Nothing to Hide, Nothing to Fear? Soon you may have no option…
If the constant succession of IT privacy scandals throughout 2014 left you wondering whether anything you do online is truly private, 2015 may be the year you get your answer.
In the wake of the recent terrorist attacks in Paris, governments appear to be redoubling their efforts to make sure there’s no kind of online communication that remains beyond their prying eyes. The basic message is that if we are to be protected against future atrocities, security services must have the means to monitor all kinds of online activity.
On 12th January, UK Prime Minister David Cameron made a very controversial statement following the Paris attacks. He basically said that he didn’t want there to be any type of online means of communication “that we cannot read.”
This obviously has tremendous technical implications, and as is so often the way with these things, Cameron’s sweeping statement shows a fundamental lack of understanding as to how technology works.
How exactly would such a system work? Would encryption technologies be banned? Would vendors be forced to introduce “back doors” into online communication systems? And, perhaps most significantly, how could any of this possibly be made to work when the Internet is decentralised by its very nature, making any solution require global co-operation and agreement for it to be workable?
Then you arrive at the fact that any “back doors” into systems are essentially security vulnerabilities that could be exploited by the very people governments are looking to protect their citizens from.
Take, for example, FaceTime and iMessage, two Apple services generally considered to still maintain a healthy level of encryption and privacy for users. A CNBC report has even referred to the possibility of these being banned if governments cannot access them. If, instead of a ban, Apple were forced to implement a known “back door,” it doesn’t take a genius to work out that cybercriminals would work overtime to find their way into it.
Meanwhile Angela Merkel, the Chancellor of Germany, has stated that she wants to enforce a new “minimum period” of data retention, according to a BBC report.
Her aim is to push through a law that will enforce these requirements across the entire EU.
It’s not only European countries using the recent atrocities to push forward an IT security agenda.
Still smarting from the high-profile attack on Sony just before Christmas, president Obama has put forward a raft of new cyber-security laws, which according to another BBC report will “improve the way the government and private sector share information about cyber threats.”
Quite what this entails is unclear at this point, but it’s hard to escape the cross-purposes at play here, which fundamentally come down to a lack of technical knowledge.
If Obama wishes to prevent another security breach on the scale of Sony’s, but Cameron wants to reduce encryption and create “back doors” in systems, how exactly are these two aims supposed to come into alignment? Making systems less secure so that governments can listen in on potential terrorists also makes them less secure against those that wish to attack them.
“The blind leading the blind” is a phrase that springs to mind. Either way, in the months to come, expecting anything you say or do on the Internet to remain truly private is perhaps an unrealistic dream.