What happens when the wave of encryption rippling through the personal technology world washes up against the realities of the data economy?
Most of the recent debate over the spread of encryption has centred on the implications for personal privacy and national security. Less has been said about business: in particular, what a greater use of encryption will mean for the usability of tech products and services, and for the business models that rely on capturing and extracting value from data.
This week, it was WhatsApp’s turn to push encryption deeper into everyday life, with the news that conversations between its 1bn users would be scrambled. WhatsApp, the Facebook-owned messaging app, has already run into problems in Brazil for not storing messages demanded by a court. Now, it will not be able to “read” real-time communications either.
When the makers of mass-market products and services make a show of taking steps like this to protect their users, it can shift expectations. Although Apple’s legal fight with the US government over an encrypted iPhone belonging to one of the San Bernardino killers ended inconclusively, it sent a clear message about the lengths the company would go in order to protect its users.
At least at the device level, encryption is quickly becoming the norm. Amazon’s reversal last month over its latest Fire operating system proved the point. News that the software no longer encrypts data as a matter of course brought an instant outcry from privacy activists — forcing the company to backtrack hastily with a promise to restore the capability in a future update.
After delays, Google has also moved to make encryption the default in the most recent release of Android, its mobile operating system. Not that many of the world’s Android users will see the benefit in the short term: five months after the software’s release, only 2.6 per cent of Android phones are running the latest operating system, according to the company.
But this is only one side of the story. Few people would want to lock all their data into a single gadget. Besides the risk of loss, it would be to turn back the clock on one of the main benefits of cloud computing: accessing personal information from different devices. The San Bernardino terrorists also used Apple’s iCloud, even if the last time they backed up data from an iPhone was some seven weeks before last year’s shootings.
Data in iCloud are encrypted — but, crucially, Apple has the keys, making it possible for courts to order it to hand over information. As a result, since its fight with the FBI, Apple has also been looking at how to put encrypted iCloud data beyond its own reach.
There are good reasons, though, to think this drive towards strong encryption will reach a natural limit. Putting cloud-based data beyond the reach of the companies hosting it would limit its value. At the most basic level, it would mean users would not be able to recover their personal information if they forgot their passwords.
Making information unreadable would also make it harder to tailor many online services. Personalisation is the great hope for a world awash with too much data. Shaping digital experiences relies on being able to analyse a user’s personal and behavioural information.
There are also powerful economic motivations for limiting encryption. As Harvard University’s Berkman Center said in a recent report, the advertising businesses of companies such as Google and Facebook rely on being able to target adverts based on what they know about their users.
Many new types of data are also valued for their ability to be processed. For instance, the “internet of things” is founded on the idea of being able to collect, collate and analyse vast amounts of information thrown off by myriad smart objects. Besides sensors, many of these devices will have cameras and microphones: they will, in effect, be watching and listening.
It is no wonder that many in the tech industry reject the idea that the spread of encryption will make life harder for law enforcement, and instead argue that a “golden age of surveillance” is at hand.
That is hardly a phrase guaranteed to instil confidence in their customers. But privacy concerns often take a back seat when new digital services bring greater convenience to users’ lives. A battle over encryption is set to rage in the coming years, but its impact on the broader data economy should not be overstated.