Proponents for allowing government officials to have backdoors to encrypted communications need to read Franz Kafka. Nearly a century ago, Kafka deftly captured the irony at the heart of their argument in his short story, “The Burrow.”
After the Paris attacks, national security proponents in the US and abroad have been making even more vigorous attempts to mandate a backdoor to encryption.
The US regulates privacy with a sectoral approach, with laws that are directed only to specific industries. In contrast, the EU and many other countries have an omnibus approach — one overarching law that regulates privacy consistently across all industries. The US is an outlier from the way most countries regulate privacy.
About 15 years ago, the sectoral approach was hailed by many US organizations as vastly preferable to an omnibus approach. Each industry wanted to be regulated differently, in a more nuanced way focused on its particular needs. Industries could lobby and exert their influence much more on laws focused on their industry. Additionally, some organizations liked the sectoral approach because they fell into one of the big gaps in regulation.
But today, ironically, the sectoral approach is not doing many organizations any favors. There are still gaps in protection under the US approach, but these have narrowed. In fact, many organizations do not fall into gaps in protection — they are regulated by many overlapping laws. The result is a ton of complexity, inconsistency, and uncertainty in the law.
The Safe Harbor Arrangement has been in place since 2000, and it is a central means by which data about EU citizens can be transferred to companies in the US. Under the EU Data Protection Directive, data can only be transferred to countries with an “adequate level of protection” of personal data. The EU has not deemed the US to provide an adequate level of protection, so Safe Harbor was created as a work around.