‘Don’t Panic’: Study pours cold water on police fears over encryption
Criminals may run, but they can’t hide even with encryption, according to a new study from the Berkman Center for Internet and Society at Harvard. The findings show that law enforcement still has options to circumvent an emerging world of cybersecurity.
Titled "Don't Panic," the 37-page study released Monday is the product of 12 panelists who worked together for over a year to address the stagnating debate between law enforcement and technology firms over encryption, technology that hides internal communications from outside surveillers.
"There are and will always be pockets of dimness and some dark spots — communications channels resistant to surveillance — but this does not mean we are completely 'going dark,'" the report stated. "Some areas are more illuminated now than in the past and others are brightening."
Some of the study’s findings not only challenge law enforcement claims, but also call into question anyone promoting encryption as an invincible protection for total privacy.
End-to-end encryption, where not even the provider has access to private conversations it facilitates, is not likely to become pervasive among online messaging services like Gmail and Facebook, because they use their users’ data to sell advertisements and turn a profit.
“Internet companies more recently have been shifting towards data-driven advertising, and the technology that facilitates advertising delivery has become more reliant on user data for targeting ads based on demographics and behaviors,” the report said.
There are also too many indirect connections that make up the web for every single “doorway” to be locked shut under some broad encryption usage. The “Internet of Things,” appliances, toys, and other networked devices, are seen as a new opportunity for law enforcement in the study.
“Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel,” the report read.
Then there is metadata, also known as "front of the envelope," meaning the outlining details of communication, which can’t be hidden with encryption.
“Encryption does not prevent intrusions at the end points, which has increasingly become a technique used in law enforcement investigations,” the report found.
The report concludes with answering the question, "Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible?"
"We think not," it said.
Both public and private employees made up the panel, including NSA Director of Commercial Services John DeLong, NSA Chief Risk Officer Anne Neuberger, and former Director of the National Counterterrorism Center Matthew Olsen. NSA employees, however, were unable to sign off on the study, citing rules on public statements.