The revelation that Germany’s own foreign intelligence service (BND) has been spying at the behest of the U.S. National Security Agency is another unwelcome shiver in German-U.S. relations, which are still frayed from the last security glitch – Edward Snowden’s revelation that the NSA was tapping Chancellor Angela Merkel’s private cellphone.
Ironically, perhaps, just at the spy scandal was grabbing headlines in Germany, a U.S. appeals court in New York was clipping the NSA’s wings by ruling that the agency’s widespread collection of telephone records was illegal. Although the court did not order a halt to the current program, its decision will play heavily into the current debate in the U.S. Congress about whether or not to modify key provisions in the USA Freedom Act that allow the wholesale collection of telephone records by the U.S. government.
Both of these developments raise a much bigger set of questions about what security and intelligence officials can legitimately do in an era of “big data” where every individual who has a cellphone, mini-pad or a computer leaves digital footprints that can potentially be scrutinized by others – governments, bad guys and private corporations that want to collect and sell your data.
The dilemma will only become more acute as we move into the so-called Internet-of-Things (IoT) where it is not just your cellphone or computer that is online, but many of the ordinary objects of daily life such as your car, the lights in your home, your appliances and even your toothbrush, which could allow the unscrupulous to steal your identity and track your everyday movements and personal habits.
In this new digital era, governments must recognize that they too have a responsibility to respect the privacy of their citizens online and uphold the rule of law. This responsibility must accompany the legitimate role of governments to protect their citizens from terrorists, criminals and others who seek to do harm.
When governments intercept communications and collect data over the Internet, they should only do so for reasons that are publicly stated, clearly authorized and reasonable. Data collection should be based on the principles of necessity and proportionality. That is to say, intelligence and security officials should not have an unrestricted hunting licence to collect anything and everything that is communicated across the airwaves or goes online. Just because “they can” does not mean that “they should.”
But we also shouldn’t pretend that striking the right balance between the imperative to respect privacy and simultaneously promote public safety and security will be easy. The bad guys can use technology to do harm through hacking, recruit converts to their cause and create disruption. Respecting privacy and online rights should not leave us, as democracies, with a knife in a gunfight.
New technologies of encryption, such as end-to-end encryption that is available on Apple’s iPhone 6, will make personal communications more secure and help restore public confidence in the Internet, which a number of major public-opinion surveys have shown has eroded. However, they will also make the job of intelligence gathering by national security and law-enforcement officials more difficult, which is why some have urged that “back door” keys to unlock encryption codes be made available to governments.
However, the reality is that any back-door key that is given to government authorities will also eventually find its ways into the hands of criminals and terrorists. Authoritarian regimes will also try to get their hands on these keys to spy on their own citizens and track down dissidents and human-rights activists. No system is airtight or foolproof. If you leave extra keys lying around, someone is eventually going to find them.
Instead of trying to stand in the way of privacy-enhancing solutions to make the Internet more secure, public officials should support these developments, which will help restore public trust and confidence in the Internet.
As a recent statement by the Global Commission on Internet Governance, delivered at The Hague Cyberspace Conference last month, urged: “For the Internet to remain a global engine of social and economic progress that reflects the world’s cultural diversity, confidence must be restored in the Internet because trust is eroding. The Internet should be open, freely available to all, secure and safe.” New technologies of encryption can contribute to that goal.