The FBI and other officials are overstating their case when they warn that criminals are using encryption to “go dark,” according to a new study.
The study, which included current and former intelligence officials, found that the official warnings leave out the numerous ways that investigators are now able to conduct surveillance.
“The ‘going dark’ metaphor does not fully describe the future of the government’s capacity to access the communications of suspected terrorists and criminals,” said the report, published Monday by the Berkman Center for Internet and Society at Harvard.
The term, the study says, leaves out the host of new Internet-enabled devices — from thermostats to toys to televisions — that portend a new era of surveillance.
This development will help law enforcement “fill some of the gaps” created by encryption, and “ensure that the government will gain new opportunities to gather critical information from surveillance,” according to the report.
For the last year, government officials, lawmakers and the tech community have been locked in a heated battle over encryption standards.
FBI Director James Comey has led the charge for law enforcement, repeatedly making the case that investigators are increasingly unable to get at crucial communications and data as companies such as Apple, Google and Microsoft move towards full encryption.
Comey has called on these companies to design their encryption in a way that would allow them to decrypt data upon court order.
But these firms have resisted these calls. They say maintaining any key to unlock secure data introduces vulnerabilities that hackers can exploit. Guaranteeing access to encrypted data could put at risk basic Internet activities such as online banking and email, the tech community warns.
The Harvard study attempted to bring these sides together to try and get past the logjam.
The report is notable for its contributions from leaders on both sides of the debate, including current and former senior intelligence officials, as well as top civil libertarians and technologists.
One of the report’s main contributors was Matthew Olsen, a former director of the National Counterterrorism Center under President Obama. He also served as general counsel at the National Security Agency (NSA).
Two current senior NSA officials also helped with the study. Both John DeLong, the NSA’s director of commercial services, and Anne Neuberger, the agency’s chief risk officer, were listed as “core members” of the group. The two were precluded from signing the final document because of their government employment.
Also participating were outside experts, such as leading cryptographer Bruce Schneier.
“The aim of this project is to bring together people who come from very different starting points and roles, and who very rarely have a chance to speak frankly with one another,” said Jonathan Zittrain, faculty chair of the Berkman Center, in a statement. “We want to come away with some common insights that could help push the discussion into some new territory.”
The group concluded that strong encryption can obscure data from law enforcement, but that the technology is unlikely to become ubiquitous because most businesses rely on access to that data for revenue streams.
The study also noted that metadata — device location data, telephone calling records, email header information — is not encrypted, “and the vast majority is likely to remain so.”
And the booming Internet of Things will only expand this trove of data potentially exposed to surveillance programs, the report said.
“Today’s debate [over encryption] is important, but for all its efforts to take account of technological trends, it is largely taking place without reference to the full picture,” said the study.