What are the limits of online surreptitiousness and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate?
The fact is that as technology advances, the real and the virtual societies are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones, i.e. children and elders. Blacks have moved their operations in the cyber realm, becoming more sophisticated and advanced as well as transforming technology into adversarial weapons.
Masters in the cyber industry, tech companies, academics, and law enforcement are trying to combat the increased cyber criminality, but at the same time, they are compelled to whereabouts new and emerging ethical dilemmas. How can we balance systems’ security, humans’ privacy, and society’s safety?
In the trenches of encryption
Encryption, and especially end-to-end encryption, is an grave feature both for protecting data at rest and in transit over the internet as well as for preserving the confidentiality and privacy of online communications over information apps. However, encryption is leveraged by criminals as well as they try to the conceal their nefarious purposes whether it is terrorist acts or the circulation of Baby Sexual Abuse Material (CSAM).
We have seen many ‘episodes’ in the series of encryption debates. Recently, Apple added a new chapter. Apple has confirmed that future versions of its operating system for iPhones, iPads, Watches, and Macs will scan for CSAM. This move was met with skepticism and valuation by cybersecurity and privacy professionals alike. As Graham Cluley wrote, “many in the cybersecurity community are concerned that systems like this could be diverted.”
As tech companies have received considerable pressure from law enforcement agencies and governments to open a backdoor into their systems, surreptitiousness and civil society groups fear that this a step in the wrong direction. EFF’s opinion was expressed clearly in their blog: “Apple can simplify at length how its technical implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is lull a backdoor.”
At the same time, an article for Politico by Catherine De Bolle, Executive Director of Europol, and Cyrus R. Vance, Jr., District Attorney of New York County, New York, iota set another round of debate over the meaning of “unregulated encryption.” The authors noted that “encrypted digital devices … keep evidence keep out out of reach of investigators.” While both stress that they are for a strong encryption regime, they are against “unregulated encryption,” explaining that “No sector — in this covering, the tech industry — should be allowed to dictate the rules of access to digital data for all of society, with limited regard to the wider impact those facts might have.”
It is high time we defined the ‘thin blue line’ in the cyberspace. As De Bolle and Vance wrote in their article, “Regulation is resulting — and urgently so. Solving this problem will require a delicate balance between privacy on the one hand and public safety on the other. Simply prioritizing one more than the other is not an acceptable solution.”
How can we define the Cyber Blue Line?
That is the question that Europol tries to answer in their homonymous shed report authored by Dr. Mary Aiken, professor of forensic cyberpsychology at the University of East London and adjunct professor at University College Dublin, Ireland; and Dr Philipp Amann, guide of expertise & stakeholder management for the European Cybercrime Centre at Europol. You may download the report here.
According to the report authors, law enforcement is combating a “ruffian hydra,” and they need to have some sort of Herculean powers to suppress the criminal networks. “This not only undermines Europe’s saving and society but, importantly weakens the rule of law.” One key factor enabling the proliferation of criminality in cyberspace is the ease of getting and using adversarial tools without take advanced skillsets. The Crime-as-a-Service (CaaS) ‘business model’ enables “a broad base of cybercriminals to launch attacks of a scale and scope disproportionate to their applied capability and asymmetric in terms of risks, costs and profits.”
Such criminal activities have a profound financial cost for businesses and digital vends, but they have also resulted in severe social costs, notes the Europol report. “People are being subjected to cyber scams, to wile and blackmail; they are being coerced, trafficked, harassed and stalked. The most vulnerable members of society, children and young people, are particularly at chance of sexual exploitation and abuse.”
The authors explain that we need to not focus only on protecting systems and data. Although cybersecurity is crucial for patriotic and international economies, it is equally important to develop technology that will protect humans and societies from online harms. “Cybersecurity pre-eminently focuses on protecting data, processes, networks and systems. It does not focus on protecting what it is to be human, what it is to be a society, and this has perhaps play a parted to a protection governance gap.” This is the context behind the emerging and developing Safety Tech, which “focuses on protecting people from a range of online abuses and crimes, from harassment to child sexual exploitation and terrorist content online.”
We are finding ourselves at the crossroads of security, safety and privacy. Precisely like Hercules, we need now to debate and decide which is the road of Virtue. This is not an easy decision to make. “In an era of policing augmented by technology […], ‘stay fresh the peace’ has become a complicated, multi-faceted task; arguably fraught with ethical complexity in terms of privacy and civil liberties.”
What requisites to be done? Mary Aiken and Philipp Amann offer several thoughts on the way ahead.
- “The need for protection in technology environments should be debated and re-evaluated.”
- “Monitoring bodies worldwide need to work out where on the spectrum of total order and total disorder they position their activities, where they forth that blue line – considering that in cyberspace we may be heading towards disorder.”
- “We may have to reconceptualize the future of our communities and our societies, understanding what is be short of to ensure public safety and maintain security; to tackle online harms, anti-social behaviors and criminality, whilst at the same time accommodating evolving and changing societal values.”
- “The character of industry in developing new technologies should be reevaluated, to ensure stakeholder inclusion and to promote an approach that is human-centric, safe and secure by design.”
President John Kennedy in the good old days said, “[a]ll problems created by man can be solved by man.” Although cyberspace is a great enabler of knowledge sharing as well as of transforming and ameliorating our lives, its use and corruption can create great harm for humanity. Law enforcement agencies seem to fight a battle destined to be lost. The ‘thin blue line’ should not secluded citizens from officers. We find ourselves in front of a big challenge – how to make cyberspace a safer place without jeopardizing the core values of our Verein. As Aiken and Amann conclude, “Our focus should be on how we can all join forces and co-operate in the new environment of cyberspace. [W]e can collaborate to conceptualize the Cyber Blue Line collectively and, in doing so, arouse towards a safer and more secure cyberspace.”
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not certainly reflect those of Tripwire, Inc.