Privacy vs security

Privacy vs. security: Why the widespread use of encryption is essential to national security

Share this page

Four years ago, the Pew Research Center, a US think tank, asked hundreds of cybersecurity experts to weigh in on a simple question: “By 2025, will a major cyber-attack have caused widespread harm to a nation’s security and capacity to defend itself and its people?” A majority of the respondents said yes(new window).

“Cyber attacks will become a pillar of warfare and terrorism,” said one tech executive.

“Current threats include economic transactions, power grid, and air traffic control,” said a NASA researcher who now runs a space robotics firm. “This will expand to include others such as self-driving cars, unmanned aerial vehicles, and building infrastructure.”

“Cyberwar just plain makes sense,” said a former general counsel for the NSA.

In the few years since that report came out, we have witnessed Britain’s National Health Service (NHS) crippled by stolen NSA ransomware(new window), the US power grid infiltrated by Russia(new window), and hundreds of millions of digital records exposed(new window) to hackers. In other words, the experts’ predictions are right on track.

Yet at the same time, governments around the world are pushing to weaken the very encryption that can help to keep our personal records, our infrastructure, and our democratic institutions safe from bad actors. Most recently, the Australian government has waged a campaign to promote encryption backdoors(new window), which would weaken the right to privacy and make us all less safe.

State security officials are sending two conflicting messages: On one hand, encryption (i.e. privacy) is dangerous; on the other, cybersecurity is the battlefield of the 21stcentury.

In fact, privacy and security go hand in hand. The widespread use of strong encryption both guarantees individuals’ right to privacy while hardening society against waves of data breaches and cyber-attacks.

Why governments don’t like encryption

In the United States(new window), Australia(new window), and elsewhere(new window), law enforcement agencies are pushing for legislation that would make it easier for them to weaken encryption in consumer devices and software.

For example, Australia’s Assistance and Access Bill(new window) would require tech companies to build vulnerabilities into their security systems that could be exploited by law enforcement. If the law passes, it could also be used by US agencies(new window) thanks to the Five Eyes intelligence-sharing agreement(new window), even though American legislators have so far refused to mandate encryption backdoors.

Proponents of these kinds of laws say encrypted services, like WhatsApp or Proton Mail, allow criminals to plan and carry out attacks beyond the reach of police.

Privacy vs. security is a false dichotomy

First of all, there is very little evidence(new window) that government surveillance prevents terrorism. For instance, in 2013, the White House reviewed the NSA’s mass phone surveillance program and determined it was “not essential to preventing attacks.” Police foiled most attacks the old-fashioned way: through informants and tips.

More importantly, it is impossible to create a backdoor that only the police can use. Last year’s WannaCry ransomware attack(new window), which hit over 300,000 computers in over 150 countries (including the UK’s National Health Services) is the perfect cautionary tale. The attack relied on a vulnerability in outdated versions of Microsoft Windows that was first discovered by the NSA. Instead of disclosing the discovery to Microsoft so it could be patched, the NSA kept it secret to be used as a future backdoor into computer systems. However, the NSA was itself hacked, and the exploit was stolen, weaponized, and ultimately unleashed on the public.

The WannaCry example shows how tools intended for “the good guys” can easily fall into the wrong hands. In the age of cyber-attacks, there is a more responsible way forward.

Privacy tools make us all safer

In the age of self-driving cars, it isn’t difficult to imagine a future cyber-attack that puts lives at risk. Although no one is known to have died as a result of the WannaCry attack, an attack targeting hospitals could have life and death consequences. So could an attack against aviation systems or a nuclear power plant. The only way to prevent these kinds of attacks is stronger cybersecurity.

Cybersecurity means many things, from enforcing good operational security within organizations to keeping software up to date with the latest security patches. Individual cybersecurity requires strong passwords and strong encryption. Every major data breach has involved unencrypted data pilfered from corporate or government servers, exposing people’s personal and financial information. In many cases, the use of end-to-end(new window) and zero-access encryption(new window), like the kind used at Proton Mail, would have drastically mitigated the damage caused by these attacks.

Privacy and security are not in opposition, despite what some politicians and law enforcement officials would have you believe. Rather, they are two sides of the same coin. A digital system that is built in a secure way is also necessarily private. By promoting cybersecurity, rather than weakening it, we can support both the right to privacy and public safety.

Best Regards,
The Proton Mail Team

Sign up and get a free secure email account from Proton Mail.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support!

Protect your privacy with Proton
Create a free account

Share this page

Ben Wolford

Ben Wolford is a writer and editor whose work has appeared in major newspapers and magazines around the world. Ben joined Proton in 2018 to help to explain technical concepts in privacy and make Proton products easy to use.

Related articles

The last thing you want when showing funny videos or holiday photos on your phone or tablet to friends and family is for them to see your sensitive and private photos. Although there are third-party apps dedicated to hiding your personal photos and
It can be slightly difficult to encrypt a zip file using the tools available on your Windows or Mac. Unlike encrypting a PDF or an Excel file, there’s no standardized software to use. You’ll need to rely on your device’s built-in encryption methods. 
Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta
Google has already taken privacy washing to the extreme by trying to brand itself as “privacy focused”, even though its business model is based on surveillance.  Lately, the company’s marketing strategy has turned toward outright Orwellian doublespe