Privacy, Secrecy and Anonymity - omniSecure Forum Encryption: A Challenge or an Opportunity

[Editor: Stefan Schiffner |SECAN Lab, University of Luxembourg stefan.Schiffner@uni.lu]

This Blogpost is a short summary of a discussion panel of a privacy advocate and a law enforcement representative at omniSecure. While written from the perspective of the privacy advocate, it is still an attempt to present a balanced view.

As far as this is possible for a short blogpost like this, I will try to navigate around the usual opposing slogans "1984: Big Brother is watching you" and "We are Going Dark: criminals can do what they want."

The discussion was moderated by Aidan Ryan, ENISA. The law enforcement side was represented by Philipp Amann (EUROPOL), the privacy position was represented by the author of this post, partner of the SAINT EU-project and researcher at UNI.lu.

Speaking notes and Presentation can be found at:
https://omnisecure.berlin/vortraege2018/download.php?id=ZmlsZUZvbGRlci9v...

Modern Crime is Online

As any other aspect in life, crime moved online. This includes new types of criminal activities, that are based on the abuse of the victims IT infrastructure, e.g. by stealing computing resources (botnets) or by locking out users (randsomeware). Naturally, in this new type of crime, the evidence is mainly if not solely electronic. But also for other crimes, evidence today is often electronic. E.g., in the case of illegal trade of weapons, where most of the transaction is handled on electronic discussion fora, which are often run and accessed anonymously. Law enforcement faces the loss of these evidence due to 1) the ephemeral nature of data, 2) encryption of content, and 3) lack of location. Especially for 2) and 3) the loss of evidence might be caused because criminals are deploying cryptographic techniques.

In these cases where technical protection measures inhibit the investigation of crimes, a fundamentally unresolvable conflict of basic rights presents itself: the freedom rights of the honest individuals and the rights of a crime victim. In this situation, political consensus on slogans such as "The police must be able to access every communication" seems easy to form. However, the proposed solutions to grand this access range from impractical to dangerous. They include: weakening or banning encryption, key escrow and legal hacking. In the public discussion, most of the proposals try to depict a false balance between security and privacy. Here we want to detail out that balancing these two values will fail since the relation of security and privacy is much more complex than a simple 0 sum game. Furthermore, they are based on traditional checks, balances and risk assessments, which do not hold in the digital world.

The Danger of Unprotected Communication

Secrecy and anonymity are fundamental conditions for a free society. In order to feel uninhibited and to develop new ideas, we need to be able to retreat from social control and the judgment of others. This fear of social control seems to be universal; hence, we protect the secrecy of correspondence by legislation, e.g. the art 12 of the declaration of human rights. Moreover, we take technical protection measures, e.g. we keep secret diaries, locked cabinets and rooms, letter envelopes and seals. The ease of editing, the conveniently fast communication, the seamless search-ability, and indexing moved text production, consumption, and communication digital and online.

However, our electronic devices and communications are often fatally unprotected. This behavior has been depicted as the dawn of a post-privacy era. But, indeed we do care about privacy; the change of medium dispossesses us from our senses. Pressing the send button on our mail client to have our message delivered instantly does not create the same sensation of giving a letter to a postoffice for delivery. While we know that in this instance, the message moves through multiple computers far from our control and gets copied in every step, there is no tangible violation of secrecy.

Now, criminals and terrorist ought to size this information from unprotected communication networks for their profit. The impact on individuals might reach from scam (fishing, tech support scam etc) and burglary (detecting if someone is not at home for long) to targeted terrorist attacks (detecting if someone or a member of a certain group is in a certain location.) Hence for the individual, anonymous communication in today's networks is an important mean to protect users from multiple forms of discrimination.

Also, infrastructure providers moved their command and control systems to standard internet protocols. So vulnerable communication infrastructures aren't anymore a mere privacy risk but bear a danger for other critical infrastructures such as power and water supply, transport, hospitals etc. Moreover, even more than secrecy, the integrity of data is important. So integrity and secrecy of electronic communication are vital for our society to protect creativity and critical infrastructures likewise.

We need a wider Debate

Now, with criminals online hiding their activities using cryptographic tools and abusing unprotected infrastructure of their victims, a complex relation between secrecy, integrity, anonymity, and public security presents itself. Unprotected communication will become increasingly risky for society, and industry will answer the market need for secure IT infrastructure.
This will decrease the utility of the traditional interception of telecommunication to investigate crimes even more.
At the same time, more criminal activities will move online, so that traditional evidence will disappear as well. To this end, more effort needs to be invested in digital forensics research and IT education of law enforcement personnel.

However, the debate is wider. The ease to cross legislative borders in digital networks creates cross border markets. At these markets companies create digital ecosystems, which are stretch spanned over several legislations often without any bounds. Here the ``programme code" creates the socio economic system that is more bounding than the legal frameworks.

In this bigger framework, we need to debate:

  • How can legislation not only follow, but embrace the fast developments in information technologies? This includes issues of technology neutral laws that need to be based on principles, but yet needs to be concrete enough to be understood by the widest possible fraction of society.
  • How can we deal with cross legislation eco systems? Especially considering contradictory legal frameworks and cultural concepts.
  • Empowering and educating the general public on data protection tools will increase the individual's security, but might also proliferate criminals. Can we have one without the other?
  • How can society deal with the situation that products of IT companies as global players have a higher impact on society than rather local legislation?

Note: These questions go beyond the debate on the impact of widely adopted cryptographic tools on law enforcement. However, they need to also be addressed for the debate above.