RIM and Twitter's clashes with foreign governments over encryption point to a problematic tension emerging between the imperatives of market access and national security.
In exchange for access to markets, Twitter recently agreed to grant governments the power to block certain messages. This, as well as the seemingly bloodless and amicable boardroom coup resulting in the replacement of RIM’s co-CEOs, is an effect of the foreign-investment deal-breaker that nobody wants to talk about: its intersection with national security.
In May 2011, shortly after Apple dominated the mobile market with the iPhone, iPad, and app store, the future of RIM appeared to be hanging on whether its PlayBook tablet would help it regain the market initiative. In an interview about the PlayBook launch, a BBC correspondent asked co-CEO Michael Lazaridis how RIM was handling an ongoing issue with the government of India, in which the state had demanded access to encrypted user communications. Lazaridis ended the interview gruffly, citing national-security concerns, and perhaps drawing more attention to the issue rather than diverting it. In fairness, the company had been deftly cornered, since there was no reason to believe competitors like Huawei or Apple would display the same principled compunction RIM did about government snooping. As Lazaridis said, RIM had been “singled out” on the encryption issue. The result, however, was that a shadow of uncertainty had been cast on the publicity for the tablet launch, and questions about RIM’s ability to secure access to Asian markets were now in play. At that critical moment for the company, the story of RIM was no longer about the PlayBook. After further market uncertainty about the direction of the company, the RIM board replaced the co-CEOs within the year.
To many in the West, it seemed authoritarian of India to demand arbitrary access to user messages and corporate communications, but the relationship between foreign investment and national security has always been complex, if not fraught. Even the U.S., an ostensible bastion of free markets, has an office dedicated to vetoing foreign acquisitions of companies linked to the security apparatus – most notably telecoms and technology firms. Clearly, this is no longer just a geek problem or a fringy libertarian issue, but a real factor in trade.
What RIM discovered too late is that, in a contest for power, the claim to high principles is often second prize. The effect of India’s security gambit has been that executives at companies like Twitter saw the blood on the carpet and have heartily agreed to negotiate terms for governmental information control, discretion being the better part of valour.
Wrangling over the details of state surveillance is nothing new. What has changed is that information security now matters for competitive reasons. A long economic winter forces competition in the West by linking our prosperity to whether we liberalize and innovate, and thus grow sufficiently to preserve our quality of life.
If the next disruptive technology comes from the global East, governments in the West will be forced to decide whether to protect incumbent interests, and how to ensure their own national security while depending on foreign-managed technologies. Unlike India, however, the West’s bargaining chips do not include access to a market of a billion people. While losing access to the Canadian market over regulatory burdens is probably no big deal for a global technology company, the loss of such foreign-investment deals would have a significant impact on Canada. As such, future foreign investments in Canada and elsewhere may depend on the precise “geek problem” that snared RIM in India and Twitter everywhere. With surveillance capabilities clearly on the global negotiating table, the link between our economic strategies and the tedious details of encryption algorithms would suddenly appear to matter.
Encryption is the art of making something more difficult to read than is reasonably worth it. Since there is no perfect scheme, the security comes from making the amount of effort required to break it greater than the likely rewards for succeeding, with the implication that few, if any, will ever bother. Governments, however, have traditionally made it their business to bother.
The internet now barely resembles the internet of the 1990s. Few of the founding principles have persisted, with most now considered as quaint as gentlemen’s agreements. What remains, however, is cyberspace – the network of logical connections between all manner of electronic devices.
The foundations of cyberspace are cryptographic (encrypted) protocols that simultaneously prevent interception, verify authenticity, and authorize us to access services. They form a logical basis for trust between people and systems so that we can go about our business online. Since almost all businesses now have an online component, new economic growth will depend significantly on how much (and for what) we can trust the devices and services we use. That trust will require more versatile encryption technologies than we have today to support the dynamic communication patterns of businesses. In short, economic growth is now a function of trust.
Since encryption is crucial for underwriting trust, the more interesting problem is whether the globalization of the telecoms sector will mean ceding surveillance powers in exchange for growth. The alternative is a rather chilling harmonization of our systems with the security needs of authoritarian governments. If trust is required for growth, then national-security interests as they exist now may actually weaken the economic positions of governments, either by hampering citizens’ access to encrypted global services (e.g. in censored countries), or by spreading authoritarian surveillance tactics to otherwise liberal societies.
Strong encryption has been available for almost 20 years, and the successful prosecution of digital evidence and the state of the art in digital discovery have demonstrated that encryption is neither a sufficient nor a necessary means to evade justice. Disruptive technologies are invented every year, and, as evidenced by the Arab Spring, technological change only leads to revolt and disorder when governments do not adapt to serve their citizens. Vulnerable institutions should accept that their problem is not technology – it’s legitimacy.
Given the need for access to foreign markets in order to achieve growth, western companies will likely continue to be forced to trade snooping rights for market access. With growth depending on trust, our policymakers will have to decide whether they will reciprocate by requiring a back door into the IT products of companies that serve Canadians, and whether they mind foreign companies selling us products with their own governments’ snooping capabilities installed.
The pervasive threat of surveillance is that the risks of standing out are greater, and nothing kills innovation like punishing the exceptional. These are not new arguments, but they matter now because the only obvious way out of this global economic hole we are in is another massive technology revolution to drive growth. That said, we need to be prepared for the very real possibility that, this time, the West may not lead the revolution.
New growth may require a western security strategy that views consumer encryption and privacy technologies as necessarily empowering to individuals, and that is based on building and protecting trustworthy economic relationships. This is surely better than the Indian model, which treats encryption as a domestic security threat and routinely undermines and backdoors it to serve vague, unspecified national-security interests.
In the meantime, for the West to preserve its liberal way of life, it will have to improve and export new encryption technologies. Future demand for western services depends on the strength of emerging middle classes, and these cannot thrive under surveillance-driven totalitarian rule.
RIM and Twitter’s encounters with authorities are micro examples of a macro sea change in the relationship between disruptive technology, foreign investment, and the exigencies of state. Cryptography is not the whole issue, but its importance is forcing some very tough discussions about the level of interference in their affairs that people and businesses are willing to accept in exchange for opportunities for economic growth.
That said, we first need a public and adult conversation about encryption – if it is left to security agencies and technologists, the strategy for technology-driven growth will be presented merely as a trade-off between trust, growth, and control. But for now, we have the opportunity to do better.
Source: the mark
Author: James Reid