The internet provides us with freedom to discuss ideas and thoughts, to collaborate and share. For educators this is invaluable in sharing teaching techniques, resources and also allowing for the discussion of pedagogy and teaching ideologies. It also allows us to securely purchase goods and services and to share images and video with our friends via social media such that only those we wish to have access to our content will have access. For organisations it allows secure communication and transfer of files such as confidential or other sensitive business documents even when staff are out of the office travelling on business. It allows files to be protected through encryption so that only authorized personnel have access. On a personal level it allows files to be protected from prying eyes for where they are of a personal or private nature.
The above represents the positive side of technology, however technology is a tool and therefore much as a hammer can be used to build things or as weapon of violence, it can be used for malicious and evil purposes as much as it can be used for good.
In particular, the ability for secure communication and sharing of files can be used in planning acts of terrorism. It can be used in coordinating acts of violence or other criminal activities. It can be used to prevent police or intelligence services from accessing files which relate to illegal activities.
The above represents a dilemma. From the security perspective we want the police and intelligence services to be able to access files and streams of communication for the purposes of keeping us safe. This seems logical and an obvious step in light of recent events in the UK. The prime minister in her recent speech made reference to how the internet provides a safe space for extremism to grow and how this needs to be tackled. The issue here is that to do so we need to introduce vulnerabilities into the encryption methods to allow the police and intelligence agencies to have access. This means that secure access methods become less secure not just for those conducting or planning illegal acts but for all users. The vulnerabilities that give the police access, may be discovered or breached by criminal or other threat actors. It’s like adding an extra side door to your house where only the police have the key. If someone manages to copy the key, someone manages to create a skeleton key or if the police lose the key, then our house becomes accessible to those we would prefer to prevent from access. The new door represents an increase in the risk to the privacy of home. A perfect technology example is the recent WannCry ransomware where the source of some of the used vulnerabilities can be traced back to the NSA. The NSA had discovered the vulnerability and developed tools to exploit it with a view to using it to protect people’s safety however when this leaked the same vulnerability was put to malicious use having a significant impact on the UK National Health Service (NHS) among others. Any weakening of encryption is going to increase the risk associated with the security of business communications, banking, social networking and any other systems where data is being exchanged using the now weaker encryption methods.
Although giving the police and intelligence agencies the tools to better identify illegal activities and terrorism online sounds an obviously good idea, it doesn’t come without some downsides and risks.
Where is the correct balance between personal and corporate privacy and the ability of national agencies to view and intercept data in the interest of public safety?
Where does personal privacy end and public safety begin?
Secure communication and sharing to prepare
Easy access to information.
Communication for the purposes of coordination
The internet is neutral with no-one exerting control. It crosses boarders. So how would it be effectiviely monitored?
If it is monitored then this introduces vulnerabilities to protocals which have security at their heart. Such vulnerabilities, may become known by malicious actors. This is a risk.