Privacy & Privatization | Doron Stern | TEDxBGU
[Music] did it be you a number of years ago my wife's purse got stolen it wasn't really a purse more like a bag it had everything in it and it had her mobile phone in it I was sitting in my office and my wife or his suddenly calling from somebody else's phone her purse got stolen wait a minute you had your mobile phone in it right I have an idea I can call the mobile phone company and they can tell us where the phone is and where the bag is and then we can know where the thief is and I rush to do just that my wife's bag has just been stolen and her mobile phone was in it I told the mobile phone company can you give me the location of her phone no said the man from the mobile phone company we can tell you that it's against our privacy policy so I said maybe you could give her the location of her phone I can give you her number it's her phone sorry we can't do that either we have no way of knowing whether it's really her said the man please you've got to help me the bag was just stolen perhaps you have a supervisor so the supervisor was there she was a calm and polite lady and she was patiently explaining to me the privacy policy of the company and while we were having this discussion the thief was walking in the streets of Tel Aviv and discussion over our privacy was taking place basically what she told me was that there was no way we will be able to get the bag back or to get the location of the phone unless we managed to come up with a court order but we have no time to get a court order I told them and it's really it's it's our privacy and we asked to be violated the woman was decisive and somewhat shocked at my disrespect for privacy so I thought I'd call the police I call the police I told them quickly what happened I said there is a bag which was just stolen and there's a mobile phone in it can you please call partner the mobile phone operator and get the location of the phone from them I'm sorry sir we can't do that said the policeman the mobile phone escape was correct we cannot get this information without the court order and how I really lost it there's a man walking in the streets with an electronic sign I am a thief and you are the police don't you want to catch a thief the policeman was quite irritated with me I'm surprised at you sir he said you are a lawyer you must appreciate the value of both privacy and I realized that we are not going to get our bag back because our privacy method more than our belongings and because the police was not going to take any risk with our privacy but I actually realized something bigger it was more than just the respect of privacy which was manifested there the police was no longer sure what was more important their duty to protect to prevent crime or their obligation to respect privacy and the interaction that I requested between the police and a technology company such as the mobile phone operator made it even more complicated for them so the bag was gone and privacy prevailed privacy was not always treated to such a dominant civil liberty it started to be recognised as such in the 20th century in recent years have seen it becoming a major Liberty Liberty which was reflected in a lot of legislation and actually influenced the way we were interpreting and reading many other laws and screening other rights and obligations of people in society and I believe this has a strong tie to what is happening in the cyber space there are numerous academic discussions in articles about the connections and the tension between what is happening in the cyber space and privacy you see privacy is no longer safe in the cyberspace but privacy itself poses a risk to other liberties one's property one's well-being sometimes even ones actual life in November of 2015 the police in Paris France had information about a terror attack which was planned to take place and they actually even had information about who were the suspected individuals which were intending to launch this attack they tried to access the messages and failed these terrorists were using a highly advanced encrypted messaging system called telegram so the police contacted telegram and asked them to a system in accessing the messages of those individuals and telegram refused they were not ready to assist the police at the price of their customers privacy so the customers were advancing in the streets of Paris advanced advancing each other to the Bataclan nightclub succeeded in launching the attack they left a hundred and thirty people dead there was anguish and anger all over the world but there was no ring note of telegrams refusal to assist the French police which tried to prevent it a few months earlier in a testimony before Congress in June of 2015 the FBI director actually warned uncrackable encryption is allowing terrorists to communicate about the criminal intentions without fear of outside intrusion they're sorting the efforts of law enforcement to detain prevent and investigate illegal activities and indeed a few months later in America Apple refused to give the FBI a backdoor into the iPhone messaging system FBI could not detect messages that were exchanged between the couple that launched the attack in San Bernardino California and left 14 people dead they Apple also claimed that they all privacy protection to their customers again there was no real outcry against this stance by Apple in fact I think that most people felt it was alright private companies were not required to cooperate with the police that the price of their customers privacy and their we were witnessing perhaps in an extreme way the very same phenomena that I experienced in my wife's bag story the police was weak it had to rely on technology companies technology companies felt that privacy method more than anything else and therefore refused to assist the police in defending from actual in this case even murderous crimes but there is a paradox while defending our privacy became a major obstacle in protecting our safety our privacy itself in the cyber space was more violated than ever perhaps by criminals and also by non criminals let me explain for thirty years or so we were placing our private information in the cyber space we place things which are very private who we are where we are how we look what our opinions are what our credit card number is private messages we put it all willingly in the cyber space and we gradually realized that it has been used it has been exploited sometimes by the very custodians with whom we deposited this private information so we became pretty irritated and angry and when demanded of them not to dare using it without getting consent but while commercial companies use the private information just to make money somewhat