It’s tough to choose between privacy and security. When it comes to tech consumers, everyone wants both. Privacy and security go hand in hand in most cases, but there are times when one must be given up for the other.
But that shouldn’t be the case, and this has been upheld by the Consumer Technology Association, in support of the proposed ENCRYPT Act, which forbids laws that require tech manufacturers to weaken encryption or give “back doors” to law enforcement.
The Digital Age
Today, a world of information is locked in our computers and mobile devices. From bank and credit card details to names, passwords, and other identifying information, everything is stored on a phone. That is why there is such need for encryption these days.
Even a decade or two ago, basic mobile phones did not have any means to lock the device from unauthorized access.
But today, with every new model that comes out, not only is encryption getting stronger but unlocking the phone by anyone other than the user is also hard.
For instance, if you own a phone with the face unlock mechanism, it is practically impossible for anyone else to gain access to the device.
But what happens if the device needs to be unlocked for law enforcement purposes? Should manufacturers keep an option for law enforcement to break through the encryption?
Encryption for All
While we all want the highest form of encryption for our data, do we feel the same way about upholding the privacy of criminals and terrorists? Most people would argue that criminals have no right to privacy, and if the information needed to catch or save lives is locked in a criminal’s phone, it should not be protected by encryption.
This is a problem that has plagued the technology industry in recent times. Backdoor encryption is a much-debated topic. It involves a situation where law enforcement agencies want access to information on digital and mobile devices that may be crucial to solving a complicated case.
This is when law enforcement can request tech companies for a “backdoor” to these devices. A backdoor means a way to bypass the encryption of a device to gain access to the contents.
However, there are several opponents to this idea. The CTA argues that law enforcement has many other means to gain access to a protected device without needing a separate backdoor from tech companies. Allowing such a backdoor will lead to weaker encryption and privacy.
In June, the ENCRYPT Act (Ensuring National Constitutional Rights for Your Private Telecommunications) was put forward by a team of legislators. If passed, the bill would prevent state and local governments from having backdoors and any kind of restriction on encryption.
The aim of the bill is to develop a standard encryption policy for the whole country to protect users’ privacy rights.
Right now, there are 50 different state-level encryption standards throughout the country, which is ultimately bad for consumer security and also law enforcement. Backdoors cannot exist without compromising the security of the millions of users.
The key to backdoor encryption is available only with the manufacturer, quite naturally because they are the ones that created the device.
Put to the test
The protection that encryption provides to users was put to test in December 2015 when two shooters opened fire on workers at the San Bernardino, California, Inland Regional Center, killing 14 people. Crucial information about the attack was in one of the shooter’s iPhones.
The FBI asked Apple for access to the protected device, but Apple refused, arguing that if the backdoor “key” was given out, the security of tens of millions of users would be compromised. Later, the FBI was able to unlock the phone with the help of a third party.
This goes on to show that means to bypass encryption does exist, and it need not involve weakening of the device security.
But law enforcement claims that the law has not progressed as rapidly as technology, and they still don’t have the innovation required to access such protected devices or content.
What is the need of the hour is transparency between law enforcement and tech companies. At the same time, what is also needed is that law enforcement avoids exceeding its limits while tech companies should explain data protection regulations to both customers and law enforcement agencies.
That is the only way the privacy and security of millions of users will be prevented from compromise while also helping law enforcement critical information. Ideally, users should never have to choose between privacy and security, but for the two to co-exist in this tech-driven world, a middle ground needs to be achieved.