Speaking at RightsCon in San Francisco, Senator Ron Wyden gave a speech about the importance of strong encryption. He also laid out his plans to strengthen privacy protections. Early on in the speech he states that framing the encryption debate as “security vs privacy” is misleading. He frames it as “more security vs less security” with strong encryption being the path that offers more security.
He also takes aim at the claim that encryption is causing law enforcement and intelligence agencies to “go dark” because they can no longer gather information. Wyden quotes security expert Bruce Schneier by stating that we are in a “golden age of surveillance.” New technology has allowed the government to gather information that regimes like the Soviet Union could only dream of. Although encryption will be a road block in the way of obtaining certain types of information, law enforcement agencies have other avenues of investigation.
The real meat of the speech is when Wyden lays out his plan to protect privacy and security. He calls it a New Compact for Security and Liberty in the Digital Age. The first point in the plan is to end the campaign against encryption. He mentions a bill he wrote in 2014 called the Secure Data Act. It would prevent the government from forcing companies to undermine their own security as the FBI tried to do to Apple before dropping the San Bernardino case. He asks for help in mobilizing support for the bill so he can finally get it passed in congress.
The next point in his plan is to improve privacy protections for information shared with third parties. He first lays out the problem with the existing system:
A few decades ago, courts began ruling that if you provide information to a third party, like your bank or your phone company, you are no longer keeping it private, and it is no longer protected under the Fourth Amendment to the Constitution. There is a huge, glaring problem with that logic. When you share your information with a single private company, that is not the same thing as making it public.Your phone company may have records of who you call, and your bank may have records of how you spend your money, but your contract with them will have rules for when and how they are allowed to share that information.They are not allowed to just disclose it freely. This is true in the digital world as well.When I post a handsome new profile picture on Facebook, or send out a tweet to tell people that I’m holding a town hall in Oregon, I’ve chosen to make that information public. But when I send an email to my wife, or store a document in the cloud so I can work on it later, my service provider and I have an agreement that my information will stay private. The premise in current law is that I have agreed to make that information public just because my service provider is holding it. And that premise is simply absurd.