There is a battle raging over security and you and I are in the middle of it. One the one hand there’s Yahoo, twitter and Google stepping up their use of encryption and the quality of their encryption. On the other hand Foreign Policy reports that the US and some other countries are trying to block UN efforts to establish worldwide Internet privacy rights. So we are seeing a battle of individual and corporate confidentiality vs. potential national security concerns.
I have talked about confidentiality and encryption before, of course. Bob has talked about secure storage in the cloud, too. And those are not the only times we’ve discussed this issue. What’s happening now is that a divide is growing between individual interests and government interests.
Historically, encryption has been a big deal for governments. In World War II, for example the Allies use broken Japanese and German encryption to save countless lives and to shorten the war. Many countries still restrict the use of encryption by their citizens and others within their borders due to the lessons learned during the War.
Many scholars believe that Americans have a right to use encryption granted to them by the Fourth Amendment to the US Constitution: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” I don’t want to go into the law surrounding this amendment, as I am neither a legal scholar nor a lawyer. But it is easy to see where those trying to protect a nation from cyberattacks might see a conflict between this and their efforts.
I believe that the efforts of the major industry players to increase both the use and the strength of encryption on their networks are valuable to their users. I know bad actors can use encryption to hide incriminating evidence. And I know that other evildoers can use encryption to communicate securely to conspire to commit serious crimes and terrorism. But the truth is they have been able to do so for some time and they have seldom done it outside of large enterprises. Protecting the privacy of individuals is laudable and it should be encouraged.
I would really like to hear your views on this. Whose issues trump the others? Is confidentiality a right? If so, should there be limits, and what should those limits be? Should an international body like the UN declare confidentiality a “right,” and what does that mean for individuals in countries where it isn’t (or even where it already is)? I know that is a lot of questions, but this is an important subject for those who are interested in security – of nations and of individuals.
PS: If you take Learning Tree Course 468, System and Network Security Introduction from me I’m more than willing to discuss this with you in person.