Slashdot Mirror

← Back to Stories (view on slashdot.org)

Harvard: No, Crypto Isn't Making the FBI Go Dark

Posted by timothy on from the misdirection-and-confusion dept.

Trailrunner7 writes: The FBI and other law enforcement and intelligence agencies have warned for years that the increased use of encryption by consumers is making surveillance and lawful interception much more difficult, impeding investigations. But a new study by a group of experts at Harvard's Berkman Center says those claims are largely overblown and that the IoT revolution will give agencies plenty of new chances for clear-channel surveillance.

"We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow. Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves, and the trajectory of technological development points to a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will 'go dark' and beyond reach," the Berkman Center report says.

59 comments

  1. Dear Harvard: The FBI is lying by Cyberpunk+Reality · · Score: 5, Insightful

    You'd think that all that Ivy League brainpower would be able to figure out that the FBI's empty posturing is exactly that. Of course, it's also very possible that its kabuki all the way down.

    --
    Rule 35 of the internet: "If it can be hacked, it will be". - Charles Stross
    1. Re: Dear Harvard: The FBI is lying by ememisya · · Score: 1

      I am shocked. Wow, are you telling me you should never assume your secrets are safe? That should be written down as a principal somewhere.

    2. Re:Dear Harvard: The FBI is lying by Anonymous Coward · · Score: 1

      Harvard knows full well the FBI is lying, this entire study is Harvard's way of publicly calling them out.

    3. Re:Dear Harvard: The FBI is lying by Anonymous Coward · · Score: 0

      Of course, it's also very possible that its kabuki all the way down.

      A bit confused why traditional Japanese dance was mentioned

    4. Re:Dear Harvard: The FBI is lying by Anonymous Coward · · Score: 1

      https://en.wikipedia.org/wiki/Kabuki_dance

    5. Re:Dear Harvard: The FBI is lying by mitcheli · · Score: 1

      Well, if memory serves, the head of the NSA stated publicly the other day that encryption is the new normal and that we should stop fighting it. If the head of the NSA is publicly stating that, then what's to say the FBI doesn't have a similar mindset...

      --
      Select from tblFriends where interesting >= 4;
  2. Well, here's the insight that Orwell missed. by jeffb+(2.718) · · Score: 3, Insightful

    He never envisioned that, instead of a totalitarian government imposing viewscreens on everyone and then pounding the populace into submission, one could just offer "reality programming" on the viewscreens. The populace pounds itself into submission, and all a government has to do is plug into the APIs that everyone has voluntarily installed in every room of every house. And if there wasn't a totalitarian government already in existence, well, preinstalled omnipresence and omniscience certainly makes a fertile field in which one can sprout.

    1. Re:Well, here's the insight that Orwell missed. by epine · · Score: 2

      Good thing the 0.01% are thinking ahead and managed to unanimously ratify a covert treaty spelling out precisely how to divvy up among themselves the spoils sprout.

      Otherwise, the fertile soil could turn into dense, tangled jungle underbrush instead of trusting up a solitary Mallorn tree fruiting at its spire a great, flaming eagle, as this narrative assumes and requires.

    2. Re: Well, here's the insight that Orwell missed. by Anonymous Coward · · Score: 0

      It's telescreen, and what exactly do you think a "smart TV" is?

    3. Re:Well, here's the insight that Orwell missed. by ponraul · · Score: 1

      You're about 32 years late. Neil Postman made this observation in Amusing Ourselves to Death.

    4. Re:Well, here's the insight that Orwell missed. by shess · · Score: 1

      He never envisioned that, instead of a totalitarian government imposing viewscreens on everyone and then pounding the populace into submission, one could just offer "reality programming" on the viewscreens.

      http://highexistence.com/amusi...

  3. 'Surveillance and lawful interception' by h4x0t · · Score: 1

    I think I speak for everyone when I say, "Get fucked, FBI and other law enforcement and intelligence agencies."

    If it's not both warranted and public, you shouldn't be able to get it in the first place.

