In the recent past, there have been numerous debates on the privacy of personal data in devices like smartphones and laptops as well as on online sites like Facebook and Google. On one hand, the government institutions and business organizations want to gain full control of people’s data for business purposes and surveillance while on the other hand, the users of the gadgets want to be assured of their privacy and that their information will be not be used by unauthorized people for selfish gains. This trend has been observed all over the world especially in the UK and in the United States. The need to have control over people’s privacy has erupted a conflict between Apple Inc. and the federal government whereby Apple refused to unlock a phone of a terror suspect despite the court giving such orders. That incident elicited arguments on data encryption and its limits when it comes to cybersecurity. The validity or invalidity of this argument depends on different perspectives; legal, ethical, social, and professional.
From an ethical perspective, the argument could be viewed and determined using utilitarian ideas that the most appropriate way of deciding an ethical issue is determining the decision with the best consequences. Relating this to how the privacy issue has turned out, the argument will be determined by considering the side that has most dire consequences. The one where citizens including criminals can secure their transactions in devices, or the one where the government infringes people’s privacy and spies on its citizens.
Both the social and ethical justifications of surveillance are based on the pretext of “safety by instilling fear”. Security agencies claim that terrorists and criminals with ill intentions use encryption to hide their activities hence the need to monitor people’s devices. Encryption is critical because it guarantees people’s intellectual privacy. In other words, encryption protects us from surveillance when we are making sense of the surrounding through reading, thinking, and even communicating privately with the people we trust most. With the growth of technology, intrinsic activities like thinking and communication were facilitated by gadgets like smartphones and computers. Even during shopping and recreation, people use these devices which record historical usage information. However, when people are monitored, they tend to act differently. Stoycheff’s study shows that internet surveillance prevents people from reading or contributing to controversial issues. The threat posed by this tendency is well understood by illustrating how the most celebrated ideologies in the modern world such as holding the government accountable and equality for all were once controversial ideas decades ago. A free and democratic society should not be wary of “dangerous ideas” neither does it need intellectual surveillance.
It is true that encryption has the potential of making the work of security agencies difficult. However, the issue should not be treated as an isolated case because the difficulties introduced by encryption are similar to those introduced by civil liberties like freedom of speech, the need for a warrant before security officials invade our privacy and the democratic control of the security agencies. Society is more secure when it has hope than when it is gripped with fear and perceived as potentially naughty kids that need to be tamed. After all, backdoors used by the government can be used by criminals and hackers.
The legal and professional implications of the debate on encryption are well demonstrated in the speech by the then FBI Director James Comey in 2014. Comey stated that the leak by Snowden had caused a lot of fear and mistrust which made tech companies overreact to Snowden’s leak. He underplayed the need for encryption by referring to it as a marketing strategy. In an attempt to make surveillance appear legally acceptable, he objected to the use of the term “backdoor” and stated their urge to use the front door that has clarity, transparency, and guided clearly by the law. Comey reiterated their adherence to court orders and the legal process that allows them to obtain the information required to conduct investigations on criminals and terrorists. While that statement might appear reasonable and legitimate, there are professional, legal, and ethical objections to the installation of decryption technology in personal devices. These objections apply to the legalization of surveillance on UK citizens through the Investigatory Powers Act.
From a professional perspective, it is difficult to regulate who use the backdoor. Cryptographers argue that the modern field of computer technology is increasingly becoming democratized. In other words, today’s government secrets could be ideas for someone’s research project tomorrow and in the next day used as tools for a cyber-attack. For this reason, the installation of a backdoor does not guarantee that it will not be found by someone else and used for malicious purposes. That possibility is demonstrated by the Vodafone hack that took place in Greece in 2005 whereby a legal wiretapping connection used by security officials was compromised leading to spying on of hundreds of people. Similar incidences have been reported in other countries, even by Snowden leaks themselves.
Professional cryptographers further allude that the feasibility of decryption software or building of a backdoor is limited to the theoretical stage. In the past, the NSA has made huge strides in developing a secure backdoor that can only be used by the agency. Although the software used by the NSA is one of the global standards used to create encryption codes, the leak by Snowden revealed that as early as 2000, the NSA discovered a loophole in the code which they exploited to discover the outcome of the random number generator exclusively, hence enabling them to decrypt the common encryption keys. Concerns in the IT profession arose after the discovery that cryptographers had already noted a weakness in the code even before Snowden blew the whistle. Unfortunately, at that stage, they could not prove it. These suspicions were exacerbated after the Snowden leak indicating that even the most sophisticated intelligence agency in the world could not secure its data and secrets. This theory demonstrates the professional implications of legalizing surveillance and creating a backdoor.