legitimate money cybercriminals were using you are using our private information in order to commit crime over the web they were using our identity in order to access our bank accounts they were taking hold of our private information and tried to blackmail us sometimes they placed ransomware into our private computers and threatened to shut it down to shut down the whole system unless we pay them and sometimes they just put viruses and malware and worms and what-have-you just in order to show us that they can and so many of us actually all of us became victims of small and large cyber crimes in horrific volumes all over the web all over the world and here was the paradox while we were willingly risking our privacy in the cyberspace and while we were all victims of cybercrime by now we were determined not to let anyone access our privacy in order to defend us we were suspicious we were unsecure in private companies sensed it and developed solutions in order to answer this need they suggested ways to prevent defend and mainly detect cyber threats and cyber crime and a whole new sector appeared before our eyes it was called cyber security and cyber security companies popped up like mushrooms after the cybercrime reign but these companies did not offer ways to catch the criminals only to defend against these crimes catching the criminals was not their task it was the government's task crimes are committed by criminals and criminals are supposed to be caught by the police it was a problem the police had not yet developed effective ways to deal with these new forms of crimes and with these new types of criminals you see the police's is is an organization as all this crime is it has a huge experience in dealing with criminals but with slightly different kind of criminals street smart but not well educated a violent perhaps but easily manipulated criminals who hang around other criminals and would would give each other up for the right pay or under the right pressure and suddenly a new breed of criminals emerged criminals who were loners who were bright who had unprecedented means to disguise their true identity and and the forms of cyber crimes also changed much faster that the police could could address the police is a large organization and it takes time for it to to recruit new kind of policemen and develop new investigation techniques and acquire new technologies and learn how to deploy them and all this could not be done in time to address this the pace in the speed of cybercrime and almost all cyber crimes are committed multi nationally or even non nationally in the cyber space and for the police it's pretty hard to reach a criminal and put its hand on it when it's away from its jurisdiction it required new kinds of international cooperation and I need not mention my own profession laws needed to be revised and loss takes years to it to be enacted international treaties take longer new rules of evidence need to be developed and deployed in order to bring these new crimes to justice the crimes are not really newest it's the same old story it's it's it's stealing it's forgery it's extortion but their forms are different and the ways to prove them in court was different and I'm afraid justice systems are even slower than police to address changes so they just left us citizens and protected without an effective police and without an effective law enforcement in the cyber security industry became our private police we were suddenly faced with a new privatized service we never asked for we can call them the private cyber security forces and as the police had to rely on this new cyber security forces in order to do its job they learned to abide by their rules one of which was beware with accessing the privacy of your customers and so the police was was tamed to prefer our privacy over our right and their duty to prevent crime and this was probably why the policeman on the other side of the line in my wife's bag story was rejected to call the mobile phone operator and gave up on an opportunity to catch a thief perhaps it's okay perhaps privacy does matter more than catching criminals especially cyber criminals perhaps a private cyber security force is better than the old-fashioned traditional state police I I don't think so I think that privatized police and privacy prevail and leading us as a society to compromise on our basic rights we give up on our right as citizens to be protected by our respective governments and more painfully we give up on our hope to catch criminals and bring them to justice and we started to accept cyber crime as a problem which cannot be cured and must be contained and this is not right and and we made the right for privacy a good reason or perhaps an excuse to give up on our right to catch criminals and bring them to justice and this is not right now what to do one way is to accept the situation less the hidden hand of the market it mired the cyber security industry which managed to develop those means to address cyber crime perhaps invest in them Eve another way is to complain like I do the two can be complimentary you can do both and the third option is to try and look at what the future will bring with it I do not wish to underestimate the ambition and ingenuity of criminal minds but I do believe that artificial intelligence will prevail over it I think that what is commonly called blockchain offers a direction I think that instead of looking for ways in order to remove anonymity in order to require every user in the web to identify himself blockchain machines encrypted machines can actually require every user in the web to get electronic authentication to get a sort of a certification in order to allow him to do everything anything over the web and I think with this era we will see the size and volume of cybercrime reducing significantly and perhaps by that time we will be more relaxed with our privacy and we'll be ready to let the defenders use our privacy in order to defend us there is something which doesn't make sense in the fact that our attackers are accessing our privacy all the time and our defenders are so reluctant to use it I think we're in an intermediate phase we're a little bit like people in a small town in the Wild West in the early 1800s robbers are storming the town from time to time robbed the bank as they please and vanish the sheriff is spending his days on the porch probably smoking cigarettes his legs up on the rail there is no solution to crime except maybe the Gary Cooper's or the John Wayne's of the world in later years this is all due to become a queer perhaps romantic memory of an unsafe wild past and in some years we may be looking at our times with the same degree of amazement and amusement thank you you