Raid Encryption: This Should Be The New Normal
“When government agents raid Uber’s offices,” Business Insider reports, “the company springs into action with an immediate response: it shuts everything down and encrypts all its computers.” That claim comes from documents filed by former Uber forensic investigator Samuel Ward Spangenberg, who’s suing the company for age discrimination, whistleblower retaliation, and defamation.
Merits of the lawsuit aside, the details of Uber’s raid response protocol are fascinating. They should be standard practice for every company which electronically stores and transmits sensitive information — in other words, pretty much every company on Earth.
Spangenberg’s declaration describes a raid on Uber’s Montreal office by Revenu Quebec, the Canadian province’s tax agency. As soon as he was informed of the raid, Spangenberg says, he remotely encrypted the company’s computers at the office and cut the office’s network connectivity.
Business Insider describes Spangenberg’s account as an “allegation,” as if this is a bad thing. But it isn’t. In fact, it’s a great idea. In response to an inquiry from the publication, Uber explains why:
“It’s no secret that Uber has trip coordinates and other personally identifiable information about riders and drivers, and it’s our obligation to protect that. We cooperate with authorities when they come to us with subpoenas.”
In the digital age, law enforcement worldwide is increasingly nosy. Its leaders and advocates bemoan any technological development or practice which might in any way impede their ability to find out anything they might happen to want to know for any reason. They want our lives to be open books, and for us to just trust them to not abuse their power. History says we should begrudge them that trust.
Searches — including searches of digital logs and archives — should be difficult, not easy. They should be narrow in scope, not fishing expeditions where everything gets caught in the net and examined.
Law enforcement should be required to specify up front exactly what they want and expect to find, based on probable cause to believe a particular crime has been committed and that the search will uncover evidence relating to that crime. That was the supposed American standard back before everything was stored electronically, and it should be the global standard now.
But even in the good old days, we could seldom trust judges to rein in law enforcement’s interest in knowing as much about us as possible. This is something we, and the companies we do business with, need to take into our own hands.
Encryption isn’t nearly the handicap the surveillance state’s supporters pretend it is. There are lots of ways to figure out who’s doing what and why without seizing and reading a hard drive, from direct physical surveillance to analysis of the target’s “social graph” (his network of personal relations).
Law enforcement does not want for information if it’s willing to work for that information. Thorough, ubiquitous (or quick on-demand) encryption is at best just a bare minimum tool for preserving SOME privacy. If that makes law enforcement’s job a little harder, too bad.
Thomas L. Knapp (Twitter: @thomaslknapp) is director and senior news analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism (thegarrisoncenter.org). He lives and works in north central Florida.