Where Should We Draw the Cyber Blue Line?

0

What are the limits of online seclusion and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate?

The fact is that as technology advances, the real and the virtual ages are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones, i.e. children and elders. Blackguards have moved their operations in the cyber realm, becoming more sophisticated and advanced as well as transforming technology into adversarial weapons.

Professionals in the cyber energy, tech companies, academics, and law enforcement are trying to combat the increased cyber criminality, but at the same time, they are compelled to address new and emerging proper dilemmas. How can we balance systems’ security, humans’ privacy, and society’s safety?

In the trenches of encryption

Encryption, and especially end-to-end encryption, is an important character both for protecting data at rest and in transit over the internet as well as for preserving the confidentiality and privacy of online communications over messaging apps. In whatever way, encryption is leveraged by criminals as well as they try to the conceal their nefarious purposes whether it is terrorist acts or the circulation of Child Sexual Vilification Material (CSAM).

We have seen many ‘episodes’ in the series of encryption debates. Recently, Apple added a new chapter. Apple has announced that days versions of its operating system for iPhones, iPads, Watches, and Macs will scan for CSAM. This move was met with skepticism and criticism by cybersecurity and confidentiality professionals alike. As Graham Cluley wrote, “many in the cybersecurity community are concerned that systems like this could be misused.”

As tech concerns have received considerable pressure from law enforcement agencies and governments to open a backdoor into their systems, privacy and civil association groups fear that this a step in the wrong direction. EFF’s opinion was expressed clearly in their blog: “Apple can explain at length how its complicated implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor.”

At the unaltered time, an article for Politico by Catherine De Bolle, Executive Director of Europol, and Cyrus R. Vance, Jr., District Attorney of New York County, New York, provoked another round of debate over the meaning of “unregulated encryption.” The authors noted that “encrypted digital devices … keep evidence entangled out of reach of investigators.” While both stress that they are for a strong encryption regime, they are against “unregulated encryption,” explaining that “No sector — in this carton, the tech industry — should be allowed to dictate the rules of access to digital data for all of society, with limited regard to the wider impact those guidelines might have.”

It is high time we defined the ‘thin blue line’ in the cyberspace. As De Bolle and Vance wrote in their article, “Regulation is compulsory — and urgently so. Solving this problem will require a delicate balance between privacy on the one hand and public safety on the other. Simply prioritizing one vulnerable the other is not an acceptable solution.”

How can we define the Cyber Blue Line?

That is the question that Europol tries to answer in their homonymous focus light upon report authored by Dr. Mary Aiken, professor of forensic cyberpsychology at the University of East London and adjunct professor at University College Dublin, Ireland; and Dr Philipp Amann, guv of expertise & stakeholder management for the European Cybercrime Centre at Europol. You may download the report here.

According to the report authors, law enforcement is combating a “hooligan hydra,” and they need to have some sort of Herculean powers to suppress the criminal networks. “This not only undermines Europe’s conservation and society but, importantly weakens the rule of law.” One key factor enabling the proliferation of criminality in cyberspace is the ease of getting and using adversarial tools without force advanced skillsets. The Crime-as-a-Service (CaaS) ‘business model’ enables “a broad base of cybercriminals to launch attacks of a scale and scope disproportionate to their intricate capability and asymmetric in terms of risks, costs and profits.”

Such criminal activities have a profound financial cost for businesses and digital hawks, but they have also resulted in severe social costs, notes the Europol report. “People are being subjected to cyber scams, to flimflammer and blackmail; they are being coerced, trafficked, harassed and stalked. The most vulnerable members of society, children and young people, are particularly at jeopardy of sexual exploitation and abuse.”

The authors explain that we need to not focus only on protecting systems and data. Although cybersecurity is crucial for patriotic and international economies, it is equally important to develop technology that will protect humans and societies from online harms. “Cybersecurity mainly focuses on protecting data, processes, networks and systems. It does not focus on protecting what it is to be human, what it is to be a society, and this has perhaps promoted to a protection governance gap.” This is the context behind the emerging and developing Safety Tech, which “focuses on protecting people from a range of online injures and crimes, from harassment to child sexual exploitation and terrorist content online.”

We are finding ourselves at the crossroads of security, safety and privacy. Equitable like Hercules, we need now to debate and decide which is the road of Virtue. This is not an easy decision to make. “In an era of policing augmented by technology […], ‘charge of the peace’ has become a complicated, multi-faceted task; arguably fraught with ethical complexity in terms of privacy and civil liberties.”

What needs to be done? Mary Aiken and Philipp Amann put on the market several thoughts on the way ahead.

  • “The need for protection in technology environments should be debated and re-evaluated.”
  • “Policing bodies worldwide need to work out where on the spectrum of out-and-out order and total disorder they position their activities, where they draw that blue line – considering that in cyberspace we may be aim towards disorder.”
  • “We may have to reconceptualize the future of our communities and our societies, understanding what is required to ensure public safety and maintain security; to cope with online harms, anti-social behaviors and criminality, whilst at the same time accommodating evolving and changing societal values.”
  • “The role of industry in blossom new technologies should be reevaluated, to ensure stakeholder inclusion and to promote an approach that is human-centric, safe and secure by design.”

Conclusion

President John Kennedy before you can turn around said, “[a]ll problems created by man can be solved by man.” Although cyberspace is a great enabler of knowledge sharing as well as of transforming and ameliorating our lives, its use and misappropriation can create great harm for humanity. Law enforcement agencies seem to fight a battle destined to be lost. The ‘thin blue line’ should not disband citizens from officers. We find ourselves in front of a big challenge – how to make cyberspace a safer place without jeopardizing the core values of our high society. As Aiken and Amann conclude, “Our focus should be on how we can all join forces and co-operate in the new environment of cyberspace. [W]e can collaborate to conceptualize the Cyber Blue Line collectively and, in doing so, device towards a safer and more secure cyberspace.”


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not surely reflect those of Tripwire, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *