Edward Snowden´s revelations in June 2013 gave us the evidence that unencrypted communication on the internet was no longer safe, which gave rise to concerns regarding privacy of Internet users worldwide. Snowden argue that “any communications should be encrypted by default” and also warned professionals not to fail in their obligations to their clients, sources, patients and parishioners in what he described as a new and challenging world.
In the post- Snowden era many technology firms have turned encryption into marketing buzzwords and included it in their web services by default. Facebook and Google deploy HTTPS automatically for its users and WhatsApp has rolled out end-to-end encryption for its users.
Together with the growing awareness of users this has led to a fast growth of encrypted Internet traffic, with estimations that 70% of worldwide Internet traffic will be encrypted by end of 2016.
At the same time, many users and also Internet companies have been opposed to give law enforcement access to client communications, causing a backlash from public authorities:
- A year ago, UK Prime Minister David Cameron famously said that “government should have the ability to read any and all national communications”.
- Just a few days later, President Barack Obama supported him in this simmering battle over private communications in the digital age, by saying that “police and spies should not be locked out of encrypted smartphones and messaging apps”
So we find, on the one side, those that are defending privacy and human rights, are in favor of strong encryption arguing that leaving an open gate will allow an outsider to steal the master key of an encrypted algorithm and crack the code. On the other side, there are those that are proposing the introduction of government-mandated backdoors to achieve (national) security and law enforcement.
The debate is not new when it comes to communication: While the secrecy of private communication is guaranteed in most democratic societies, public security services have always had access to private communications, however only through due process and judicial authorization, for example in criminal proceedings. In other words: The privacy of electronic communication has never been absolute.
There should also be no doubt about the public duty to provide security to their citizens. The problem is rather that, so far, there seem to be no way of offering robust security and, at the same time, make privileged and lawful access to private communication. There is a real and appealing need to find a solution for the privacy/security-dichotomy
Before this backdrop it is no surprise that the question “Should citizens give up some privacy in return for greater security or have governments already gone too far in invading their personal freedoms?” is moving up the political agenda.
Currently an initiative is circulating on the web and is asking world leaders to protect security and to reject policies that could prevent or undermine the use of encryption: “Users should have the option to use – and companies the option to provide – the strongest encryption available, including end-to-end encryption, without fear that governments will compel access to the content, metadata, or encryption keys without due process and respect for human rights”.
Maybe a way forward would be to foster a debate that considers (instead of confronting) the balance between users´ privacy and citizens security. The key issue – how to strike the right balance between both, has not been discussed sufficiently yet.
This is surprisingly, as in the past decades, when communication was trustfully managed by telecommunication providers, a transparent, lawful and accountable answer to that challenge has been the basis of global communication and stroke an adequate balance between privacy and national security.
But maybe, as so often, the debate on encryption will be made obsolete by technology and innovation: It would not be a surprise if the discussion on encryption is soon to be made obsolete by new, ground-breaking de-encryption technologies, like quantum computing, which would break any encryption.
So, should we not rather focus the debate on the challenge to find the right balance between user´s privacy and national security, and not debate the pro and cons of encryption?