Modern field guide to security and privacy

Digital privacy can’t survive on a cracked foundation

A new American president and Congress have a historic opportunity to safeguard digital privacy — but they can’t build on a foundation of mass surveillance and encryption backdoors

Lucy Nicholson/Reuters
A man displays a protest message on his iPhone at a small rally in support of Apple's refusal to help the FBI access the cell phone of a gunman involved in the killings of 14 people in San Bernardino, in Santa Monica, California, U.S. in this February 23, 2016 file photo. /File Photo

With the looming election and all its painful uncertainty, the technology community is holding its breath to see how the political process will impact what is perhaps the most important issue to privacy advocates and technologists the world over: encryption.

Although a U.S. President wouldn’t directly decide freedom of speech and information policy, they will play a key role in shaping the future of the debate. With wide discrepancies in cybersecurity and privacy policy, the US presidential candidates both leave unanswered the ultimate question of how to guarantee privacy.

This is a problem because the current US laws and regulations governing data privacy fail to keep up with not only modern technology but also the fact that corporate and governmental use of our data is becoming increasingly common and more important to our everyday life.

In the aftermath of the election, we hope for a modern legal framework preserving privacy as a right be a potential win for a new Congress and a new administration.

To get there, Congress and the White House must first understand a simple truth: It’s impossible to build functional, lasting legal frameworks that will protect our privacy long into our digital future when the foundation of that right to privacy is cracked.

Here’s what we mean.

There have been several steps taken by courts and legislators in this direction in recent months — but, as you’ll see, they have not amounted to true change.

In a recent Microsoft vs. US Department of Justice case, a US court ruled that the US government cannot force companies to surrender customer data stored on servers outside of US jurisdiction. While this decision is definitely a win for privacy in the short term, the individual case did little to bring antiquated legislation into line with the requirements of the modern, global technology industry.

Given major law governing digital communication was passed in 1986 (the Electronic Communications Privacy Act), it would seem a major candidate for reform and, indeed, lawmakers on Capitol Hill have taken a shot at adapting the legislation to our modern reality. Those changes were rolled up into the Email Privacy Act, an amendment that would require law enforcement to present a warrant when obtaining a citizen’s cloud-stored data or emails, among other changes. Frozen in the Senate, this legislation has sparked discussion but has had minimal long-term effects.

While these efforts are good, finding a solution to this problem requires remembering that privacy rights do not function to protect and shield the machinations of terrorists from the watchful eye of faithful security agencies.

They exist because privacy is an integral part of what it means to be free in the modern age.

These rights are in place to prevent governments, businesses, and hackers from knowing things about your private life that they have no business knowing, including information that can unjustly affect your insurance premiums, limit your access to healthcare, or get you fired.

Mass surveillance — whether done by corporations, corporations at the behest of governments, or governments themselves —puts a crack in that fundamental freedom.

Encryption backdoors, or giving certain users the ability to circumvent information obscured from prying eyes, also put a crack in that fundamental freedom. The mathematics behind cryptography and the realities of the modern cybercrime environment mean that the presence of a single flaw in encryption technology ensures the inevitable failure of the entire system. In other words, they’re a gateway to mass surveillance.  

It’s impossible to build functional, lasting legal frameworks that will protect our privacy long into our digital future when the foundation itself is cracked. We cannot resolve the debates about privacy and what’s right and wrong in usage of our data until lawmakers and citizens alike realize that fundamentally protecting privacy means eschewing mass surveillance and encryption backdoors now and forever.

Lawmakers need to be educated about encryption, information technology and digital communications alongside the voting public. The technical gap in knowledge is large and we, as a technology community, have to do a better job informing our colleagues in the public sector of the truths we live with every day.

What’s done with that knowledge will then be able to determine the future of privacy and how it is protected. It also sits at the crux of the relationship we require between trust and our leaders, as well as control of our privacy connects the value and growth that business needs to stay relevant.

Our fear is that while in the short term the Microsoft decision, companies’ relatively minor lawsuits against an overreaching government, and the Email Privacy Act seem like victories, without resolving the fundamental impasse at the heart of the debate, such minor steps forward will spur the US government into passing over-reaching legislation that will explicitly allow security agencies to put more cracks into our fundamental right to privacy.

Let’s not leave things up to chance. Let’s have the next Congress and president take on privacy right away — and do it the right way.

Chris Latterell is the VP of Marketing at Open-Xchange. Follow him on Twitter @Latterell.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.