Tuesday, 28 March 2017

How Do We Balance Security with Personal Privacy?

As the whole world knows by now, March 22nd 2017 was a deadly day in London. A man identified as Khalid Masood drove a rental car onto the pavement as he crossed Westminster Bridge, purposely hitting pedestrians as he made his way directly to the Houses of Parliament, where he exited the vehicle and stabbed a police officer to death before being shot by other officers.

In the hours following the deadly incident, police investigators learned that Masood had used the WhatsApp messaging service minutes before beginning his rampage. Police do not know what was communicated due to end-to-end encryption that prevents them from seeing the actual contents of the communications. The incident itself - along with the encrypted posts – has, once again, led the UK government to raise the question of balancing security with privacy.

End-To-End Encryption Explained

Many popular mobile apps, including WhatsApp and iMessage, use end-to-end encryption by default. With this kind of encryption, a message is encrypted at its source, sent over the network, and then decrypted by the recipient device at the other end. The server that carries the data is unable to decrypt data because it does not have the shared key.

The result of end-to-end encryption is that companies like Facebook and Apple can provide only limited amounts of data to police investigators. In the Masood case, the only way for investigators to know what he communicated is to break into his password-protected phone.

Security vs Privacy Conundrum

Government officials have made clear in the wake of this latest attack that they expect technology companies not to provide a means of online communication that cannot be accessed by authorities. Yet their calls for less secure systems fly in the face of demands that those same companies take every possible step to protect personal privacy. In essence, it would seem the government wants it both ways.

Some suggest that companies such as Facebook (owners of WhatsApp) and Apple are deploying end-to-end encryption in order to take themselves out of the equation when incidents like this occur. Whether that is true or not, they also say that making their hardware and software less secure gives their customers legitimate concerns about their own privacy.

If technology makers created an encryption system that could be accessed by authorities in the event of a crime or terrorist act, they have also created a system that can be accessed by hackers. Less secure means less secure across the board. You cannot make technology easier for authorities to access yet still more difficult for criminals and terrorists. It doesn't work that way.

The stark reality is that there is no way to balance security and personal privacy. They are weighted differently, depending on your perspective and your reasons for wanting them. In the end, one will always prevail over the other to some degree. So do we strive for greater security at the expense of personal privacy, or do we make sure privacy is still the primary concern?

No comments:

Post a Comment