President Obama recently told Americans that we have to give up some privacy in the name of security. Is the government’s demand reasonable?
Last month, I took up the issue of privacy from the perspective of the end user. This time I will try to shed some light on the government’s position, to see if it’s reasonable.
From the advent of telecommunications systems, the government has maintained the ability to tap calls and collect our communications. However, thanks to the Fourth Amendment, there has always been a pretty robust set of checks and balances in place. To tap a call, the (executive branch) investigators needed to get (judicial branch) approval in the form of a warrant. Further, if they collected data outside of the scope of a warrant, that information was inadmissible in court. If they happened to learn things from illegally obtained information, that information was deemed “fruit from a forbidden tree,” and it too was inadmissible.
For a long time, this arrangement provided a pretty good balance between privacy and security. But things changed.
First, encryption entered the equation. Later, the Snowden revelations put everything into “ludicrous speed” (with apologies to the movie Space Balls).
As computers became more powerful, scientists built encryption systems using software as well as hardware. These systems were used to safeguard our privacy, among other things. From the beginning, though, the government has done all it could to throttle the rate of progress. Because encryption is math, and therefore knowledge, it couldn’t be stopped. Its adaptation can be slowed down, however, and that is what the government has attempted, by limiting exports, key lengths and other things. By doing this, the government was presumably able to stay one step ahead of the bad guys.
In the 1990s, we started to see commerce arrive on the Internet, and with it, a higher need for communications privacy. So we saw SSL and then, later, TLS. And now we have secure communications, right?
Turns out that our trust in SSL was largely unsupported. A wise professor of cryptography once told me, “Rule number one for developing a security protocol is: don’t!” I thought he was more than a little paranoid. That is, until the Snowden revelations of a couple of years ago. Now his paranoia seems quite reasonable.
The Snowden revelations taught the public that our secure communications were indeed child’s play. SSL and other security protocols were developed by us crypto amateurs, and the pros found our efforts to be downright laughable. So most of the world was blissfully ignorant of the fact that its secure communications were still trivially easy to intercept.
But here’s where things again changed. Whereas before there was a pretty solid system of checks and balances, the public learned from Snowden that mass surveillance was now in play. This meant that pretty much all communications were being collected and were potentially analyzable by the government.
Sign up for Computerworld eNewsletters.