Encryption, privacy and public safety

hackerThe internet provides us with freedom to discuss ideas and thoughts, to collaborate and share.   For educators this is invaluable in sharing teaching techniques, resources and also allowing for the discussion of pedagogy and teaching ideologies.   It also allows us to securely purchase goods and services and to share images and video with our friends via social media such that only those we wish to have access to our content will have access.     For organisations it allows secure communication and transfer of files such as confidential or other sensitive business documents even when staff are out of the office travelling on business.    It allows files to be protected through encryption so that only authorized personnel have access.     On a personal level it allows files to be protected from prying eyes for where they are of a personal or private nature.

The above represents the positive side of technology, however technology is a tool and therefore much as a hammer can be used to build things or as weapon of violence, it can be used for malicious and evil purposes as much as it can be used for good.

In particular, the ability for secure communication and sharing of files can be used in planning acts of terrorism.    It can be used in coordinating acts of violence or other criminal activities.   It can be used to prevent police or intelligence services from accessing files which relate to illegal activities.

The above represents a dilemma.   From the security perspective we want the police and intelligence services to be able to access files and streams of communication for the purposes of keeping us safe.    This seems logical and an obvious step in light of recent events in the UK.    The prime minister in her recent speech made reference to how the internet provides a safe space for extremism to grow and how this needs to be tackled.   The issue here is that to do so we need to introduce vulnerabilities into the encryption methods to allow the police and intelligence agencies to have access.    This means that secure access methods become less secure not just for those conducting or planning illegal acts but for all users.   The vulnerabilities that give the police access, may be discovered or breached by criminal or other threat actors.      It’s like adding an extra side door to your house where only the police have the key.    If someone manages to copy the key, someone manages to create a skeleton key or if the police lose the key, then our house becomes accessible to those we would prefer to prevent from access.    The new door represents an increase in the risk to the privacy of home.    A perfect technology example is the recent WannCry ransomware where the source of some of the used vulnerabilities can be traced back to the NSA.    The NSA had discovered the vulnerability and developed tools to exploit it with a view to using it to protect people’s safety however when this leaked the same vulnerability was put to malicious use having a significant impact on the UK National Health Service (NHS) among others.      Any weakening of encryption is going to increase the risk associated with the security of business communications, banking, social networking and any other systems where data is being exchanged using the now weaker encryption methods.

Although giving the police and intelligence agencies the tools to better identify illegal activities and terrorism online sounds an obviously good idea, it doesn’t come without some downsides and risks.

Where is the correct balance between personal and corporate privacy and the ability of national agencies to view and intercept data in the interest of public safety?  

Where does personal privacy end and public safety begin?

 

 

 

 

 

 

Secure communication and sharing to prepare

Easy access to information.

Communication for the purposes of coordination

 

The internet is neutral with no-one exerting control.   It crosses boarders.    So how would it be effectiviely monitored?

If it is monitored then this introduces vulnerabilities to protocals which have security at their heart.   Such vulnerabilities, may become known by malicious actors.  This is a risk.

 

 

Advertisements

Author: garyhenderson2014

Gary Henderson is currently the Director of IT in an Independent school in the UK. Prior to this he worked as the Head of Learning Technologies working with public and private schools across the Middle East. This includes leading the planning and development of IT within a number of new schools opening in the UAE. As a trained teacher with over 15 years working in education his experience includes UK state secondary schools, further education and higher education, as well as experience of various international schools teaching various curricula. This has led him to present at a number of educational conferences in the Middle East. In addition Gary is a Google and Microsoft Certified Educator.

1 thought on “Encryption, privacy and public safety”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s