5 Reasons Why Encryption Won't Be Enough to Protect Your Data
If you want to protect your data, privacy, and communications from corporations, government snoops, or hackers, end-to-end encryption is a great way to start. It's the type of encryption Apple and Google added to their mobile devices and smartphones over a year ago, leading to government claims that such encryption will be used to protect terrorists and kidnappers.
But according to a new report by Harvard's Berkman Center for Internet and Society, end-to-end encryption and other data protection methods aren't enough to actually ensure that data is kept private, now and in the future. Here's why.
In the Future, Data Isn't Encrypted
The Berkman Center brought together security, policy, and intelligence experts to examine the impact of Apple, Google, and other communication providers' decision to make easy, end-to-end encryption the default in their phones and mobile devices. End-to-end encryption is a form of data protection where only the people communicating can access the information. There are no easy backdoors for the government, your Internet provider, or cyberthiefs to access and grab your info.
According to government officials, phones that can "go dark" -- that is, that can inhibit access to surveillance -- pose a significant security risk, hindering law enforcement's abilities to investigate suspicious activity. But to consumers, companies, and privacy advocates, preventing unauthorized access is precisely the point.
So, what did the experts at the Berkman Center find? First, that "our ability to effectively surveil criminals and bad actors" is unlikely to be significantly limited by encryption.
Further, encryption itself will not protect most data in the future. They write:
Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves, and the trajectory of technological development points to a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will "go dark" and beyond reach.
5 Reasons Your Data Won't Be Protected
The experts give five major findings that they believe show that the future will be one of unprotected data. Here they are:
1. Monetizing User Data Will Keep End-to-End Encryption Rare. People may want data protection on their text messages, phone calls, or emails, but encryption is unlikely to become ubiquitous. That's because communications companies "rely on access to user data for revenue streams and product functionality, including user data recovery," the report found.
2. There's No Coordination. "Software ecosystems tend to be fragmented," the report notes. Full and widespread data protection would require "far more coordination and standardization that currently exists."
3. The Internet of Things Will Be Watching and It Will Be Unprotected. As we've pointed out before, the proliferation of Internet-connected devices will allow everything from your fridge to your children's toys to gather data on you, and much of it will be vulnerable. The growth of the IoT, according to the report, means that "an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel."
According to Jonathan Zittrain, professor of International Law at Harvard Law School, "we're hardly going dark when - fittingly, given the metaphor - our light bulbs have motion detectors and an open port." In other words, if your phone's not spying on you, your lamp may be.
4. Metadata Remains Unprotected. Metadata -- the information about your information -- isn't usually encrypted and it's not likely to be in the future, according to the Berkman Center. That means information like location data, phone records, email header info, and others will provide "an enormous amount of surveillance data."
5. Our Privacy Discussions Are Too Limited. The debate over privacy, surveillance, and security often focuses in on small, discrete issues -- encrypted phones, for example, or NSA bulk telephone metadata collection. Despite the privacy debate's "efforts to take account of technological trends, it is largely taking place without reference to the full picture."
The report is titled "Don't Panic." So don't. But if you're concerned about your privacy and the security of your data in the future, you might want to worry just a little.
Related Resources:
- Study: Law Enforcement Overstating Risk of Criminals 'Going Dark' (The Hill)
- Is Your Email Secure Enough for Client Communications? (FindLaw's Technologist)
- Are Encryption Backdoors Needed to Fight Terrorism? (FindLaw's Technologist)
- The Internet of Things: It's Not Just Data Collection, It's Evidence (FindLaw's Technologist)