New Consumers Union report catalogs the potential collateral damage from the crypto wars

In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the "consumer stake in the encryption debate": they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy.

Crypto, after all, is the way that manufacturers authenticate their software updates for devices, secure the transmissions between those devices, and protect the integrity of sensitive information like financial transactions, vehicle telemetry, and health data.

Posing the crypto wars as finding a balance between your right to privacy and cops' ability to fight crime misses out on these important equities. Asking us to give up working crypto is also asking us to give up the certainty that our medical implants, cars and voting machines aren't being remotely sabotaged.

Cryptography is essential to the delivery of these updates, as it allows a device to know who is installing what. Manufacturers use digital signatures to ensure that only genuine updates are delivered, guarding against code that might be sent from malicious actors, such as criminals looking to remotely turn on microphones, steal data, or attack other nearby devices.

This is not a theoretical danger: Users of Adobe Flash, Android, and multiple web browsers have been targeted in the past with invitations to download and install fake software updates.

The problem could become more acute as consumers adopt a coming tidal wave of new software - driven devices. Mobile phones have become omnipresent and virtually omniscient personal assistants, with minority and vulnerable consumers being especially likely to be dependent on smartphones for their access to the internet. Homes are becoming “smarter” as embedded, largely invisible computer chips control televisions, refrigerators, thermostats, home cameras, and light switches. Even cars — once the quintessential mechanical product — now depend heavily on digital technologies.

To use all of these digital products and services, consumers must blindly trust hundreds of millions of lines of computer code as they navigate their day - to - day lives. And just as programmers spend their days creating and improving their code, hackers work hard at finding vulnerabilities that can enable them to turn baby monitors into spy devices, infiltrate mobile phones and laptops, and potentially even control a car’s brakes and steering. Many of these vulnerabilities carry the risk of being exploited in an environment where the stakes are high: Hackers have remotely hijacked connected Jeeps, redirected yachts by “spoofing” GPS coordinates, and locked home thermostats at 99 degrees Fahrenheit. If these connected products used encryption, it would be much harder for hackers to exploit these vulnerabilities and place consumers at risk.

Beyond Secrets: The Consumer Stake in the Encryption Debate [Consumers Union]

Loading...