Researchers at Harvard University have tackled claims by governments and security agencies around the world that IoT security will cripple surveillance efforts.
In a study published on February 1st entitled ‘Don’t Panic: Making Progress on the “Going Dark” Debate’, six signatories from the Berkman centre of Internet & Society seek to clarify the relationship between surveillance and the ever-growing IoT.
The study concludes that while government and security professionals are right to suggest that less encryption will make their jobs easier, this standpoint would actually put innocent civilians at risk from third-party threats. The study argues:
“There is a general sense by actors within both the intelligence and law enforcement communities that, were all else equal, they would benefit if technological architectures did not present a barrier to investigations.
“(To be sure, all else is not equal – for example, if all communications were routinely unencrypted, citizens would be exposed to surveillance from myriad sources, many of whom might be viewed as national security threats by those citizens’ governments.”
It is true that surveillance efforts are to an extent countered by legal checks and balances in countries such as America and the UK. Unfortunately, this kind of supervision doesn’t exist worldwide, and less encryption in a world where things are becoming more and more connected will threaten the majority.
The study goes on to state that surveillance agencies should see a blossoming IoT as an opportunity, not a threat to their operations.
With so many new products and services achieving connectivity every day, there will always be opportunities for surveillance. Security services could, for example, listen to your telephone conversations through the newly built-in microphone in your toaster, or television. The truth is that, as the report goes on to say: “If the Internet of Things has as much impact as is predicted, the future will be even more laden with sensors that can be commandeered for law enforcement surveillance; and this is a world far apart from one in which opportunities for surveillance have gone dark.”
The report concludes that the claim from security agencies that their surveillance capabilities will be restricted by growing IoT security couldn’t be further from the truth. In reality, instead of seeking to lower the encryption of newly connected devices – compromising the safety of the innocent majority – governments accept that traditional snooping methods need to be adapted, and take advantage of new opportunities as and when they arrive. Most important is the obvious fact that more needs to be done to make our smart devices more secure.
Speaking to Internet of Business earlier today, Amar Singh, former CISO at News International and SABMiller as well as founder of the Give01Day charity, said that agencies will naturally seek to explore IoT as an additional avenue for compromise, especially given “IoT is pretty much going to be unregulated, meaning agencies do whatever they want.”
“I think IoT is going to a gold mine of interception for agencies. There’s no way we are going to be on top of every fridge we buy. It may already be compromised”.
Singh added that agencies have little respect for personal privacy and added: “In five years’ time, we might not have the optional to buy a normal fridge or TV.”
He believes IoT security is already flawed and says that newer devices must embrace privacy and security by design.
“Those two mantras need to be embedded into the product. I think the danger we are walking close to is millions of devices not being figured for security, having no option to update securely and are therefore open to wide scale abuse.”