If federal law enforcement officials were straightforward about the threat of strong, end-to-end encryption, they wouldn’t term the risk “going dark,” but rather “going slightly dimmer in some places” — that’s the message from a new report by Harvard University’s Berkman Center for Internet and Society.
According to the report, released Monday, the advent of end-to-end encryption in devices like Apple’s iPhone and Google’s Android, as well as in popular communications programs like WhatsApp, represents only a small portion of available clandestine communications channels — and the potential benefits of handing the keys over to the government do not outweigh the risks.
“Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible?” poses the report’s introduction. “We think not.”
The authors go on to declare that giving the feds access to encrypted chatter would not do much to enable surveillance of terrorists’ clandestine communications, which is the central platform of the FBI’s reasoning.
“Short of a form of government intervention in technology that appears contemplated by no one outside of the most despotic regimes, communication channels resistant to surveillance will always exist,” the report states.
“We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow. Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption,” it says.
Strong encryption, the report argues, prevents companies from monitoring user data that is critical to their revenue streams — a major motivation for keeping a back door open.
Product functionality also comes into play. The ability to retrieve accidentally deleted data or data from a profile with a forgotten password is a standard feature of most programs today, and one that end-to-end encryption could hamper.
The report asserts that software ecosystems are too fragmented to incubate widespread and comprehensive encryption — “far more coordination and standardization than currently exists would be required,” the report claims. It also cites metadata, which remains unencrypted in the vast majority of communications apps, as an important new source of surveillance information that was unavailable before systems like cell phone location tracking became widespread.
For the FBI, these consolations are not enough. As Director James Comey told the Brookings Institution in October 2014: “Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem… Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority. We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”
In a testimony before Congress last summer, Comey used the 2015 terrorist attacks in Garland, Texas, as an example. The attacker had exchanged 109 encrypted WhatsApp messages with an overseas terrorist prior to the assault, but the FBI was unable to see what they were discussing.
While the Berkman Center acknowledges certain dark spots in the FBI’s criminal surveillance, it says that the potential privacy violation of hundreds of millions of Americans is too steep a price for clearing them.
“The increased availability of encryption technologies certainly impedes government surveillance under certain circumstances, and in this sense, the government is losing some surveillance opportunities,” the report concludes. “However… the combination of technological developments and market forces is likely to fill some of these gaps and, more broadly, to ensure that the government will gain new opportunities to gather critical information from surveillance.”