No, Strong Crypto Is Not Making The World 'Go Dark' For Intelligence Agencies: Here's Why
from the don't-be-afraid-of-the-dark dept
Last year, Techdirt noted that there was something of a concerted campaign to paint strong encryption as a real threat to intelligence agencies. That's continuing, except that for a number of recent attacks "encryption" has become a generic excuse for intelligence failures. To the extent that there was any real logic behind the attacks on crypto, the main one was that it was making things "go dark" by preventing the authorities from accessing vital information that could have stopped the attack/saved lives/led to arrests etc. if only it had been available. You can see why this phrase is such a favorite: it cleverly reminds us that once things have gone dark, all kinds of scary stuff could start happening, just like in our childhood nightmares. The only problem with this metaphor is that it is exactly wrong, as Phillip Rogaway points out in a recent interview in The Atlantic:
law enforcement has an extraordinary set of tools available to them now. An unprecedented set of capabilities, both for law enforcement and intelligence services. These aren't somehow the dark times for either law enforcement or intelligence. These are the times of extraordinary information. Nowhere in history has it been so easy to learn so much about everybody.
Critics might counter that it's easy to say that, but how are the authorities supposed to gather vital information when strong encryption has been used? An excellent column in The Washington Post by Nicholas Weaver, a computer security researcher at the International Computer Science Institute, provides step-by-step instructions that the intelligence services can follow if they are afraid of the gathering dark:
Let's examine a hypothetical investigation into Johnny Badguy. To plan and execute his crimes, Johnny uses an iPhone with encrypted features -- such as disk encryption that prevents anyone without the pass code from accessing the data and iMessage which encrypts messages in transit -- that have drawn the ire of FBI Director James Comey.
As Weaver points out, the communications metadata is actually much more useful than any encrypted content that has "gone dark":
If the investigator knows everything Johnny does, everyone he talks to and everywhere he goes, how much does it matter that the investigator doesn't know what Johnny says?
And it's not just about metadata: unless switched off, Johnny's iCloud backup will include a copy of all undeleted messages, all his contacts, his email accounts and his photographs. Moreover, Weaver notes, Google provides even more useful info:
Every IP address used to log into the Google account can recreate Johnny's movements -- the same information used by the FBI to unmask former CIA head David Petraeus's affair. If Johnny stays logged into Google through his browser, investigators have access to Johnny's search history and, thanks to how the Google+ button operates, a large number of the pages Johnny has viewed.
On top of that, a warrant to the phone company will provide:
the movements of the phone itself, as every call, text or push notification records at least the cell tower and sector, which says Johnny was in a particular wedge-shaped location occupying a few square miles.
As Weaver concludes:
Taken together, and further combined with other sources (such as the near-ubiquitous license plate readers and toll-tags), investigators have a nearly complete picture of Johnny's behavior, movements and associates without having to ever worry about the effects of cryptography.
As well as confirming that metadata is in general far more revealing than content -- despite what the UK government likes to insist -- Weaver's tale of Johnny Badguy brings out something that is insufficiently appreciated: the fact that today's mobile devices provide an amazing treasure-trove of information about their owner that is without precedent historically. In fact, Weaver's helpful analysis shows that the real threat to the intelligence agencies is not that the bad people might start using strong encryption, but that they might stop using smartphones.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: detective work, encryption, going dark, information, investigations, law enforcement
Reader Comments
Subscribe: RSS
View by: Time | Thread
Standard law enforcement and investigative techniques still work
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
They magically take out all the information about someone just by using a few clicks, in a fashion way.
Police before wanted to imitate Dirty Harry (well, they do it nowadays too), now they also want to imitae CSI Cyber and such.
Yeah, were the bad guys are stupid enough to only use numbers in their passwords that happen to be tattooed in the skins of their members.
And also, as said, even if you can't use all of the information provided because the badguy is smart enough (tech savvy enough, I mean), you still have the old investigation methods that work, or may not work.
Still, in the end, the best way of taking care of crimes is taking away the cause that creates them. Poverty is the main cause in a lot of crimes, maybe moving towards that end would do more than spending trillions in "our" "security".
[ link to this | view in chronology ]
Re: Re: Re:
I invite your attention to Johnson's "great society" for why your argument is incorrect.
[ link to this | view in chronology ]
Re: Re: Re: Re:
From reading it, I'd say it didn't work because it didn't really address poverty in a significative way.
It won't do miracles, I know. And crime won't disappear just because of that.
But I'd say that not people who don't have the bare essentials to live, or that live in broken homes, are more likely to turn into criminals than people who got all their basics covered at least.
Btw, here are a few papers about why my argument is pretty much spot on:
http://financesonline.com/how-income-inequality-affects-crime-rates/
http://www.theatlantic.com/bu siness/archive/2014/10/does-inequality-cause-crime/381748/
http://blogs.worldbank.org/developmenttalk /does-lower-inequality-lead-less-crime
http://www.bloombergview.com/articles/2013-01-06/want-to-fight -crime-address-economic-inequality
And yeah, poor people are more likely to be involved in crimes, either as culprits or victims:
http://www.bjs.gov/index.cfm?ty=pbdetail&iid=5137
It's common sense. If I have no money and no food, it's more likely that I won't give a fuck about others, about rules, about the society or whatever.
As an example, crimes from people who migrated from Balkans (Kosovo, Serbia...) after the war were more likely to end in violence (such as beating the owner of a house you were robbing or shooting him) because, let's be honest, they didn't give a fuck about killing anymore (they had their share of deaths in their own countries).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
You may not be giving it enough credit.
http://www.forbes.com/sites/timworstall/2014/05/22/the-great-society-at-50-yes-it-has-abolish ed-poverty/
[ link to this | view in chronology ]
But
[ link to this | view in chronology ]
Re: But
[ link to this | view in chronology ]
Re: Re: But
[ link to this | view in chronology ]
further, no one has yet had the balls to say, officially or otherwise, that the whole reason for wanting to be able to have access to everyone isn't in the least to do with stopping terrorism or any other bad event. it's everything to do with making sure that every government knows exactly what their citizens is going to do, when and where, when they have become so pissed off at those governments and want to put up resistance!!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
And probably wishes the thief would wear those shoes that have lights in them which light up every time the shoe hits the ground!
http://www.lwcbooks.com/crooks.html WARNING: this link is old; story appears approx. 15% down a really long page.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Why Backdoors?
I theorize that they are worried about losing large swaths of social data that is being actively mined for analytical reasons as a way of using popular opinion to push policy.
There seems to be a feedback loop between policy, social opinion, and media output that is to coordinated to be haphazard.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Just because I have an unfortunate name you paint me to be some kind of criminal. I'm going to sue you Masnick!
[ link to this | view in chronology ]