Intelligence Agencies Want To Target Surveillance Programs

IoT devices and cloud-based services represent the next frontier for digital surveillance, claims a new report.

A report from Harvard University's Berkman Center for Internet and Society tosses some cold water on the hotly contested debate over encryption vs. security, asserting that even if pro-encryption privacy advocates prevail, there are newly emerging avenues for intelligence agencies to conduct surreptitious digital surveillance.

The report, “Don't Panic. Making Progress on the Going Dark Debate,” predicted that in lieu of backdoors to encrypted messaging apps, law enforcement will increasingly turn to less fortified vectors to conduct offensive online investigations, including Internet of Things (IoT) devices, cloud-based services and apps whose business models rely heavily on customer data collection.

Reflecting the input of security experts across academia, civil society and the intelligence community, the report suggests that IoT devices, particularly those enhanced with networked sensors, cameras and microphones, could serve as especially powerful surveillance tools.

“These are prime mechanisms for surveillance: alternative vectors for information-gathering that could more than fill many of the gaps left behind by sources that have gone dark—so much so that they raise troubling questions about how exposed to eavesdropping the general public is poised to become,” the report cautions. For instance, smart TV manufacturers could potentially be ordered to let federal investigators eavesdrop on their customers' conversations via mechanisms that normally enable voice-based commands.

The report also notes that in some cases, “Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves.” For example, online service providers whose advertising models necessitate ample customer data collection will not be inclined to offer encryption services; therefore, their data would remain visible to investigators. Same goes for cloud-based services, as end-to-end encryption is currently impractical for any cloud-based features that require access to plaintext data, such as full text search.

The report also notes that metadata—still an important investigative tool—remains unencrypted and is likely to remain so in the future.

Paul Ferguson, threat research advisor at Trend Micro, told SCMagazine.com that he largely agreed with the report's premise. “The technology behind a lot of new and emerging services are not built around privacy or security, so it leaves a lot of wiggle room for an adversary to get access to sensitive information, whether that is browsing history, cell phone call detail records, ISP logs, etc.,” said Ferguson. In this instance, the adversary would be a domestic intelligence agency, though it could equally refer to cybercriminals or nation-state actors.

Merritt Maxim, senior analyst at Forrester Research, was less convinced that IoT devices and networked sensors currently constitute a viable channel for digital surveillance. “It's a possibility, but the [IoT] market is still emerging. There are no standards for exchanging or sharing data,” said Maxim. “As the market matures, and interfaces and data exchange become more standardized, it might be easier to gather data from sensors.”

SC Magazine: http://bit.ly/1R9uD1N

« Knowing Cognitive Computing
Protecting The Crown Jewels Of Corporate Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Softtek

Softtek

Softtek helps its clients to gain a competitive edge by implementing digital solutions that propel their business strategies.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

evolutionQ

evolutionQ

evolutionQ delivers quantum-risk management strategies and robust cybersecurity tools designed to be safe in an era with quantum computing technologies.

BrainStorm

BrainStorm

BrainStorm Threat Defense takes a new human-focused approach to security awareness that traditional training lacks. It’s a cutting-edge platform to make your users more security savvy.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Mindgard

Mindgard

The Mindgard Security Copilot platform secures your Artificial Intelligence, GenAI and LLMs.

Forthright Technology Partners

Forthright Technology Partners

Forthright Technology Partners (Forthright) is a next-generation cloud and managed IT services provider serving a global clientele.