If we are to meet the enormous challenge of balancing security and privacy, all stakeholders must come together for a public debate on the subject.
In late June, members of the Five Eyes (Canada, the US, UK, Australia and New Zealand) intelligence alliance convened in Ottawa. Alongside their routine proceedings, reports have suggested, there were discussions about a proposal by the Australian government to force the tech industry to create “back doors” to smartphone and app encryption. Back doors are technical features that allow for the collection of intelligence and evidence from devices and sites without the user’s explicit consent. The impacts on privacy are controversial; and although it’s the police and intelligence agencies that are calling for them, back doors could be a boon to hackers, too, raising a whole other group of security concerns.
Such proposals have been raised in the US and UK before but haven’t gained the support needed to get acted upon. This time around, the proposal has probably picked up some momentum among the political masters who oversee national security agencies, because of the widely reported use of consumer technologies to recruit terrorists and carry out recent attacks around the world. Even when the authorities have court orders to get into phones and apps, they run up against built-in security features that they cannot break through.
Unfortunately, the revelation of the clandestine discussions in Ottawa has resulted in another round of oversimplified analysis of this critical issue, with hyperbolic commentary based more in ideology than in sound understanding of the technology. Privacy advocates claim back doors would spell the end of privacy and wouldn’t even deliver meaningful security results in the long run. Unsurprisingly, the revelations made by Edward Snowden, the US National Security Agency contractor who leaked classified information about his government’s questionable collection of citizens’ data, are again being cited as the primary proof point that no balance can be struck between privacy and security in the digital age.
Such arguments are unhelpful as open societies come to grips with how connectivity is challenging the tenets of democracy. Legislatures in the Western world have largely failed to tackle the issue of balancing security and privacy while technology continues to evolve rapidly. Without direction from their governments, security agencies are left to negotiate with the technology industry in private about gaining access to encrypted data and, on rare occasions when talks stall, via the media.
The lack of up-to-date legislation also means that courts must work with laws that were written well before the arrival of cloud computing, Internet of Things devices or military-grade encryption on millions of consumer devices and apps. The results are convoluted at best. In the US, one court ordered a key witness to unlock her iPhone using her thumbprint, but another court ruled that demanding a smartphone be unlocked by a suspect (via passcode, in that case) would be tantamount to requiring self-incrimination and thus unconstitutional.
In democratic societies we generally accept that there is no absolute right to privacy, at least in the analogue world. Our social contract opens our homes to police for search and seizure under the supervision of the judicial system, if warranted to maintain public safety.
However, in the digital world, we are going down a road where there are new kinds of “homes” (smart devices) and whole “neighbourhoods” — social media platforms, messaging applications, e-commerce sites and the dark Web — that are practically unpoliceable, regardless of what our courts deem to be reasonable limits on individual privacy.
The magnitude of this challenge is vast: there are 7 billion connected devices today, and the total is estimated to grow to 50 billion by 2020. There are over 5 million apps in the Google and Apple app stores. And there are over 800 cryptocurrencies, with new ones coming on the market all the time.
Each one of these is a new home, community or currency that now operates as a parallel jurisdiction to our towns, provinces and countries. Each runs with its own rules, its own governance or a lack thereof, and many operate with complete impunity because the data they run on rest in servers in a foreign country, or multiple countries.
This dichotomy — of great technological transformation and legislative paralysis — has created a context empowering criminals who can leverage digital devices and connectivity. Their reach goes well beyond the realm of terrorism. Crimes like child exploitation, fraud, bullying and extortion are multiplying at an explosive rate in the digital age. Even a back door for police and national security agencies cannot magically solve all of these emerging challenges overnight.
To its credit, the RCMP has begun to lift the curtain on its digital challenges and is acknowledging the need for a rethink of both legislative measures and cooperation with the technology sector, with the hope of sparking a broader societal debate. Leading technology companies, such as Google, have also started to reconsider their positions. In a speech in June in Washington, Google’s general counsel, Kent Walker, called for a fundamental review of the laws that govern how police and security agencies investigate e-crimes. Walker said they are “due for a fundamental realignment in light of the rapid growth of technology that relies on the cloud [and] the very real security threats that face people and communities.”
If we are to balance security and privacy, all stakeholders — including our security and policing agencies, the technology sector, privacy advocates and the victims of crimes enabled by the Internet — must come together for a reasonable and open public debate on this subject. We must focus on practical challenges and tangible solutions. The best solutions will allow citizens to enjoy technological innovation without wondering if their civil liberties are being infringed upon, while empowering police agencies to serve their societal function.
The entrenched, extreme positions on this important subject that we have seen so far have clearly not yielded meaningful results in the form of public policy and technology that strike a reasonable equilibrium. Technology at its best is the manifestation of the society we want. It’s high time we started talking about the balance we want between our security and our privacy in the digital age.
Do you have something to say about the article you just read? Be part of the Policy Options discussion, and send in your own submission. Here is a link on how to do it. | Souhaitez-vous réagir à cet article ? Joignez-vous aux débats d’Options politiques et soumettez-nous votre texte en suivant ces directives.