The Internet of Things is a godsend for the US intelligence services, according to Director of National Intelligence and professional splitter-of-hairs James Clapper.
In prepared testimony [PDF] for the Senate Armed Services Committee, Clapper highlighted that “widespread vulnerabilities” in new devices represent “new opportunities for our own intelligence services.”
Asked to give a report on worldwide threats facing the United States, Clapper started his testimony by specifically highlighting the Internet of Things (IoT) as a potential goldmine for surveillance – echoing a similar conclusion reached by academics last week.
“Smart devices incorporated into the electric grid … can threaten data privacy, data integrity, or continuity of services,” he said. “In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
His comments come following repeated warnings over the poor security standards included in smart-home products, even the most well-resourced and well-known. Recently, the Ring doorbell leaked people’s Wi-Fi keys, and the Nest thermostat failed to keep people warm after a bad software update.
Barbie, Samsung, Echo
The data from IoT products can potentially be hugely valuable. Many include microphones and motion sensors, for example, such as new smart TVs, kids’ toys and voice-controlled products like Amazon’s Echo.
It wasn’t just the internet of things that Clapper is worried/excited about. He also references that artificial intelligence is provided a similar risk/opportunity. By meddling with or anticipating the results of algorithms, a huge number of AI systems “are susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand.” On the flipside, however, they also “might create or enable further opportunities to disrupt or damage critical infrastructure or national security networks.”
The rest of Clapper’s report focuses on what and who you would expect to be cited in a “worldwide threats” report for the US Senate: China, Russia, Iran, North Korea, Iraq, Afghanistan, ISIL, etc.
Clapper was joined at the hearing by Director of the Defense Intelligence Agency, Vincent Stewart. Stewart approach the issue the other way around: listing the countries and terrorism threats first and referencing global cyber threats at the end of his prepared testimony.
Stewart did not reference IoT, but he did note that the recent “aggregation of bulk data,” i.e., hacks of US government systems, “could be used to conduct pattern analysis, possibly exposing sensitive operations or relationships.” ®
Building secure multi-factor authentication