Clapper did not name specific agency as being involved in surveillance via smart-home devices but said in congressional testimony it is a distinct possibility
The US intelligence chief has acknowledged for the first time that agencies might use a new generation of smart household devices to increase their surveillance capabilities.
As increasing numbers of devices connect to the internet and to one another, the so-called internet of things promises consumers increased convenience – the remotely operated thermostat from Google-owned Nest is a leading example. But as home computing migrates away from the laptop, the tablet and the smartphone, experts warn that the security features on the coming wave of automobiles, dishwashers and alarm systems lag far behind.
In an appearance at a Washington thinktank last month, the director of the National Security Agency, Adm Michael Rogers, said that it was time to consider making the home devices “more defensible”, but did not address the opportunities that increased numbers and even categories of connected devices provide to his surveillance agency.
However, James Clapper, the US director of national intelligence, was more direct in testimony submitted to the Senate on Tuesday as part of an assessment of threats facing the United States.
“In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper said.
Clapper did not specifically name any intelligence agency as involved in household-device surveillance. But security experts examining the internet of things take as a given that the US and other surveillance services will intercept the signals the newly networked devices emit, much as they do with those from cellphones. Amateurs are already interested in easily compromised hardware; computer programmer John Matherly’s search engine Shodan indexes thousands of completely unsecured web-connected devices.
Clapper’s admission about the surveillance potential for networked home devices is rare for a US official. But in an overlooked 2012 speech, the then CIA director David Petraeus called the surveillance implications of the internet of things “transformational … particularly to their effect on clandestine tradecraft”.
The White House’s new cybersecurity initiative, unveiled on Tuesday, pledged increased security for nontraditional networked home devices. It tasked the Department of Homeland Security to “test and certify networked devices within the ‘Internet of Things’.” It did not discuss any tension between the US’s twin cybersecurity and surveillance priorities.
Connected household devices are a potential treasure trove to intelligence agencies seeking unobtrusive ways to listen and watch a target, according to a study that Harvard’s Berkman Center for Internet and Society released last week. The study found that the signals explosion represented by the internet of things would overwhelm any privacy benefits by users of commercial encryption – even as Clapper in his testimony again alleged that the growth of encryption was having a “negative effect on intelligence gathering”.
The report’s authors cited a 2001 case in which the FBI had sought to compel a company that makes emergency communications hardware for automobiles – similar by description to OnStar, though the company was not named – to assist agents in Nevada in listening in on conversations in a client’s car.
In February 2015, news reports revealed that microphones on Samsung “smart” televisions were “always on” so as to receive any audio that it could interpret as an instruction.
“Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target,” the authors wrote.
Posted under Fair Use Rules.