    1. Re:'Surveillance and lawful interception' by Anonymous Coward · · Score: 0

      "I think I speak for everyone"

      You don't.

    2. Re:'Surveillance and lawful interception' by Anonymous Coward · · Score: 0

      He doesn't think?

    3. Re:'Surveillance and lawful interception' by Etherwalk · · Score: 4, Insightful

      He doesn't think?

      He neither thinks for everyone nor speaks for everyone. The mass of people tend to believe the US government is spying to protect them so they don't care.

      They forget that the fastest way to lose civil liberties is by failing to stand up for the rights of the worst people in society--thieves, murderers, investment bankers, terrorists.

      You don't just protect the rights of minorities because of egalitarian or meritocratic principles. You do it because so long as you can slice society up into little segments and take the rights away from one group, everyone's rights are at risk.

    4. Re:'Surveillance and lawful interception' by Anonymous Coward · · Score: 0

      the worst people in society--thieves, murderers, investment bankers, terrorists.

      Hey now. Not all thieves are bad.

    5. Re:'Surveillance and lawful interception' by waspleg · · Score: 1

      The mass of people tend to believe the US government is spying to protect them so they don't care.

      The mass of people don't know and many who do also do not care.

      However there is also likely a large portion who do know but don't understand.

      Just watch the John Oliver segment with Edward Snowden where they explain this with dick pics. Suddenly people on the street give a fuck.

  4. Hmmm by rmdingler · · Score: 4, Funny

    I guess I will continue to tolerate opening the front door with my own fingers and adjusting the thermostat once I arrive at home as the necessary struggles of clinging to the outdated ways.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:Hmmm by Anonymous Coward · · Score: 0

      No one designing these IoT products can even come up with compelling reasons to buy them.

      They put LCDs in things as if having a software interface beats a microcontroller and some buttons.

      Surprise! It doesn't. That is less desirable. More cost, more complexity, lower reliability, lower efficiency, and less PRIVACY.

      I will probably laugh out loud at the first LCD-bearing dishwasher I see in someones home. Hopefully it will be a long time --I think the people I hang around are smarter than that.

    2. Re:Hmmm by Runaway1956 · · Score: 2

      High efficiency clothes washer. I've watched, and I can't find where it attempts to connect to anything. The price was right, the savings in water and electricity are great, so I put up with it. The wife is happy with it. As I say, I've watched carefully, and it has never made an appearance on the network. I HOPE it's alright.

      If/when it breaks down, I may or may not be able to repair it.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    3. Re:Hmmm by Anonymous Coward · · Score: 0

      Did you put an SSID and key into the machine? If not (assuming you have a decent authentication mechanism on it), how would it get on your network? Now, an embedded 2/3/4G modem, that is absolutely possible.

    4. Re:Hmmm by Rain2 · · Score: 1

      Is Ethernet really out of the question these days?

    5. Re:Hmmm by Pascoea · · Score: 2

      Ethernet? On a Internet connected washing machine? You can't be serious. What is it, 2005? Get with the program!

    6. Re:Hmmm by Coren22 · · Score: 1

      I can see the utility of having a washer on the internet. It would then be able to alert you when the wash is done. I waste more time rewashing loads because I forgot about them in the daily grind than the privacy of my washing machine is really worth.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    7. Re:Hmmm by Anonymous Coward · · Score: 0

      If you don't mind Google knowing you have a washing machine (they already know, they say you researching it online): "OK Google, remind me about the washing at 10pm". Or shell script + sendmail. Or put a red magnet on the fridge.

  5. How is that a good thing?? by Anonymous Coward · · Score: 0

    Most of that clear channel surveillance will be illegitimate and unconstitutional, as is the status quo.

    The only people they should be surveying are people suspected of a crime.

    We are NOT criminals by default, and they should really stay the fuck out of peoples communications.

    It's a crime how much money the US spends collecting data on the innocent.

