The government likes to wail that encryption is the devil and is causing its surveillance efforts to go dark, but a new report by Harvard University debunked that notion; at worst encryption might cause some dim spots, but overall surveillance opportunities are brighter than ever and will even grow. In part, that’s thanks to the Internet of Things.

“We’re not going dark,” explained Jonathan Zittrain, a professor of law and computer science at Harvard. He added:

As data collection volume and methods proliferate, the number of human and technical weaknesses within the system will increase to the point that it will overwhelmingly likely be a net positive for the intelligence community. Consider all those IoT devices with their sensors and poorly updated firmware. We’re hardly going dark when — fittingly, given the metaphor — our light bulbs have motion detectors and an open port. The label is “going dark” only because the security state is losing something that it fleetingly had access to, not because it is all of a sudden lacking in vectors for useful information.

Although the report, “Don’t Panic: Making Progress on the ‘Going Dark’ Debate” (pdf), has several core findings showing how “communications in the future will neither be eclipsed into darkness nor illuminated without shadow,” some of the report’s most interesting findings involve the boundless surveillance opportunities via the Internet of Things.

Zittrain pointed out that the going dark encryption debate rarely includes discussions of the “ever-expanding ‘Internet of things,’ where telemetry from teakettles, televisions and light bulbs might prove surprisingly, and worryingly, amenable to subpoena from governments around the world.”

“Appliances and products ranging from televisions and toasters to bed sheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables are being packed with sensors and wireless connectivity,” the report explained. Products with embedded IoT functionality could include “sensors ranging from gyroscopes, accelerometers, magnetometers, proximity sensors, microphones, speakers, barometers, infrared sensors, fingerprint readers, and radio frequency antennae with the purpose of sensing, collecting, storing, and analyzing fine-grained information about their surrounding environments. These devices will all be connected to each other via the Internet, transmitting telemetry data to their respective vendors in the cloud for processing.” And all that data could be tapped for surveillance.

The report included specific examples of potential voice surveillance via IoT that law enforcement could tap. Samsung smart TVs use microphones to listen to conversations and transmit voice commands back to servers, as do other smart TVs. Voice commands are processed at remote servers when using “Ok Google,” and even “Hello Barbie.” Nest has a plethora of products; the Nest Cam records video that exchanges data with other devices “such as Nest’s thermostats and smoke detectors, which themselves contain sensors and microphones.”

“Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target,” the report said. “If the Internet of Things has as much impact as is predicted, the future will be even more laden with sensors that can be commandeered for law enforcement surveillance; and this is a world far apart from one in which opportunities for surveillance have gone dark.”

In fact, the report explained that “audio and video sensors on IoT devices will open up numerous avenues for government actors to demand access to real-time and recorded communications.” It’s not a new tactic as 13 years ago, the FBI wanted to wiretap an “in-automobile concierge system” – such as the tech used by OnStar and ATX – and use the microphone to “capture conversations taking place in the car.”

Nowadays, according to the report, the government could request access to companies “capable of recording conversations or other activity at a distance, whether through one’s own smartphone, an Amazon Echo, a baby monitor, an Internet-enabled security camera, or a futuristic Elf on a Shelf laden with networked audio and image sensors.”

It’s nothing new for law enforcement to exploit tech now in order to obtain location data for tracking such as from smartphones, license plate readers and EZ Passes; how much easier – not harder and darker – will surveillance be as IoT devices are part of our everyday life?

Four years ago, when David Petraeus was the CIA Director, he admitted that the CIA couldn’t wait to spy on you via your smart-internet connected devices – be that your smart TV, your car’s navigation system, or smart lights. Those devices are all real right now, but the future holds “a world where driverless cars will automatically communicate with each other and the roads,” pointed out all-around security and privacy guru Bruce Schneier. “Someone who can eavesdrop on those communications can learn where the cars are going and maybe who is inside them.”

Although the encryption debate rages on, with government officials swearing it is causing its surveillance efforts to go dark, the report shows the “big field” is “more illuminated than ever before.” Joseph Nye, a Harvard government professor and former head of the National Intelligence Council, said. “There will be dark spots — there always will be. But it’s easy to forget that there is far more data available to governments now than ever before.”

As you’d expect, the Harvard study involved civil libertarians, academics and technical experts, but it also included counterterrorism intelligence officials. For example, two senior NSA officials were “core members” of the report debunking “going dark” arguments; government officials told The New York Times they didn’t sign it “because they could not act on behalf of the agency or the United States government in endorsing its conclusions.”

Going dark with no way to surveil criminals and bad actors? Pfft, please.