Privacy Vs. Security: A Look at the Past, Present and Future

In the fall-out of the attempted assassination of former President Trump, we find ourselves once again embroiled in the age-old debate of privacy versus security. On one side, law enforcement agencies argue for the need to access encrypted communications to investigate and prevent serious crimes. On the other, privacy advocates and tech companies stand firm in their commitment to protecting individuals’ right to privacy through unbreakable encryption.

The truth is, neither side is wrong. Law enforcement's desire to protect public safety and investigate crimes is entirely valid. Equally valid is the concern for individual privacy and the potential risks associated with creating backdoors in encryption systems.

Looking Back

The power struggle between the federal government and American citizens over privacy has always been a rocky road, filled with twists and turns that play like a big-budget thriller. The “crypto wars” of the 1990s saw cryptologists, mathematicians, and other technologists going head to head with the NSA over the controversial Clipper Chip, a fed-backed initiative that included a built-in backdoor for law enforcement access. Fast forward to 2013 when NSA intelligence contractor Edward Snowden blew the whistle on global surveillance programs, forever altering the mainstream public perception of data privacy and what it means to live in a digital world.

A few years later, in 2016, the FBI requested Apple's help to unlock an iPhone used by one of the perpetrators in the tragic San Bernardino shooting. Apple refused, citing the potential for creating a backdoor that could be exploited by anyone. The clash between the Cupertino-based titan and the feds ignited a fierce response from the tech community. While understanding the FBI’s reasoning, many felt the implications of developing a backdoor would be far too damaging to the average iPhone user's privacy. The FBI eventually accessed the phone with the help of a third-party company, but it took roughly a month.

Where Are We Now?

According to FBI Director Christopher Wray, the Samsung phone of President Trump’s would-be assassin was made accessible within 40 minutes, thanks to an unreleased tool from Israel-based vendor Cellebrite. This fact alone is noteworthy with regards to the technological capabilities of the federal government. While the FBI has been able to break into phones for years, they can now do it much faster. 

We’ve learned from Wray’s congressional testimony that unlocking the phone was just the first step in the intelligence-gathering process. Wray has stated that the gunman used several encrypted messaging applications on the phone, which have not been accessed or decrypted yet. Wray went on to state that the agency has begun “legal proceedings” to access that information. Wray also stated in his testimony that the FBI may never gain access to some of these applications.

Much like the case in San Bernardino, the FBI appears to have subpoenaed the parent companies of the encrypted messaging applications, demanding they decrypt the shooter’s data. However, it may not be this simple. Some applications like Signal and WhatsApp give users their own encryption keys, which are stored locally on said users device. Hypothetically, if you had access to the device you could gain access to the keys, but an array of security measures make this extremely difficult in practice. Reports have surfaced that Cellebrite is also attempting to aid in accessing the encrypted data. 

With messaging services legitimately unable to access users' encrypted messages, Wray might be correct with his assertion that the encrypted data may never be decrypted, leading to lawmakers rehashing the idea of developing backdoors. 

Despite speculation and accusations of the NSA having a backdoor to Signal, there is no concrete evidence to suggest that is true. 

What Happens Next?

While technologies like privacy-preserving analytics on sensitive and fully encrypted data offer a potential workaround in certain contexts, this conversation isn’t ending anytime soon. However, as cybersecurity measures continue to develop, so will the dynamics of the privacy vs. security debate.

There are two factors that I’d like to call out that may have a significant impact:

Stronger Encryption: As encryption technologies continue to improve and become available to everyone, it will become increasingly difficult for governments and law enforcement to access data, even with court orders. This is already our reality, with the Trump shooting case a perfect example. With the deceased gunman seemingly holding his own encryption keys, the FBI is short on options to decrypt his data. More cases like these could lead to a push for aggressive laws requiring backdoors or weakening encryption standards, which would obviously be met with resistance from privacy advocates and tech companies.

Quantum Computing: The development of quantum computers could potentially break current encryption methods, leading to a new era of cryptographic innovation. While potentially decades away, what experts have dubbed “Q-Day,” or the moment in time when encryption can be effectively broken, has potential to change how we think about security at-large. As expected of a forward-thinking industry, “Q-Day” is driving the development of quantum-resistant algorithms, which aim to secure data against future quantum threats.

As we traverse a world that is constantly disrupted by innovative technology, we must continually reassess how to balance individual privacy with security. There are no easy answers, but the consequences of our choices will profoundly shape our digital future. It's crucial that we, as a society, remain engaged in this ongoing dialogue to find solutions that protect both our security and our fundamental right to privacy.