Recent reports that messaging apps WhatsApp and Telegram have been employed by terrorists have brought the encryption debate to a head. The rhetoric has been acrimonious and polarizing, pitting privacy advocates who want strong protection from prying eyes against government officials frustrated by their inability to access criminals’ encrypted data.
For years, government officials have pleaded to the technology industry for help yet have been met with disdain. In fact, one of the world’s most powerful tech companies recently refused a lawful access request in an investigation of a known drug dealer because doing so would “substantially tarnish the brand” of the company. We are indeed in a dark place when companies put their reputations above the greater good. At BlackBerry, we understand, arguably more than any other large tech company, the importance of our privacy commitment to product success and brand value: privacy and security form the crux of everything we do. However, our privacy commitment does not extend to criminals.
BlackBerry is in a unique position to help bring the two sides of this debate together, to find common ground and a way forward. BlackBerry’s customers include not only millions of privacy-conscious consumers but also the banks, law firms, hospitals, and – yes, governments (including 16 of the G20) – that use our products and services to protect their highest value resources every single day. We stand as an existence proof that a proper balance can be struck.
We reject the notion that tech companies should refuse reasonable, lawful access requests. Just as individual citizens bear responsibility to help thwart crime when they can safely do so, so do corporations have a responsibility to do what they can, within legal and ethical boundaries, to help law enforcement in its mission to protect us.
However, it is also true that corporations must reject attempts by federal agencies to overstep. BlackBerry has refused to place backdoors in its devices and software. We have never allowed government access to our servers and never will. We have made decisions to exit national markets when the jurisdictional authorities demand access that would abuse the privacy of law-abiding citizens.
We also reject any notion of banning or disabling encryption. The hacking epidemic over the past couple years shows that we need more, not fewer, security controls for our sensitive information. Frankly, it is surprising and unnerving that some national political leaders think that an encryption ban could even work on a technical basis. We, as a society, have decided that powerful computing devices that manage our identities, photographs, bank statements, and more are better to have than not. Users can install applications with encryption that precludes lawful access. If encryption services were banned, criminals would simply write their own encryption apps, resulting in a world where they have better encryption tools than the citizen populace, and our personal privacy would be the only casualty of this debate.
So the encryption ship has sailed; what, then, can service providers do to help strike the proper balance? The developers of Telegram demonstrated a simple example. Telegram offers two services: private point-to-point messaging and public group messaging (called channels). Telegram took decisive action to shut down criminal channels without affecting the point-to-point messaging service its customers depend upon for privacy. Make no mistake: service providers bear a dual responsibility to protect customer privacy zealously and to cooperate with lawful requests for investigative assistance.
It is practical to have public policy that supports law enforcement without impeding personal privacy. Ultimately, users have the right and responsibility to choose privacy with or without the potential for lawful oversight. We agree with the notion that there is no easy answer or formula to strike this balance. Hard things, we might say, are hard. That being said, it’s time both sides of this encryption debate accept that pointing fingers is counterproductive. Technology, over the course of human existence, can be both used and abused. We all have a right to privacy as well as public protection. We must balance these, and the world’s tech leaders must help consumers and governments alike make informed decisions.