Laymen often think that privacy principles are at odds with security. This post explains why privacy needs security – at last the kind of security I endorse.
Privacy is all about control over our personal information – guaranteed since 1791 by the 4th Amendment to the US Constitution. Privacy protections exist in telephone conversations (1934), health records (1964), US mail (1971), education records (1974), financial records (1978), identity information (1982), cable communications (1984), electronic mail (1986), polygraphs (1988), license and motor vehicle records (1994), telecommunications (1996), and information about children (2000).
Security ensures that control of our personal information, or at least that what it’s supposed to do. Reasonable efforts must be made to prevent the loss of collected information. Individuals are also entitled to know when and what information is being collected and be able to opt out of such collection.
The conflict comes with the other duty of security – the identification of violators and collection of the evidence needed to prosecute them. Enter “Apple vs FBI”. So, how can the two sides of the security coin exist in peace?
The same framers which guaranteed privacy also established the process to which wrongdoings would be investigated and prosecuted. Security must either establish probable cause – the belief that a search will discover criminal activity – or the consent of the accused to conduct a search. If consent is not obtained, law enforcement must submit a warrant to search and receive written permission from a court of law. Regardless of consent, property cannot be seized without a warrant.
So what about “Apple vs FBI”? In this case, a warrant to search was approved but the appropriate evidence could not be seized due to the strong encryption. Unlike previous cases involving telecommunication carriers, the accused has the encryption keys, not the technology company. Does law also allow law enforcement to break security? No.
The debate goes a step further. Imagine all authorized software having back door keys available for law enforcement. What prevents criminals from using unauthorized, black market cryptography? We’d have law abiding citizens with weaker security – not the criminals we are attempting to prosecute.
Leave a Reply