As the US sees the folly of mass-surveillance, Europe persists in outdated and ineffective digital security policies
There is a widely held view that in Europe privacy is respected, while in the United States, the government and business believe themselves to be authorized to access any type of data and to make use of it for security or commercial purposes as they see fit.
Edward Snowden’s revelations from 2013 in large part reinforced this perception: the US government had turned out to be a monster that had used the threat of terrorism to extend its bloated tentacles into every aspect of life, listening in not just to what US citizens were saying, but spying on everybody else on the planet. At the same time, it also began to look as though in reality, it wasn’t just the NSA that was up to dirty tricks, and that the secret services of other countries were also engaged in nefarious activities: the problem was that no European equivalent to Snowden had yet to come forward.
But a number of recent decisions seem to challenge those stereotypes: on the one hand, Barack Obama has said that his government will stop trying to access US citizens’ encrypted data, and would no longer be trying to get tech companies to leave their back doors open for the authorities. At the same time, Jerry Brown, the governor of California, has passed the toughest privacy laws in the country, obliging the authorities to obtain a judicial warrant in order to access just about any data, metadata, or digital communication.
During the Crypto Wars of the 1990s, the US government spread the idea that encrypting tools should be treated as weapons, and tried unsuccessfully to restrict them being exported to others countries, with the goal of being able to go after the communication of anybody it considered a threat. The government ramped up the pressure on the companies that made digital tools of all kinds to give access to its security agencies, and kept this going, albeit more discreetly, right up until 2014. Snowden’s revelations shows that the NSA had pretty much unlimited access to iPhones, despite Apple’s insistence that it had never facilitated access. Other smartphone brands, such as the Chinese ZTE, were shown to have back doors, although in that particular case it seemed to have other origins.
The whole idea of the back door is flawed: if the government can get in, then so can any number of other people, making it a security threat for users. This has now been recognized by Obama recently: the evidence shows that it is impossible to access encrypted information without threatening users’ security, so therefore it makes more sense to stop trying. That said, the government will continue to work with tech companies to investigate alleged suspects, but it will no longer try to get them to breach the security of their products. In many senses, this can be seen as a victory of technology over politics.
Which is all well and good. But what of those claims about privacy-respecting Europe? In the United Kingdom, the idea of a back door providing immediate access to the authorities seems to have taken root. In Spain, some judges go as far as to say that the use of encryption can be used as evidence of involvement in terrorism, and sweeping new legislation that has been criticized by Brussels has been pushed through Congress. Sweden is working with the US secret service to intercept traffic from Russia, while the French government has just given itself carte blanche to access its citizens’ information. In Britain, aside from spying on what people say in their emails, the government seems determined to outlaw encrypting tools.
It would appear then, that the United States is returning to some level of common sense and that in the digital age, there are things that simply cannot be done. Meanwhile, Europe’s governments, which are comparative technological laggards, still seem to believe that anything goes when it comes to national security, and that back doors make sense, that the rule of “only the guilty have something to hide” applies, and that the only way to guarantee the safety of its citizens is by constantly monitoring them.
Is the European Union really a bulwark defending human and civil rights, whereas the United States is fast approaching Orwell’s 1984? Or is simply that so far, no European has had the courage to step forward like Edward Snowden did?
(En español, aquí)
