Are you a security pro? Try our quiz!
Government surveillance opportunities cut off by the recent introduction of encryption in some communications tools are greatly offset by the rise of easily hackable connected devices such as home thermostats and toys, among other factors, according to a new study.
The study, “Don’t Panic. Making Progress on the ‘Going Dark’ Debate” (PDF), published by Harvard’s Berkman Center for Internet & Society on Monday, finds that in spite of the attention attracted by the encrypted communications services offered by Apple, Google and others, individuals are likely to become increasingly easy to spy on.
“Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance,” the report stated. “If the Internet of Things has as much impact as is predicted, the future will be even more laden with sensors that can be commandeered for law enforcement surveillance; and this is a world far apart from one in which opportunities for surveillance have gone dark.”
The study cited the development of everything from televisions and toasters to bed sheets, light bulbs, toothbrushes, cars and watches containing “sensors ranging from gyroscopes, accelerometers, magnetometers, proximity sensors, microphones, speakers, barometers, infrared sensors, fingerprint readers, and radio frequency antennae”, all sending this data across the Internet for processing in the cloud.
The report’s authors cited a February 2015 incident in which Samsung’s televisions were found to be listening to conversations in their proximity and sending this audio data to Samsung servers, which analysed it to determine whether a voice command was being spoken.
While such data could in theory all be secured, the study noted that the wide adoption of end-to-end encryption for such devices is unlikely.
That’s in part due to the fragmented nature of software systems, but also to the fact that companies’ business models depend upon their own access to this data, meaning it is also available for governments to requisition.
“Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves,” the report stated.
What’s more, communications metadata – which contains information such as mobile phone location, telephone numbers called and email headers – is not encrypted, and is likely to remain so, because communications systems must have access to it in order to operate, the study pointed out.
“This information provides an enormous amount of surveillance data that was unavailable before these systems became widespread,” the study said, concluding that such trends raise “novel questions” about the protection of individual privacy and security.
Apple and other IT companies fear that the draft Regulatory Powers Bill currently being considered by Parliament could weaken their ability to offer secure communications to which they themselves don’t have access.
A parliamentary committee recently found that the uncertainty around this question risks damaging the UK’s IT sector.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…