Recently sued for allegedly allowing acts of terrorism to be plotted on its platform, Facebook joins a long list of tech companies raising public concerns. A few months ago, Apple had a dispute with the FBI after refusing to unlock a jihadist’s iPhone, and WhatsApp readily joined in the defence of the tech giant.
Two main issues are at stake. Tech companies advocate the need for secure communications and privacy for the final user. Investigators, on the other hand, would prefer limited security, with the possibility of inspecting suspects’ data traffic and messages. The two opinions are hardly reconcilable, and an exception made in one case can affect all users.
If a security gap – or a ‘way in’ were to be disclosed to law enforcement, or a new operative system rolled out with known ‘back doors’, this information could be used not only to infiltrate criminal devices but also to steal valuable information from private citizens.
Not Much Help To Police
How easy is it for the average hacker to access a phone’s private data? Every day, thousands of private accounts are stolen and sold on the black market. Indeed, data leakage and cyber crime are much more frequent than the average users think. Since most mobile communications are not encrypted, a hacker would simply need to connect with a phone and read its data.
How effectively can less secure communications aid police officers in preventing cyber crime? The answer is: unless the traffic of every citizen is inspected in search of suspicious contents, only limited results would be achieved. Automatic controls are subject to bias and can easily be eluded – for example through word swapping. Computers are not yet intelligent enough to detect dangerous material, and for every real danger, at least 100 fake alarms would arise. Also, organised criminal groups can set their own encryption procedures and teach their members to take precautions and communicate only through secure channels.
The major pitfall of tech illiterates is their static vision of security measures. Building a wall between the phone and the net will not grant infinite security, but only add a small layer to an imperfect and vulnerable system. The fight against cyber crime resembles a dynamic run more than a static wall: every time hackers find an exploit, minimal adjustments are incrementally added to fix the leakage.
Indeed, the security measures of Facebook, WhatsApp, Apple and others are far from impenetrable. An experienced cybercriminal would never resort to WhatsApp for secret conversations, but rather connect to VPNs, Bridges and fictitious devices. Secure chat applications might be used by micro-criminals who would be hard to track even without diffused encryption. Therefore, the reduction, even if marginal, in public security far outweighs the added costs of investigators.
All in all, the user is responsible for his or her own cyber security. Hackers and governments alike are able to infiltrate private information more efficiently than ever before, and the user should take the necessary precautions when connecting to the net. Nonetheless, one is fortunate enough to have basic security measures easily implementable on a large scale. For app developers, removing security protocols from their products would be a decision limiting the fundamental rights to privacy and freedom of expression.