Monday 19 August 2019

Adrian Weckler: Governments need to prove that diluting our privacy prevents more damage than it causes

For most of us, compromising our privacy has traditionally come down to a common-sense test of proportionality. But is the dilution of our right to remain unmonitored worth it to keep an orderly, safe society?
For most of us, compromising our privacy has traditionally come down to a common-sense test of proportionality. But is the dilution of our right to remain unmonitored worth it to keep an orderly, safe society?
Adrian Weckler

Adrian Weckler

Is it time to give up our text messaging privacy? Do the Paris attacks mean that governments and security agencies should be allowed to monitor our communications more?

This debate is set to get louder in coming weeks as civilised society ponders how to protect itself from deadly aggression.

UK Prime Minister David Cameron says that Apple and Facebook need to hand over back-door security access to iMessage and WhatsApp, two services that are fully encrypted.

He says that this is necessary to intercept and prevent terrorist attacks. And he is trying to pass this into law in the UK.

But civil liberty groups and technology companies say that such a move would result in privacy and security chaos. Apple's chief executive Tim Cook told this newspaper last week that the move could lead to more hacking attacks on ordinary citizens because security 'back doors' never go unexploited by cyber criminals.

Who is right?

For most of us, compromising our privacy has traditionally come down to a common-sense test of proportionality.

But is the dilution of our right to remain unmonitored worth it to keep an orderly, safe society? In some cases, we think that it is.

For example, CCTV cameras line many of our city streets. They are pretty intrusive. They log who we're with, where we go and what we're doing.

But we seem to accept them because of a common feeling that they deter crime. So it appears to be worth it.

However, sometimes we slap the government's wrists when we think they're going too far. Most of us didn't think the smooth functioning of Irish Water was worth giving up our PPS numbers for.

So, as a society, we resisted that. As a consequence, the agency was forced to discard PPS numbers it had collected.

Similarly, the European Court of Justice recently told us that hoarding information for two years about citizens' calls and texts was disproportionate to any rationale for fighting crime. So we had to row back on that one as well.

Where does the balance of proportionality lie in this case? Is it worth giving up the absolute privacy and security of our iMessage or WhatsApp communications in a bid to fight terrorism?

Does the threat of suicide bombers on the continent represent an elevated threat level, requiring more compromise on privacy?

So far, the evidence appears unkind to those promoting back-door access by governments. This is for a number of reasons.

As anyone familiar with internet communications knows, there are umpteen options to send encrypted communications online without ever going near a mainstream consumer service such as iMessage or WhatsApp.

For example, those who take privacy seriously currently use services such as TOR and PGP encryption.

Neither of these services is likely to be affected by any legislation introduced by any government seeking to abridge encryption.

The net result is that terrorists and other criminals might get to continue using the uncrackable encryption services they already employ, while governments lead us ordinary citizens down an unprotected, unencrypted path, with new hacking dangers.

"If you leave a back door in the software, there is no such thing as a back door for good guys only," Tim Cook said in Dublin last week. "If there is a back door, anyone can come in the back door. We believe that the safest approach for the world is to encrypt end-to-end with no back door. We think that protects the most people."

One might argue that he would say this as the head of a technology company with its own particular interests.

But he is not alone.

Last month, US President Barack Obama backed down on a similar legislative crusade to ban encryption.

Mr Obama came to the conclusion that weakening encryption would hand an easy opening not just for cybercriminals and terrorists, but for state spies in China and Russia as well.

His volte-face has annoyed US security agencies such as the FBI and the CIA.

"I think what we're going to learn is that these guys are communicating via these encrypted apps," said former CIA deputy director Michael Morell after the Paris attacks.

"This commercial encryption is very difficult or nearly impossible for governments to break. And the producers don't produce the keys necessary for law enforcement to read the encrypted messages."

The US climbdown has also left David Cameron without a key partner in his current battle to pass a controversial law that dilutes encryption for UK users.

In coming weeks and months, this may change. It is inevitable that other European governments may seek to tighten laws on encryption in the immediate aftermath of the Paris attacks.

But is it worth it?

Does a strategy of cutting our privacy within messaging and texting apps meet a proportionality test in fighting terrorism?

Ultimately, this will be up to people themselves to decide.

But to get the idea over the line with ordinary citizens, governments will have to demonstrate that weakening encryption will prove to be an actual deterrent, rather than a theoretical one.

They need to convince us that diluting our privacy will prevent more damage than it will cause.

So far, they have fallen short of the bar.

Adrian Weckler, @adrianweckler, is Technology Editor

Irish Independent

Today's news headlines, directly to your inbox every morning.

Don't Miss