Can Governments be trusted to keep our data private?

Governments and state agencies everywhere would like us to believe that our personal data is safe in their hands. They say this information is vital. Without it, they claim, it would be impossible to make the everyday services we depend on - from local community resources to state welfare payments, law enforcement, health diagnoses and so on - run as efficiently as possible.

In an ideal world, governments are open, accountable, and there are robust legal frameworks that prevent them from misusing our data behind the scenes. However, this is not always the case. Unfortunately, some state authorities have a flagrant disregard for civil liberties. Even more open Western democracies, through lack of care or in the name of national interest, may sometimes play fast and loose with data protection.

For this reason, all data communications between government agencies should be properly encrypted to prevent the possibility of any personally identifiable information (PII) being breached. A well-established and reliable method for achieving this is through the implementation of virtual private networks (VPNs).

Suspect States

As some parts of the world have authoritarian regimes, their political systems have a dubious record on human rights and often lack respect for individual privacy. There is good reason to believe these governments will use any personal data they collect for political ends. The usual suspects include Russia, China and Iran.

Privacy campaigners have also voiced concerns over places where privacy laws are weak or absent such as Saudi Arabia, UAE and Singapore.  They want the authorities there to collect and aggregate only anonymized data communications from digital projects.  

In addition, the persistent presence of weak encryption, legacy software, human error and advanced hacking techniques greatly increases the likelihood of mass data collection by the state for use against individuals if ever needed.

Above the Law

Western democracies fare little better. The basic right to privacy of individuals is in constant conflict with the pressure on government to do whatever is necessary to protect ordinary citizens from a wide range of cyber threats.  

Both the US and the UK have made concerted efforts to enhance cyber surveillance – via the PRISM powers extension and the Investigatory Powers Bill respectively. Such measures come dangerously close to placing governments above the law.

Privacy campaigners are concerned that the authorities may somehow misuse data collected from law abiding citizens. The EU also wants greater powers to intercept data to help combat cyber crime. In May 2018 new data protection rules, known as GDPR, will come into force aimed at safeguarding EU citizens’ data.

However, GDPR applies only to businesses and has nothing to say about data collection by governments. Already the Privacy Shield agreement between the EU and the US permits US law enforcement and security agencies to access personal data regardless of where it is stored.  Under the agreement foreign nations can similarly demand data stored in the US without judicial review.

Meanwhile, the Trump administration has asked for authorization to track, reroute or destroy drone devices to prevent them from ever being used for attack. If granted the legislation would give US authorities a wide-ranging set of powers to listen in on all drone aircraft data communications.

Mistakes Happen

With all these initiatives, ordinary citizens have little choice but to trust the authorities to use their powers responsibly. The trouble is – mistakes can, and do, happen.

In Australia, it was recently revealed that personal data related to a medical benefits scheme run by the federal government was not properly encrypted. Unencrypted patient data could be pieced together to identify individuals. It is a clear illustration of how government officials can make the most basic mistakes when handling PII. 

In another example, this time in the UK, the Crown Prosecution Service (CPS) managed to lose 15 unencrypted DVDs containing interviews with young sex abuse victims. Both cases highlight the risks of entrusting public servants with the care of sensitive personal data. They also underline the value of using data encryption at all times.

Data Encryption Secures Basic Privacy

Data encryption is a basic first step to ensuring sensitive personal data stays private whenever it is communicated in digital form. 

A long-established and reliable way to do this in the business world is to use VPN software to encrypt data and protect it from being viewed by unauthorized parties as it passes over the public Internet.

VPNs like the NCP Secure Enterprise iOS client can ensure the privacy of personal data shared between thousands of public officials in different agencies and different locations.

The VPN automatically encrypts remote access to workstations, cloud applications, mobile devices and storage databases.

In summary, governments in general have a poor track record when it comes to keeping private the sensitive personal data they handle.  While this may be understandable in the world’s most authoritarian regimes it is still shocking to think it could happen in more “open” Western democracies. 

Increased use of Government surveillance powers and the fallibility of ordinary public service employees mean we cannot guarantee the authorities will keep data pertaining ordinary citizens private. That is why public services and state agencies should always use VPNs to protect the sensitive data of citizens whenever they remotely access government networks, databases or shared applications in the cloud.