Personal privacy casualty of fight against terrorism

Credit: Alison Chiu/Advertising Manager Credit: Alison Chiu/Advertising Manager

About three years ago, the issue of mass surveillance emerged from government offices and entered mainstream conversation for the first time. Edward Snowden, a former CIA employee, leaked information about massive, blanket surveillance programs run by the NSA with the cooperation of the telecommunication companies. The intelligence community was using programs like PRISM to clandestinely spy on the communications of regular citizens — in the name of “national security.” While it was unclear how invasive the program was, indignation followed, and a massive scandal ensued; people had no idea to what extent their behavior was being tracked, and revelations like this just seemed to confirm even the most far-fetched conspiracy theories that the government is always watching us.

The backlash, spearheaded by some of the largest high-tech Silicon Valley companies — Apple, Google, WhatsApp, and more — was swift and decisive. Companies doubled down on encryption, or the scrambling of data to make it impossible to read without a proverbial key. Apple, with the release of iOS8 in 2014, enabled end-to-end encryption — essentially throwing away the encryption keys, so that it became physically impossible for anyone to access customer data. Google and WhatsApp soon followed suit with their own versions of end-to-end encryption.

Recently, the debate surrounding encryption and surveillance has restarted, following the attacks in Paris and San Bernardino, CA. Although one can never know for sure, a commonly accepted belief is that it is much more difficult for government agencies to intercept our communications than it was a couple of years ago. As a result, some people have claimed that encryption should be weakened and have argued that the attacks could have been prevented under the old system. It is The Tartan’s belief that such claims are nothing more than opportunistic fear-mongering that panders to the most base sensibilities within us. The so-called “benefits to national security” are imagined, and they are at the cost of a complete loss of privacy for regular, well-intentioned, law-abiding citizens.

Proponents of weaker encryption typically reference the above attacks and argue that if we could have found where the terrorists were talking and listened, the whole tragedy could have been averted. The problem is, there’s no evidence. Hindsight investigations have revealed numerous tragically dropped leads before the attacks — mostly from available information that was simply ignored. Both the plots seem to have been hatched in person, with little to no online footprint. The one encrypted tool that was used — a chat app called Telegram — is based in Germany and is thus immune to U.S. encryption policy. There probably will be cases where the ability to read iMessages or WhatsApp messages might help law enforcement find incriminating evidence. Rather than catching terrorists, however, evidence is more likely to point towards drug dealers, small time shoplifters, people cheating on their spouses, and other people supposedly protected by the fourth amendment. Serious criminals and terrorists are most likely only going to use platforms — such as the aforementioned Telegram — that they are confident are immune to monitoring for the crucial communications that intelligence agencies are looking for. More public, less secure platforms are used for propaganda and recruiting, not discussing their next attack.

If weakening encryption had no negative repercussions, and made us even marginally safer, it might be considered a useful, if incremental, positive step. The problem is that while weakening encryption will be a negligible deterrent to terrorists, it leaves us wide open to attacks from a different nefarious element — hackers. We cannot have a backdoor just for government agencies. If such a vulnerability exists, the “bad guys” will find it. If agents from the NSA, CIA and FBI can break into your phone, you can bet that far scarier people can also break in, giving them access to, among other things, all your health information, your passwords, your credit card information, and your fingerprints. The past decade has seen no shortage of lone computer geniuses single-handedly bringing down massive, supposedly secure platforms and causing economic damage ranging into hundreds of millions of dollars. In 2010, Google had its entire corporate infrastructure targeted. While we cannot know for sure, most evidence would lead the blame straight to the Chinese government. Even scarier, in December 2014, 40 million debit and credit card numbers were stolen from Target’s servers. In this case, the perpetrators still have not been found. While strong encryption isn’t some golden arrow that can permanently prevent any such attacks, it is by far the best defense we have.

The technology for encryption exists and is in the public domain. We can’t just wish it away, even if we wanted to. Actual threats to national security will either switch to non-U.S. platforms or develop their own encryption. If we make it illegal to encrypt, or arm-twist mainstream technology platforms to use weaker encryption, we do one thing — compromise the privacy and digital safety of harmless, law abiding citizens.