Intelligence Agencies Want To Target Surveillance Programs

IoT devices and cloud-based services represent the next frontier for digital surveillance, claims a new report.

A report from Harvard University's Berkman Center for Internet and Society tosses some cold water on the hotly contested debate over encryption vs. security, asserting that even if pro-encryption privacy advocates prevail, there are newly emerging avenues for intelligence agencies to conduct surreptitious digital surveillance.

The report, “Don't Panic. Making Progress on the Going Dark Debate,” predicted that in lieu of backdoors to encrypted messaging apps, law enforcement will increasingly turn to less fortified vectors to conduct offensive online investigations, including Internet of Things (IoT) devices, cloud-based services and apps whose business models rely heavily on customer data collection.

Reflecting the input of security experts across academia, civil society and the intelligence community, the report suggests that IoT devices, particularly those enhanced with networked sensors, cameras and microphones, could serve as especially powerful surveillance tools.

“These are prime mechanisms for surveillance: alternative vectors for information-gathering that could more than fill many of the gaps left behind by sources that have gone dark—so much so that they raise troubling questions about how exposed to eavesdropping the general public is poised to become,” the report cautions. For instance, smart TV manufacturers could potentially be ordered to let federal investigators eavesdrop on their customers' conversations via mechanisms that normally enable voice-based commands.

The report also notes that in some cases, “Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves.” For example, online service providers whose advertising models necessitate ample customer data collection will not be inclined to offer encryption services; therefore, their data would remain visible to investigators. Same goes for cloud-based services, as end-to-end encryption is currently impractical for any cloud-based features that require access to plaintext data, such as full text search.

The report also notes that metadata—still an important investigative tool—remains unencrypted and is likely to remain so in the future.

Paul Ferguson, threat research advisor at Trend Micro, told SCMagazine.com that he largely agreed with the report's premise. “The technology behind a lot of new and emerging services are not built around privacy or security, so it leaves a lot of wiggle room for an adversary to get access to sensitive information, whether that is browsing history, cell phone call detail records, ISP logs, etc.,” said Ferguson. In this instance, the adversary would be a domestic intelligence agency, though it could equally refer to cybercriminals or nation-state actors.

Merritt Maxim, senior analyst at Forrester Research, was less convinced that IoT devices and networked sensors currently constitute a viable channel for digital surveillance. “It's a possibility, but the [IoT] market is still emerging. There are no standards for exchanging or sharing data,” said Maxim. “As the market matures, and interfaces and data exchange become more standardized, it might be easier to gather data from sensors.”

SC Magazine: http://bit.ly/1R9uD1N

« Knowing Cognitive Computing
Protecting The Crown Jewels Of Corporate Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations including cybersecurity.

Ultima

Ultima

Ultima are on a mission to help businesses unlock their true potential by using the right IT to protect your company’s revenue and reputation – 24/7.

Credo AI

Credo AI

Credo have pioneered a Responsible AI platform that enables context driven, comprehensive and continuous governance, oversight and accountability of AI.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.