York City, where hundreds of people are
messaging friends and family
with their phones.
But while they're texting the FBI,
advocacy groups and government agencies
are all battling over who
can read those text messages.
Most messages like those sent from
WhatsApp, which was the most popular
messaging app in 2019 or
Apple's imessage are encrypted.
That means that they are kept
private from everyone except the intended
recipient. And while these platforms aren't
perfect, Jeff Bezos' phone was
recently accessed through a malicious
video message via WhatsApp.
Many people rely on the
privacy that encryption provides daily.
Encryption is basically how you
lock your door online.
Some law enforcement agencies and
dignitaries like Attorney General
William Barr would argue that the
protection provided by encryption also
protects criminals and terrorists.
There are situations where we would
want the government, for example, to
be able to get
access to certain information.
The president believes tech companies
like Apple should be building
encryption with so-called backdoors.
I don't care, we have to get it.
We have to find out what's going on.
The benefits of encryption as
a tool are practically countless.
And few would argue that on either side,
the issue is who should be able
to use that encryption and for what.
On the one hand, you have law
enforcement and government agencies who are
arguing that they need access to information
in order to be able to
prosecute criminals versus those that are
arguing that we need encryption
to protect the functioning
of our democracy.
And many human rights activists, privacy
experts and members of the tech
community believe it is essential
to online and physical safety.
If we don't have encryption.
If we don't have
that level of anonymity.
Then we we simply can't exist online.
And sometimes that might
mean non existent life.
Encryption saves lives.
It saves lives.
You might be surprised how many
services use encryption to keep data
private. Banks use encryption for
mobile payments and deposits.
imessage and signal use end to
end encryption to secure message data.
And encryption is also used to
protect sensitive data like health data.
Your web browser has
strong encryption in it.
Like whenever you buy something
online, there's really strong encryption
happening in the background of it to
protect your credit card and your
your your transaction.
To put it very simply, when information is
sent from user A to user B.
The information is converted into
a jumble of nonsense.
That nonsense is encrypted and
decrypted according to a key.
User B uses that key to decrypt
the information and this is all done
digitally. Encryption is the science of
secret codes, but it is
essentially just math.
It's applied math.
It's not fancy in
terms of technological things.
It's it's fancy math.
It's important to stress that
encryption is a tool.
It scrambles data to an unrecognizable
state even for the government.
The argumentment for most is
what data should be scrambled?
Bank data, government communications.
These things are often regarded as
data that should be scrambled and
therefore secured.
Do we really need there to be
lawful access into the command and control
channels that are used for operational technology,
say, to run a dam or an
electric power plant? There's no reason
you would ever need, quote
unquote, lawful access
to that system.
Personal communications like messages sent with
WhatsApp are some of that
scramble data that's facing scrutiny.
On the other hand, there are other
channels that you can imagine where
there might be a more valid
tradeoff between what the protection that
encryption provides and the needs of
law enforcement to do investigations.
But who is to say
who can scramble what data?
I don't think it's appropriate for the
government to decide that they get
security and we don't.
And curiously, you know, I mean,
if if law enforcement actually went
around your neighborhood and said, look,
you know, there's burglars on the
loose so we want you to
leave your front door open.
So in case you're a burglar, we can
come find you without having to break
down your door. Most people
would say, that's crazy.
Go back and learn your job.
You're supposed to be protecting me.
And the line between digital and physical
safety can be a thin one.
For example, the E F F has
worked with victims of domestic violence to
help them stay safe and secure.
Being able to have communications over
WhatsApp, whether you're trying to
find your way to a shelter, find
a shelter, arrange for whatever is going
to happen when somebody's gonna come get
you or you're gonna get yourself
out making sure that you can cover
your tracks about who helped you, where
you went and where you got help
can be the difference between life or
death for people who are
escaping domestic violence situations.
Encryption is also protecting human rights
activists and folks who are
living in countries with
dictators and persecutory policies.
