Why Data Privacy Matters: Debunking 5 Arguments Against Data Encryption

Considering you are currently reading a blog post on the website of Europe’s leading cloud encryption software; you probably don’t need any convincing about the importance of protecting your data. However, there is still a number of people out there, who are not quite sold on the idea yet. Over the years of being in this business, we’ve had to deal with our fair share of naysayers and now present you with a compilation of the 5 most common arguments against data encryption as well as ways of countering them. Perhaps this article will come in handy the next time someone accuses you of wearing a tinfoil hat just because you chose to encrypt your holiday photos on iCloud…

1. Making Exceptions for State Surveillance

The government should get access to all data, since they use it to protect us.

The way we handle individual freedom and privacy has always been a controversial topic of discussion, probably ever since the formation of the first organized society. To keep a society running, norms and rules need to be set up and enforced, rendering the need for some surveillance mechanisms. The question is what amount of surveillance is truly necessary and acceptable.

Proponents of the surveillance approach argue that the more information is collected and evaluated, the better – since this allows authorities to recognize threats and put adequate measures in place. Their case rests on the premise that humans are fallible and therefore one cannot rely on individuals to follow rules on their own accord, making supervision and control necessary. What they tend to ignore is that this logic is a double-edged sword: since the supervising is also being done by fallible humans, this system is set up to fail – an equation proven by many (not only) authoritarian regimes throughout history. And no, leaving the task to an AI machine doesn’t work either, since the machine would be created by – you guessed it – flawed humans.

We are currently living in what some call the “information age”. With the shift of many professional and personal matters to digital information technology, more data is easily available than ever before. Cryptography emerged as a response to this, extending the right to privacy that individuals were used to in real life into digital spaces as well. However, in recent years we have been seeing national and international government efforts to pass legislation limiting encryption, one of the recent examples being the US-American CLOUD Act or EU’s e-Evidence Directive. These laws mandate installing special access points (“backdoors”) for law enforcement authorities, allowing them to decrypt and investigate both data in transit (e.g. texts and photos you send online) and data at rest (e.g. files stored on a device or in the cloud).

People pushing for backdoors consider this approach to be the perfect compromise: you can protect your data from the “bad guys”, but in case the “good guys” have a fair reason, they can get access. However, this approach poses several problems. Firstly, as discussed above, the “good guys” might not always have the best intentions. Secondly, installing backdoors creates a vulnerability that could be exploited by hackers. Backdoors fundamentally contradict the core idea of encryption – why bother bolting your front door if the key to your backdoor is hidden under the mat?

2. Equating Encryption with Crime

Encryption is nothing but a shield for criminals. Banning it will result in a safer and more prosperous society.

This argument ties closely to the previous one, but we want to expand more on the assumption that decent people have no use for encryption. Aside from the fact that it should be possible for anyone to maintain their privacy, as a matter of principle, there are many examples of honorable use cases that call for robust, uncompromised encryption. Journalists, activists, whistleblowers and members of marginalized groups all require secure communication channels to ensure their safety while they do the important work of holding our leaders accountable. In this sense, encryption directly protects our freedom of speech and thought.

The unfortunate truth is – banning stuff doesn’t work. Those with nefarious intentions will always find a way to bypass the law, so they would just move their data to countries where encryption is legal or even create their own rogue encryption software that would indeed only serve criminal purposes. This is the ultimate lose-lose situation: criminals still get what they want, while the general public is deprived of the opportunity to securely encrypt their data.

With large parts of our modern economy moving into digital spaces, it is crucial that those systems are private and secure. The degree of confidentiality digital businesses can offer is in direct correlation with how likely they are to attract customers. Continuing this line of thought, trust in encrypted systems leads to economic growth. Weakening encryption, on the other hand, evokes wariness or even paranoia, driving customers and investors away.

Preventively protecting data using encryption software is also much more financially favorable in comparison to recovering from data loss, ransomware attacks or data leaks – minimizing the damage of such events is often costly or downright impossible.

3. Underestimating The Relevance of Personal Information

I’m an insignificant person, my data has no value anyway.

This is a common misconception ordinary people make. We look at our cat photos on our phone and think – well, what hacker or corporation could possibly want access to this? While it may be true that your individual data by itself is of little interest to them, the dataset becomes quite valuable when combined with the data of billions of other users. Big Data processing offers countless opportunities to analyze trends and to draw profitable conclusions accordingly. With the Internet of Things (IoT) market growing, we are also inviting devices into our homes, allowing them to eavesdrop on intimate details about our lives. Also, let’s not forget about the existence of metadata (such as location, device information and much more) that you might not be aware of, just sitting there embedded within your data, waiting to be evaluated.

