Harvard Study: The Internet of Things is a Surveillance Playground

Harvard University released a study on Monday titled Don't Panic: Making Progress on the "Going Dark" Debate. It might also have been titled Governments Shouldn't Freak Out about Encryption: The Internet of Things is a Surveillance Playground.

A TV Watching You

The study was coauthored by several signatories under the Berkman Center for Internet & Society at Harvard University. It's stated purpose was to evaluate claims by law enforcement and governments, both the U.S. and in other countries, that end-to-end encryption in our communication devices is crippling surveillance efforts. The umbrella term used for this argument is "Going Dark."

In general, the study rejects the analogy, and argues that weakening or eliminating encryption on our smartphones or on communications apps run on those smartphones would make all of us targets of malicious actors around the globe. From the study:

There is a general sense by actors within both the intelligence and law enforcement communities that, were all else equal, they would benefit if technological architectures did not present a barrier to investigations. (To be sure, all else is not equal – for example, if all communications were routinely unencrypted, citizens would be exposed to surveillance from myriad sources, many of whom might be viewed as national security threats by those citizens’ governments.)

[...]

If the U.S. government were to mandate architectural changes, surveillance would be made easier for both the U.S. government and foreign governments, including autocratic regimes known to crack down on political dissidents. The comparatively well-developed legal doctrines, procedural requirements, and redress mechanisms that serve as backstops to the U.S. government’s surveillance activities are not mirrored worldwide.

That argument is sound, and represents accepted wisdom in encryption and broader tech circles. But the study also argues that this isn't a big deal for lawful surveillance because there are so many new products and services coming online that are wide open. From the study:

The Internet of Things promises a new frontier for networking objects, machines, and environments in ways that we just beginning to understand. When, say, a television has a microphone and a network connection, and is reprogrammable by its vendor, it could be used to listen in to one side of a telephone conversation taking place in its room – no matter how encrypted the telephone service itself might be. These forces are on a trajectory towards a future with more opportunities for surveillance.

So don't worry folks, even if your iPhone is encrypted, the good guys—and by extension, the bad guys—can always just listen in on your TV, your smart dock, your smart themostat, a smart light bulb with a mic, or a wide variety of other so-called smart stuff.

Yay!

Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target. These are all real products now. If the Internet of Things has as much impact as is predicted, the future will be even more laden with sensors that can be commandeered for law enforcement surveillance; and this is a world far apart from one in which opportunities for surveillance have gone dark.

What's especially awesome is that if law enforcement can use lawful means to flip those switches, criminal organizations and foreign governments can flip them without a warrant. So, you know, there's that.

It would be easy to be cynical about this report and view it as an endorsement of the Internet of Things remaining an insecure world so that governments can use them to snoop on its criminals, however it defines criminals.

But there's a more subtle and much more important message: government is complaining that encryption is forcing them into an untenable "Going Dark" situation where it cannot protect its citizenry and pursue criminals and terrorists. In reality, however, even while encryption is closing off old methods of surveillance, technology is always bringing more things online, and those things will always offer new opportunities for snooping.

In other words, technology is ever-evolving, and rather than focusing on how old and comfortably familiar ways of surveilling the bad guys are closed off, law enforcement and intelligence agencies should always keep its eyes on new ways to surveil them.

With that in mind, the study argues, claims that law enforcement is "Going Dark" are inaccurate. That's an important distinction to be made while we argue and debate over the importance of encryption.

In the meanwhile, how about we start demanding Internet of Things product makers focus on security.

Image made with help and help from Shutterstock.