In the aftermath of the war between Apple and the FBI, the unexpected announcement this past week from WhatsApp to provide end-to-end encryption for its 1 billion active monthly users is a bold statement for privacy. In spite of the very public debate about encryption, WhatsApp, an online messaging service, has continued forward with its plan to provide needed technology for its users.
End-to-end encryption provides protection against eavesdroppers of all sorts, and protecting a conversation from being intercepted by third parties is by far the most important thing to do when privacy is on the line. We need and deserve privacy. I would like to send pictures of my children to my parents and know that they will not be viewed by strangers. I would like to have a conversation with my accountant or my attorney and know that the details remain contained. We all need our privacy protected.
So what is so important about encryption and why is the term “end-to-end encryption” all over the news? Well, suppose you need to send a confidential letter to a friend. (For the purpose of this explanation we will discuss an actual letter printed on paper.) If you carry the letter yourself you have nothing to worry about, but if you rely on a delivery service the letter will be outside of your control while it’s on the way to the intended recipient. During that time someone could open and read it. A secure delivery service may offer armored trucks, secure sorting facilities, and certified delivery. All of these measures improve the chances of your letter being delivered unopened, however require trust in the people and organizations involved in the delivery. The armored truck will protect your letter on the road but the driver still has access to the letter. In a secure sorting facility your letter is protected, but employees still handle it. A law-enforcement officer, equipped with the appropriate warrant can demand to open your letter there. A federal agent can do the same. But what if you could secure your letter from all of these threats, without having to trust anyone? Suppose you lock your letter in a small, unbreakable safe, and only your friend has the combination for the lock. You ship the locked safe as a package and now people handling the package cannot read your letter. The driver, the employee at the sorting facility, the federal agent – they can handle the safe but they cannot open it. The warrant-yielding law-enforcement officer might be able to gain possession of the safe, but he too cannot open it (remember – it’s unbreakable). Now your letter is truly private and secure, only your friend can open the safe and read it.
This is why encryption has become an important requirement for business communications that involve sensitive information that contains personal health information (PHI), personal identifiable information (PII) and intellectual property (IP) as an example. Patient doctor and client attorney privilege, and confidential negotiations all need this type of security to ensure that privacy, compliance and confidence are maintained.
Enter Bad Actors
But, who else craves privacy? People who want to take advantage of others in ways that are illegal, immoral, or both: A stock broker scoring impressive commissions by hard-selling questionable securities to elderly clients, a co-worker sexually harassing a fellow employee, a researcher selling trade secrets to his employer’s competitor and yes the bad actors that lead the underground economy and terrorist organizations as well. They all prefer to go about their “business” in private, unnoticed. Having encrypted communications is desired for both good and bad – and the reason why this debate has been a top news story.
Core of the Debate
The truth is – all means of communication hold the potential for abuse, and private communication sometimes holds the potential for abuse without consequences. An individual’s right to privacy remains an important pillar of our society, and as a society we will certainly continue to debate the gray areas where the individual’s right to privacy is at odds with the public interest. But far outside this gray area lie cases that have already been debated and decided, written into law and regulation:
- A broker may not have a conversation with a client without keeping a record of it (i.e. SEC and FINRA)
- A healthcare provider must maintain records of patients’ information and must keep this information private and secure (i.e. HIPAA)
- Employers must investigate employee discrimination and harassment allegations, and preserve the information related to these investigations due to a myriad of laws and regulations that protect against such acts.
In all of these cases, and in many more, a truly private and secure communication tool, one that keeps out anyone not participating in the conversation, will make it impossible to not comply with these widely-accepted rules.
WhatsApp’s move this past week was a world-wide statement – “Privacy is NOT a Luxury”. Whether an organization doing business or an individual sending a picture of their child to a family member, the ability to ensure the security and privacy of your information is your right. And while government and technology will continue to fall on separate sides of this debate, it is not over. The FBI is once again trying to force Apple to break encryption for another case.
While the courts fight it out, organizations still need to do business. Encrypted and secure communications ensure that privacy and confidentiality are maintained. To find out more about how secure, ephemeral and compliant messaging such as Vaporstream can help your organization ensure privacy contact us.