Esra built a social platform called
Ahwaa, where individuals who identify
as LGBTQ plus can virtually meet and
talk with each other in Middle
Eastern and North African countries such
as Egypt, where homosexuality is
not expressly illegal, but where the
government has used laws against what
they call debauchery, among others,
to criminalize LGBTQ plus individuals.
Encryption is very important us.
I mean, we are operating in such
a sensitive part of the world where
censorship and surveillance are the
norm, where individuals are tracked
not just because of what they believe,
but simply because of who they are.
Their very identity, their very existence
is in fact a crime.
Because Ahwaa is public,
yet anonymized and encrypted.
People are able to share
experiences, share resources and share
life-saving advice.
If somebody, for example, says, I'm a
lesbian in Saudi Arabia, I have
suicidal thoughts because I can't reconcile
my identity with my faith.
You know, and then people can come
who can relate to that topic without
needing to sign in and see what
other people are writing in terms of
support, in terms of resources.
Where can I go to get any types
of counseling, mental health, i f you're a
trans individuals, where can I go
to get some hormonal therapy without
risking my life? You know, this is
what Ahwaa really stands for is
accessibility with the
responsibility for security.
On the other side of the issue
s ome argue that encryption actually masks
threats to national security and
the security of civilians.
Not all access all of
the time is bad.
And maybe we want to take some
of the risks that are associated with
having lawful access.
Understanding that they pose risks.
And we still want to do that anyway.
On December 2nd, 2015, Syeed Farook and
Tashfeen Malik opened fire in the
city of San Bernardino, California, leaving
14 people and the two shooters
dead. During the investigation, the
FBI obtained Farouk's iPhone, but
could not access it
through the passcode.
They went to Apple to unlock
it and Apple couldn't help.
I think it's frankly disgraceful.
I think it's a
disgrace what they're doing.
And I think that ultimately Apple will
have the blood of dead Americans on
their hands for these
kinds of decisions.
Apple's encryption was so good, according
to Apple, that Apple itself
couldn't access the encrypted
data on the phone.
Beyond that, the assistance ordered by
a federal judge would overhaul the
system that disables the phone
after 10 unsuccessful password attempts.
Tim Cook called the order chilling.
We did not expect to be in this
position at odds with our own government,
but we believe strongly that
we have a responsibility to
help you protect your data
and protect your privacy.
We have a tremendous problem with data
breaches and lack of security in
the digital world, and encryption is one
of the very few tools we have
that can help protect us.
And so it's tremendously important that
we stand up for it.
Putting what was being called a backdoor
in the IOS framework would allow
the FBI to access the contents of
iPhones everywhere, as is legally its
right with a warrant, but would also
leave the operating system much more
vulnerable to hackers
and other governments.
It does come across often as the as
the government side sort of more or
less demanding a unicorn, right?
We just want the tech sector to
provide access to their products, but only
for us and only under
the conditions that we say.
And of course, the tech sector says,
well, that's not possible cause math.
The FBI took Apple to court about
the issue, but found another way into
the iPhone without Apple's help.
Yet we're being asked to create a
method to hack our own phones.
The case was dropped, but
the debate still continues.
Encryption is good. The right way
is to leave Apple alone.
The government's being lazy investigations to
hard, so we're just going to
sacrifice your civil liberties .
The price we pay for this privacy
is that privacy covers criminals and the
crimes they commit. Drugs and
gun sales, human trafficking.
These are all done in the very
dark secret and private corners of the
internet. Where are we willing to
risk not getting information for
investigations? Where are we willing to
risk potentially having the bad
guys gain access to a channel
because of you know weakened encryption?
All of our rights have tradeoffs and we
as a society have to decide if we
want to make that tradeoff.
But I think we should recognize the downsides
to the rest of us of taking
away our security and balance that
against making it maybe slightly harder
and maybe a few cases for the
FBI to to catch somebody who's done
something wrong. Facebook is now
in the political spotlight, having
declared its dedication to end to
end encryption for messaging apps,
WhatsApp and Facebook Messenger.
In an open letter to Facebook.
U.S. Attorney General William Barr, along
with dignitaries from the UK and
Australia, warned that, quote, "Security
enhancements to the virtual world
should not make us more
vulnerable in the physical world."
