Ever since Edward Snowden burst onto the national scene, there’s been an increasingly charged debate in the United States about whether privacy or security should be prioritized over the other. As this rhetorical tussle has continued, technology has radically evolved and become more sophisticated—but so has the threat posed by terrorists and other bad actors using this technology.
Is there a consensus or middle ground guaranteeing both network protection and customer data security? Or is it just an endless argument with no resolution in sight?
Hands off my data: The case for privacy
The battle over privacy versus security came to a head in 2016, when the FBI demanded Apple help law enforcement officers unlock the San Bernardino shooter’s iPhone. Apple wasn’t having it, claiming that effective law enforcement operations can’t come at the expense of customer data security. Doing so would have required the tech giant to create a backdoor into its products that could be used for both legitimate purposes, such as executing a search warrant, and nefarious ends, such as hacking exploits by opportunistic nation-states.
In Apple’s view—both then and now—customer privacy must take priority. According to Motherboard, though, the feds may not even need Apple anymore—police forces and federal agencies across the country have purchased a tool called GrayKey that can unlock iPhones and bypass their encryption.
Meanwhile, the Justice Department is pressing the tech industry to grant law enforcement access to encrypted digital devices when a warrant has been obtained. But many information security experts say it’s impossible to create this type of magic key for law enforcement without simultaneously creating a dangerous vulnerability—and even the government can get hacked these days. After all, it was a leaked NSA tool that gave rise to the recent WannaCry cyber attack.
Privacy advocates, like the Electronic Frontier Foundation, are also worried about stingrays, or cell-site simulators, which police can use to track and surveil a cell phone’s location, messages, and calls. They’ve argued that, just as with an encryption backdoor, a stingray can be used for both good and evil—potentially putting national security at risk.
Not to freak you out, but their concerns seem legit, at least to a certain degree. As WIRED reports, the Department of Homeland Security recently admitted it detected rogue stingrays in the DC area, raising fears of foreign surveillance in the nation’s capital. To the privacy-minded American, this technology is a Pandora’s box that should be treated with great caution and a vigorous public debate.
Defend the homeland: The case for security
The feds have a strong national security argument, particularly when it comes to preventing terrorist attacks. Once a judge has granted them authorization, law enforcement officers believe they should be able to access the digital devices and services used by suspected terrorists to defend the homeland from an imminent threat. And they have a point: Terrorists are getting more tech-savvy all the time. In fact, ISIS actually has a help desk to answer noob terrorists’ questions on how to hide their communications from counterterrorism professionals. As far as the government’s thinking goes, the United States has no choice but to keep up with this global technological arms race at all costs.
Criminals and terrorists are “going dark” with encrypted devices and communications apps as they secretly plan crimes and attacks, and this frightening reality poses an unacceptable level of risk to the United States. Security advocates argue that just like a landlord who’s presented with a warrant for a tenant’s apartment, tech companies have an obligation to provide law enforcement with a “master key” to access a suspect’s digital assets and potentially uncover evidence of a crime.
Of course, privacy advocates would counter that analogy, saying it doesn’t quite work in the digital age, since a landlord’s key generally can’t also be used by malicious hackers or nation-states. And therein lies the rub: Can privacy advocates and security proponents reach a consensus in the midst of this incredibly charged, high-stakes debate?
For the moment, as The New York Times reports, FBI and Justice Department officials have been meeting with security researchers working on ways to provide “extraordinary access” to encrypted devices without creating serious vulnerabilities in the process. At the same time, though, Congress may soon take up proposed legislation on encryption, forcing Silicon Valley’s hand and potentially compelling its compliance. In other words, the argument is far from over.
Grappling with privacy and security in the business
IT also faces tricky challenges when trying to maintain both privacy and security in the digital age. Fortunately, they can take several smart steps to address both concerns. Business technology that features innovative, leading-edge security can do a good job of maintaining user privacy, as well. Next-generation printers, for example, can detect a malware attack in progress and self-heal on the spot, defending the business from an incursion that could have ended up compromising network protection and, ultimately, leaking employees’ or customers’ personal information.
Although you might overhear the occasional crack about IT’s perceived status as Big Brother, since they technically have broad access to the data and communications of their business colleagues, the truth is you and your IT team can play a very positive role in helping employees understand how issues of privacy and security affect them in their work and personal lives. By conducting regular security awareness trainings, for example, you can teach staff how to spot a malicious email or identify a dodgy-looking open wireless network. That’s a win-win for everyone involved, since it protects both the business and its employees.
At the end of the day, the privacy versus security argument will rage on, with privacy advocates claiming Americans’ fundamental rights are at stake while security proponents warn that terrorists are concealing their dark plans by using cutting-edge technology. Although it’s hard to predict where the chips will fall, the best way to find the right resolution is for everyone—regular citizens, businesses, and governments alike—to have a healthy, informed debate about how they can strike that precious balance between security and privacy.