  6. My 0.02 by DaMattster · · Score: 4, Informative

    I use OpenBSD both as a desktop and server operating system precisely because they will never bend to the likes of government. Cloud and software companies will gladly bend to the will of government. Say what you want about Theo de Raadt but the guy sticks to his principles like glue. After accusations of backdoors surfaced, the OpenBSD project did a comprehensive audit which revealed no secret backdoor and ended up correcting some bugs and other issues. I trust OpenBSD for all of my computing needs.

    1. Re:My 0.02 by mewsenews · · Score: 1

      Don't forget that OpenBSD lost a shitload of DARPA funding because De Raadt correctly stated the war in Iraq was wrong.

    2. Re:My 0.02 by currently_awake · · Score: 2

      It's a pity that Intel is willing to play ball then, as they probably made the chip set on your "secure" computer.

    3. Re:My 0.02 by Anonymous Coward · · Score: 0

      The future is ADSL filter sized dongles that run a stripped down OpenBSD filter with robust blocks for behind your back stuff, and point to point encryption using a 'tough' protocol - and no key exchange needed. .
      An open honest mini router/firewall even to the point of lacking eeproms, but paired roms you swap over.
      Rather than dropping packets on the floor, the device could also send on-the-fly false data to contaminate marketers wet dreams.
      It could also flash a light indicating hostile activity, and publish attack details that so licensed 0 days vectors get exposed, even when the OS and router has be owned.

      Note: A physical chain of different routers running different software and firewalls has always been good practice for the big guys. Now the concept will extend to mum and dads and kiddies who can insert custom roms into the dongle.

    4. Re:My 0.02 by Anonymous Coward · · Score: 0

      Then I hope you don't install it as a test environment without going through their installer, because you might find that Theo himself now sees no problem to have an enabled-per-default ntpd that - per default - talks to Google.

      Let me repeat: OpenBSD talks to Google per default now. Don't believe it?

      There is Google: http://cvsweb.openbsd.org/cgi-...
      There is ntpd enabled by default: http://cvsweb.openbsd.org/cgi-...

      I can hear you, yeah yeah, it's just a plausibility check in time syncing and it's just a HTTP HEAD or whatever. Still, it's a problem. So don't assume OpenBSD is always doing the right thing now. Double-check everything!

    5. Re:My 0.02 by Anonymous Coward · · Score: 0

      Sorry, forgot:

      http://cvsweb.openbsd.org/cgi-...

      There's the commit that confirms the "Theo himself" bit.

    6. Re:My 0.02 by Coren22 · · Score: 0

      Because OMG, Google is totally going to hack you by changing the TIME on your computer. Wow, that is some serious paranoia there.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    7. Re:My 0.02 by Anonymous Coward · · Score: 0

      That would be a plausible fingerprinting method.

    8. Re:My 0.02 by Anonymous Coward · · Score: 0

      Impressive display of idiotic ignorance.

  7. In other words... by flopsquad · · Score: 1

    Don't worry about all the killer's emails and texts being encrypted--his washing machine is livecasting the blood-soaked t-shirt on agitate, and his toaster snapped a picture of him waking in with the knife.

    --
    Nothing posted to /. has ever been legal advice, including this.
    1. Re:In other words... by ATMAvatar · · Score: 1

      It's largely irrelevant, though. The killer will get away scott-free because the lead investigator is too busy spying on his ex.

      --
      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
  8. The herd of humans by AHuxley · · Score: 2

    At some point a person will be invited onto vast networked applications, clouds or other sharing or web 2.0 platform.
    Given the need to profit from users interactions the need to "reach out" will be the security forces way in.
    Encryption will not offer privacy on services, hardware and devices designed to track users habits.

    Privacy cannot be created if every movement is been logged.
    A journalist found to be sitting next to a whistleblower for 20 mins. Both having their cell phones on is not safe if they take notes on paper and have the phone powered (battery sealed in by design).

