In recent years, concerns about digital threats to individual privacy have been growing more acute. From high-profile data breaches to hijacked doorbell cameras, we’ve seen a steady increase in the scale and volume of privacy-related incidents. But 2020, driven by a global pandemic and worldwide protests calling into question the surveillance powers of governments, was a turning point.
In 2021, battles over the future of online privacy – and therefore the nature of the internet itself – will come to head. They will be contested in the spheres of law and programming, and they will center on the two essential components of a robust, resilient privacy solution: end-to-end encryption and decentralization.
This post is part of CoinDesk’s 2020 Year in Review – a collection of op-eds, essays and interviews about the year in crypto and beyond. Steven Waterhouse is the CEO and co-founder of Orchid, a privacy tool built on Ethereum designed to let people explore the internet freely.
Privacy and the pandemic
The emergence of the COVID-19 pandemic early this year immediately turbocharged concerns around digital privacy. Millions around the world suddenly found themselves working from home, reliant on digital tools like the Zoom video conferencing app.
Mishaps began almost immediately, ranging from the comical to the frightening. For many people, the dangers of the internet became real for the first time. For someone like me who has spent a career focused on issues of digital privacy, these were charged days. At Orchid, we even provided free VPN service to journalists to help ensure they were able to safely report on the unfolding crisis no matter where in the world they might be.
For systems to be private they should be end-to-end encrypted and decentralized.
While millions of individuals were learning firsthand the internet’s privacy pitfalls, governments scrambled to identify ways to track and stop the spread of the virus. Policy recommendations included mass-scale tracking and tracing of people and their whereabouts, and even “immunity passports” for those who had recovered or – in the future – been vaccinated against the disease. I wrote earlier this year arguing that the coronavirus presented a golden, maybe irresistible, opportunity for governments to enhance their powers of surveillance and coercion.
An uncertain future
Discussions around and threats to online privacy lie at the intersection of law and technology. Demand for privacy is surging: People around the world in 2020 flocked to privacy tools such as VPNs and encrypted messaging services. It’s no surprise that tech companies from Apple to Venmo to Telegram increasingly tout “encryption” as a key benefit for their users.
This year saw important developments in privacy law as well. Around the world, regulations aimed at strengthening privacy protections for individuals were adopted, most notably California’s Proposition 24. The law, passed by statewide ballot measure, strengthens provisions in the state’s California Consumer Privacy Act (CCPA) regulating the data collection practices of online businesses.
In spite of public sentiment toward strengthening online data protections, there are important counter currents that threaten the technological foundations of privacy altogether. In 2020, governments around the world intensified efforts to hobble end-to-end encryption by requiring technology companies to provide authorities with “back door” keys that would allow them to decipher any content they asked for.
Decentralization plays its part
In 2021, these debates surrounding digital privacy will intensify. And decentralization, in the form of blockchains and the digital assets they enable, must play a key role in supporting end-to-end encrypted privacy solutions.
End-to-end encryption is absolutely essential for true digital privacy. Once an ISP or a web server can see the content of our communications, that information is out there forever, no matter what other safeguards are in place. But systems with strong encryption can still be vulnerable to a single point of failure. If you use a VPN that suffers a leak, or gets hacked or secretly logs your activity, your privacy can evaporate in a second.
That’s why for systems to be private, they should be end-to-end encrypted and decentralized. By distributing processes across many different nodes, they reduce the risk to the user should one, or even several, fail or be compromised. Networks that are end-to-end encrypted but centralized remain subject to the risk that they will be compromised or even shut down in the future.
In 2021, decentralization’s role in supporting end-to-end encryption will become more important than ever. While end-to-end encryption will remain the sine qua non of digital privacy, decentralization will play a crucial role in ensuring its resilience and making sure that privacy systems are not only effective but resilient.