Many of us remember the scrap between the FBI and Apple concerning data the FBI was interested in obtaining from a suspected criminal. For the sake of clarity, it was when the FBI wanted to access a locked iPhone and Apple refused to cooperate. Eventually, a third party was able to hack the phone and release the data.
This became one of the defining moments in the digital transformation. It put a spotlight on the fact that there are much larger issues that loom around where, when and how data can be acquired and what it can be used for, both with and without the owner’s permission.
The bottom line in all of this is privacy. However, in this digital age, years-old privacy concepts, developed long before the dawn of the digital age, have become outdated. Most of the current privacy laws, policies, concepts, and the like, are, woefully, out of dates. They do not reflect the new vectors of the digital age.
And, as usual, our, and, to be fair, other governments, are, also, woefully ignorant about the current privacy ecosystem. The ability for social media, particularly, and other companies such as Amazon, Google, Yahoo, et al, to capture, use and manipulate data, is outside of much of the current privacy regulatory landscape – as is their ability to skirt governmental overwatch. Instead of tackling this head-on, and admitting they are not the experts, our government officials simply like to hear themselves talk and try to convince us that they are up to speed on privacy. Unfortunately, the actual comprehension needed by most legislators to tackle today’s privacy environment is beyond their event horizon of understanding.
The latest example is that of our government’s current attempt to compromise Facebook’s WhatsApp privacy and security platform. Facebook’s WhatsApp currently uses end-to-end encryption, and Facebook is planning to roll out that technology to Facebook Messenger users, as well. Such security makes it difficult to impossible to hack a device. Essentially, the government is asking, no demanding, that Facebook offer some sort of enablement to the government so it has access to messages suspected of being relevant in criminal investigations.
With all the noise around backdoors, of late, one would think that the Justice Department would be smarter than to ask Facebook to build a backdoor into the service so it can read messages when doing these criminal investigations. As a principle, it is valid, standalone, but with all that is going on around security in the global environment, it just seems a bit naïve that this is where the government’s mentality is. So, I reiterate, governments just seem not to have no clue as to how all this works in the digital age.
Here is the big problem with backdoors – and it is so fundamental, they should know it. Implementing them opens a Pandora’s Box of issues. While there are too many to go into detail on here, the global one is that a backdoor is breachable by anyone who can figure out the access parameters. It is not specific to only one entity, even if the entity is the only one given access capability. Backdoors simply make the technology inherently less secure. It is, essentially, designing a vulnerability into security features. It is only a matter of time before it is exposed by the bad actors lurking in the dark corners of society. And, do we really trust our government to stick to what they agree to, with backdoors?
So, why would the United Kingdom, the United States, and Australia all push such an agenda? Well, it all comes back to my common denominator, they really do not understand security and privacy. Such a request defies all logic in the current security and privacy landscape.
Some of the logic is laughable. For example, some text in the drafted document reads “Our technical experts are confident that we can do so while defending cyber security and supporting technological innovation.” Really? Just who are their “technical experts” that they think they can secure backdoors? It seems that politicians just do not live in the real world. Backdoors have never been designed for anything other than hardware and code manipulation (updates, code revisions, test, etc.) designing one for something like monitoring communications is ludicrous and akin to allowing the government to, clandestinely, eavesdrop on any, and all, conversations.
If we draw a parallel in a simpler example, doing this would be akin to encircling your home with the latest security system, having a professionally trained guard dog, a security service physically monitoring the premise, perimeter sensors, cameras, vibration sensors, audio sensors and the like. However, when the security is in place, we leave a window guarded with no more than a combination lock. It makes no sense.
Now, switching hats. Not that I believe law enforcement should not have access to suspect criminal digital data. I had taken the position that Apple should have worked with the FBI to retrieve the requested data. I reiterate this is the digital era. There are new mediums that need to be addressed, when it comes to privacy and security, using new methodologies, not decades-old precepts that never envisioned the issues that arise with this “new media.”
The challenges faced by 21st-century law enforcement need some support from the political arena. However, the political arena needs to come into the 21st century, first. Requesting something as ridiculous as a backdoor so law enforcement can have carte blanche to monitor every bit on every social media and other platform shows how woefully out of touch the Politbureau is.
The smart play is to get high-tech involved in drafting legislation and new technologies to be able to allow law enforcement, under tightly controlled conditions, to be able to acquire suspect data while still protecting the fundamental rights of citizens. It would do government well to create a “Department of Technical Competence” – a nonpartisan, politically autonomous agency, full of knowledgeable geeks that work on developing platforms to protect both the user and enable law enforcement to acquire evidence in the digital ecosystem (and lose the “technical experts” that believe backdoor can be secured).
There has to be a middle ground here. Neither the uninformed Washington bureaucrats that want the backdoor nor the radical left ACLU can have it their way. This is a brave new digital world and it is time to update both the policies and the policy makers.