I recently wrote about the heat Huawei has been getting and briefly mentioned “there are legalities in place” regarding wiretapping. In this post, I wanted to expand on that context; what the legal requirements are for wiretapping. Further, I also wanted to give readers (you) something to think about: what’s the difference between a backdoor and having the ability to “wiretap” in the first place? Keep this in mind as you continue reading.
First and foremost, and being honest, I tried to read and interpret the legislation in place allowing such actions. Little did I know that there were different US codes for this, such as 18 U.S. Code § 2516, § 2511, and other sections. Reading through them wasn’t as bad as trying to digest what was defined. That said, I found an interesting article online from Lawyers.com titled How the Wiretap Act Protects Personal Privacy – it was easier to understand but still had some ambiguity.
Simply put, and in hindsight it makes sense, wiretapping laws vary state to state. I wasn’t shocked to read this, considering many laws are like this, but then I contemplated this a bit more: the fact that wiretapping is even possible more or less acknowledges the fact that these capabilities are no different than, and offer similar access as, a backdoor. The main difference here is intent: backdoors are often associated with cyber criminals gaining access onto a system or into a network; from the wiretapping standpoint, a service provider is cooperating with law enforcement to gain access to a consumer’s data.
Now this may not seem like a shocker but it’s definitely something to think about. From a service provider standpoint, you have access to the content passing through your service offering. For example, Google Drive or Facebook; they both have access to the information you store with them including pictures and documents. If you encrypt the content prior to uploading (at least to Google Drive), then you get more privacy this way. Let’s say that a federal agent or the local police department reaches out to either company for information with all legalities in place (meaning the local laws were followed and valid requests were made). If the service provider cooperated within the legal realms, whatever available content that provider has access to could be used to help law enforcement in whatever they’re doing (hopefully a legal investigation).
This concept right here is where the gray line comes into play and you (the reader) must be the judge: is this ethical or not? At what point do consumers truly have personal privacy without concern with a service provider having access to their unencrypted content? What assurances are there that said service providers aren’t accessing our data as is? This is where selling consumer data comes into play as well.
Of course, this post wouldn’t be complete if we didn’t include the whole “if you don’t have anything to hide then there is nothing to worry about” statement – there’s more to it than just that. It’s not a matter of if you’re doing something wrong or not. The Fourth Amendment details the right to privacy, but is there an infringement if a service provider is accessing consumer data without their knowledge and selling it? Ah – can’t forget user policies and all that good stuff.
Personally, there are a lot of “gotcha’s” that we must all keep in mind. That said, digital information is valuable on many levels. If you want the ultimate form of privacy, don’t connect to the Internet and most especially don’t upload information to the Cloud. This isn’t really feasible nowadays though. The next best steps are to implement your own solutions; invest in a local backup system, learn to harden your systems to prevent information leakage (you know that your online presence is fingerprinted, right?), develop your own Cloud system using peer-reviewed open source solutions and of course, frequently assess your security posture.