Encryption Alone Doesn't Protect Privacy
Posted by Aaron Massey on 14 Aug 2013.
Matt Might is a professional hero of mine. He’s a prolific blogger and a successful academic, and I admire his work greatly. In particular, I’m a big fan of his 12 resolutions for programmers. Sometimes this is exactly the sort of thing that someone needs to help them change things for the better.
Unfortunately, Might’s recent post is exactly the sort of thing that annoys me about technologists and their views of privacy and security. Actually, it’s not even the entire post that annoys me; it’s the framing for the post. Consider his introduction:
Encryption makes privacy a right that can be claimed rather than granted.
Plenty of others have weighed in on the merits of encryption and its importance in modern times.
I won’t weigh in further.
Pithy? Yes. Accurate? Sort of. Misleading? Absolutely.
There’s a saying that the Eskimos have a plethora of words for snow because the differences for them are more meaningful and apparent than for, say, the average American.
Does encryption protect privacy? Yes, for some definitions of privacy. Might recommends using GnuPG. I do too. It’s a great tool, and I use it myself. However, it won’t protect your privacy, at least not for some rather meaningful conceptions of privacy. It can protect the content of your communications, but it’s not going to do anything about the associated metadata like who you were talking to and when you sent those emails. Unfortunately, if you’re using email, then you’re going to have to provide a recipient and you’re going to have to send it at some point.
The differentiation between the protections encryption can provide and the broader societal understanding of privacy is an important one to make,
Email is not the only technology where this argument applies. Encryption alone doesn’t protect your privacy or ensure your security. Privacy and security are fundamentally not technology problems; they are societal problems. They existed long before computers were invented, and they will continue to be problematic long after whatever comes next. We need technologies that help us mitigate privacy and security problems, and the tools that Might recommends can be powerful mitigations. They are, however, not solutions by themselves.
I sympathize with people who want to make the distinction as clearly as Might tries to in his post.
-
This saying itself may be misleading. See Wikipedia for more. ↩
-
Unless you want to use your email as a dead drop. ↩
-
It is also a differentiation that computer science academics have not made particularly well. Look at the past proceedings for the IEEE Symposium on Security and Privacy. There’s a clear focus on formal proofs for and algorithmic verification of privacy. Basically, S&P traditionally equates privacy with encryption or the protections it provides. People who work on usable privacy and security, privacy (or security) as a part of software engineering, or privacy and regulatory compliance tend to publish elsewhere. I don’t believe these communities should be this separated. ↩
-
And I hate disagreeing with someone I admire, but I suppose that’s what you get for voicing an opinion on the Internet. Matt, if you’re reading this, keep doing what you do. ↩
-
Thinking of privacy as a right may be particularly misleading in the United States where the assumption generally goes the other way around. If the government wants to do something to you, they usually have the burden of proving their case to be rational rather than you having to “claim your rights.” Of course, this became much more complicated with the Katz decision. ↩