Privacy, Crime, National Security, Human Rights & You in the Middle

GOTO Amsterdam 2023

Computers and online services are now involved in everything we do: you can’t drive a car, use public transport, go to the doctor, buy or pay something without traversing astounding amounts of software. This software logs what we do, often to make money from advertisers, and as such we leave a highly detailed trail of our activities.

This trail can be used for useful purposes, like troubleshooting, and even perhaps to offer us more tailored services. Simultaneously, criminals who try to defraud us also leave these trails, and conceivably you or the police could use that data to keep us safer. However, if the data leaks, we all have a problem.

Meanwhile, governments often want to gain (bulk) access to metadata for national security purposes.

As developers, we sit in the middle of this. What we don’t log or keep track of can’t leak. It also can’t help fight crime, but it may also leave governments without tools they want to do intelligence work with.

It turns out that as developers, our choices have a big impact. If we implement end-to-end encryption, our users have more privacy - even if they use this for bad purposes. And if we don’t, we leave them open to government surveillance.

In this talk, we’ll go over these tradeoffs, with specific attention to how one large phone manufacturer navigated this landscape.