A lot of column inches have been given to the UK’s continuing crackdown on companies that use end to end encryption. This technology means that only the people communicating can read the messages, and that it can’t be eavesdropped on, even by the company providing the service.
The UK Home Secretary Amber Rudd, whilst one of the most vocal opponents of the technology, admitted that she didn’t really understand how it worked. To admit ignorance and to then accuse the technology of enabling pedophiles and criminals seems more than a little problematic. She said she doesn’t need to understand it to understand that it is helping criminals, but the “how” of the process does seem to be relevant.
If you set aside the technical aspects for a moment and just consider it in terms of an ethical issue. Is it unethical to provide such people a service they can use freely without being observed? Is arguing that the technology works in a way that makes handing over keys to the data impossible and adequate excuse? And then, should the companies that employ e2e encryption develop a means by which governments can monitor the communications?
Such people will find a way to send the kind of data they want to send anyway, and if the data goes beyond messages, and includes such things as pictures or video, they are going to have to decrypt it and then a copy of it will be on their device – at that point the proof of their illegal activity should be easy enough to find and prosecute them for. In an age where people are concerned about cyber-security, weakening the e2e technology renders it less safe, and makes it no longer e2e, so in this case the Government is basically arguing against the actual existence of the tech itself – complying with the demands for a back-door renders the argument mute, because the technology no longer exists.
So, the question then becomes, should e2e even exist? In a surveillance state the answer the government is going to give is most likely an unequivocal know. The reasoning is, that in order to be able to protect us from terrorists, all of our communications need to be accessible by the intelligence services. If you were to believe Edward Snowden about the abilities of the NSA then the notion that they aren’t already able to see everything seems a little odd; the idea that things haven’t been developed since Snowden was around that far outstrip the programs he was working on also seems unlikely.
You know that if the US had the ability to do all this that they were working in collaboration with MI5 and MI6 , and it is an area where both countries are testing the boundaries.
With all this, and the collection of password and social media aliases for people coming through customs, how many terror attacks or mass shootings have actually been stopped? Who have they actually been able to draw a bead on? Admittedly there may be a vast number of incidents that we never hear about that have been stopped, but there are also an unprecedented number of attacks that keep getting carried out.
Further erosion of privacy and liberty and security isn’t likely to make the world a safer place for anyone. Terrorists and hackers and conspirators are in the minority. Persecuting everyone, and making everyone else less safe, by demanding that measures they use for protecting their data be compromised, isn’t going to be popular. The notion that if you have nothing to hide you have nothing to fear doesn’t explain away the need for privacy. Just because you have things you don’t want to share with strangers, or want to have private communications with someone, it doesn’t mean that you are engaged in an activity that makes you a person of interest to an intelligence agency.
How much of the data that they collect is going to pertinent to the job that they are supposed to be doing? In what way will dissenting viewpoints be treated? How well can the constitution and the first amendment, and the notion of a country as embodying liberty survive? How can an Englishman’s home be his castle if his defenses are already breached?
It is quite probable that very early on people in the field of intelligence gathering saw the potential of social media to do their work for them. The patina of a medium which democratized information and leveled the playing field in terms of media distribution, is now starting to look like a personalized ankle bracelet.
Having your information in the hands of the wrong government people is a scary prospect. People were already raising red flags about President Obama’s complicity in the expansion of the NSA’s remit, and now, for a lot of people who have problems with the policies of the current administration, that data does indeed seem to be in the wrong hands.
Not to throw up another lazy analogy with Nazis, but the final solution was facilitated by the collection of data made possible by IBM. At that point they were using punch card machines to catalog heredity and to facilitate the movement of people, and now we are far in advance of that, so the control and flow of information is indeed important. Comey proved the FBI isn’t above politics. We know the CIA left its fingerprints all over the politics of other nations.
Given the failure of the government and its instruments to protect something as important as the Election; given a company like Equifax, which affects so many people’s lives, having a data breach; given the hacking of Yahoo; given all these things is it any wonder that the PR is totally out in terms of convincing people that their data is safe in the hands of anyone other than themselves and companies that make e2e possible? If you were going to market the notion that handing your data over to those who have repeatedly failed to handle it properly was a good idea, how would you go about it? That would have to be one hell of a campaign? Could you weight it with so much confidence or fear that the public would buy it? Maybe. The notion of collecting all the data into a central repository that might fall victim to ransomware is pretty scare though. Even if you trust the people handling the data, in that situation, do you trust the security built up around the database where all your most important information is stored?