On Wednesday, Facebook’s Sheryl Sandberg and Twitter’s Jack Dorsey testify before the Senate Intelligence Committee answering lawmaker’s questions about privacy, election interference and censorship. While senators pry into how private companies have failed to adequately address threats, perhaps they should also examine the danger of government demands for encrypted user data and its implications for the privacy and security that they champion in their questions.
This issue is especially relevant as the Trump administration, along with the close international allies of the U.S., known as the Five Eyes, have issued a threat against tech companies, demanding access to encrypted data following a summit on security in Australia on Aug. 28 -29.
Essentially, these governments would like tech companies to provide a “back door” for their products to gain access to all communications, with a legal order.
The document outlining the agreement begins by acknowledging that “the Governments of the United States, the United Kingdom, Canada, Australia and New Zealand are committed to personal rights and privacy.”
[Also read: Kirstjen Nielsen demands Congress make DHS cybersecurity office a ‘full-fledged agency’ by end of 2018]
While that sounds like a good start, the second paragraph, beginning with “however,” goes on to implicate encryption as a security threat before and adds, in the third paragraph, that “privacy is not absolute.”
Tucked in at the end is the most troubling line, however: “Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative of other measures to achieve lawful access solutions.”
President Trump, it seems, for all of his lashing out at public platforms, is also quietly interested in mandating access to encrypted data.
Although the statement lacks teeth, it is a clear threat to tech companies and has serious implications for users of digital communications.
As numerous hacks and data breaches have made painfully obvious, digital communications are often far less secure than users imagine them to be. In an effort to better protect their data, users have turned to encryption services — and the market has responded to meet the growing demand.
Although it is true that encryption can protect criminal activity, it is also fundamental to the privacy of citizens who are not criminals. Creating a “backdoor” giving government access to encrypted data would erode its promise of privacy free from prying eyes, not just for those engaged in criminal activity but for everyone.
More worryingly, creating such a “back door” would not only give legitimate government actors information, but would also weaken the security of encrypted networks altogether as backdoors make systems vulnerable to outside attacks. As experts in the field have cautioned, there would be no way to create a “backdoor” that would also keep data safe. After all, how can the federal government keep such a valuable “key” to communications safe when it can’t even protect the personal data of government workers?
The threat to data comes not only from outside actors, but also from our own government. If lawmakers truly care about user privacy, they should encourage citizens to use encryption and work to prevent a heavy-handed administration from eating away at the protection it offers.
