The realities of modern data protection and privacy resurfaced last year when the Safe Harbour agreement was ruled invalid. More recently, the attacks in Paris and San Bernardino have added to the discussion around access to private data and whether the national security justification is strong enough to enable access.
Similarly, a recent statement from the Dutch government proved a small victory for those tech companies fighting to retain data sovereignty. It has reignited the old debate that seems to move into the shadows after each big news event: security vs. privacy, national security vs. human right.
The idea of diluting company end-to-end encryption, which scrambles communications and data, has arisen as the solution for solving the problem of blind spots in law enforcement intelligence. These law enforcement agencies state that Internet companies who operate the likes of WhatsApp, and Apple’s iMessage can act as a communications channel for terrorist and criminal organisations that utilise the platforms.
Upcoming Investigatory bill or Snooper’s Charter
The proposed investigatory bill will provide law enforcement agencies with new powers to intercept communications, as well as stipulating that Internet companies keep detailed records on their customers for a year. The most worrying aspect of the proposed legislation is the idea of companies weakening their encryption to allow enforcement agencies to have greater access.
Whilst access to wider communications could prove invaluable for law enforcement and intelligence agencies, there is a real risk of more nefarious organisations snooping on Internet traffic via the same weakened access points. An idea some commentators have likened to leaving your front door key under the mat.
Effect on UK businesses and consumers
The creation of backdoors to adverts of secure data will almost certainly have a detrimental impact on UK businesses and the economy. Companies such as Eris Industries and Ind.ie are just two companies who have elected to relocate even before the bill is implemented.
Some businesses are reluctant to allow access to data gathered from their users as it provides valuable market insights. Additionally, Internet companies that make secure products could choose to move their offices abroad to islands of intact encryption such as the Netherlands. Others may choose to store their data, rather than move offices, in places such as he Netherlands as a commitment to their customers. Either way, the UK economy would suffer with lower tax receipts and job losses.
Ultimately, the citizens will have their rights surrendered and trust in companies will dilute. The weaker encryption can also allow cyber-criminals to access previously secure data that could result in attacks on private business accounts by force.
With their private communications at risk, some users may feel as though conducting online transactions or communications would be too much of a risk. Although, this might be an extreme example, the deliberate decline in protection could force customers to use other companies who use another method of protection or store their data abroad.
Law within borders
Governments should update legislations to mirror the role of digital technologies in terrorism and cyber-attacks. However, this should not be undertaken at the expense of consumer privacy.
The more appropriate course of action is targeted surveillance rather than overarching access, and there should be greater clarity into how any proposed powers would work. The proposed bill outlines various measures and powers for law enforcement agencies, but the scope of application is what worries global tech companies, as well as end-users.
Legacy of Safe Harbour
This piece of legislation was only ruled invalid last year but discussions on the second iteration, as well as the new GDP regulation, only adds to the complex divide between privacy and sharing of information.
The likes of Facebook, Google and Amazon are still recovering from the Safe Harbour decision that brought the legitimacy of data transfers between the EU and the US into question. Viewed as a fundamental right in the EU – data privacy superseded mass surveillance by a foreign country and forced companies to defend their data gathering practices.
More endorsements similar to the the Dutch government’s argument on retention of data privacy from EU states will help to shape the legislation that follows Safe Harbour in the favour of ordinary EU citizens. However, should the UK leave the EU, this focus on the prioritising data privacy over other considerations, such a national security, could fall through. Indeed, with the introduction of the Snooper’s charter, we are already starting to see a movement away from one of the founding ideals of the EU, a right to privacy.