Skip to main content

Business Commentary Government and industry must find middle ground on encryption

Neil Desai is an executive with Magnet Forensics, a digital forensics company based in Waterloo, Ont. He serves as fellow with the Munk School of Global Affairs at the University of Toronto and the Canadian Global Affairs Institute. He formerly served in senior roles with the Government of Canada.

For months, a single Apple iPhone has held the attention of the news media, legislatures, security agencies and civil liberties organizations around the world. The smartphone confiscated in the investigation stemming from a mass shooting in San Bernadino, Calif., has gone from potential evidence to symbol of a backlash against the questionable use of intelligence in the name of national security.

Apple has latched on to the perceived public mood that governments can't be trusted with customer data, including private communications, regardless of whether they are captured in transit (a grey area in most countries) or from a lawfully collected digital device. The company's latest operating system has been equipped with a level of encryption that it claims it cannot recover, even under circumstances deemed to threaten national security.

Story continues below advertisement

By contrast, BlackBerry has adopted a more co-operative approach, opting to maintain decryption keys. The Canadian company's corporate policy caused some uproar recently when court documents on the surveillance of a Montreal-area organized-crime ring shed light on the "back door" in its technology. Chief executive John Chen advised customers that use of the decryption was not unlimited and that "there is a balance between doing what's right, such as helping to apprehend criminals, and preventing government abuse of invading citizen's privacy."

BlackBerry is clearly in the minority, though. With less fanfare, Google has followed Apple's lead on encryption with the Android platform. WhatsApp, the Facebook-owned messaging platform, recently introduced mandatory end-to-end encryption. Kik Messenger, the Waterloo-based messaging app with hundreds of millions of global users, has made its mark by providing almost complete anonymity.

The public apprehension that some of the world's largest tech companies are using to justify enhanced encryption is real and shouldn't be discounted. A recent study by Ipsos and the Centre for International Governance Innovation (CIGI) on Internet security and trust in 24 countries, including Canada and the United States, found 57 per cent of citizens are more concerned about their online privacy than they were a year earlier. Just 38 per cent believed their online activities were not being monitored.

But leaning on these insecurities as a justification to build impenetrable walls around data is ill-advised. The big-data revolution is actually still in its infancy. While the Internet is more than two decades old, 90 per cent of its data has been created in the past two years, and data creation is only going to expand.

Our connected world will continue to deliver consumer convenience, networked communities, new industries and corporate efficiencies. But we also have to acknowledge that it's enabling a new world of crime and despair.

This goes well beyond what critics of national security agencies would call existential threats, such as terrorism and cyberwarfare. They include crimes such as sexual exploitation of children and fraud schemes that prey on the vulnerable. Both are enabled by anonymity, the ease of operating across jurisdictions and enhanced encryption.

More and more of the tangible evidence law enforcement requires to investigate such crimes is becoming harder to obtain. Evidence laws in most countries were not conceived when cloud-based storage or impenetrable encryption were foreseeable realities. Legislatures will have to come to grips with these modern realities and update laws.

Story continues below advertisement

Both government and industry could benefit from delving deeper into the Ipsos/CIGI data about attitudes on this issue. While there is fear about the unknown capabilities of the modern surveillance state, there is also a pragmatic desire for technology to reconcile privacy and security issues.

Although a majority stated they were more concerned about their online security than they were a year ago, 63 per cent of those surveyed agree that companies should not develop technologies that prevent law enforcement from accessing an individual's online conversations. And 70 per cent agreed that law-enforcement agencies should have a right to access the online communications of its citizens. That number rose to 85 per cent if the communications being accessed were those of someone suspected of committing a crime.

Governments and security agencies can't address citizens' concerns on their own. They will need willing industry partners. These companies should not try to absolve themselves of responsibility by creating products that lock the door and throw away the keys to the enormous amounts of data being generated every day.

Government and the technology industry would benefit from resetting this intractable, existential debate. Both sides would be better served by a principle-based approach that aims to respect privacy while acknowledging today's security challenges. Both should be transparent about what data will be shared with law enforcement and security agencies under what circumstances.

This will not alleviate all tension points – both technology and crime will continue to evolve. Independent oversight of data sharing would go a long way toward maintaining citizen confidence that safety and privacy are both being pursued. It would also give the private sector license to co-operate or refuse demands for data as the situation demands.

Report an error
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter