Observing Thinking

Observing Thinking
Observing Thinking

Sunday, February 13, 2011

Feb 13, 2011 Security vs Privacy




In this column we’ll take a look at the Blackberry mobile phone (manufactured by Research In Motion or RIM) controversy in Saudi, United Arab Emirates (UAE),  and India that was roiling several months ago. (This column appears monthly and although this dispute may appear to be “old news”, the issues raised are not. ) Briefly, this was the situation:

Starting in late July, 2010 headlines like these began to appear on the news service feeds:

July 29:  India threatens to ban BlackBerry services

Aug. 1: UAE announces ban of BlackBerry services starting
October 11, 2010

Aug. 6:  Secretary of State Hillary Clinton says BlackBerry ban violates “right of free use”

Prior to that, you may have missed these two headlines:
November, 2007: RIM provides its encryption keys to Russia’s Mobile TeleSystems
January, 2008: RIM China announces sales go through after making sure phones were no threat to China’s communications networks

In the above two cases, RIM claims that it was only adhering to the laws of the country in which it was doing business and that it “respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers.”


 So, what was the problem that caused several countries whose total populations top 2.5 billion to rip into RIM and threaten to ban its popular Blackberry cellphone? This one falls neatly into the Personal Freedom (in this case, Personal Privacy) vs Societal Security issue. In a nutshell, India and UAE want the same favors which were previously granted by RIM to Russia and China which are the encryption keys so they can crack coded messages sent from the Blackberry.  All, of course, in the interests of  National Securtiy.  Insiders believe that RIM has reached an accommodation with the Indian government that includes access to most Blackberry communications except for the “Enterprise” option where the decryption keys are controlled by the individual subscriber companies --- and in that case the government would negotiate with subscriber companies directly.



Now, if you are mostly concerned with Societal Security you would say that a sovereign nation has the right to spy on selected citizens (e.g. suspected terrorists) when it has evidence of a probable attack. On the other hand, if Privacy is your major concern, you would probably characterize the situation differently: the fourth amendment does protect citizens against unreasonable search procedures and this is nothing more or less than cellphone hacking by Big Brother.

One of main reasons I bring up this issue is that it is, in the words of that great American philosopher Lawrence Peter Berra:,”Deja-vu all over again”. Almost 20 years ago, here in the US we experienced the same drama.  At that time our government viewed strong encryption software in the same category as arms or weapons that could not be exported to suspect nations. While the software companies that produced this software must have been flattered by their imputed power, they did not much like the export restrictions and what they perceived as unfair competition of foreign competitors whose governments did not place the same restrictions on them. Even the authors of the encryption algorithms could not publish them or even freely make them public. Things looked bleak for Privacy advocates as the US government made plans for media companies like AT&T to be required  to include a “backdoor” into their encrypted communication devices so that the FBI and NSA could decrypt messages much like they already did (and still do) with wiretaps. Even now, according to the Electronic Frontier Foundation :
“The FBI is on a charmoffensive, seeking to ease its ability to spy on Americans by expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA). Among other things, the government appears to be seriously discussing a new requirement that all communications systems be easily wiretappable by mandating "back doors" into any encryption systems.”
(Source: https://www.eff.org/deeplinks/2010/10/eight-epic-failures-regulating-cryptography)

Perhaps it’s not deja-vu, it’s “what goes around comes around” that’s at work here. Or as  attributed to the poet Edna St Vincent Milay, “Life is not one thing after another. It’s the same damn thing over and over!”

 

Personally, I tend to side with the Pro-Privacy Proponents; the eight reasons given at the above link would be enough to convince me but here is the clincher which is an excerpt from a blog comment by Prasanto K. Roy, Chief Editor Dataquest Group magazines based in India, who writes: (keeping in mind that email is a standard option on mobile phones)

 

“You're a Delhi-based wannabe terrorist needing to communicate with your handlers. What do you do?
Invisible-ink notes are passe, as are carrier pigeons. You will, of course, use electronic options.
Like email. Walk into a cyber cafe, log into a Gmail or Yahoo account. Don't use an account in your own name. And don't send email. Simply read instructions left for you in an unsent mail, saved as a draft in your account. And then, to reply, just edit the unsent email, and save it back as a draft. If email isn't traveling, it can't be intercepted.”

 

Pretty cool and pretty scary. Most security precautions can eventually be thwarted and some can even make things worse; as a Zen Master has said, “The best way to clear up muddy water is to leave it alone.”

No comments:

Post a Comment

Search This Blog