Based on this myriad of compiled information, corporations can create digital dossiers, using them to predict and, more importantly, sway your online behavior, buying intent, or even voting tendency. Considering their potential, such profiles are in high demand, earning their sellers some nice wads of cash. Sadly, none of that ends up in your pocket. Your data might also serve as fodder for AI machines, training and perfecting their lucrative AI technology – again, without paying any royalties to you, the true owner of the data.

In recent years, the public has become increasingly aware about the different ways corporations collect and monetize user data, often without our full consent. And it’s not just about the content that we willingly post for the public to see, what’s especially worrying is the way data surveillance has been creeping its way into other seemingly innocent online activities. There is evidence suggesting that private messages, emails, as well as files and images stored in clouds all get scanned by the tech companies hosting these services. These are all channels where users are more likely to share sensitive data since they expect a high level of privacy.

4. Expecting Complete Transparency

If you have nothing to hide, you don’t need any privacy.

This might be the most dangerous argument on our list. Sure, there are individuals who are indeed so sure of having a clean sheet that they have no problem being completely transparent about everything they say and do. The problem arises when this stance is not taken voluntarily, and instead is expected as default. In order to uphold democratic governance, the fundamental right to personal privacy must never be questioned – in fact, it must be treated as a human right.

Obviously, we make concessions to our privacy every day – our name, date of birth, address, or familial status are all data shared with the government. The goal is to find a good balance that ensures societal functioning but at the same time also allows for a reasonable amount of personal privacy. What constitutes as “reasonable” depends on each person’s opinion, as well as the concrete situation that the rule should apply to. When we create privacy laws, it’s important that we do not speak in absolutes and instead treat each instance separately with nuance.

The statement suggests that as long as someone isn’t breaking any rules, they have nothing to worry about – which is quite naïve. If you look hard enough and use the right framing, even innocuous information can suddenly become incriminating. Besides, the statement falsely assumes that fear of repercussion is the only reason people might want to keep certain things private. The fact that you prefer to wear blue underwear on Mondays doesn’t make you a criminal, but you still wouldn’t want that information to be out in the open, would you? __Some things are simply nobody’s business, no matter the reason. __

5. Giving Up on Hope

We have no privacy left anyway, so why bother. If you’re worried, just go offline.

Considering all the different ways data gets misused that we’ve just discussed, it’s easy to feel helpless and succumb to apathy. But just like with other large societal issues, it’s important that we keep the fight going and don’t lose sight of our goal. “Well, it can’t get any worse from here!” – it can always get worse. What’s ultimately on the line here is our right to free speech and free expression, in other words, the core values of democracy. It’s worth fighting for.

Opting out of the digital world completely could be easily done some years ago, but is gradually becoming more unreachable each day. Living in the modern world simply requires participation in those systems – most workplaces and schools nowadays involve working with computers in one way or another. Obviously, the pandemic has further accelerated this development and made it apparent just how dependent we are on digital infrastructure: children using Zoom or Teams in order to continue receiving education, adults working from their home offices to secure their income, relying on online shopping since brick-and-mortar shops were all closed. When the other option is being deprived of all those essentials, it’s not much of a choice anymore.

Instead of despairing or staunchly refusing participation in a system that is flawed, we need to take action to make it better. Using tools that we already have, such as encryption, massively improves the situation. Furthermore, raising awareness about digital risks, as well as providing thorough education about safe online practices are paramount to building a safe and reliable digital infrastructure. Finally, one of the most impactful things you can do is to simply care about the issue and to support policies that move us towards more data privacy, not further away from it.

Conclusion

This is by no means an exhaustive list of arguments, there are many, many more excuses people make to not use encryption. We hope that our selection was informative and that you now feel more armed for such conversations. We are aware how that this article might come across like just another fearmongering thought piece. While it’s important to be sensitized to the dangers our right to privacy is facing, your main takeaway from reading this definitely shouldn’t be fear of Big Brother-esque technology but rather the knowledge that there are ways we can improve the current situation. We at Boxcryptor have made it our mission to educate about data security and provide an affordable encryption solution for everyone.