It predicts that the continued expansion of Internet-connected devices — such as smart TVs and vehicles, IP video cameras and more — will offer fresh opportunities for tracking targets.
“Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target,” it said. “These are real products now.”
The study comes from Harvard’s Berkman Center for Internet Society and was signed by well-known figures, including security expert Bruce Schneier, Jonathan Zittrain of Harvard Law School and Matthew G. Olsen, former director of the U.S. National Counterterrorism Center.
All are members of the Berkman Center’s Berklett Cybersecurity Project, which studies surveillance and cybersecurity issues.
The technology industry has come under increasing pressure from some government officials in the U.S. and U.K., who contend that bolstering data security, primarily through encryption, will diminish their capabilities to fight terrorism and crime, and will result in those sources “going dark.”
While law enforcement can gain access to data held by service providers through warrants, some systems have been designed in a way that the service providers can’t provide any information at all.
These so-called end-to-end encryption systems leave users in sole possession of the decryption keys. Without a password, law enforcement would have to use other means to try to decrypt data.
The study, titled “Don’t Panic: Making progress on the encryption debate,” does acknowledge encryption will poses challenges in some instances but by no means will dictate the landscape of future technology products.
“To be sure, encryption and provider-opaque services make surveillance more difficult in certain cases, but the landscape is far more variegated than the metaphor suggests,” it said. “There are and will always be pockets of dimness and some dark spots — communications channels resistant to surveillance — but this does not mean we are completely ‘going dark’.”
For example, many consumer Web services are unlikely to enable end-to-end encryption because their business models rely on analyzing data and then monetizing it through advertising.
Also metadata — the information surrounding communications that makes it possible to technically transfer it — is usually not encrypted and probably won’t be on a large scale. Metadata includes email headers, phone call records and location data from phones.
“The trajectory of technological development points to a future abundant in unencrypted data,” the study said.