A recent article and report on privacy security issues with the Baidu browser raised questions around government influence that encourages the release of unsafe software into the hands of consumers, and the related issues of encryption, and data collected by search engines more broadly. In the U.S., the debate around encryption has put producers, who are generally pro-encryption, and government law enforcement agencies, who are fighting encryption, against one another. This is the most visible part of the debate around consumer security, but we also know companies comply with government orders (such as national security letters) and it seems well within the realm of possibility that ordinary citizens do not know the extent to this compliance. Finally, the report highlights how little I and most people know about the way our activity on the internet is tracked and mediated, by search engines but also by many sites we visit, for monetary gain.
The intent behind the security holes in Baidu is unclear: “China requires local companies like Baidu to retain and share user data without much of any kind of due process, transparency, or public accountability. Did Baidu build their browser to hoover up all of this personal information at the request of the Chinese authorities? Did they do it for commercial reasons? Did they do it because of over zealous engineering choices? …Whether poor design, or surveillance by design, it is the same effect: users are at risk.”
A certain level of privacy is considered a human right. Governments around the world, but more visibly since legislation passed as a result of the September 11th terrorist attacks, have challenged technological measures and legal procedures intended to protect personal privacy under the name of increased security. Whether or not weakened encryption is an effective tool for law enforcement and counter-terrorism is an open question, although there’s evidence that terrorists hide their communications in other ways. I’m inclined to think that governments should be on the side of their law-abiding citizens who could be at risk of disclosing personal information to more malicious third parties and criminals using deliberately inferior software.