By: Sam Syska
Imagine you are a high-level executive with extremely sensitive and personally identifiable information stored on your desktop. You then have your desktop linked to your laptop, which is linked to your iPad and finally, your phone. Now assume that none of your devices are properly encrypted and a group of hackers are able to get into your phone. The hackers now have access to the extremely sensitive and personally identifiable information stored on your desktop and the privacy and confidentiality of all of those people (including yourself) has been breached.
Law enforcement and the Obama Administration have been facing pressure to support stronger technology encryption in the United States after recent events have exposed Americans personal information. Beginning with the leak from former NSA agent, Edward Snowden, Americans became aware of the secret government programs designed to spy on telephone conversations and data. More recently, the U.S. government’s Office of Personal Management was hacked by a group in China and were able to obtain clearance information for millions of federal employees, including fingerprints. These recent events have sparked concern throughout the country and critics have advocated for a strong public statement in favor of improved security to protect personal information obtained through technological devices.
Former Secretary of Homeland Security under the Bush Administration, Michael Chertoff, recently commented on the latest data breaches and suggested techniques to improve security, even at a personal level. Chertoff suggests that these data breaches are essentially a way for hackers to create a database of American citizens, which can harmfully be used for intelligence purposes. The creation of a database is particularly concerning in today’s society where there is an ever-increasing amount of devices entering the technological sphere each day. Technology improves at a rapid rate, but with that rate comes more and more devices and ways for hackers to access personal information.
With more devices, usernames and passwords to keep track of, many Americans fall into the cyber-security trap of using the same credentials for all of their devices. It’s easier to remember one password or a similar variation of that password than it is to create different several different ones and have to remember them all. What’s even easier is to link all of your devices together so access is automatically and easily granted when you boot-up the first device. The convenience and ease Americans use to connect to their personal devices on a daily basis is the same ease by which hackers steal Americans personal information. It’s not just credit card data that these hackers are after either – data breaches include names, numbers and personal identifiable information.
Chertoff cautions that Americans are not even taking the steps to achieve minimal levels of security and need to improve on protecting their assets because their electronic data is valuable. Encryption is key. Chertoff suggests that not every device needs to be connected to one another – keep separate files, usernames, passwords, etc. Rethink how administrative privileges are handled by other administrators and when and where these administrators may be accessing your devices or accounts.
In an attempt to combat the recent security breaches and prevent future breaches from happening, Congress has enacted legislation that attempts to protect American cyber-security. However, much debate stems from these laws that will require Americans to essentially give the government their cyber-credentials (ie. usernames and passwords), with the promise that the government will treat it properly. The government, and even Chertoff, emphasizes the usefulness of sharing electronic information, but what does that mean for Americans and their right to privacy? If Americans were to concede and hand over their information, how can they ensure what they have shared is kept confidential if it’s easy for hackers to enter government databases and steal the information?
The debate about the sharing of information with the government – with or without encryption – walks a very fine line along Americans protection of privacy under the Fourth Amendment. Can the government and legislation really force Americans to share information? It’s more likely that they cannot because of the protections provided by the Fourth Amendment; however, if the government stands any chance of having Americans willingly share information, they need to offer improved security and encryption systems. With improved cyber-security, Americans will feel more protected and information will actually be kept confidential. It’s a two way street – if the government wants access to information, they must design a way to encrypt the messenger trail to prevent against cyber-security attacks.
Student Bio: Sam is a Staff Member of the Journal of High Technology Law. She is currently a 2L at Suffolk University Law School with a concentration in Business. She holds a B.S. in Business Management from Roger Williams University.