In my earlier blog post “Hi Tech Obligations in Defense of the US: Part 1 Corporate Communications”, I took a look at the obligations and expectations that Corporations have regarding security and privacy of information. This week we are going to discuss the individual – the private users of what the industry has called “secure” mobile applications. After all, when we talk about the security of our private information and our nation – not only do individuals such as you and I fit into the category of the private user, however terrorists and other criminals, fall into this category as well.
Consumers and individuals have an expectation of privacy. However, frequently consumers choose to give this right away by posting publically on social media sites such as their Facebook pages, and by clicking “I Agree” to everything – in many cases without reading or fully understanding the agreements that come with the apps they install. When we “check in” at a location, we let the world know our business in an instant. This lack of knowledge and awareness around the true impact to privacy, security, and confidentiality is a real problem.
Let’s consider now an individual’s growing need to communicate in a private manner. Who controls and sees a message and who has the right to delete it? How and when does the message need to disappear after the conversation is over? We can list many real life cases where such communication is critically important. Take for example a case where you need to text a credit card number to one of your kids, a social security number or a password. What about those confidential family discussions that involve the healthcare treatment of a critically or terminally ill loved one? Let’s take it a step further. What if there is a school ‘situation’ and the parent body needs to be quickly, but privately notified? The school certainly does not want information to be shared with the media, posted to Facebook or other leaks of its communications via the numerous channels available in today’s mobile landscape.
There are countless legitimate needs for secure, private and confidential mobile communications. Hence the growing demand for secure mobile texting applications. These applications control who has the right to see a message and protects the conversation from misuse or inappropriate propagation. The sender can also determine when it is appropriate to make these conversations disappear from the mobile devices, providing additional security from interception or loss.
Enter the bad actors. So what happens when such applications fall into the wrong hands – most notably ISIS, but also drug dealers or other criminals? Again, this can be asked of any application or technology. The reality is that ISIS may already be designing its own apps for the exact or similar purposes. Criminals can find lots of creative ways to communicate and circumvent intended use. For example, they can set up a Google mailbox, and simply leave drafts for each other, never hitting send at all.
The real question is – what happens when law enforcement has probable cause and needs to access the data and communications that have been sent? Of course, with disappearing communication there is nothing to access, so it is just like a conversation that has not been wiretapped – it is gone. If wiretapping is approved, there may be a legitimate request made to companies for a record of the communication to be created and maintained. This is a legal issue that needs to be debated by the courts. Only the courts can decide if such a provision must be made by technology vendors.
In terms of device encryption, there is already legal precedent for requiring the user to provide a decryption key based on a court order. If the individual does not comply with the court order, they will be held in contempt. For more information on this subject, read our latest blog Hi Tech Obligations: The Tug-of-War Between the Constitution and Law Enforcement. In addition, as technology continues to advance our legal system is continually working on various vehicles for lawful requests for information.
In all other cases, I believe privacy is the right of anyone who seeks it.
For more information about this topic, please contact us to speak with a privacy expert.