Historically, if a matter was important or sensitive enough, there were generally ways of organizing one’s activities such as to afford one a great deal of confidence no unwanted entity was or could be eavesdropping or spying on you. It might be a hassle but it could be done.

You were aware that thanks to long-range directional microphones, hidden bugs or powerful cameras, it might be possible for others to know who you were with at any given time, for them to take down a verbatim record of what was discussed and make a detailed note of what happened. The people doing this would be unseen and unseeable. They might be working for your Government, someone else’s, a competitor or your lover’s husband or wife. Accordingly you would proceed with caution. 

You would know the postal service’s sorting system deployed electronic devices to detect possible contraband. Your letter or package could be opened and examined if it triggered an alarm or if it was being sent to a sensitive address. Ditto for a letter or package you received.  In certain circumstances it could have been opened and examined before being delivered and you would never be told or be able to tell. You also knew the phone attached to the wall in your house could be tapped.

No individual suspicion or evidence

Latterly when you go to an airport or other major transportation hub, or you enter a wide range of buildings, indiscriminately, without any grounds or evidence to justify any kind of  individual suspicion, handbags, briefcases, suitcases, even bodies are scanned looking for anything which might pose a threat to public safety or someone’s life e.g. a gun or a bomb. Dogs sniff you and your luggage. We all go along with it because we understand and accept the underlying social purpose of this otherwise highly intrusive conduct, often carried out by Government employees or Government contractors.

As the analogue world fades…

But things are changing.

In the analogue world of yesteryear, terrorist outrages, crimes, frauds and scams of various kinds were still planned and executed. If the bad guys took the right precautions they might get away with it. Alternatively, through plodding police work, possibly involving a lot of shoe leather, or through subpoenas, evidence could be secured to allow justice to follow its course.

There’s no way of proving or disproving this, but I like to think the scale and ease with which bad guys were able to do things and get away with them was more limited then because of the lengths they had to go to try to avoid detection or capture. These imposed practical constraints.

The problem is though, as the analogue world fades away, technology has moved us to a point where, in many materially important ways, perhaps not in theory but in practice, at scale huge swathes of human behaviour are being or could be put completely beyond the possibility of any kind of scrutiny by anyone. This is being done in the name of privacy and is a reaction to the discovery Government agencies and private enterprises had been overstepping the mark and grossly abusing our reasonable expectations of privacy by exploiting ambiguities or gaps in the law. Today we  refer to these phenomena respectively as the Surveillance State and Surveillance Capitalism.

A pendulum is swinging

The difficulty is a pendulum has been set in motion which, if left unchecked, will undermine the Rule of Law and with it the possibility of bringing to justice criminals, or people who have done us a civil wrong because the necessary evidence cannot be obtained at all, or to get it will take an inordinate amount of time and resources. This might not trouble many rich folk or highly tech savvy types but it may well trouble the rest of us as the impotence of the justice system is writ large at our expense. Justice delayed is justice denied. Justice denied in perpetuity is what we used to call oppression.

A modern problem looking for a modern solution

Nobody in my world is attacking or trying to weaken privacy. What we are trying to do is find modern ways which protect privacy without throwing children under the bus.

Part of the problem at the moment is arguments about privacy have been conflated with entirely distinct issues about encryption in general and end-to-end encryption (E2EE) in particular.

Nobody I work with wants to break encryption or prohibit its use but I reject and resent the way in which, specifically, the definition of what constitutes E2EE has been broadened to include material that has not been encrypted. Thus those who, like me, advocate client-side scanning are portrayed as wanting to weaken or break encryption. That is simply a barefaced…….what is the word I’m looking for here?

Actually what is happening is someone is trying to move the goalposts, awarding the same status to unencrypted material as they do to encrypted material. That is not acceptable. Isn’t it the case that client-side scanning is a protective technology that can work in the public interest, sitting alongside and working with encryption?

Private entities have made decisions…

Private entities have decided to propagate E2EE on a mass scale with minimal friction either as part of a business strategy (to make money), or because of their world view, i.e. because they hold certain beliefs about how the world works or should work. 

There is no law prohibiting anyone from propagating E2EE. But we should recognise, like much that is connected with the digital sphere in general and the internet in particular, our law-making institutions are being out-paced by the speed at which the technology has developed. I hope we do not live to regret this, but in this instance I fear we might.

It is impossible to believe those who wrote what we now refer to as the main body of human rights law or our privacy laws ever anticipated the arrival of digital technologies in the way they have evolved in the past thirty years or so. No law-making body has ever adopted an ordinance which says privacy is an abolute or superior right which stands above or separate from all others. It is one right among many. A balance must be struck. No law-maker ever intended privacy to become a barrier to obtaining justice.

Bad Governments must not be the pacesetter…

One of the more absurd arguments one hears about a number of possible technical solutions to the challenges we face concerns the way bad actors could misuse them. I cannot think of a single digital technology which has not been or could not be misused by a bad actor.  It just makes no sense to say

I know if we did x or y it would help keep children safer in my country but Mr Dictator in country z could use the same technology, maybe twist it a little bit and do bad things with it, so I refuse to use x or y to protect children in my country.

That puts Mr Dictator in charge of child safety on the internet in your country and every other country.  The answer to worries about the  misuse of technology is to insist on a robust legal framework linked to strong, independent, trustworthy transparency mechanisms.

In countries where the Rule of Law is routinely honoured this will work. After all, the Surveillance State was unmasked  and companies’ bad behaviour was exposed. We changed our laws to change the equations in favour of the citizen, in favour of us.

In countries where the Rule of Law is not routinely honoured we have an altogether different and larger problem which is very unlikely to be solved simply by refusing to allow certain tools to be deployed in my country. The plain fact is we cannot solve political problems in one jurisdiction by insisting children in another pay the price and it is thoroughly disingenuous to suggest otherwise.