Hi, I'm Matthias, cofounder of Tuta, a secure email service. We are innovation leaders in encrypted communication and collaboration.
getty
More than 10 years have passed since Edward Snowden revealed the worst surveillance scandal of the FBI and the NSA in U.S. history. His revelations sparked a vivid discussion—one that can be looked at with more precision now that the heated debate that started one decade ago has settled: How can we balance the security and privacy requirements of our modern societies?
Snowden brought some of the most intrusive surveillance programs of U.S. authorities to light, the most prominent ones being PRISM, XKeyscore and Boundless Informant. Once the public started to understand how much of their private data they willingly share online is being siphoned off, analyzed and scanned, the question arose whether this form of surveillance is required to keep citizens safe or violate citizens' privacy rights without measurable benefit.
Balancing Security And Privacy—Is It Possible?
The delicate balance between security imperatives and the fundamental right to privacy must be discussed openly by every society. As an expert in encryption and cybersecurity, I am absolutely certain that the Snowden leaks not only exposed the extent of government surveillance but also underscored the urgent need for strong end-to-end encryption to protect the privacy of citizens and businesses alike. At the same time, encryption must not stand in the way of national security, which is what government authorities often claim it would do, but better ways to protect citizens are possible.
First of all, it’s essential to note that our internet as it exists today would not be possible without strong end-to-end encryption. We use it every day for online banking, sharing sensitive medical information, messaging or communicating via email. Encryption is the only technical measure we have to protect data online, not just from our own authorities to eavesdrop on it, but also from malicious attackers, economic espionage or state-sponsored surveillance of foreign countries such as China or Russia. Encryption is the very foundation of our modern web and the basis of any cybersecurity strategy.
However, the Snowden disclosures revealed that government agencies used to exploit vulnerabilities in encryption protocols to collect data and even forced American technology companies to provide backdoor access, undermining the very protections meant to safeguard privacy.
Back in 2013, it was a great surprise when it was revealed that tech corporations had collaborated with intelligence agencies in their surveillance activities or submitted to government demands for user data. This raised ethical as well as moral questions about corporate responsibility, user privacy rights and user trust in these corporations. Following the Snowden leaks, an increasingly number of people who were previously ignorant of privacy concerns now understood why privacy matters. They started to look for alternative services that could guarantee privacy by default through employing end-to-end encryption protocols.
Key Lesson From The Snowden Leaks
One of the key lessons learned from the Snowden leaks is that whatever data is out there is vulnerable to surveillance. Intelligence agencies such as the NSA were—and still are—able to collect data on a massive scale, not just the data of foreigners, but also data of American citizens, even though prohibited by the Fourth Amendment. Thus, the erosion of privacy became known with this unbelievable scandal, and for the first time, concerns were rising, and the understanding that our privacy is valuable became commonly agreed upon.
As a consequence, privacy activists, as well as cryptography experts, call to strengthen encryption standards and fortify digital defenses against unsolicited intrusion. However, at the same time, authorities keep demanding more data from tech companies and politicians try to undermine encryption with legislative approaches, particularly in the Five Eyes countries. Their arguments are that end-to-end encryption impedes law enforcement and intelligence agencies in their efforts to combat terrorism, child sexual abuse, cybercrime and other threats to national security.
Complex Issue
Indeed, the authorities like to present the argument that national security requirements and privacy rights are polar opposite of each other and it would be an immense challenge to balance the two, if possible at all. In their opinion, national security comes first and privacy rights should be sacrificed for that greater goal.
However, as a German, I am very cautious about following this argument. In fact, history teaches us that a loss of privacy can have devastating consequences—not just for the individual but also for the entire society. It can even put national security at risk by undermining democracy and enabling authoritative tendencies to thrive within a community.
While it is true that malicious actors on the Internet can exploit encryption to hide their illegal activities, it is also true that a cooking knife can be used to kill someone. It is clear what I am trying to get at: We can’t devalue a technology as crucial as encryption because it is being abused by criminals.
Maintaining strong end-to-end encryption without allowing a backdoor is paramount not just to protecting privacy rights but also to upholding national security. Weakening encryption standards or mandating backdoor access would dangerously expose our digital and physical infrastructure to malicious attackers and state-sponsored hacking.
Security And Privacy Belong Together
In conclusion, regarding the Snowden leaks, there is only one solution to balancing security and privacy requirements: Privacy rights are indisputable. Governments and authorities must (and can) find ways to combat terrorists and other threats to national security with targeted surveillance measures—not by monitoring the entire population of a country.
If we submit to general mass surveillance out of false fears of terrorists, we give up not just our privacy but also our freedom. 100% security is never possible—whether we allow mass surveillance or not. But the best possible security can only be achieved with maximum privacy because the encryption that makes our online life private also protects us from terrorists, such as malicious attackers on the web, as well as state-sponsored surveillance by autocratic countries.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
