“As lawyers, you have an ethical obligation to protect the confidentiality of your clients’ information and you can’t do it, unless you encrypt it,” warned the ACLU’s Christopher Soghoian in his keynote address at Bulk Data Collection and Personal Privacy, a symposium of the Journal of Business and Technology Law.
During the last decade, affordable, easy to use encryption tools have proliferated, making encryption almost the norm—or default—for many things digital, says Dr. Soghoian, the Principal Technologist for the ACLU’s Speech, Privacy and Technology Project.
Encryption not only allows lawyers to preserve the confidentiality of client emails, texts, phone calls and documents; in Soghoian’s view, apps such as Apple’s Facetime and Facebook’s WhatsApp also offer consumers a hedge, some small assurance of personal privacy by protecting them from hackers and other cyber security threats as well as the increasing collection and use of bulk data by governments. “Encryption is no guarantee of privacy,” Soghoian says, “but it does provide a little bit of balance.”
Ironically, the development of one of the encryption technologies most used by popular secure communications apps was funded not by corporations like Apple, but by the federal government, which recently sued the company in an effort to get it to unlock a terrorist’s iPhone as part of the FBI’s investigation of the San Bernadino attack.
“The State Department, Voice of America and Radio Free Asia spent tens of millions of dollars during the Arab Spring on encryption technologies to protect dissidents trying to overthrow dictators in the Middle East,” Soghoian told the audience of Maryland Carey Law business students and faculty as well as almost 20 panelists from law schools, think tanks and other organizations. “And, now, the encryption technology is so widespread, the FBI had to work with hackers to crack it, as it did in the Apple controversy.”
Although the identity of the government contractor who provided the FBI with means to unlock the iPhone used by the San Bernadino attacker remains a mystery, the government’s own hacking capabilities are substantial and largely unsupervised, says Soghoian, pointing to the FBI’s 2015 hack of Playpen, a child pornography site with more 200,000 registered users worldwide. With just a single search warrant and highly sophisticated technology, the FBI was able to hack the computers of 1300 people from countries all around the world, enabling law enforcement agencies to identify and prosecute these individuals. The scale of such surveillance “was unprecedented,” Soghoian says--and an example of why Congress needs to review the existing laws, he believes.
As encryption continues to spread--expanding both the ability of individuals to hide activities, some legal and others illegal, on the so-called “dark web” while also protecting private communications and other data--both criminals and law enforcement will turn more and more to hacking, Soghoian warns. “The government may one day be able to activate 10 million web cams on citizens’ computers,” he says, “and we’ll have never even had a public debate about it.”