Javvad Malik, AlienVault
Privacy in the digital realm has become a hot topic. There has always been a debate about the degree to which law enforcement and intelligence agencies should be allowed to snoop on what many of us would consider private communications. But that discussion became supercharged following the leaks by Edward Snowden and now seem to be coming to a head, not least with recent court battles between Apple and the FBI.
But as Javvad Malik, security advocate at AlienVault, explains in this interview, when engaging in this debate one must be careful not to take a black-or-white position. Few people would argue that legitimate law enforcement operations shouldn’t have access to technology-based communications in appropriate circumstances. The debate, then, becomes one of deciding what’s appropriate.
One of the problems highlighted by the Apple vs FBI dispute was whether it’s ever safe to subvert the security of the devices we use. If backdoors or other methods of bypassing security are created, doesn’t this present an opportunity for malicious actors to exploit these weak spots? And as an extension of that thinking, do product vendors have a responsibility to ensure the security is as invulnerable as possible?
And these malicious actors may not be just cyber-criminals – they may include other governments.
That puts technology companies in a difficult position. Who decides who is or is not a malicious actor? Who decides who should or should not have access to devices and their data? To a large extent, that’s decided by laws in the countries in which the companies operate. But laws are made in court: and the Apple/FBI battle was largely about deciding whether an existing law could compel Apple to weaken the security of its products.
However, we’ve always understood that law enforcement agencies have special powers – to tap our phones or enter our homes with a warrant. Why should digital communications enjoy extra privileges?
Malik believes there are some special characteristics of the digital world, such as the absence of physical, geographical bounderies in many cases, which blurs jurisdictions. In addition, big data analytics have made it possible to conduct surveillance “en masse and indiscriminately”.
There’s also an issue that people often don’t understand what information about them is being gathered by the apps they use, and often stored on their devices.
Ultimately it’s an issue of trust. People need to be able to trust their devices, the software they use and their law enforcement agencies and governments.
Malik describes how this is an evolving debate and the difficulty of deciding where lines should be drawn.
One problem we may face is a lack of awareness – or even possibly disinterest – by the general public when it comes to privacy. There has been no rush to adopt privacy-enhancing technologies, and vendors generally don’t stress the privacy and security aspects of their technologies to the general public. Could that be an opportunity?