From a realist point of view, the Investigatory Powers Bill in the UK does not have any legal or professional implications. Currently, we are living in an era commonly known as “the golden era of surveillance” whereby the security agencies read and intercept vast amounts of personal data. The increased rate at which people’s activities are facilitated and mediated by technology has, in turn, increased the amount of digital information left behind about ourselves. It is important to note that encryption only helps a user conceal the content of the messages but not their context, widely known as metadata. The metadata identifies what one reads, the people you communicate with and their location. Metadata has become a popular tool to the extent where Michael Hayden, former NSA director, once boasted that they kill criminals using metadata. In addition, big business organizations and security agencies have developed methods of hacking endpoints in communication systems such as the personal devices we use daily. As a result, a new business niche has emerged that involves identification and trading of software weaknesses for exploitation. In fact, the UK and US governments are alleged to hire the services of companies like Hacking Team, Gamma, International, and VUPEN that sell unidentified software vulnerabilities. Given that the use of internet and computer devices, this is only expected to increase in the future. This means that the magnitude of metadata available for use by governments will inevitably increase. That leads to the conclusion that with or without the backdoor, the government still has tons of freely available information for exploitation. While this tendency might be legally and professionally acceptable, it is not acceptable from a social and ethical perspective.
The social, ethical, and professional implications are demonstrated by the analysis of the trade-off between privacy and security especially from an economic standpoint. While it might be possible to install backdoors, the cost would be too huge in many aspects. From a professional point of view, it is possible that the security agencies can install backdoors that are legally allowed but it is likely that the business organizations would exploit this loophole in carefully choreographed treachery. That tendency could also be witnessed if the UK government would force telecom companies to provide them with centralized access, which would significantly stunt innovation. Further, the social and professional implications would be noted by the stifling of innovation especially in academic research where researchers and scholars would want to protect their backdoor from suspicious professors.
The implications of legalized surveillance on innovation in IT profession are well demonstrated by the economics of complying with the regulations. Until a decade ago, the telecom business was monopolized by big companies many of which were state-owned. The rate of change of the architecture of their systems was low hence easy and cheap to create and incorporate a surveillance system into them. However, that trend has changed whereby the tech industry now comprises of many start-ups that develop communication systems in various forms. With every feature that these start-ups add to their systems, the architecture of their system also changes. Therefore, it would mean that these start-ups have to incur high costs to ensure they comply with the government regulations of legalized interception and decryption of their traffic. To avoid these costs, the companies would prefer not to innovate and make changes to their systems.
If the government was to force the tech companies to allow wiretapping into their systems, it would mean a threat to their existence and growth. Typically, backdoors are characterized by the centralized flow of information. However, most revolutionary innovations in the contemporary world are characterized by the decentralized flow of information. In the recent past, we have seen an increase in the use of peer-to-peer technology where computers communicate with each other without the need for a centralized control. These technologies include file storage services, communication services, and payment processing services. Given that it is extremely difficult to wiretap such systems, the implementation of forceful surveillance and wiretapping would mean that the companies providing these services cease to exist.
While the designers of the Investigatory Power Act might have had good intentions, the legislation has significant potential adverse implications for the UK’s tech companies. Globally, it has been noted that administrations that require tech companies to install backdoors significantly affect their export opportunities. That tendency has been noted in Chinese tech companies like Huawei that have encountered challenges in penetrating overseas markets for fear that their devices have backdoors. In the same way, US cloud storage companies have been unable to win over foreign customers for fear that the NSA could use backdoors to monitor their data.
In conclusion, the debate whether to opt for privacy or security is erroneous. The choice should be between targeted surveillance and mass surveillance. While encryption of data by default would render legitimate efforts of interception and decryption harder, it would only be difficult for mass surveillance. Security officials would still be able to carry out targeted surveillance. Even with targeted surveillance, there would be many viable options to enforce it. Some of them include remote hacking of devices and mass retention of data for all institutions and companies. With the enactment of the Investigatory Powers Act, there are many professional, ethical, social, and legal implications. As of now, it is still unclear how the government will implement a robust mechanism to prevent the abuse of surveillance tools such malware and backdoors. The implementation of this Act has elicited a tussle between the security officials and the tech companies. Regardless of the outcome of this tussle, it is clear that a robust strategy is needed that would address the fears of all interested parties. Importantly, a sophisticated, robust, and secure solution is urgently needed to protect people’s right to privacy.