The recent case in which the FBI went to the law courts to try to force Apple into ‘opening’ its encryption, highlighted yet again the importance of privacy and data protection within a company.
The implication of the request from the FBI to Apple, put simply, is that if a backdoor exists in any technology platform, anyone can be exploited and this questions the idea of privacy as a fundamental right.
Backdoors are backwards
Backdoors create an open day for all sorts of hackers, from hacktivists to organised crime and governments. An encrypted system is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed such as a backdoor, the encryption can be defeated by anyone with that knowledge. This backdoor could be used over and over again, on any number of devices.
As Apple said, in the physical world it would be the equivalent of a master key that could open hundreds of millions of locks whether banks, homes or shops. Just think of all the things that encryption safeguards, from your money and financial information to protecting the identity of dissidents and whistle blowers as well as vital infrastructure, communications networks, and power grids.
Striking a nerve
The Edward Snowden revelations lifted the lid on just how far-ranging and intrusive government snooping has become. This struck a nerve, raised the issue of privacy into the public realm and certainly changed public perceptions about technology providers and the government.
This sea of change in perception was particularly marked when the FBI sought to force Apple into giving away its encryption crown jewels. There were protests against the government in all fifty US states and those who participated were saying it’s not about criminality, it’s about human rights.
Right to fight
This understanding and willingness to fight for privacy rights among US citizens is now a feature of the privacy debate and one that should be listened to because it’s reshaping the landscape.
For instance, citizens are now celebrating technology companies that fight to protect their encryption, such as Apple, while holding to account those who voluntarily hand over customer information when the government comes knocking. The Snowden disclosures and the Apple and FBI fight have focused the debate on government surveillance, particularly in the US. Whether this focus is accurate or not is reason for debate, but it has certainly led to changes in the market.
A new breed of technology and Internet users have emerged who actively seek hosting companies and services that will protect their data, not because they have something to hide, but because it’s their right and the right of their customers.
The challenge for business is to respond to these data sovereignty concerns in ways that will address customer concerns while supporting the business. But data privacy is not the same as data security. Privacy or sovereignty is about the legal, the use, sharing, storage, and transfer of data. Security is the protection you build around the data to stop illegal access.
Data is a valuable commodity and today’s organisations need to ensure they are storing it in accordance with local laws and in a way that respects the privacy and security of their customers.
Branding data sovereignty
Unfortunately, few hosting providers are able to guarantee data sovereignty, largely because transit services pass through other jurisdictions, or they are leased through third parties or the support functions are located abroad.
An important question that a business needs to ask itself is whether hosting companies can offer local services that protect data from foreign jurisdictions? Astute hosting companies should be able to build a brand around data sovereignty best practice and this is what organisations should be seeking.
This is critically important because in the current climate, where it’s becoming increasingly understood that privacy is a fundamental right, the need for guaranteed data sovereignty can and will make all the difference to any business.
Ben Young is Vice President and General Counsel for Cogeco Peer 1