Encryption ethics: are email providers responsible for privacy?

Nov 28, 2013 by Adam Henschke, The Conversation
Protest against NSA surveillance. Credit: Mike Herbst

Ex-National Security Agency (NSA) employee Edward Snowden's various leaks – the most recent being a slide showing that the NSA infected 50,000 of computer networks with remote-controlled spyware – confirm that state intelligence agencies around the world have been collecting and analysing people's behaviour online for years.

Many people now feel that their online privacy and anonymity have been undermined – particularly as major service providers like Google, Facebook and Apple have been compromised. In response, some email service providers (such asYahoo! last week) are now offering full of users' data.

While privacy is generally seen as morally desirable, the ethical issues surrounding encryption technologies require some closer investigation. In order to properly assess such things, we need to assess not just the claims but the moral foundations upon which they are based.

What, then, are the main moral justifications for encryption? What are the arguments against it? And finally, what responsibilities do encryption service providers owe their clients and the public at large?

The case for encryptionThe most obvious case for supporting encryption is one of basic liberties: certain human rights, it might be argued, are fundamental, and privacy is one of these. As such, personal information ought to be respected and kept private. Encryption is simply a method of achieving this goal.

Simply claiming a right, however, is not sufficient justification on its own. As some—such as ethicist Fritz AllhofF—have argued, where there is an immediate danger to an individual's right to physical security, then another's rights might be justifiably waived.

This principle could also apply to the online world. If, for instance, encryption were to allow a cyberattack on the scale of Pearl Harbour to go unchecked – as described in the video below – then perhaps there might be a case for sacrificing some rights to privacy.

This video is not supported by your browser at this time.

Another reason is that government internet surveillance threatens the openness of the internet, undermining the spirit of the internet itself. According to this view, the principle of the internet beingopen and free should be sacrosanct.

But note that this is more of an ideal than a reality – for instance, the actual code that operates the internet already places limitations upon it. For instance, American law professorLawrence Lessig wrote of code that is designed to facilitate identification online or the rating of content.

Others have concerns over the prospect of information being misused, particularly by police agencies. In response to the platitude "if you have nothing to hide, you have nothing to fear", this argument retorts "if you have something to fear, you have reason to hide".

The use of social media to target people following the Arab Spring is one example of this. Encryption may be permitted in this sort of situation, but this is typically only relevant with regard to states that do not recognise the rule of law.

A final reason is that surveillance can lead to "chilling", where fear of oversight changes behaviour online. Arguably, there might be instances in which something like this might be desired.

For instance, most would agree that production and distribution of child pornography should be limited. Encryption, however, makes these activities easier to get away with. The debate, then, ought to be about what behaviours we chill, how we go about chilling them and what the unwanted side effects—if any—might be.

If we wish to make something illegal, laws need to be very carefully written. Contrary to its legal status, the act of teenagers "sexting" each other does not seem like production and distribution of child pornography.

Furthermore, we need to ask how far the analogy extends – producing and distributing child pornography is not the same as illegally downloading a Miley Cyrus song.

While the child pornography example shows us that some limitation of internet behaviour might justified, it does not necessarily help us in telling what else ought to be limited.

Reasons against encryption

Supporters of encryption may point to the principle of presumption of innocence. After all, if only a small percentage of online activity is of a serious criminal nature, why should all be under surveillance?

There are reasons to treat such reasoning with scepticism. Given that encryption can allow and enable criminal activity—child pornography, drug trafficking, communication within criminal networks and so on—the question is this: if surveillance of criminal activity is permitted or even expected in the physical realm, why not in the virtual?

Encryption, after all, can protect those who attack the security of others.

It is the state's duty to ensure . This is an important point – when there is a major terrorist activity, the state is held responsible for not preventing it.

If we demand strong limits on state surveillance, who is responsible for protecting innocents from attack? The point is that we can't expect total freedom and total security.

Where it endangers individual or national security, encryption may well be problematic. Nevertheless, we need to properly interrogate the case for state surveillance as well as the case for private protection.

If the state claims that encryption is contrary to national security, it is required to clarify what "national security" means, how encryption undermines it, and what individual and social goods are being traded against security.

Responsibilities of service providers

If encryption can be justified, what moral responsibility do the service providers have? For instance, do they have a duty to report criminal behaviour? The principle of medical confidentiality has its limits, after all: if a person states that they are planning a crime, or a child shows signs of abuse, there is a responsibility to report this information. Could it be said that encryption service providers are under the same responsibility?

Secondly, should service providers guarantee encryption? The deal made with the gives a user an expectation of encryption, which may in turn encourage certain behaviour. But if encryption is not guaranteed, if there are ways of cracking it, do users have a moral claim against service providers? This is akin to a claim of entrapment.

Finally, the service providers also need to be consistent: if they offer encryption because of moral reasons, then these moral reasons ought to hold the provider to the same standard as the state. For instance, if the claim of a right to privacy holds, then the service provider cannot justifiably monitor the data or metadata or use it to make money, as this would also constitute an invasion of privacy.

This is only a brief overview of the issues at stake, but offers a little insight into the moral tensions involved in offering encryption services.

Explore further: Twitter toughens encryption to thwart online snooping

add to favorites email to friend print save as pdf

Related Stories

Creating accountable anonymity online

Nov 12, 2013

The World Wide Web is, in many ways, still the Wild West. Though a large portion of internet traffic is monitored and traceable, systems like the Tor Project allow users to post and share anything anonymously. Anonymous systems ...

Thousands in German anti-NSA protest

Sep 08, 2013

Thousands took to the streets in Berlin Saturday in protests against Internet surveillance activities by the US National Security Agency and other intelligence agencies, and the German government's perceived ...

Locking down the cloud

Nov 08, 2013

A software re-encryption system could allow users to pay for and run applications "in the cloud" without revealing their identity to the cloud host. The same approach would also allow the software providers to lock out malicious ...

Recommended for you

Brazil passes trailblazing Internet privacy law

7 hours ago

Brazil's Congress on Tuesday passed comprehensive legislation on Internet privacy in what some have likened to a web-user's bill of rights, after stunning revelations its own president was targeted by US ...

Research shows impact of Facebook unfriending

22 hours ago

Two studies from the University of Colorado Denver are shedding new light on the most common type of `friend' to be unfriended on Facebook and their emotional responses to it.

User comments : 0

More news stories

Jacket works like a mobile phone

A fire is raging in a large building and the fire leader is sending a message to all firefighters at the scene. But they don't need a mobile phone – they simply check their jacket sleeves and read the message ...

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

Male-biased tweeting

Today women take an active part in public life. Without a doubt, they also converse with other women. In fact, they even talk to each other about other things besides men. As banal as it sounds, this is far ...

High-calorie and low-nutrient foods in kids' TV

Fruits and vegetables are often displayed in the popular Swedish children's TV show Bolibompa, but there are also plenty of high-sugar foods. A new study from the University of Gothenburg explores how food is portrayed in ...