The Internet of Things could help intelligence services with surveillance and monitoring, director of National Intelligence James Clapper told the U.S. Senate Armed Services Committee during a hearing yesterday. His comments echoed a report from information technology experts last week that said government concerns about encryption and suspects “going dark” were overblown.
While smart devices can reduce energy use and improve efficiency, they can also “threaten data privacy, data integrity, or continuity of services,” Clapper said in his annual Worldwide Threat Assessment of the U.S. Intelligence Community report. “In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
Clapper’s comments came on the same day as the White House ordered the creation of a federal interagency council to focus on privacy issues. However, they also arrived on the heels of closed-door House Judiciary Committee hearings on future government surveillance powers.
‘More Complicated’ than Either Side Says
Clapper’s testimony and report highlight a schism on surveillance technologies between the intelligence and law-enforcement communities, Joseph Lorenzo Hall, chief technologist for the Washington, D.C.-based Center for Democracy and Technology, told us.
While intelligence organizations like the National Security Agency recognize that fast-advancing technologies will create new opportunities for spying, officials with law-enforcement agencies like the Federal Bureau of Investigation and local police departments continue to view encryption in particular as a threat to their work, he said.
With encryption, “there’s still a lot of pressure from law enforcement,” Hall said, adding that Clapper’s comments sort of emphasize the split between intelligence services and law enforcement.
Clapper’s assessment also essentially echoed one of the conclusions in last week’s “Going Dark” report from Harvard University’s Berkman Center’s Berklett Cybersecurity Project.
According to the report, while end-to-end encryption might be making some forms of surveillance more difficult, the fast-expanding world of the IoT will open up new opportunities to monitor suspected criminals and terrorists. These recent conversations illustrate that it’s more complicated than the rhetoric on both sides, Hall said.
‘Bellwether Moment’ in Cryptowars
The Electronic Frontier Foundation, a civil rights advocacy group, said yesterday that last week’s Berkman Center report shows that “surveillance will survive encryption, despite false FBI claims.”
“In particular, fears that intelligence agencies are ‘going dark’ by losing pervasive access to electronic communications, or data stored online, overlook the emergence of new data streams — especially increasingly vast sets of unencrypted data produced by household devices connected to the Internet,” EFF director of grassroots advocacy Shahid Buttar wrote in a blog post.
These devices include the computers and smartphones for which encryption is an essential security and privacy tool, as well as “toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables,” Buttar said.
Yesterday, the GSMA, a mobile industry trade group, also announced that it had released new guidelines aimed at promoting the secure development and deployment of services in the growing IoT market.
Such developments underscore the problem with some officials’ concerns about encryption, the Hall said. “They say they’re going dark, but that’s because they’ve been staring at the sun,” he said.
With Clapper acknowledging similar views about the IoT this week, Hall added that we appear to have reached a kind of “bellwether moment in the cryptowars.”