By Athena Narsingh, JD Candidate in Common Law at the University of Ottawa
Last year’s San Bernardino’s mass shooting called attention to a new wave of privacy issues – encrypted information protected by communication corporations, like Apple and Whatsapp – that potentially challenge national security.
Encrypted messages are not new. Terror groups, like al-Qaeda, have been using encryption since before 9/11. But new technology has made encryption easier to access and even more secure. Consequently, it’s become harder for the Government and intelligence agencies to access information.
San Bernardino Shooting
On December 2, 2015 Syed Rizwan Farook and Tashfeen Malik, a married couple, opened fire at a holiday party at the Inland Regional Center in San Bernardino. Fourteen people were killed and twenty-two injured. The two had been planning a terror attack since before their engagement over a year ago.
The FBI wanted Information off the shooter’s iPhone, and asked Apple to disable an iPhone security feature that locks out users and erases the phone’s data once the wrong password has been entered ten times. Apple refused to help despite a judicial order. The company stated that they were protecting the privacy of their users. CEO Tim Cook said that giving the FBI a “backdoor” to access the phone’s information would also give hackers the same opportunity. Cook even released a public letter, stating that creating access for the Government would be an “unprecedented step” threatening the security of Apple’s customers.
Meanwhile, the FBI reported having to use a “mysterious” technique without Apple’s help.
Most recently, Whatsapp has encrypted messages
Other communication companies have followed suit and have created software to protect their users’ privacy. Whatsapp, the messaging service, announced last week that their application is now fully encrypted with end-to-end encryption. This means that when you send a message, only the person to whom you send the message can read it. Co-founders, Jan Koum and Brian Acton posted a blog that explained that the purpose of end-to-end encrypting is to make “your data and communication as secure as possible.”
What does that mean for national security?
Balancing civil liberties with national security concerns has always been difficult. However, complete encryption with no access for intelligence agencies poses another issue: added time and resources. FBI Director James B. Comey stated that the Islamic State has been using encrypted applications to direct people to kill “innocent people”. Intelligence agencies have to invest more time and resources into decrypting and deciphering messages when companies refuse to cooperate.
On the other hand, irrespective of what commercial corporations do, terrorist organizations will make their own encrypted platforms. Sources indicate that some al-Qaeda-linked groups already have.
What does this mean for Canada?
Canadian technology consumers incessantly use communication tools such as Whataspp, Hangouts and other communication applications. If the encryption trend continues then intelligence agencies, such as Canadian Security Intelligence Service will face the same barriers as the U.S. is facing investigating terrorists and terrorist activities.
What is the solution?
Respecting privacy rights and corporate autonomy while addressing national security may never have a solution that satisfies all parties. Some U.S. agencies suggest that companies have a key to unlock encrypted communications when the government has a warrant. But cybersecurity experts agree with Apple’s CEO Tom Cook that a “backdoor” could also give hackers access to encrypted information. The United Kingdom is even tabling a bill that would legally obligate companies to help the Government unlock encrypted information and stop them from using end-to-end encryption. Should Canada follow in their footsteps?
Opting for the U.S. approach may be the most appropriate for Canada – companies provide a key to unlock encrypted communications only with a warrant. This approach balances respecting the corporation’s policy to protect consumer privacy and the government’s interest in national security. I acknowledge that this key may also mean hackers could access the encrypted information, and it may be timely and costly to get a warrant from each company every time. However, this solution is still a better option than having no access or implementing legislation to limit liberty.