Who owns your data? The common sense answer is obvious, but isn’t always true: in certain situations, law enforcement officials can access, search and even confiscate your electronic information. Coupled with concerns about malicious actors getting their hands on personal and corporate data, big tech players have been hard at work developing end-to-end encryption solutions that are built-in, require no action on the part of users — and according to The Economist, are now frustrating some lawmakers.
Many governments are making the case for security over privacy, while users want the freedom to search, download and communicate without observation. So what’s the bottom line — is the encryption of everything good for you, or bad for business?
Lawmakers often make the case that greater privacy through encryption or anonymity — think Facebook’s “dark” site or a secure VPN — puts the general public at risk. One report called Facebook a “safe haven for terrorists,” and the FBI says encrypting smartphone, tablet and computer data is of greatest benefit to criminals. The idea here seems rooted in good sense: if law enforcements officials locate evidence of online criminal activity, they don’t want red tape impacting their ability to safeguard citizens.
But there’s a problem: sometimes, these same citizens get caught in the crossfire. In 2011 officials raided a hosting facility in Reston, VA, and seized servers looking for information related to the Lulz Security group The issue? Their search led to a host of private, non-criminal websites being taken down without any explanation or timeline for return.
There’s also the fact that until recently, tech manufacturers could be compelled to bypass the lock code on your device if compelled to do so by law enforcement. New encryption methods, however, mean that big players like Apple and Google don’t have the keys to unlock your data under any circumstances. If federal authorities want access to your information, they’ll have to ask in person — rather than trying to compel companies using laws written in the 1700s . And if hackers want to try, they’ll face an uphill battle.
The New Privacy
So how is encryption changing? It starts with services like the Facebook-owned messaging service WhatsApp, which is now using open-source software TextSecure on Android device. Using TextSecure reduces the chance of interception or decryption to almost zero, and according to developer Moxie Marlinspike can be easily added to existing apps. Biometric security measures such as Apple’s TouchID are also gaining popularity as a way to prevent unwanted access, but as noted by CNN, they’re not always so secure. Courts have found that law enforcement officials can forcibly compel users to unlock phones with biometric sensors, but cannot make you give up your passcode.
And to protect the Web at large, the Electronic Frontier Foundation (EFF), recently announced the formation of new consortium which includes big players like Cisco, Mozilla, and Akamai. They’ve created a standardized process called Let’s Encrypt, which allows websites and other online services to encrypt traffic between browsers and Internet servers at no cost. Let’s Encrypt is headed for a mid 2015 release and according to Peter Eckersley of the EFF, “within a year or two, if we complete these projects successfully, Internet users should have their browsing, their e-mail and their messaging encrypted in most or all cases by default.”
Fight for Your Rights
So what’s legal and what isn’t when it comes to privacy? Are devices with built-in encryption, anonymous websites and secure browsing above board?
As noted by the EFF, the onus is on law enforcement to prove the need for access, rather than on you to prove the need for privacy. Unless there’s an immediate, identifiable threat or police believe key evidence could be destroyed, officials in most countries need either a warrant to search or your consent. When it comes to encryption, however, there are no exceptions to the rule: your data is your business and it’s not for any company, organization or agency to give up access on your behalf. Big tech companies are behind this initiative as a way to support both personal and business freedoms, and while law enforcement may cry foul, it looks like they’ll just have to deal with it: the encryption of everything is here to stay.