evade monitoring. Security and law enforcement agencies have ominously complained that commercial encryption is crippling their investigative and surveillance capabilities and, by extension, opening up a new world of mayhem.
But the rising alarm in the national intelligence and law enforcement communities over increasingly strong encryption capabilities on commercial networks and devices isn't justified, according to a new study.
The Berkman Center said it tapped the expertise of security and policy experts from academia, civil society and the U.S. intelligence community in debates on the encryption issue; the study was a distillation of the points made in those discussions.
Fears of a new world of undetectable communications and crippled government and law enforcement surveillance capabilities, it said, are overblown, and ignore other technological developments and the interplay of commercial market pressures.
The end-to-end encryption and other architectures that obscure user data aren't attractive to companies that provide communications services because those companies use that data for revenue. It also said complete end-to-end encryption is unlikely since "software ecosystems" are mostly fragmented and it would take "far more coordination and standardization than currently exists" to work.
Additionally, it said the fear of suspects and terrorists telecommunications "going dark" rendering surveillance impossible discounts the rise of the Internet of Things, where all manner of devices offer new paths for surveillance. The IoT, it said will make everyday objects capable of providing still images, video and audio, possibly enabling real-time intercept and recording with after-the-fact access.
Verbatim: "Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel."
Click here to read the full study.
NEXT STORY: Hacking group claims to have cracked NASA drone