Curiosity is human instinct. It is in our nature to be curious about what our friends and family are doing, who the person next to you in the library is texting long paragraphs to, what the people in your class are whispering about, and what grades they got on their last midterm. Of course, these are instances where it wouldn’t hurt to mind your business. But what if you end up overhearing a crime in the making? If being inquisitive can protect us from harm, then when does it truly become ‘none of our business’?
Shifting our focus from individual curiosity to national security, we encounter similar dilemmas on a much larger scale. In the United States, we’ve seen security measures diminish the privacy of those who choose to fly by air. While being a somewhat minimal encroachment, it portrays a reestablishment of values; we can attribute this to the 9/11 terrorist attacks, which is an unfortunate case of a lack of security; al-Qaeda used a cryptic communication system while the U.S. intelligence held fragmented data which if shared effectively across agencies, might have preempted the tragedy. This dilemma is a reality that lawmakers must often face. When it comes to granting the public a reasonable amount of privacy, they must act according to an appropriate level of authority. Implementing a strongly encrypted online atmosphere, particularly through encryption, ensures that personal data is securely shielded from unauthorized external access. Not only does this establish a clear boundary between government and public privacy, but it has the added benefit of significantly protecting against cyber attackers.
Reflecting the trend towards prioritizing user privacy in the digital realm, Meta has established end-to-end encryption (E2EE) on most of their platforms this year. This form of encryption guarantees that the message’s contents can only be accessed by the sender and the intended recipient. This means that neither the messaging service provider nor anyone else, even a government official, can view the message’s content while it’s in transit or at rest. Meta intends to continue implementing E2EE on all of its platforms, marking a significant step in the direction of user privacy. However, this raises concerns about the potential drawbacks of excessive privacy, such as hindering legitimate law enforcement efforts and possibly shielding nefarious acts from necessary investigation.
Many argue in favor of the implementation of E2EE as a way to secure their online data from malicious hackers. An instance that has grounds for fueling this desire would be when Facebook faced a huge security breach in September 2018. Nearly 50 million users had their confidential information exposed to attackers that exploited several bugs in Facebook’s code. “The flaw allowed the attackers to steal so-called access tokens — digital keys that allow access to an [Facebook] account,” according to a New York Times article. The identity and intentions of these attackers have remained a mystery. In addition to this massive data leak, there have been seven other data breaches on Facebook alone, raising the question of what privacy could look like with widespread E2EE and similar initiatives. While stronger shields of privacy can protect users from cybercriminals, they could also obstruct investigations on said criminals, even more so challenging the balance between privacy and security.
These recent initiatives on Meta’s platforms have come after a political battle in the United Kingdom. A few years ago, then-Home Secretary Priti Patel pushed for Meta to provide law enforcement and other government officials access to encrypted messages sent on its platforms, arguing that this was necessary for identifying criminals and potential crime. She explains in an article with The Daily Telegraph, “A great many child predators use social media platforms such as Facebook to discover, target, and sexually abuse children. These protections need to be in place before end-to-end encryption is rolled out around the world.”
I’d also like to acknowledge legitimate arguments to be made about maximizing user privacy. Two years prior to the Facebook breach, there was a dispute between Apple and the FBI over the company’s use of encryption. Following the San Bernardino terrorist attack, the FBI asked Apple to create a software tool to unlock an iPhone 5C used by one of the shooters. Apple resisted, asserting that such a tool could compromise the security of all iPhones, thus threatening user privacy. While the FBI viewed their request as a matter of national security, Apple saw it as a potential privacy invasion with broad implications. Ultimately, the FBI withdrew its request after accessing the iPhone data without Apple’s assistance. From my perspective, the standoff between Apple and the FBI highlights a complex intersection of privacy, security, and ethical considerations in the digital age. While there is an obvious need for national security, there is still a potential for privacy invasion that cannot be overlooked.
Apple CEO Tim Cook embodies this perspective in a public letter following the request, describing the government’s demands as something “chilling”. He described how, if the government permitted itself to unlock your iPhone, it would be capable of much more than just that. “The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge,” he stated.
Having said that, while Apple advocates for security against government intrusion, their own data collection practices contradict this sentiment, highlighting a broader inconsistency in the tech industry’s approach to privacy. From my perspective, this reflects a form of hypocrisy. Excessive privacy from government oversight, as some tech companies promote, can be problematic. It risks shifting power over personal data from elected authorities to corporations, challenging accountability and authority.
In considering the balance between privacy and security, it’s helpful to conceptualize it through the lens of societal obligations. Just as a child grows up under the guidance of a parent, learning to navigate the balance between free expression and responsible behavior, so does a citizen in a society. Because every child is inherently dependent on their parents, that parent is responsible for attempting to shape their child into a functioning member of society. Many hierarchical relationships can be described through this paradigm, where some degree of compliance is required to reap the benefits of an authority.
Such an affinity between ranks of power is foundational to human connection on a personal scale and among a group of individuals. Government depends on a reciprocal relationship between the governed and the governing bodies. When we consider online surveillance in this context, it becomes a question of societal responsibility. If the public accepts security measures in physical spaces, like airports, for the common good, then why not have a similar approach to online spaces? The use of social media among younger users presents a case where monitored interactions could serve a protective purpose. However, this should not champion unchecked surveillance. Just as a search warrant is required for physical searches, online monitoring should be governed by strict guidelines to prevent abuse.
In essence, my argument is not for an elaborate spying system, but for a balanced approach where the government’s actions are transparent and accountable. As we navigate this issue intricately, it becomes clear that a balanced approach is essential, where we must lean toward confiding in the system that keeps our rights secure. Surveillance, whether online or offline, should be a carefully considered tool, used only when necessary and under strict regulations. It’s about maintaining a relationship with the government that is responsible and effective, ensuring that both our security and our rights are upheld.