The advent of the digital age has brought the debate about where to draw line between individual privacy and national security into clear focus. The nature of the problem is fairly simple. If you protect digital information with strong encryption it prevents bad actors from accessing that information. It has the drawback of preventing law enforcement from accessing that same information in the event that they need it for investigative purposes. Individuals want to keep their data safe and private, while law enforcement wants to have access to the information that they need to prevent crime. Technology companies cannot provide both parties with what they want. If they cater to the government then they expose their customer’s data. If they go down the route of total privacy, then the government loses the ability to access the information they want.
So which choice leaves our society in a better position? The government’s stance is that we can have encryption that is safe enough for most users, while still allowing law enforcement to access data when they have the legal authority. This seems fairly reasonable at first glance. Most citizens do not have a need for industrial strength locks on their homes, so why would they need the digital analog for their data? This comparison misses the fact that digital data is vulnerable to many more bad actors than physical locations. You have to worry about every hacker in the world, not just the burglars in your neighborhood or city. Weakening encryption results in a dramatic loss of data privacy for individuals when viewed in this light.
Additionally, worrying about “Big Brother” is a valid concern. You only have to look at the use of mass surveillance in a country like China to see how dangerous it can be to give governments total control over their citizen’s data. One would hope that strong institutions and democratic traditions could responsibly use the tool of mass surveillance but once the cat is out of the bag it can’t be taken back. Living in a country where you are constantly tracked and monitored is not desirable.
I think that for those reasons technology companies should continue to make user privacy a priority. With that being said, they do have an obligation to do their best to cooperate with law enforcement. I also think that there may be technical solutions to the problem of sharing information when it is needed. Engineers need to consider the ramifications of a completely encrypted service. While it protects the average user’s privacy it also enables bad actors to communicate freely. Software developers need to consider whether or not they are comfortable with a platform that protects potential criminal activity. If no technical solution can provide individuals with the necessary level of privacy while simultaneously allowing law enforcement access we need to make a difficult choice. I think overall, the damage done by weakening encryption would be worse than the damage done by giving law enforcement less information. If we weaken encryption, law enforcement could access data but so could every hacker. For that reason, I believe that user privacy should be paramount for technology companies.
CS Ethics 