Addressing the right to privacy in 2015
One of the concrete ways in which internet users can exercise their right to privacy is through the use of encrypted communications, which can provide some guarantee of confidentiality in an environment of pervasive digital surveillance. In this sense, encryption serves as a form of protection for fundamental human rights. 2014 brought a cluster of new consumer products and open source projects aiming to make the use of encrypted communications easier to use and more readily available to a wider swath of people than ever before. Yet the legal use of privacy enhancing technologies and even the perfectly legitimate demonstration of interest in the pursuit of privacy is being marginalised across the globe.
Over the last decade, the human rights sector has witnessed a dramatic uptick in the use of digital surveillance to harass, intimidate, and perpetrate physical violence against those fighting for the protection of fundamental rights. 1 Human rights defenders in repressive environments have consequently turned to the use of digital security strategies to enable private, secure communications. Privacy enhancing technologies such as encryption play an important role in these strategies. 2 Unfortunately, the human rights sector has observed that the use of privacy enhancing technologies can, like any number of behaviours – attract attention from state and non-state actors who perceive human rights work to be a threat to their interests. 3
The National Security Agency retains the encrypted communications of both US and non-US citizens indefinitely 4 and flags users who demonstrate a concern over privacy at a mass scale. 5
The recent increase in availability of consumer encryption products has kicked off a new campaign by government agencies arguing that strong, widely available encryption poses a threat to national security interests. In September and October of 2014, the United States Federal Bureau of Investigation director James Comey 6 issued several statements claiming that the spread of encryption in consumer devices and services would make the work of finding criminals impossible, despite the fact that the FBI had itself previously recommended 7 for users to utilise encryption to protect their personal information from theft and intrusion.
In the wake of the tragic attacks on Charlie Hedbo in early January, UK Prime Minister David Cameron stated there should be “no means of communication” which “cannot be read.” 8 Commentators have interpreted these statements as potentially calling for a ban on the use of any encryption by internet users in the UK that can't easily be decrypted or broken by law enforcement. At the same time, Cameron and leaders such as US President Barack Obama call for an increased focus on cyber security. These agendas stand in contradiction: if law enforcement can break encryption, then the very intruders cyber security efforts aim to guard against, can also break encryption. The result is a compromise in the security of communications for everyone.
Finally, in December 2014, a judge in a special court, handling issues of “national interest” in Madrid, found the use by Catalonian activists of “emails with extreme security measures” to be a signal of hypothetical, future criminality. The emails he referred to were sent through Riseup, a service which follows common best-practices to preserve the confidentiality and privacy of its users personal information. In response, Riseup issued a statement proclaiming that “security is not a crime.” 9
If even the specter of mass surveillance produces enough fear in writers to stop them from expressing themselves freely, 10 we should ask what societal harms might result if the pursuit of privacy is further marginalised or criminalised in the way demonstrated by this court case and recent campaigns.
A global survey of 20,000 respondents conducted in 2014 by the Centre for International Governance Innovation & IPSOS 11 showed that 60% of respondents had heard of Edward Snowden, and that of those, 39% had made efforts to protect their privacy through behavioural modifications or the use of privacy enhancing tools. This represents a significant number of people who could, by virtue of their awareness of the erosion of privacy and their desire to take control of their data, be seen as targets to law enforcement and intelligence agencies around the world.
In the face of these misguided campaigns, encrypted communications should be recognised by policy makers as a vital way for internet users to exercise the fundamental right to privacy. Further, user-centric digital security practices should be recognised as complementary rather than in opposition to the protection of national security interests: strong encryption enables an individual user's digital security in the same way that it protects state-level cyber security infrastructure. 12
In 2014, we saw momentum build in the United Nations Human Rights Council to recognise the importance of the right to privacy in the digital age. 13 In 2015, human rights advocates should underline that the use of privacy enhancing technologies such as encryption is a vital way to exercise this fundamental right.
Footnotes
1. See http://www.hrw.org/reports/2014/03/25/they-know-everything-we-do
2. See https://Securityinabox.org
3. See the Annual Report of Frontline Defenders: http://www.frontlinedefenders.org/2015-Annual-Report
4. http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/
5. See http://www.theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/
6. See http://arstechnica.com/tech-policy/2014/09/apple-google-default-cell-phone-encryption-concerns-fbi-director/
7. See http://www.dailydot.com/politics/fbi-director-encryption-contradiction/
8. See http://www.bbc.com/news/uk-politics-30778424
9. See https://help.riseup.net/en/security-not-a-crime
10. See http://pen.org/global-chill
11. See https://www.cigionline.org/internet-survey
12. See https://www.techdirt.com/articles/20150115/15121729715/leaked-intelligence-document-calls-more-not-less-encryption-to-protect-companies-citizens-cybercriminals.shtml
13. See http://www.ohchr.org/en/hrbodies/hrc/regularsessions/session27/documents/a.hrc.27.37_en.pdf
Add new comment