    Encryption that is weak by design or an OS that is created with gov approved trap doors and back doors is not encryption, just an expensive keylogger.
    Watch for the honey trap and any new best friends if using encryption and understanding its limitations on any network.

    If your a company or brand, fly in your staff, talk face to face in a vault, use all paper files. Any data on a connected server is in the public or a billing system thats used globally. Keep new projects and all readable data away from networks. Buying junk turn key encryption or cloud products from nations that allow designers to share your data with their gov, mil, other nations is not the best idea.
    Understand the positive and negative pressure a mil or gov will place on a supplier of encryption, cloud or other computer products for domestic or export use.

    Leadership in some brands will even weaken their products or collect all or allow a gov/mil in.
    Re the "bulk surveillance" and "targeted surveillance"
    Encryption without privacy is just a location to send gov or mil bespoke malware down to.
    Privacy with junk encryption is a plaintext message.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re: The herd of humans by Anonymous Coward · · Score: 0

      More transparency and sunlight are our only hope. Genie is not going back into the bottle. Panopticon is here and only getting broader. I hope that a much larger, diverse array of people with competing interests have access to all the info soon.

  9. IoT by PPH · · Score: 1

    Washington State here. What with our recent legalization of pot, it's going to be fun watching the stoners after you tell them that their toaster is watching them.

    --
    Have gnu, will travel.
    1. Re:IoT by Anonymous Coward · · Score: 0

      Washington State here. What with our recent legalization of pot, it's going to be fun watching the stoners after you tell them that their toaster is watching them.

      In the Surveillance States of America, toasters watch you!

    2. Re:IoT by daniel23 · · Score: 1

      was'nt it the smart tv which sends a live stream of the living room to servers in Korea?
      Now of course the IT guys there will do the same thing Snowden reported of the NSA folks, sharing the best among themselves. Sooner or later those find their way to a tumblr of xhamster, posted from there to your fav pr0n chat and that's how you get to lnow your wife's lovers.
      And vice versa.
      In the long run this will void a lot of hyprocisy

      --
      605413? Yes, it's a prime.
    3. Re:IoT by MightyMartian · · Score: 1

      I build toasters that watch you for a living, you insensitive clod!

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:IoT by MightyMartian · · Score: 1

      If a device is accessing your home WiFi, then at least some of this can be mitigated by having a decently intelligent and configurable router. That will have to do until APK can develop a hosts file we can upload to our TVs, microwaves and HVAC system.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    5. Re:IoT by daniel23 · · Score: 1

      gonna be fun then,
      for we'll have to root the fridge, the smart bulbs, the smoke detectors, each of them or we cannot change the hosts file.
      Now with evry downloaded firmware update your lightbulbs (each of them) go into blinking mode and, since they are rooted and cannot install the update silently, you have to address and fastboot them, one by one, and then re-root, and then reinstall the edited hosts file, and reboot the bulb.
      Possible, but not feasable

      --
      605413? Yes, it's a prime.
    6. Re:IoT by Runaway1956 · · Score: 1

      That's just a little bit on the silly side. You install the HOSTS file on the router, not every machine in the neighborhood. Tomato and DDWRT both have the capability, depending on precisely which version you've installed.

      DO NOT expect any commercial offerings with such configurability - certainly not consumer grade products.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    7. Re:IoT by zippthorne · · Score: 1

      What if it accesses your neighbor's WiFi instead? It doesn't even have to be a neighbor who failed to secure his wifi - he might just have Comcast.

      --
      Can you be Even More Awesome?!
    8. Re:IoT by Coren22 · · Score: 1

      Or run your own DNS server and run the entries there, where the performance is considerably better.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  10. Well Duh! by Anonymous Coward · · Score: 1

    The FBI and other law enforcement and intelligence agencies have warned for years that the increased use of encryption by consumers is making surveillance and lawful interception much more difficult, impeding investigations.

