If you heard that the police had arrested the members of a vicious criminal group, you’d probably be pleased. But what if they did so by hacking an encrypted app, jeopardizing the safety of the hundreds of activists who used it? Could you justify that kind of privacy breach?
Encryption is the process of encoding information so that nobody but the intended receiver can decipher it. It’s the main way that we can protect our privacy online. Without encryption, internet service providers, hackers, and many others can monitor your unencrypted traffic and see what you do online.
This is why encryption is so important for activists, researchers, or vulnerable groups operating in high-risk environments with restricted online freedom. It protects them from oppressive regimes and can sometimes even save lives.
Many people around the world also use encryption for more mundane purposes, like protecting their personal privacy and avoiding bandwidth throttling. However, criminals can also use encryption to hide their activities from law-enforcement.
And this is where the issue becomes contentious. To prevent criminal or terrorist operations, law-enforcement agencies sometimes need to break encryption.
They usually do this by installing backdoors into software, which serve as an entry point to the data they need. However, it can also compromise the privacy of innocent users and establish precedent for future abuses.
This isn’t theoretical; we already have a growing number of cases that show the risks. One of the most recent examples was Google's discovery and patching of 11 zero-day vulnerabilities used by US allies in counterterrorism operations.
It seems that US authorities knew of these vulnerabilities, and despite the risks they posed to Google’s users, did not report them. They evidently believed that their counterterrorism operations were worth the risk, but that debate is far from settled.
Here are some more contentious cases when law-enforcement groups appear to have risked or directly breached users’ privacy:
As these examples show, we’re in a very grey ethical area here. There’s a thin line between a legitimate law-enforcement operation and a privacy breach. Do the ends justify the means?
Stockpiling is the process of finding vulnerabilities and not reporting them. Instead, law enforcement agencies can keep a list of these weaknesses — in encrypted apps and messaging platforms, for example — for future use. The vulnerabilities stay unpatched, and could potentially be exploited by criminals.
Again, this may already be having negative consequences for private citizens. The SolarWinds case is speculated to be the result of hackers finding NSA backdoors in the SolarWinds software.
While encryption breaking can help tackle crime and terrorism, it can also cause substantial damage to innocent people who really need to protect their privacy. It can:
A VPN is one of the most powerful encryption tools you can use to protect personal data. It routes your traffic through an encrypted tunnel to remote servers, so not even your internet service provider can invade your privacy. That being said, it's worth noting that if you use an insecure or disreputable application, your data will still be visible to the app provider.
Premium VPN services use ultra-strong 256-bit encryption algorithms that are almost impossible to decipher. It will also change your IP so no one can see your location. And the Threat Protection feature will stop trackers from following you around, while also blocking intrusive ads, malicious websites, and scanning your download for viruses.
Stay safe and encrypted with NordVPN!