If the Government Had Its Way, Everything Could be Wiretapped
In the battle over encryption, governments act like they have the right to learn everyone’s secrets because technology makes it possible.
By Jennifer Stisa Granick, Surveillance and Cybersecurity Counsel, ACLU Speech, Privacy, and Technology Project FEBRUARY 19, 2019 | 10:30 AM
Just how much are the police entitled to know about us?
The battle over encryption and secure communications suggests that governments think the answer is “everything,” at least so long as investigators aren’t violating weak privacy laws. And to carry out that audacious view, policy makers around the world are fighting privacy tools that will protect us from business competitors, criminals, and government abuses.
Twenty years ago, we had a lot more privacy than we do today. Conversations vanished into the air as the very words were spoken. Only a time traveler could turn back the clock to learn whether we’d been at the scene of a robbery, a mosque, or an abortion clinic on any particular date — or who we were with. No one knew if we read The New York Times or the Anarchist Cookbook. The searches we made through the library card catalogs were known to us alone.
Today the technology we use in our daily lives creates long-lasting records about deeply personal things. Email and chat capture our conversations with friends, family, and coworkers. Our cellphones create logs of where we’ve been, where we are going, and whom we are with. Our internet searching and browsing is a window into our most personal interests and curiosities.
Participating in modern society requires that one expose private information to communications providers — and from there potentially to advertisers, marketers, identity thieves, blackmailers, stalkers, police, spies, and more. The boom in communications technology is an amazing, delightful thing. But most companies put innovation, market share, and ad revenue above all else. From a privacy and security standpoint, these tools are broken.
So people are demanding that companies fix the products and services we use to give us back some control over what we reveal about ourselves. The most popular texting tools in the world, WhatsApp, iMessage, and Facebook Messenger, can encrypt texts from one device to another, so that an interloper cannot read them. Many other secure communications tools are now available as well, like Signal, Wire, and Wickr. People want to have private conversations that are not recorded for all time, and these platforms are making that possible again.
To some governments, however, these are not “fixes.” Instead, they’re seen as new obstacles to getting data that police and intelligence officers have become accustomed to having access to. So governments are trying to force the public to continue to use broken technology — and to make sure that future technology is just as broken.
For example, a new law in Australia would force internet companies to modify their services to ensure that investigators can wiretap us and obtain other private information. In at least one sealed court case, the U.S. government has tried to force Facebook to rewrite the code of its Messenger product to make eavesdropping possible. Authorities in India, Brazil, and elsewhere are pressuring WhatsApp to alter the platform so that police can track people and posts. And two officials from the U.K.’s National Cyber Security Centre and GHCQ, the British version of the U.S. National Security Agency, have proposed that no one be able to distribute a chat tool that a spy can’t secretly eavesdrop on.
Governments’ goal is to ensure that records of whatever we do and whatever we say will be available in case investigators can meet whatever justification their country requires for looking at it. This is an astounding and novel premise.
Before the internet was in widespread use, anyone making these assertions would have been laughed at. No one had the audacity to suggest that, even with a warrant, people could be required to record their conversations, talk only in a place someone could overhear, keep a travel journal, or log their reading and research. No one thought that having a confidential conversation was evidence of a guilty intent. No one thought that having a private conversation created a “zone of lawlessness,” as the Justice Department ominously put it.
Now that technology has unintentionally created exactly these kinds of surveillance windfalls, governments want to keep it that way, arguing that if they are acting lawfully, they are entitled to our private data. This is wrong. Complying with privacy laws may give our government the authority to search, but we are not obligated to ensure our private matters are there for the taking.
It’s okay, we’re told, because the police and spies will only look when the law allows it. But we know that’s not true. After 9/11, the Bush administration implemented a broad and illegal spying program called StellarWind, which included bulk collection of American’s data, such as records about all domestic phone calls. Police officers and intelligence analyists routinely spy on their spouses and lovers.
It’s also a problem because our privacy rules were not developed for today’s world of information everywhere, and they are not strong enough. And communications security is far from perfect — unencrypted data is at risk from economic competitors, identity thieves, hackers, blackmailers, corrupt public officials, and oppressive governments.
Government agencies have gotten used to a temporary bonanza of private information made possible by broken technology. Encryption and other tools to fix the privacy problem are now increasingly common, with more and better information security available every day. Companies must be allowed to create such tools, and people be allowed to use them.
The alternative is a dangerous and dystopic world where the intimate details of our lives are documented, stockpiled, and accessible to governments around the world.
Originally published at www.aclu.org.