Paris Attacks and Encryption Technology: The Debate Continues
Author – Galina Datskovsky, Ph.D., CRM
We are seeing much discussion about encryption and encrypted communications in the news in the wake of the Paris attack. The intelligence community did not intercept the communication between the attackers leading up to the attack, and this leads many to believe that encrypted communications must have been used. According to a November 18, 2015 Wall Street Journal article “Paris Attacks Fuel Debate Over Spying” there is talk in Congress about whether or not government restrictions and/or back doors are appropriate. Likewise, in the article from Legaltech News, “Could The Paris Attacks Have Been Prevented If Officials Read Encrypted Communications?” there are good legal points brought up for continuing to use encryption.
Although I believe Professor Vivek Krishnamurthy quoted in that article underestimates the power of big data analytics in finding useful information if data were collected, he is spot-on in pointing out that connecting the dots and preventing an attack requires much more than just data collection from specific applications. Banning or weakening available technology just because it is sometimes used by terrorists is a slippery slope; terrorists use Facebook for recruitment, they use YouTube to post videos, should those platforms be disallowed? Historically, governments have had the tendency to not only use but also abuse emergency powers, just look at the historic precedent of Germany in the 1930s. Hitler came to power by using that very democratic process. Emergency measures, originally meant to protect democracy, allowed him to seize power well beyond his original democratic mandate.
Today, consumers have access to encryption and ephemeral systems, but we must wait and let the courts decide on reasonable restrictions for use of these technologies, and appropriate monitoring of citizens’ communication. For now, citizens’ rights to privacy are still the key factor. Just think of the following cases: an abused woman wants to safely communicate with her therapist, family or law enforcement without having the abuser see her communications; a family with a terminally ill parent wants to have a private group where no one can post on Facebook; a teacher wants to confidentially and securely communicate with a parent about their child. We must focus on all the positive uses of such technologies as decisions are made.
Now let’s focus on the corporate uses of encrypted and ephemeral communications. There are many items in the life of a corporation that must be kept confidential. A hospital may need a patient care team to communicate private medical information in order to provide best care. The security and ephemerality of such communication is imperative in order to protect the patient’s privacy. A corporation may be working on a merger which they do not want to go public, and may during the negotiation need a way to securely and privately communicate between teams. The corporate board may need to share sensitive information which cannot be leaked and should stay out of the news. These are cases where secure and ephemeral messaging is essential. However, the corporate world, unlike the Wild-West-like consumer world is already regulated, so what to do? This is why Vaporstream® offers its governance and compliance module. This module allows the organizations to capture and securely store in their normal secure archive, on premise or in the cloud, any message that was sent via this technology. In fact, in the case of a patient care system, such a message would most likely belong in the care system of record. The regulating body can then examine said communications, as can General Counsel of the organization. But since Vaporstream messages cannot be saved, copied or forwarded, the communications have not propagated and only exist in one place that is under the tight control of the organization. Vaporstream’s governance module really eliminates the debate we talk about in the beginning of this discussion, since a compliance copy may need to be available for myriads of reasons, not just because lawmakers choose to have a knee jerk reaction to a very narrow item.
It is easy to pick on a particular technology, to name it the scapegoat and to pass laws regarding it. It certainly gives the politicians an illusion that they are making a difference. Stalin disallowed the use of radios by the population during WWII in the name of national security. The lawmakers would be well served to find an effective way to deal with the problem that balances legitimate needs for privacy on the one hand, with the need for national security on the other. Technologies such as Vaporstream will continue to provide effective secure communication to corporate customers in the meantime.