The ‘war on encryption’ – law enforcement attempting to bypass or limit consumer level encryption – is a global issue with many platforms utilising encryption having global user-bases (eg: social media). Governments around the world are also involved. In the USA we saw Bullrun and the UK, Edgehill (concerningly both named after major battles from their respective civil wars (Borger et al., 2013)). In Australia we have recently seen numerous Acts and Bills along a similar vein (Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, 2021; Identity-Matching Services Bill 2019, 2019; Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, 2018). This year we saw trans-governmental cooperation with the Anom sting leading to arrests by police in 16 countries (ABC News, 2021). And China has laws requiring backdoors or key escrows for government access (Laskai & Segal, 2021).

Both sides of the encryption debate make valid arguments: we want to be secure – people who seek to disrupt our security act against the interests of individuals and society. On the other hand, we want and need privacy – both from the government and from each other. Lack of privacy has a chilling effect, stifling debate and dissent. I agree with Richards that secret surveillance and total surveillance are illegitimate (Richards., 2013, p. 1935) and that the government has no right to perform these on its citizens, as a lack of privacy makes dissent difficult (The Transnational Institute, 2017), the Smethurst case in Australia being a recent example (Hally, 2021). We also need to recognise that society is made up of many people who do not agree with each other, and it is privacy which allows us to cooperate (Stalla-Bourdillon et al., 2014, p. 66), if we knew everything there was to know about each other, we may not be so civil. 

Are we in a security versus privacy situation? A naive response is: yes, how can we possibly have both complete security and privacy? I believe the question itself is loaded, used to deliberately wedge people and force political outcomes, as we saw with the passing of TOLA in Australia. So how do we balance the need for privacy with the need for security? The first step is acknowledging that both are important and that as members of society we don’t have complete freedom, we have freedom to operate within a set of rules – the law. It should come as no surprise that while we enjoy privacy, it can be limited by the law to provide a safe and secure society. 

Instead of asking, do we want security or privacy? I propose we refocus the discussion by acknowledging privacy as default and asking two questions: 

• When do we value security over privacy? 
• How do we ensure the limitation of privacy is valid and focused?

To maintain security, any limits to privacy should be targeted and specific, we don’t want the government to have the ability to silence opposition in secret. We also need to be mindful of conflation of security and crime prevention (Stalla-Bourdillon et al., 2014, p. 67), which leaves the door open to data repurposing as we’ve seen in Australia (Manfield, 2021). Most of us would love a world with no crime, but do we want it at the expense of our privacy and right to be ourselves? We also cherish our freedom, but do we want complete freedom at the expense of an ordered and stable society?

References

Article 6 – Right to liberty and security. (2015, April 25). European Union Agency for Fundamental Rights. https://fra.europa.eu/en/eu-charter/article/6-right-liberty-and-security 

Bohannon, M. (2018, June 13). The state of encryption: How the debate has shifted. Opensource.Com. https://opensource.com/article/18/6/listening-susan-landau 

Borger, J., Ball, J., & Greenwald, G. (2013, September 6). Revealed: How US and UK spy agencies defeat internet privacy and security. The Guardian. https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security 

Evans, J. (2018, May 6). Personal privacy vs. public security. TechCrunch. https://techcrunch.com/2018/05/06/personal-privacy-vs-public-security-fight/ 

Hally, L. (2021, September 26). Annika Smethurst scapegoated by government. A Cyber Security Blog by Luke Hally. https://www.lukehally.au/government/annika-smethurst-scapegoated-by-government/ 

Identity-matching services bill 2019, House of Representatives (2019) (testimony of Parliament of Australia & Home Affairs). https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6387 

Karp, P. (2018, December 7). Australia’s war on encryption: The sweeping new powers rushed into law. The Guardian. https://www.theguardian.com/technology/2018/dec/08/australias-war-on-encryption-the-sweeping-new-powers-rushed-into-law 

Laskai, L., & Segal, A. (2021, March 31). The encryption debate in China: 2021 update. Carnegie Endowment for International Peace. https://carnegieendowment.org/2021/03/31/encryption-debate-in-china-2021-update-pub-84218 

Manfield, E. (2021, June 15). Police access SafeWA app data for murder investigation, prompting urgent law change. ABC News. https://www.abc.net.au/news/2021-06-15/safewa-app-sparks-urgent-law-change-after-police-access-data/100201340 

News, ABC. (2021, June 8). How the FBI and AFP’s AN0M encrypted messaging app snared criminals across the globe. ABC News. https://www.abc.net.au/news/2021-06-09/operation-ironside-anom-trojan-shield-fbi-afp-bikies-mafia/100199540 

News, BBC. (2021, June 8). ANOM: Hundreds arrested in massive global crime sting using messaging app. BBC News. https://www.bbc.com/news/world-57394831 

Richards, N. (2013). THE DANGERS OF SURVEILLANCE. Harvard Law Review, Vol.126(7), 134–1925.

Schneier, B. (2019, July 23). Attorney General William Barr on encryption policy. Lawfare. https://www.lawfareblog.com/attorney-general-william-barr-encryption-policy 

Stalla-Bourdillon, S., Phillips, J., & Ryan, M. D. (2014). Privacy vs. security. Springer.

Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, House of Representatives (2021) (testimony of Home Affairs). https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623 

Telecommunications and other legislation amendment (assistance and access) bill 2018, House of Representatives (2018) (testimony of Parliament of Australia & Home Affairs). https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6195 

The Transnational Institute. (2017, November 30). Understanding and challenging authoritarianism (N. Buxton, Ed.). Transnational Institute. https://www.tni.org/en/publication/understanding-and-challenging-authoritarianism 

Tuffley, D. (2021, June 8). How an app to decrypt criminal messages was born “over a few beers” with the FBI. The Conversation. https://theconversation.com/how-an-app-to-decrypt-criminal-messages-was-born-over-a-few-beers-with-the-fbi-162343