In nearly every online interaction sensitive personal data is involved – browsing, Facebook posts, emails, YouTube postings, etc…, There has been a drastic increase in cyber attacks by both state-sponsored and private threat actors that threaten the privacy and data security of common citizens.
Governments are at a quandary. They have to protect citizen privacy, but also have to monitor online activities and communication as a proactive measure to protect the country and citizens against terrorist attacks or other such anti-nation activities. To this end, governments are constantly updating their cyber strategy to protect citizen data and privacy, by defining regulations and using necessary cyber security tools. They have sought advice, as well as requirements from citizens and private companies.
The world is going more digitalized, and there is no going back. People are using more of technology – more smartphones, wearable devices, laptops, tablets, etc.., for personal and work-related communication activities. In order to ensure privacy and also protect the data from unauthorized users, encryption technology is used. Encryption technology has evolved over the years, such that unauthorized decryption without the decrypting key is impossible.
Governments need to monitor the communication to investigate digital crimes, however it must ensure that citizen’s information remains private and secure. The tools used by the government for protecting citizens also provides access to their personal information and their habits. Defining apt laws has remained a challenge for most democratic countries. A thin line exists between protective monitoring and accessing private information of the citizens.
In this scenario, massive volumes of data are collected and stored by governments. This data must be secured from cyber threats, and encryption is playing a major role. Being monitored for every transaction is an invasion of privacy and is a grave concern to citizens. Law enforcement agencies may have to access this private data, and once their job is done, they must ensure that the data is destroyed, before it falls into wrong hands.
Some nation states demand that developers of devices and developers of encryption technology build backdoors into them so that they will have access. While it may be useful for governments it is a threat to privacy, and can be considered as a total failure of the purpose of encryption technology.
The recent incident where Apple was asked to unlock its phone – an act that threatened its right to encryption – made major headlines, where Apple refused to create a backdoor. Governments must define appropriate policies to ensure privacy of personal and confidential information. They must discuss with citizens and think tanks in formulating appropriate encryption policies.
This is the reason that encryption is desired to ensure security and privacy of citizen data.