Harvard study refutes 'going dark' argument against encryption

Unencrypted data, which will be accessible to law enforcement, will continue to dominate the Internet

A study from Harvard released Monday largely refutes claims that wider use of encryption in software products will hamper investigations into terrorism and crime.

It predicts that the continued expansion of Internet-connected devices -- such as smart TVs and vehicles, IP video cameras and more -- will offer fresh opportunities for tracking targets. 

"Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target," it said. "These are real products now."

The study comes from Harvard's Berkman Center for Internet Society and was signed by well-known figures, including security expert Bruce Schneier, Jonathan Zittrain of Harvard Law School and Matthew G. Olsen, former director of the U.S. National Counterterrorism Center.

All are members of the Berkman Center’s Berklett Cybersecurity Project, which studies surveillance and cybersecurity issues.

The technology industry has come under increasing pressure from some government officials in the U.S. and U.K., who contend that bolstering data security, primarily through encryption, will diminish their capabilities to fight terrorism and crime, and will result in those sources "going dark."

While law enforcement can gain access to data held by service providers through warrants, some systems have been designed in a way that the service providers can't provide any information at all.

These so-called end-to-end encryption systems leave users in sole possession of the decryption keys. Without a password, law enforcement would have to use other means to try to decrypt data.

The study, titled "Don't Panic: Making progress on the encryption debate," does acknowledge encryption will poses challenges in some instances but by no means will dictate the landscape of future technology products.

"To be sure, encryption and provider-opaque services make surveillance more difficult in certain cases, but the landscape is far more variegated than the metaphor suggests," it said. "There are and will always be pockets of dimness and some dark spots -- communications channels resistant to surveillance -- but this does not mean we are completely 'going dark'."

For example, many consumer Web services are unlikely to enable end-to-end encryption because their business models rely on analyzing data and then monetizing it through advertising.

Also metadata -- the information surrounding communications that makes it possible to technically transfer it -- is usually not encrypted and probably won't be on a large scale. Metadata includes email headers, phone call records and location data from phones.

"The trajectory of technological development points to a future abundant in unencrypted data," the study said.

Join the CSO newsletter!

Error: Please check your email address.

More about GoogleMattelNestSamsung

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts