The past few weeks have seen most of the tech industry line up against law enforcement and intelligence agencies over the matter of encryption and privacy. I particularly liked Google’s recent conversion to privacy as it wasn’t that long ago that Eric Schmidt, Google CEO, said that, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
Moving on, there’s been a great deal of emphasis on the privacy aspect, but few have noted that encryption is mainly about secrecy, and that privacy and secrecy are not the same thing. If you do think that privacy and secrecy are the same thing, consider this, “It’s no secret that you go to the restroom, but it’s something you do in private.” I can’t claim credit for this – Bruce Schneier was discussing this over ten years ago and I thoroughly recommend you read some of his recent posts on the matters too.
You might also like to think of it this way; a private home v. secret hide-out. The former is in plain sight but restricted to the owner and his guests, whereas the latter is hidden and known only to a select few.
With a better understanding of the difference between privacy and security, a more reasoned debate can take place, which needs to be agnostic of the technology, to decide the rights of the individuals and the responsibilities of law enforcement.
Ask yourself some questions, “Should what person X does (on their phone) be private?” and “Should what person X does (on their phone) be secret?”. Remember, person X might be you, your family, your friends, your colleagues; person X might be suspects, criminals, murderers, terrorists, paedophiles; person X might be freedom fighters, democracy activitists, oppressed women, abused spouses, LGBT members. You get the picture, person X might be someone you approve of, or they might be someone you don’t like.
The easy answer is to say that person X should have privacy but not secrecy. Does this guard against wholesale monitoring of communication by intelligence agencies? Snowden has shown that this happened and I think most people would see this as an overreach of their authority with no legal oversight. But once person X has come to the attention of the authorities, does that strip away any right to privacy? What level of suspicion is needed, what evidence is required, what is the process of law? None of these have easy answers.
Undoubtedly this is a complex affair with hyperbole, thin-end-of-wedge-ism, and freedom protestors in dictatorships by the bucket load. For certain, we need to move this away from the technology and into human, societal and legal rights. Nothing is black and white, but this is about the future and the world we want to live in. Personally, I firmly believe in privacy, but I’m not so sure about secrecy. I use encryption on my phone as reassurance that should I lose my phone, important data won’t be misused by the finder. Generally I feel that wrong-doers, alleged or otherwise, shouldn’t have secrets, but I’m always concerned about the abuse of power. As always, “Who watches the watchers?”
(The other curious thing to consider is regarding dead people. Generally, they don’t have the same legal rights as living people. What would this mean?)