While various US agencies have made noise about the “Going Dark” problem1, the Berkman Center for Internet and Society has pointed out that there are many new data sources available to them under subpoena, which should more than compensate. The report is called Don’t Panic. Making Progress on the Going Dark Debate (PDF). The full report is about 37 pages (and I’ve only skimmed it so far), but seems worthwhile.

The Ars Technica summary puts it succinctly:

The so-called “going dark” problem—which various government officials claim will be the death knell to the US because Silicon Valley won’t bake crypto backdoors into its wares—is greatly overblown. That’s because crime fighters are not in the dark, at least technologically, and are now presented with a vast array of spy tools at their disposal. Specifically, modern espionage is piggybacking on the Internet of Things (IoT) tools, from televisions to toasters, that enable wanton spying.

While this puts a positive angle on it2, the broader ramifications of the “Internet of Things” wave of change are still new to us. Many of the devices I’ve seen or built have limited security capabilities — authentication is typically static cleartext passwords, crypto is unsupported, SSL is right out — to say nothing of the web services they backend to. While security is always in the second release, many of these devices will be around for a reasonable amount of time: the vulnerable long-tail of the things available now will take a while to fade out.

(via Akiba @ FreakLabs)

  1. Read: consumers using crypto to protect their traffic from eavesdroppers, because we’re not animals.

  2. And one certainly supports the need for law enforcement to access information in pursuit of their duties, within an appropriate legal framework.