Governments around the world in the name of security are extending their oversight reach in a way that is likely to split the IT community into two camps. One camp is likely to cheer efforts to make the digital world a more secure place. The other side views most of these measures as nothing less than an attack on liberty that fundamentally compromises rights to privacy any individual might expect to have.
The government move with the most far reaching security consequences at the present is occurring in China. In a move to supposedly make sure that IT technologies are secure the Chinese government reportedly wants access to the source code used to develop any technology product sold in China as part of an effort to make sure that hackers can’t gain access to them. Naturally, this is cause for concern for the technology industry on multiple levels. Not only are technology vendors worried about protecting their intellectual property in a country where laws concerning such matters are not effectively enforced, there’s no way to say with any certainty that source code won’t wind up in the wrong hands anyway. China like every other major country in the world actively engages in cyberespionage.
IT industry leaders such as Microsoft are trying to find a middle ground by opening “transparency centers” where Chinese officials would be allowed to test and analyze the security of Microsoft products.
But totalitarian governments are not the only bodies aiming to improve security in a digital world without much apparent thought to civil liberty implications. The British government is set to enact an Investigatory Powers Bill that requires Internet service providers to store data relating to what Web sites their customers visited for a year. While that bill is already being challenged in British courts, it’s clear response to terrorists using the Internet to plot attacks. A similar debate in the U.S. is focused on law enforcement attempts to force Apple to decrypt data on its phones any time the owner of that phone is subject to a criminal investigation. President-elect Donald Trump has already indicated strong support for law enforcement officials making these requests.
While perhaps understandable all these efforts to increase security in a digital age are likely to have far-reaching legal and economic implications for years to come. Apple is essentially calling for a digital bill of rights that would prevent governments from employing technology to overtly and covertly oppress their citizens in a fashion reminiscent of Big Brother in the 1984 novel by George Orwell. The Fourth Amendment to the U.S. constitution along with English common law only protect individuals from unreasonable searches and seizures under the theory that every man’s home is his castle. But the data people create on their phones is not often stored at home.
IT security professionals are obviously caught in the middle of these debates. Some may object on moral grounds to their skills being used to enforce laws that have not been fully vetted by the courts. Others will say there’s a greater good at stake that IT security professionals should do everything they can to promote. Almost every IT security professional will need to examine their own conscience to see where they stand.
In the meantime, the one thing IT security professionals can expect in the months and years ahead is a lot more interaction with government officials requesting access to the data that IT security professionals have been hired to protect. Most IT security professionals will ultimately have to comply with those requests. But that doesn’t necessarily mean they have to like it.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.