Earlier this week Firstlook.org broke a story about leaks from Edward Snowden revealing the CIA's hacking of Apple mobile devices.
This incident highlights how hard it is to achieve a balance between public safety and the right to privacy. On the one hand we have the CIA and other government agencies with a mission to protect public safety attempting to access encrypted data and communications on privately owned devices. Their motivation - to protect against terrorists and other threats. On the other side of the coin – maximizing personal privacy - Apple and other tech giants, as well as privacy rights and consumer groups globally are clearly lined up to keep people’s private information under the control of the individual.
It’s telling that today both groups view encryption as a critical issue – One as a barrier to their mission, and the other as a critical protection.
It’s also not clear exactly the level of penetration on mobile platforms that the CIA has achieved. But clearly, technology companies see that there are significant business consequences to turning over backdoors to governments, and are working to avoid it.
This isn’t the first time there has been a tug of war between business and government on the issue of privacy in technology. In the 90’s the compromise reached was around encryption beyond a certainly level. Higher levels of encryption than a maximum (64bits) could not be exported without special permits, while domestically higher levels of encryption were allowed. We all thought at the time that this was because it took too long to decrypt data with 128 bit encryption, and that intelligence agencies wanted the free access to communications that contributes to their mission. What’s needed this time is to once again reach a balance on these privacy issues that meets both sets of needs.