The Verge had an article last week titled “Apple ordered to open encrypted user accounts globally to UK spying.” I stopped everything I was doing as I read it. Read it again. And then read it a third time.
As I understand from this article, the UK has demanded that Apple create a back door into their core iCloud encryption capabilities to allow UK security services to read any files stored in iCloud for any user. This would not be limited to Apple users in the UK. This would not be limited to servers hosted in the UK. This would allow UK security services to read the iCloud backup data for any global Apple user. And Apple is ordered not to clarify to users that its end-to-end encryption is no longer end-to-end encrypted.
Encryption terrifies many security services around the world. They picture scenarios where a phone has critical information on it that they are unable to access leading to dire and devastating consequences. Therefore, they demand that all technology must be accessible to law enforcement officers regardless of security or encryption. Basically, outlawing encryption and security.
The article is about the UK and Apple. But we can easily picture the same situation taking place between the US and Facebook or Google or Microsoft. And once one of these countries successfully forces the end of encryption in one place, they will push that rule to every service provider they can. And once encryption is broken for one country, every country will demand access to it. And then once a country has access to this unencrypted data, every one of their security services and law enforcement agencies will demand access to it. And that means that the newest, junior law enforcement officer of a 1,000-person town could eventually have access to unencrypted user data for people in an entirely different country.
Yes, that is a lengthy chain reaction. But it is also a highly plausible chain reaction. In the US, small-town law enforcement agencies now believe they need military-grade equipment to carry out their missions and are able to get it. Why would they also not “require” access to nation-state-grade intelligence? It just takes one time in one place for all of our information to be out in the open.
This then leads to the “I have nothing to hide” argument that we see online when it comes to encryption. Only bad guys have things to hide the argument goes. But they forget that stalkers target the innocent. Location and contact data would be part of this data allowing them to more effectively go after their targets. They forget that corporations and investors use these systems allowing competitors and dissatisfied customers to steal sensitive information or target employees that made them angry. They forget that government employees use these systems potentially opening up new angles for countries to blackmail people – or create false blackmail material from real information.
Encryption does not simply hide the data of bad guys. It protects the data of everyone. Just because you have nothing to hide, does not mean it is worth having your data out there for everyone to vacuum up and decide whether to use it against you because of convenience.
And speaking of AI. In a world where private, sensitive data is potentially available, AI becomes exponentially more dangerous. These same nations demanding full backdoor access to data will one day put all that data into some AI to choose profile political or cultural targets for investigation. These people may have done nothing wrong, but simply hold a belief or opinion that the government deems dangerous. No government officials have ever targeted innocent people that they simply disliked after all.
Encryption is vital for our collective future. Strong, end-to-end encryption is necessary. Audited, open-sourced encryption should be the standard. No government should ever have completely free and open access to the private data of their citizens, let alone the citizens of other countries who they will declare have no protected rights within their borders anyway.