Modern field guide to security and privacy
A man displays a protest message on his iPhone at a small rally in support of Apple's refusal to help the FBI access the cell phone of a gunman involved in the killings of 14 people in San Bernardino, in Santa Monica, California, U.S. in this February 23, 2016 file photo. /File Photo
Lucy Nicholson/Reuters | Caption

Digital privacy can’t survive on a cracked foundation

A new American president and Congress have a historic opportunity to safeguard digital privacy — but they can’t build on a foundation of mass surveillance and encryption backdoors

With the looming election and all its painful uncertainty, the technology community is holding its breath to see how the political process will impact what is perhaps the most important issue to privacy advocates and technologists the world over: encryption.

Although a U.S. President wouldn’t directly decide freedom of speech and information policy, they will play a key role in shaping the future of the debate. With wide discrepancies in cybersecurity and privacy policy, the US presidential candidates both leave unanswered the ultimate question of how to guarantee privacy.

This is a problem because the current US laws and regulations governing data privacy fail to keep up with not only modern technology but also the fact that corporate and governmental use of our data is becoming increasingly common and more important to our everyday life.

In the aftermath of the election, we hope for a modern legal framework preserving privacy as a right be a potential win for a new Congress and a new administration.

To get there, Congress and the White House must first understand a simple truth: It’s impossible to build functional, lasting legal frameworks that will protect our privacy long into our digital future when the foundation of that right to privacy is cracked.

Here’s what we mean.

There have been several steps taken by courts and legislators in this direction in recent months — but, as you’ll see, they have not amounted to true change.

In a recent Microsoft vs. US Department of Justice case, a US court ruled that the US government cannot force companies to surrender customer data stored on servers outside of US jurisdiction. While this decision is definitely a win for privacy in the short term, the individual case did little to bring antiquated legislation into line with the requirements of the modern, global technology industry.

Given major law governing digital communication was passed in 1986 (the Electronic Communications Privacy Act), it would seem a major candidate for reform and, indeed, lawmakers on Capitol Hill have taken a shot at adapting the legislation to our modern reality. Those changes were rolled up into the Email Privacy Act, an amendment that would require law enforcement to present a warrant when obtaining a citizen’s cloud-stored data or emails, among other changes. Frozen in the Senate, this legislation has sparked discussion but has had minimal long-term effects.

While these efforts are good, finding a solution to this problem requires remembering that privacy rights do not function to protect and shield the machinations of terrorists from the watchful eye of faithful security agencies.

They exist because privacy is an integral part of what it means to be free in the modern age.

These rights are in place to prevent governments, businesses, and hackers from knowing things about your private life that they have no business knowing, including information that can unjustly affect your insurance premiums, limit your access to healthcare, or get you fired.

Mass surveillance — whether done by corporations, corporations at the behest of governments, or governments themselves —puts a crack in that fundamental freedom.

Encryption backdoors, or giving certain users the ability to circumvent information obscured from prying eyes, also put a crack in that fundamental freedom. The mathematics behind cryptography and the realities of the modern cybercrime environment mean that the presence of a single flaw in encryption technology ensures the inevitable failure of the entire system. In other words, they’re a gateway to mass surveillance.  

It’s impossible to build functional, lasting legal frameworks that will protect our privacy long into our digital future when the foundation itself is cracked. We cannot resolve the debates about privacy and what’s right and wrong in usage of our data until lawmakers and citizens alike realize that fundamentally protecting privacy means eschewing mass surveillance and encryption backdoors now and forever.

Lawmakers need to be educated about encryption, information technology and digital communications alongside the voting public. The technical gap in knowledge is large and we, as a technology community, have to do a better job informing our colleagues in the public sector of the truths we live with every day.

What’s done with that knowledge will then be able to determine the future of privacy and how it is protected. It also sits at the crux of the relationship we require between trust and our leaders, as well as control of our privacy connects the value and growth that business needs to stay relevant.

Our fear is that while in the short term the Microsoft decision, companies’ relatively minor lawsuits against an overreaching government, and the Email Privacy Act seem like victories, without resolving the fundamental impasse at the heart of the debate, such minor steps forward will spur the US government into passing over-reaching legislation that will explicitly allow security agencies to put more cracks into our fundamental right to privacy.

Let’s not leave things up to chance. Let’s have the next Congress and president take on privacy right away — and do it the right way.

Chris Latterell is the VP of Marketing at Open-Xchange. Follow him on Twitter @Latterell.