Encryption Vs. Privacy Battles Rage From Davos To US
The debate over efforts to protect users' privacy and encryption versus governments' efforts to fight terrorism was a major focus at the World Economic Forum in Davos this week. Meanwhile, battles over the same issue are emerging in the US from New York to California on the legislative level.
(Click image for larger view and slideshow.)
As tech companies defend the use of encryption and users' privacy over governments' widening survelliance demands at the World Economic Forum in Davos this week, similar battles are brewing from New York to California that potentially carry a legislative bite.
In Davos-Klosters, Switzerland, the World Economic Forum on Thursday held a panel titled Privacy and Secrecy in the Digital Age that explored such issues as whether companies can artfully balance the need for secrecy and security held by consumers and governments. Concerns over privacy and security are increasingly becoming a global debate, as high-profile cases like the Paris attacks point to terrorists using online tools to communicate with each other and attract potential members.
But as governments throughout the world call on tech companies to provide access to users' encrypted information and data, as well as other private information, those companies often contend that any encryption workaround could potentially weaken security and make it easier for hackers to infiltrate. This, in turn, would create a chilling effect on the use of such technology over of privacy concerns.
Apple, for example, faced fines when it could not produce users' iMessage encrypted data used on its iPhones and iPads, because the iconic computer and device maker did not have backdoor access to the encrypted data, according to a report in ZDNet.
The European Union submitted 63,000 requests for user data from Facebook, Twitter, Apple, Microsoft, and Google during the first six months of 2015, a 24% increase from the same time a year ago, according to a report in the Wall Street Journal.
"Encryption is fundamental to running a good and safe Internet that can be trusted," Jimmy Wales, Wikipedia founder, said during a Davos lunch, according to a Gulf News report.
But telecommunications executives who have had to deal with surveillance requests for a while now say that the decision should be left to governments, the WSJ report notes. AT&T's CEO Randall Stephenson told the media outlet, "I don't think it is Silicon Valley's decision to make about whether encryption is the right thing to do."
Meanwhile, California assemblyman Jim Cooper on Wednesday introduced Assembly Bill 1681 that requires any smartphone manufacture that sells a device California to have the capability of decrypting and unlocking the phone. The bill says:
This bill would require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider. The bill would, except as provided, subject a seller or lessor that knowingly failed to comply with that requirement to a civil penalty of $2,500 for each smartphone sold or leased. The bill would prohibit a seller or lessor who has paid this civil penalty from passing any portion of the penalty on to purchasers of smartphones. The bill would authorize only the Attorney General or a district attorney to bring a civil suit to enforce these provisions.
The California bill nearly mirrors a bill introduced in the New York Senate last week called Assembly Bill A8093. The New York bill, which would be applicable to phones manufactured this year, states:
Any smartphone that is manufactured on or after January first, two thousand and sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider.
The sale or lease in New York of a smartphone manufactured on or after January first, two thousand sixteen that is not capable of being decrypted and unlocked by its manufacturer or its operating system provider shall subject the seller or lessor to a civil penalty of two thousand five hundred dollars for each smartphone sold or leased if it is demonstrated that the seller or lessor of the smartphone knew at the time of the sale or lease that the smartphone was not capable of being decrypted and unlocked by its manufacturer or its operating system provider. No seller or lessor who pays the civil penalty may pass any portion of that penalty on to any purchaser of smartphones by raising the sales or lease price of smartphones.
It may come as no surprise that the American Civil Liberties Union (ACLU) and the Tenth Amendment Center are leading a charge to preserve consumers' online privacy. The groups are working with lawmakers on a 16-state movement to pass privacy laws aimed at protecting consumers against government surveillance, according to a BuzzFeed report.
The participating states, which are listed on the ACLU site, are Alabama, Alaska, Connecticut, Hawaii, Illinois, Massachusetts, Michigan, Minnesota, Missouri, Nebraska, New Hampshire, New Mexico, New York, North Carolina, Virginia, and West Virginia, plus the District of Columbia. The ACLU site also has an interactive map showing the bills, which call for privacy protections on a range of issues, including location tracking, electronic communications, employee data privacy, and student data privacy.
Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.