The night.TALK on encryption policy was one of the highlights of WorldHostingDays. The debate about the intersection of privacy, cryptography and national laws was one of the most fascinating debates I’ve participated in in my career.
From left to right: Sarah Harrision, Wikileaks; Jens Kubieziel, Torservers.net; Raimund Genes, Trend Micro; David Snead, i2Coalition; Rafael Laguna, Open-Xchange; Thorsten Kraft, eco
One of the principal areas of debate, concerned the extent to which national laws should serve as a platform for emulation by all countries. I was struck by the passion, and confidence, several members of the panel had that Germany had achieved the right balance between government access to data, personal privacy, and corporate responsibility. There was pushback from several members of the panel, and the audience in general, that the laws of individual countries should form the baseline for the rest of the world.
The talk reaffirmed my belief that the Internet Infrastructure community needs to engage in a worldwide discussion about how we will address privacy, cryptography, and government access to data. Our customers want assurance that privacy protections that are long established in off-line communications, and in our day to day lives, apply to the Internet. Since the Internet is now a fixture of our daily lives, users will find a way to secure their communications from search and seizure rather than stop using the Internet. As noted on the panel, encryption is a simple, easy way to accomplish this goal.
As law enforcement and those whose answer to every challenge is “because terrorism” continue to push for more and greater access to data, those concerned about that access will turn to encryption. The problem that encryption presents to law enforcement is that it will end up making data virtually inaccessible. Failure to engage in a respectful discussion about restoring confidence in the privacy of communications may in the end lead to virtually no access to data, an outcome that no one seeks.
The days of hard to use cryptographic technology are gone. One only need look at the number of VPN, encryption and “shredding” applications offered in various mobile marketplaces to see how easy encrypting your communications actually is. These applications are no longer used by those on the privacy fringes. Companies like OX have made privacy the center of their businesses. Privacy has moved beyond being a “feature” and is now a central component to the requirement of providing services to our customers. The more businesses learn about how government can access their data, and that of their customers, without their consent or knowledge, the greater their desire for confidence in the security of these communications. Encryption provides this security. Easily.
Law enforcement, administrative agencies and governments are being short sighted in the current debate about encryption. The focus should be on ensuring that users of the Internet feel that their communications are secure, and that guarantees to be free from unreasonable searches and seizures have been preserved. Digital communications are no different from other forms of communication and should receive full privacy protections.