Paper on the Going Dark Debate
I am pleased to have been a part of this report, part of the Berkman Center’s Berklett Cybersecurity project:
Don’t Panic: Making Progress on the “Going Dark” Debate
From the report:
In this report, we question whether the “going dark” metaphor accurately describes the state of affairs. Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not. The question we explore is the significance of this lack of access to communications for legitimate government interests. We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow.
In short our findings are:
- End-to-end encryption and other technological architectures for obscuring user data are unlikely to be adopted ubiquitously by companies, because the majority of businesses that provide communications services rely on access to user data for revenue streams and product functionality, including user data recovery should a password be forgotten.
- Software ecosystems tend to be fragmented. In order for encryption to become both widespread and comprehensive, far more coordination and standardization than currently exists would be required.
- Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.
- Metadata is not encrypted, and the vast majority is likely to remain so. This is data that needs to stay unencrypted in order for the systems to operate: location data from cell phones and other devices, telephone calling records, header information in e-mail, and so on. This information provides an enormous amount of surveillance data that was unavailable before these systems became widespread.
- These trends raise novel questions about how we will protect individual privacy and security in the future. Today’s debate is important, but for all its efforts to take account of technological trends, it is largely taking place without reference to the full picture.
New York Times coverage. Lots more news coverage here. Slashdot thread. BoingBoing post.
EDITED TO ADD (2/8): Eleven news articles: one, two, three, four, five, six, seven, eight, nine, ten, and eleven.
Matt • February 2, 2016 2:35 PM
Let’s not forget the weakest element in all security systems: the human element. There’s always going to be people who make mistakes, or deliberately leak info; you’ll always be able to plant a mole or find a traitor.
Eventually technology will progress to the point where everything has built-in top-notch flawless encryption all the time, but people will still be people.