And that, quote, "children's safety and
law enforcement's ability to bring
criminals to justice must not be
the ultimate cost of Facebook taking
forward these proposals."
He wants government bodies to have legal
access to data that could be
involved in a crime.
Important people get security, but
little ordinary people don't get
security. These are challenges that people
like him can't even fathom, you
know, because you've never been in
a situation where your very identities
criminalized. Over 100 organizations signed
a letter urging Facebook to
continue its pursuit of end to
end encryption against the wishes spelled
out in the letter from the
US, UK and Australian governments.
These organizations included the ACLU,
Human Rights Watch and the
Electronic Frontier Foundation.
We felt it was important for Facebook
to stand its ground and to
understand that, you know, that people like
us who work on behalf of
users, you know, if if Facebook stands
with their users on this, we'll
stand with them. The leaders of
WhatsApp and Facebook Messenger responded
to the attorney general, William Barr,
in another open letter saying,
quote, "The backdoor access you are
demanding for law enforcement would be
a gift to criminals, hackers and
repressive regimes, creating a way for
them to enter our systems and leaving
every person on our platform more
vulnerable to real life harm."
I believe Facebook is absolutely
correct to resist this.
I do not think we want
to be creating vulnerabilities because they're
going to get exploited.
I've heard from people, friends and family,
who say, why should I be
worried that the government
has my data?
I'm not doing anything wrong or jokes
that the government would be bored
with my data. But Esra says that she
might have to shut down Ahwaa if
encryption were forcibly weakened.
I think the risk would multiply so
much that we would just completely feel
paralyzed. That we will no longer be
able to grow, maintain and sustain
all of these initiatives. And the Internet
as a whole would lose so many
voices, so many communities, so many
narratives, so many perspectives that
we really need in order to
grow and expand and decentralize, generally
decentralized the Internet so that
it's more representative of
marginalized voices that have been
silenced for too long.
There's also the concern that taking
encryption away from some people
won't stop the criminals who will
find other ways to communicate
privately. If we set up lawful access
to certain channels, the media of
the adversaries will simply move to
channels where that law enforcement
access does not exist.
When you think about the real bad
guys of the world that we're talking
about ISIS or or terrorist groups,
they're gonna have access to strong
encryption. And an American policy
calling for backdoors in encryption
would create an
international precedence.
If Apple creates this backdoor then
China's gonna say, oh, well, that's
nice. Iran's going to say that's
a beautiful backdoor Turkey same thing
right . From 2014 w hen
Apple started encrypting users iPhone content
to 2016, Manhattan's, then district attorney
said he was in possession of
one hundred and seventy five iPhones
that could have provided evidence in
legal cases. Encryption has the potential,
as we've seen, to thwart the
efforts of law enforcement to
catch criminals and prevent crimes.
The Fifth Amendment
right against self-incrimination.
The Fourth Amendment right to be
free of search and seizures.
These are all rights that give
us protection against law enforcement that
has downsides. That means that sometimes
bad guys might go free.
But we know that in order to keep the
rest of us free, we need to have
this balance in the
role of law enforcement.
Amnesty International says there
is no middle ground.
If law enforcement is allowed to
circumvent encryption, then anybody can.
They feel that either everyone is
protected from community activists to
terrorists, from regular people to governments,
or no one is protected.
This is an incredibly complex area that we
will have to grapple with as a
society, and I would much rather us
grapple with it proactively and arrive
at some policy decisions than make you know
bad decisions in the wake of a
disaster. One way or the other.
A lot of people sometimes think,
oh no, this issue is exaggerated.
And the bigger concern is what
if militants are using encryption.
That's why we should ban it, because
in order to protect millions of
people, we need to risk the
lives of a hundred thousand people.
Well, that's not true. I think
that argument is incredibly weak.
I think there's a lot that we
can do to balance the two.
You may not know it, but you
rely on encryption every day already.
And this isn't the government trying
to prevent you from getting
something. This is the government trying
to take away something you
already have.
No comments:
Post a Comment