In November, I opined that a nuanced approach was needed when addressing encryption. I wrote that there are different forms of cryptographic protection, and that each side on this issue needs to consult and not confront one another. Last month, Harvard University’s Berkman Center for Internet and Security released a white paper that attempts to address many of the issues I and others raised. Entitled, Don’t Panic: Making Progress on the “Going Dark” Debate, the the paper points out that governments have many avenues to access unencrypted information. They also have access to so-called “metadata”, and they claim that because of this, the Internet hasn’t really gone dark.
They’re right. For now.
Many of the points the authors made addressed the state of the Internet as they saw it in January of 2016. That is- Google has had difficulty encrypting platforms, Apple has backup recovery keys that governments can subpoena, and the security of the Internet of Things is nothing short of a crying shame, that governments can take advantage of. All three of those points may well change over time. Apple could easily move to a system (if they have not already done so) where recovery keys themselves are encrypted in information that only the owner of a device has, be that a password or one of those questions like, “What was your first pet?” If Apple can accomplish such a feat, the only matter that would hold Google up is lining up those that actually sell their devices to support whatever system they put in place.
Even metadata is likely to dry up. Efforts such as the IETF’s DPRIVE working group attempt to keep private queries your computer makes to convert domain names like ofcourseimright.com to IP addresses that the network understands. At the same time, those who really want to hide are able to do so through ToR networks.
Even the security of Things on the Internet is likely to improve over time, albeit slowly. That will require a concerted effort between Thing manufacturers, network vendors, service providers, and users.
And so the question: do policy makers need to actually do anything today to insure access to law enforcement officials? My answer is a firm not yet. That’s very good news because it gives us time to have the dialog necessary to deal with the many facets of this issue. However, all sides still have come to terms with each other.