Intelligence Agencies Want To Target Surveillance Programs

Uploaded on 2016-02-09 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

IoT devices and cloud-based services represent the next frontier for digital surveillance, claims a new report.

A report from Harvard University's Berkman Center for Internet and Society tosses some cold water on the hotly contested debate over encryption vs. security, asserting that even if pro-encryption privacy advocates prevail, there are newly emerging avenues for intelligence agencies to conduct surreptitious digital surveillance.

The report, “Don't Panic. Making Progress on the Going Dark Debate,” predicted that in lieu of backdoors to encrypted messaging apps, law enforcement will increasingly turn to less fortified vectors to conduct offensive online investigations, including Internet of Things (IoT) devices, cloud-based services and apps whose business models rely heavily on customer data collection.

Reflecting the input of security experts across academia, civil society and the intelligence community, the report suggests that IoT devices, particularly those enhanced with networked sensors, cameras and microphones, could serve as especially powerful surveillance tools.

“These are prime mechanisms for surveillance: alternative vectors for information-gathering that could more than fill many of the gaps left behind by sources that have gone dark—so much so that they raise troubling questions about how exposed to eavesdropping the general public is poised to become,” the report cautions. For instance, smart TV manufacturers could potentially be ordered to let federal investigators eavesdrop on their customers' conversations via mechanisms that normally enable voice-based commands.

The report also notes that in some cases, “Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves.” For example, online service providers whose advertising models necessitate ample customer data collection will not be inclined to offer encryption services; therefore, their data would remain visible to investigators. Same goes for cloud-based services, as end-to-end encryption is currently impractical for any cloud-based features that require access to plaintext data, such as full text search.

The report also notes that metadata—still an important investigative tool—remains unencrypted and is likely to remain so in the future.

Paul Ferguson, threat research advisor at Trend Micro, told SCMagazine.com that he largely agreed with the report's premise. “The technology behind a lot of new and emerging services are not built around privacy or security, so it leaves a lot of wiggle room for an adversary to get access to sensitive information, whether that is browsing history, cell phone call detail records, ISP logs, etc.,” said Ferguson. In this instance, the adversary would be a domestic intelligence agency, though it could equally refer to cybercriminals or nation-state actors.

Merritt Maxim, senior analyst at Forrester Research, was less convinced that IoT devices and networked sensors currently constitute a viable channel for digital surveillance. “It's a possibility, but the [IoT] market is still emerging. There are no standards for exchanging or sharing data,” said Maxim. “As the market matures, and interfaces and data exchange become more standardized, it might be easier to gather data from sensors.”

SC Magazine: http://bit.ly/1R9uD1N

« Knowing Cognitive Computing
Protecting The Crown Jewels Of Corporate Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

Quadron Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

RAD Security

RAD Security

RAD Security (formerly KSOC) is a cloud native security company that empowers engineering and security teams to drive innovation so they can focus on growth versus security problems.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.