Goverment Claims on Encryption Challenged

John Lister's picture

A Harvard University report challenged the government's argument that online encryption helps criminals go undetected. The report also suggests that the "Internet of Things" will give law enforcement officials more opportunity to surveil suspects.

Politicians and government agencies (such as the FBI) repeatedly make the case that the law fails to keep up with technology, especially when it comes to being able to monitor communications between suspected offenders. For example, recently-updated wiretapping laws can still prove to be unworkable, especially if data is encrypted online.

Currently, proposed laws in California and New York would ban the sale of devices such as the latest iPhone. That's because these devices are able to encrypt data in a way that even Apple would not be able to decrypt without the user's compliance, regardless of what a court orders. (Source: digitaltrends.com)

"Don't Panic" Says Report

Those arguments are challenged in a report titled "Don't Panic" from the Berkman Center for Internet and Society. It brought together the views of security experts from the academic world, the computer industry and - speaking anonymously - within the security services. (Source: harvard.edu)

The report concluded that the idea in which the government will be unable to effectively surveil criminals adequately simply does not hold up. It says that although only a despotic government would be able to monitor every piece of online communication, the nature of the modern Internet means the government will always have a reasonable ability to keep track of people.

One of the arguments the report makes is that most tech firms will never be able to offer complete encryption across all stages of online communication. That's partly because firms need to access data for purposes such as advertising, and partly because they need to offer features such as recovering a lost password.

Smarter Gadgets Mean More Scope For Surveillance

The report also suggests that a truly effective and all-encompassing encryption will never be possible simply because online tech firms won't work closely enough to coordinate it.

Another argument is that for every case where users step up encryption, there will be new types of online communication that are vulnerable to interception. This includes the "Internet of Things," which is made up of devices such as appliances, smart cars and even Internet-connected surveillance cameras.

Finally, the report argues that metadata, which covers details of who visited which sites and who they messaged (rather than the content of communications), will always have to be unencrypted to allow the architecture of the Internet to work properly. That in turn means law enforcement and security agencies will always be able to track users to some extent.

What's Your Opinion?

Do you agree with the findings of the report? Is the balance between anti-crime surveillance and online privacy right at the moment? Which worries you more: criminals being able to communicate in total secrecy, or the government being able to access all communications?

Rate this article: 
Average: 4.3 (3 votes)

Comments

Dennis Faas's picture

One thing I've learned about computers all these years is that copyright protection on software (encryption) can always be defeated. Thus, encrypting communication is only as good as the power of the encryption itself.

Even if total encryption was the case, cybercriminals would find a way around it. This is very similar to the case of DRM (digital rights management) years back, where DRM served only to make things more complicated then they need to be. As a result, innovation stifled because companies could not work together to make a better product. The same can be said about encrypting communication.

That aside, I agree 100% with the report which suggests that the government will always find a way to spy on people, given its power and also because of the way that the Internet is currently designed.