Intelligence Agencies Want To Target Surveillance Programs

Uploaded on 2016-02-09 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

IoT devices and cloud-based services represent the next frontier for digital surveillance, claims a new report.

A report from Harvard University's Berkman Center for Internet and Society tosses some cold water on the hotly contested debate over encryption vs. security, asserting that even if pro-encryption privacy advocates prevail, there are newly emerging avenues for intelligence agencies to conduct surreptitious digital surveillance.

The report, “Don't Panic. Making Progress on the Going Dark Debate,” predicted that in lieu of backdoors to encrypted messaging apps, law enforcement will increasingly turn to less fortified vectors to conduct offensive online investigations, including Internet of Things (IoT) devices, cloud-based services and apps whose business models rely heavily on customer data collection.

Reflecting the input of security experts across academia, civil society and the intelligence community, the report suggests that IoT devices, particularly those enhanced with networked sensors, cameras and microphones, could serve as especially powerful surveillance tools.

“These are prime mechanisms for surveillance: alternative vectors for information-gathering that could more than fill many of the gaps left behind by sources that have gone dark—so much so that they raise troubling questions about how exposed to eavesdropping the general public is poised to become,” the report cautions. For instance, smart TV manufacturers could potentially be ordered to let federal investigators eavesdrop on their customers' conversations via mechanisms that normally enable voice-based commands.

The report also notes that in some cases, “Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves.” For example, online service providers whose advertising models necessitate ample customer data collection will not be inclined to offer encryption services; therefore, their data would remain visible to investigators. Same goes for cloud-based services, as end-to-end encryption is currently impractical for any cloud-based features that require access to plaintext data, such as full text search.

The report also notes that metadata—still an important investigative tool—remains unencrypted and is likely to remain so in the future.

Paul Ferguson, threat research advisor at Trend Micro, told SCMagazine.com that he largely agreed with the report's premise. “The technology behind a lot of new and emerging services are not built around privacy or security, so it leaves a lot of wiggle room for an adversary to get access to sensitive information, whether that is browsing history, cell phone call detail records, ISP logs, etc.,” said Ferguson. In this instance, the adversary would be a domestic intelligence agency, though it could equally refer to cybercriminals or nation-state actors.

Merritt Maxim, senior analyst at Forrester Research, was less convinced that IoT devices and networked sensors currently constitute a viable channel for digital surveillance. “It's a possibility, but the [IoT] market is still emerging. There are no standards for exchanging or sharing data,” said Maxim. “As the market matures, and interfaces and data exchange become more standardized, it might be easier to gather data from sensors.”

SC Magazine: http://bit.ly/1R9uD1N

« Knowing Cognitive Computing
Protecting The Crown Jewels Of Corporate Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Newtech Recycyling

Newtech Recycyling

Newtech Recycyling specializes in the removal and disposal of IT infrastructure which has reached the end of its life cycle.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

Tactic Labs

Tactic Labs

Tactic Labs (part of the Avnon Group) delivers a holistic Cyber-Security Management Platform which provides military-grade protection, safeguarding critical infrastructures and mission-critical data.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.