What would you do about private digital communication services if you were a leading political figure? How would you balance the priorities of privacy to best foster the development of your nation’s digital economy (relying on citizens and businesses digital trust) and the importance of counter-terrorism activities through digital surveillance?
I found interest in the following article reporting on Emmanuel Macron, French presidential candidate, and his plan on the subject. Macron reported in his counter terrorism presidential plan:
“Internet service providers will have to assume one day to have been accomplices of terrorist attacks if they persist in their position [of not allowing the circumvention of their encryption services]” (Emmanuel Macron, 10 April 2017)
And he vows to launch “A major initiative to create a procedure of legal requisition of encrypted services from large Internet services providers” (Emmanuel Macron, 10 April 2017)
Terrorist groups are suspected to use private communication apps, such as WhatsApp, Telegram, Signal, Wickr, iMessage, SudoApp and others to privately manage their activities. Those apps are free to use. They provide a private communication channel empowered by cryptography. The messages they exchange are encrypted. Law enforcement and intelligence agencies cannot effectively decrypt those messages, especially when the messages are encrypted end-to-end, to possibly monitor developing terrorist activities.
Encryption works, as expected. This is excellent for privacy and for developing the digital trust that the digital economy relies on. This is also understandably a challenge for law enforcement and intelligence agencies to conduct well intentioned, targeted and legal surveillance activities. For example, James Comey, USA FBI Director has provided multiple reports on the challenges that encryption poses to law enforcement.
“When my folks see something that is encrypted, they move on.” (James Comey, USA FBI Director)
As such, there has been recent attempts to legally force technology providers to deliver options to circumvent the encryption of private communications for the benefit of law enforcement purposes. Examples include:
- Lavabit shut down their email service in 2013 after the US government ordered it to turn over its SSL private keys, in order to allow the government to spy on Edward Snowden’s email. Lavabit opted to do so to protect the privacy of all their clients, and their reputation.
- FBI-Apple encryption dispute, 2015-2016
- British Home Secretary, Amber Rudd, calls the encryption of messages on services such as WhatsApp to be “completely unacceptable” in the fight against terror and
“we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp.” (British Home Secretary, Amber Rudd)
- Emmanuel Macron’s plan as referred to above, and many other examples.
I appreciate the argument that breaking private communications could assist in operating better surveillance, in identifying suspected terrorist activities and in delivering a better safety to citizens. I then appreciate the intent behind the agenda of some politicians on the subject.
Leading political figures, such as Malcolm Turnbull and Donald Trump, are however reported to also use private communication apps themselves (BYOS, Secure Communication for Hack-Fearing Politicians & others). The reports of politicians using such apps have increased following key data leaks impacting politicians such as the DNC hack and the allegations of state sponsored involvement for the purpose of political influence.
Put yourself in the shoes of a leading political figure nowadays. Imagine you have a very sensitive message to communicate to somebody in your official function of leading Government figure. What would you do?
- Option 1 – use an official Government email service for it?
- Option 2 – use a private email for it, perhaps with PGP encryption?
- Option 3 – use private communication apps providing functions such as end-to-end encryption, no message storage on server, time-lapsed messaging (disappears from source and destination after a period of time or upon reading)?
- Option 4 – revert to analog communication? (make a phone call, send letters, meet in person, see Less digital for more security?)
Considering the recent headlines of Government and other politicians communication data leaks, I have no doubt you would be thinking carefully about it. Option 3 would be a convenient option, and it is one that is popular with some politicians already. However, what would you then do if you also knew that private communication services had backdoors in place as forced by your Government (or a foreign Government) supposedly designed to be only used by Government authorised entities (your Government and possibly also some foreign Governments)? What options would you then have to communicate efficiently and trust you wouldn’t get reported in Wikileaks and get in trouble in the media?
I suspect the case presents a dilemma and there would be different views on how to best manage it. What do you think?