From emails and Twitter feeds to the shows you stream on Netflix, personal data exists for almost every online interaction. With so much data floating around and the news of cyber-attacks almost daily, citizens and law enforcement alike are focusing more on cybersecurity than ever before. Yet, many are worried that without the proper policy and regulations, citizen privacy will be at risk.
Currently, there are many efforts tackling the tug-of-war between security and citizen privacy, including Canada’s ongoing Consultation on National Security. The consultation aims to improve Canada’s IT system as a whole by updating the government’s cyber strategy and its support of private businesses. Following the submission deadline on December 15, government officials will be reviewing input from Canadians on the security tools that are used to keep them safe, while also evaluating their effect on citizen privacy.
With proper crowdsourcing from citizens and private companies, the Consultation on National Security aims to discuss prevention, accountability, and online threat reduction to inform future changes to our national security cyber tools and laws. By utilizing proper tools and regulations, the Canadian government can ensure citizens that their privacy will remain intact while investigating cybercrimes. The consultation is an example of governments refining their approach to the security versus privacy discussion that is all too well known in today’s constantly evolving technology landscape.
One section of the consultation that is especially important to the security versus privacy discussion is Investigative Capabilities in a Digital World, which was created to keep up with the changing technology landscape that people use every day, including mobile phones, tablets, laptops and even smart wearables. While we rely on this type of technology daily to communicate and simplify tasks, it can also be exploited by cyber criminals. Before smartphones, tablets and other advanced technology existed, laws were written on how to properly collect and use evidence found in cyber space. But as new tech continues to be introduced along with ways to protect and save data, such as encryption or data repositories, our laws need to change to reflect how the government can utilize this information for investigations, while keeping citizen privacy a top priority.
Keeping Information Secure
Now that cyber criminals are utilizing the very technology we rely on for daily communication, keeping our personal information secure has become more challenging than ever. While access to necessary information to investigate digital crimes is important, so is keeping citizen’s information private. For example, 24-hour security monitoring collects and analyzes personal information with no warrant at all times. This technology, designed to protect citizens also gives the government the ability to trace a person’s address, payment information and even more intimate information – easily. Proper safeguards must be put in place to protect law-abiding citizen.
Yet, creating the right laws is tricky and correctly enforcing them is even more difficult. While a variety of steps can be taken to keep information of individuals safe and secure, the lines are blurred when it comes to protecting information in the digital world. In the past, police were there to protect citizens from danger in the traditional sense – from home invasions to bank robberies. But, crossing over to a world of digital requires different considerations, tools and regulations.
As large volumes of data come from personal devices, safeguards are necessary to keep this data secure whether it’s stored or in transit to a recipient. The idea that all online interactions are being watched by the government is what concerns citizens most. It is the responsibility of law enforcement to ensure they are not overstepping our boundaries of privacy, while still catching those committing a crime. If the information gathered does not lead to an arrest, then the right procedures need to be taken to ensure the data found is destroyed.
The need for encryption
Fortunately, there is a solution to help keep information out of the hands of the wrong individuals, which is why citizens and companies are turning to encryption. With an encryption solution in place, users can keep their information private in the cyber world. But, encryption solutions are only as strong as the locks used. If users don’t take the time to properly encrypt their information, then their information is at risk – and should assume that their data is public and can be used by anyone. And, if policies enable back-doors to encryption technology, the security of the encrypted data will be put at risk. In reality, back doors to encryption will not work. If technology can be weakened so easily, then its trustworthiness diminishes.
With the recent cases of private companies fighting for their right to encryption, such as the Apple vs. FBI case, encryption is sensitive subject. As many continue to worry about privacy during the security debate, the consultation can act as a refresh button, a place to reset the thoughts of encryption between private companies, citizens and the Canadian government. By listening to the feedback and comments from citizens, a thoughtful discussion around the use of encryption and how to properly regulate it can be formed. Creating policies around the use of encryption for business and limiting government interaction, is a step in the right direction and law enforcement will be better able to decipher their role in this new-age of digital crimes.
As Canadian officials begin to review the consultation feedback and the conversation around security versus privacy begins to take center stage in the US, it is important to ensure privacy of personal and confidential information remains a priority. While we continue to tackle digital crime and cybersecurity, tools that ensure our privacy remain extremely valuable.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.