    I don't think there is ANYONE that actually believes this. There has already been many rebuttals on Comey's lies about prosecutions in jeopardy because of encryption. Every single one of the cases he has mentioned in interviews was successfully prosecuted without needing the encrypted cell phone data. Proper police work can bypass most encryption, but require warrants and probable cause (and most importantly, actual effort). This is where the problem is, not in encrypted data.

  11. FBI going dark? by l0n3s0m3phr34k · · Score: 4, Informative

    Shouldn't that be the "terrorists" or "hackers" or whatever going dark? "Going dark" is slang for going silent, off-grid, etc. Nothing short of the destruction of the USA as a country, or a total de-funding the FBI, would ever make the FBI itself "go dark". That would have to be some pretty AMAZING crypto to make the FBI shut down all their offices, all their employees disappear, etc.

  12. More than IoT..... TOS by birukun · · Score: 2

    Terms of Service (TOS) and people agreeing to give all their info up is going to do us in, as someone mentioned above about Orwell envisioned government oppression doing it, but it is actually people *giving up freedom* that is a much more devious thing. Gradual and it feels good to have all this convenience and security...... a warm blanket that someday may smother you......

    --
    Self Defense - A Human Right www.a-human-right.com
  13. I've been forced into the IoT by NotQuiteReal · · Score: 1

    First the Electric company put a "smart meter" on my house. At least they told me it was coming*.

    The other day, I noticed I had less clearance on my narrow side path of my house, to roll out my trash cans... all of a sudden, my gas meter has gotten "smart" on me - and its readout panel now an inch or so thicker thicker than it was before...

    Come to think of it... the Borg Logo looks a lot like a gas utility logo...

    * - letter said they would come out at such and such a date, knock on the door, then change out the meter. Nope, just working from home, as usual, 3 computers running. Woomp! power outage. Hardly had time to save my files I had been working on before my crappy UPS went out. No warning, just yanked the meter and replaced it. Files saved, shutdown started, I went downstairs to see what happened - no circuit breakers blown, just a shiny new meter. The installers were off to the next house and I never even saw one.

    --
    This issue is a bit more complicated than you think.
    1. Re:I've been forced into the IoT by Phreakiture · · Score: 1

      Clearly your installer, like your UPS, sucks.

      It was done properly in our location -- knock on door, and I was able to observe the process.

      --
      www.wavefront-av.com
    2. Re:I've been forced into the IoT by Anonymous Coward · · Score: 0

      Lucky for you all your electrical equipment survived. I knew a guy who lost some stereo equipment as a result of the switch. They are supposed to turn off the circuit breaker before swapping, but that takes too much time.

  14. This just in: by skinlayers · · Score: 1

    People locking their front doors will force law enforcement to follow due process!
    *GASP*!

  15. "Lawful interception"? by Anonymous Coward · · Score: 0

    At least we retain lawful murder, rape, robbery, kidnapping and blackmail, so the terrorists better watch out.

  16. Sewer Clowns by Anonymous Coward · · Score: 0

    "Microsoft becomes OpenBSD's first gold contributor"

    July 9, 2015 -- 12:14 GMT (13:14 BST)

    http://www.zdnet.com/article/m...

    #

    http://undeadly.org/cgi?action...

    Microsoft Now OpenBSD Foundation Gold Contributor
    Contributed by tbert on Tue Jul 7 16:03:41 2015 (GMT)

    "Thats funny. Reminds me story with Darpa, when everyone was surprised like an infant after what happened.

    Now, after fighting with closed drivers world and producing hours of pro-freedom songs - make a contract with Microsoft.

    Hilarious :)" - by bluszcz (83.49.0.115) on Thu Jul 9 15:08:57 2015 (GMT)

    "I just hope it's not another Microsoft "Embrace, Extend and Crush" move." - by Anonymous Coward (24.138.98.109) on Thu Jul 9 00:28:33 2015 (GMT)

    1. Re:Sewer Clowns by DaMattster · · Score: 1

      So what!? Theo de Raadt told DARPA to go fuck themselves. I'm sure he'd do the same if Microsoft makes fucking unreasonable demands.