Incoherence 2015

We are now seeing very clearly something fundamentally incoherent in political stances on privacy, security and transparency.

On the one hand, we have politicians expressing outrage about cybersecurity breaches -- going so far, in the Sony case, of applying sanctions to the regime deemed responsible. We have governments and regulators pressuring enterprises to improve their protection of data -- in the case of Wyndham, the FTC going so far as to sue the company.  We have new initiatives for consumer privacy.

On the other hand, these same governments have been shown to be actively subverting security mechanisms, for the sake of signals interception.  They have been shown to be conducting interception at a massive scale, rendering every individual subject to surveillance in electronic communications.

Governments cannot expect enterprises to be successful in protecting data, or individuals in protecting privacy, if they are working to undermine that at every step.

We hear calls --  by the Director of the US Federal Bureau of Investigation, and the Prime Minister of the United Kingdom  -- to either ban encryption, or to allow encryption only with back doors for government. Let's set aside the practicalities or impracticalities of that.  The notion of banning encryption in order to facilitate state surveillance for the sake of security is fundamentally flawed for a number of reasons, not the least of which is that it represents an inflection point in which the government turns against its own citizens.  It says that every citizen is a suspect, all the time.  Since government and whistleblowers have proven that government cannot even manage the confidentiality of its own secret data, the suggestion of having encryption back-doors is simply a non-starter.  Not all violators of government confidentiality expectations act in the public interest, and not all Government employees can be expected to be virtuous at all times... so back-door protocols will leak into the dark corners of the internet.

At the same time, we see certain Governments double down on prosecuting and repressing Whistleblowers, arguing that the disclosure of state secrets puts public and national security at risk.  The message is that Government must be able to operate opaquely, while citizens must be required to operate transparently.  It essentially says that Government will be accountable only when it decides it will be accountable. It says that citizens should have trust in Government that has no trust in citizens.

There is, alas, a third problem in the conversation about encryption. Is there logical consistency in positions that simultaneously press the right of individuals to encrypt their communications, deny government the advantage of being able to decrypt those individual communications, and expect government transparency?  Can we have effective government transparency if individuals within government have the capacity to conduct truly opaque communications?

What happens to accountability in a world cloaked in secrets? Let's say that every individual wields the capacity to encrypt their communications. And let's say that some of those individuals work for the Government. What is the likelihood that individuals who want to operate outside of the legal framework will encrypt their communications?  What is the likelihood that they will freely open self-incriminating communications for inspection by Auditors General? What is the likelihood that Auditors General will even know about those individually secret communications?

All parties in this conversation have their own inconsistencies, suggesting that we need to cultivate a new narrative here.  Or invent a modern interpretation of some long-standing original principles.