|Privacy, Data Protection and Security|
|Monday, 01 February 2016 16:00|
By: Arthur M. Freyre
The widespread use of encryption technology was one of the major topics trending in technological discussions for 2015. Encryption technology allows a user to protect confidential conversations or information on designated computers by disguising the information into code. This technology safeguards protected data from external parties by making it very difficult for a person to access information, if they do not have an encryption key.
Without an encryption key, those that attempt to access these files without authorization, or hackers, see illegible characters and gibberish on their computer screen. An encryption key utilizes a program that allows the user not only to conceal their information, but also allows authorized access to view protected files. Companies are beginning to use encryption technology as a standard defense against hackers because of this advantage.
Due to the universal applicability of encryption technology, the general public also makes use of such programs. Based on the widespread use it is safe to say hackers, terrorists, and other criminals are using this technology to protect incriminating information that may be monitored by governments. The debate over ethical use of encryption technology is expected to be one of the dominating issues the Congress will face in 2016.
The current dispute among legislators calls in to question the extent to which federal agencies should have access to encrypted information without requiring probable cause or permissions.[i] The argument in favor of government access points to the fact that the terrorists responsible for the attacks in Paris used encryption technology in shielding communications with each other during the initial planning stages. Government officials argue that by having access to the encryption technology they will have an upper hand in pro-action and prevention of similar assaults in the United States.
Many in the technology industry strongly oppose this view. They believe that by granting the federal government this access it will increase opportunity for temptation for agencies to unnecessarily monitor private and personal communications here in the United States. Many point to the consequences of public disclosure of classified information by former CIA employee Edward Snowden and his observations regarding the National Security Agency and it’s ability to conduct global surveillance.
The concerns on both sides are substantial and legitimate. On one hand, the federal government is faced with infinitely evolving challenges as technology plays a crucial role in national security. Following the devastation of both the September 11 attacks and recent tragedy in Paris, prevention has become essential in combating terrorism. Yet, the idea of enabling government authority to indiscriminately override encryption keys for intelligence operations without instituting requirements ensuring honest oversight can be worrisome.
A third possible option, balancing preventative measures and the right to privacy, can be defined by regulatory humility. Regulatory humility is a term used by members of the Federal Trade Commission ("FTC") regarding regulations and necessary use of current technology. It calls for a framework providing flexibility in establishing guidelines across various agendas instead of relying on a one-size-fits-all approach. The combination of authority, accountability and information collection allow for more rapid reaction and response to policies, which may become obstructive as conditions evolve.[ii]
Though it may sound like a simple solution, reflection can be increasingly difficult in times of trepidation, where reservations are high and the desire to maintain authority is confronted with acknowledging weakness that will require change.
Regulatory Humility can be achieved, however, once bias and insecurity are eliminated. The Congress is very capable of this and should focus on establishing a more flexible framework. As threats to national security become more serious we must provide federal intelligence agencies with the tools necessary in effectively combating terrorism while, at the same time, respecting privacy and maintaining accountability for those tempted by power and authority.
[i] See publication by Inside Sources considering various approaches to Cyber Security, Security and Privacy [http://www.insidesources.com/mccaul-encryption-keeps-me-up-at-night/] [ii] TechPolicyDaily investigates the importance of Humility on Regulations [http://www.techpolicydaily.com/communications/importance-regulatory-humility/]