CIA Eager to Enlist Inanimate Internet Spies

There's a really lame old joke that feels like it grew out of Soviet Cold War cynicism but is as American as paranoia gets: The setup doesn't have to be too specific – just anything that mentions the CIA, FBI or NSA's tendency to run covert surveillance operations even within the U.S. (where only the FBI is supposed to).

The punchline is always the same: One character asks another something about how to get ahold of the spies to report something suspicious. "I don't know where to call them," the other character replies, "but just talk loudly into the lamp and they'll hear you."

It was probably funny once, but only when J. Edgar Hoover was still alive and only if you already knew how snoopy he was.

If he were alive now he'd die of jealousy after an announcement from the CIA that makes it clear how willing both the CIA and its congressional bosses are to have the agency responsible for foreign intelligence spying on Americans.

CIA Director David Petraeus, like at least one person every geek knows who is obsessed with the Internet of Things and won't shut up about it, gushed over the growth in intelligence among household appliances not because they would make life simpler or power use more efficient or give consumers access to the Internet through more and more devices that have no good reason to connect to the Internet.

The universe of wired devices will be "transformational," according to Wired's report from a conference at In-Q-Tel, the CIA's venture-capital firm.

Every Internet-of-things geek says it will be transformational, but usually they're talking about good things.

"I do believe [transformational] applies to these technologies," Petraeus said. "Particularly their effect on clandestine tradecraft."

Nice.

The best thing about adding intelligence to ordinary devices is that they can be remotely monitored, controlled and used as pickups for sound, video and wireless data – capabilities that can be used or abused at will even by spy agencies wanting to listen in on private citizens without the justification needed for a warrant or effort needed for an illegal bug.

The prevalence of wireless, powerline, and other non-standard networking connections will also make it possible for unnamed spy agencies to conduct their surveillance without leaving any fingerprints to show they were there – because they're not allowed to do surveillance on Americans in the first place, so their only choice is to hide it really well.

The CIA has more leeway with smart appliances than regular computers due to changes in the 2008 Foreign Intelligence Surveillance Act and court decisions about the American Patriot Act, both of which make less clear whether it's actually forbidden for the CIA to collect geolocation data from devices, collect server-based logs for individual cell phones and other ambient data.

The CIA isn't allowed to spy on people. It may or may not be allowed to spy on devices, which it would do to collect a lot of data about the activity of devices that implicitly say quite a lot about the activity of the people that own them.

Most privacy advocates would flag that immediately as a very big, pretty complicated problem that has to be addressed by defining more clearly what right of privacy Americans can expect from devices that happen to own a semiconductor, just how far the CIA, FBI or other agencies should be allowed to go in collecting data from devices – spying by proxy – and under what circumstances.

It would also require refinement or restructuring of the rules for the FBI, CIA , NSA, and Secret Service to make clear to badge carriers that having the ability to listen in on every device touched by every citizen is not the same as having the right to do so, let alone having the eggs to cackle in anticipation when they think about it in public.

"Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters -  all connected to the next-generation internet using abundant, low-cost, and high-power computing," the chief covert guardian of the liberty of Americans gurgled with joy. "It's going to change our notions of identity and secrecy."

The only question is, after the change, what changes should we allow to our sense of identity, to our ability to keep even the most private issue secret and to the ability of David Petraeus to penetrate those secrets by infiltrating our dishwashers, televisions and garbage disposals.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Subscribe to the Security Watch Newsletter

Comments