Is Encryption Protecting Your Rights? Is Law Sufficiently Enforced To Protect Your Rights? Right To Privacy Vis-À-Vis Encryption And Law Enforcement
Today data have become utmost priority for most individuals and companies. And
when it has become the utmost priority, protecting it from being compromised
also becomes equally important. Many practices have been adopted by not the
individuals to protect their data, but also by the companies to protect its
consumers data. One such method adopted by the tech giants is the encryption
method, in order to safeguard data of their users from being compromised.
However, even after tech giants using end-to-end encryption to protect their
consumers data, latest leak of WhatsApp data shows that encryption does not
provide immunity to the data from being compromised. In such scenarios, does the
legislation provides proper law enforcement in order to safeguard its citizens
and provide them with remedies against such tech giants?
What is encryption?
According to Chris Parker, previously everyone used to write codes in order to
conceal what they are saying, and then share the code with the desired person.
However, in the digital era encryption has taken a new meaning as the user now
does not have to write their own codes in order to protect their information.
With a simple tool and password, user can protect something that would take
years or in some cases even decades to crack the code. That is why encryption
goes hand in hand with protection of data. However, while encryption is
beneficial to the users, it can cause serious problems for law enforcement.
Benefits of Encryption
With the advent and advance of technology, it has become easy for the user to
create data. However, with such easiness, it has become easy for such data to be
compromised as well. Furthermore, encryption protects data at rest when stored
on hard drives, cell phones, or in the cloud, and it can protect data in transit
as it moves from one device to another.
Furthermore, with growing cyber criminals and cyber security war on the
healthcare industry, finance and energy sector, IoT devices have increased the
risks of cyberattacks in almost every sector.
Therefore, in such scenarios, encryption can widely understood to be the only
effective measure to ensure that data is securely stored or transmitted between
two assets, as without secured encryption, data is always at the risk of being
hacked. And for this reason alone, consumer and enterprise data security needs
center around the effective implementation of encryption.
Why encryption goes wrong?
When encryption is the only possible solution to protection of data, why does
it goes south in some situations and user data is compromised?
The major reason for such a problem is sudden demise. Since encryption is one of
the most common technique used to ensure confidentiality, it is derived from an
encryption key and such encryption key is derived from a password, which is
generally held by a person.
One such example of encryption failure is the sudden demise of Gerald Cotton,
who was the CEO of QuadrigaCX, Canada's largest cryptocurrency. And this happen
because cotton was the sole person who had the password that protected $190
million worth of bitcoin owed to investors. After his death, no living person
had access to the encrypted fortune and therefore $190 million worth of
investors money was lost. And the issue does not end there. Ernst and Young was
hired to find the money owed to investors. They were able to access six of his
offline cryptocurrency wallets, however all of which were empty.
Thus, encryption though is the only source of protection data, can sometimes be
the source of lost data as well.
Why encryption is problematic for law enforcement?
As seen from the case of QuadrigaCX, encryption generally creates a tug of war
as to who has the right to decrypt the data. And this issue arises because
several parties view this issue from their particular goals and perspectives.
Furthermore, Government agencies are not interested in the private data of an
average citizen. The main of the there agencies is national security, solving
crimes, tracking threats and keeping their community safe.
And thus, law enforcement agencies view data encryption as retrieval. For
example, if there is data that might show where a child has been taken after a
kidnapping, not only getting the data but getting it in a timely manner is
important.
However, when such data is encrypted, it generally blocks the enforcement
agencies both at the local and national level from accessing data that could be
useful in preventing potential crimes from occurring.
Furthermore, most of the messaging apps use end-to-end encryption, which means
that only the sender and receiver of the message had access to such message and
not even host company or the mediators have access to such message. Due to this
end-to-end encryption, messaging giants like WhatsApp and Facebook are under
immense pressure to install security backdoor, thereby allowing Governments to
read messages if considered necessary. However, Facebook have refused to do so.
Furthermore, this encryption of messages have created a lose-lose situation for
the law enforcement agencies, which is trying to balance individual privacy and
collective security.
Another good example of encryption causing problems for law enforcement agencies
is the recent criticism which the Government had to face which says that
authorities shouldn't intrude upon personal freedoms without good reason, but
will wonder why terrorists weren't being observed closely enough to prevent
their criminal acts — even though there may have been no reason to suspect them.
Can Law Enforcement agencies still access messages and data?
Law enforcement agencies still have different methods to access the data. Recent
examples shows that when these tech companies refuses to provide data to the
Government, Governmental agencies had to take help from third party companies to
hack the devices and decrypt the content. The major recent example can be taken
from Pegasus, whereby Government of India came under heavy scrutiny for tracking
the data of millions, when giants like Facebook and Twitter refused to share
data with the Government.
Furthermore, the recent IT Amendment Act, 2021 is another example of forcing
these tech giants to create backdoor for the Governmental agencies to have
access to personal data. Creating backdoor means the Government forcing the
device manufacturing companies, which are being sold in the country to have
backdoors that easily allows the Government to bypass the encryption.
Problems with the Backdoor approach
While creating backdoor solves the purpose for the law enforcement agencies, it
defeats the whole purpose of encryption. Furthermore, creating backdoor would
only provide vulnerability as a feature, where such feature can be exploited by
anyone without providing plausible explanation. And that's mainly because
Government can create backdoor, anyone can.
Furthermore, law enforcement agencies will not be the only one accessing the
data. Service providers, rogue employees at those services, foreign governments
who discover the backdoor, and cybercriminals who find a way to exploit those
purposely created weaknesses in the system.
Conclusion and Solution
Unfortunately there isn't one. While law enforcement agencies had their own
reasons for creating backdoor, encryption had its own reasons for existing, to
protect one's privacy. And while both are valid and justifiable, both go in
opposite direction and having both cannot be a plausible solution.
Law Article in India
You May Like
Please Drop Your Comments