Governments should promote the use of strong encryption and protect anonymous expression online.
In an era of unprecedentedly broad and intrusive government surveillance, these tools often offer the only safe way for people in repressive environments to express themselves freely.
On June 17, 2015, the United Nations special rapporteur on freedom of expression presented his report on the use of encryption and anonymity in digital communication to the UN Human Rights Council. The special rapporteur recognized that encryption and anonymity, as leading instruments for online security, enable people to exercise their rights to freedom of opinion and expression and the right to privacy in the digital age. The report urged countries to ensure that people are free to protect the privacy of digital communications by using strong encryption and anonymity tools.
“Strong encryption and anonymity are critical for protecting human rights defenders, journalists, and ordinary users in the digital age,” said Cynthia Wong, senior Internet researcher at Human Rights Watch. “Encryption allows us to preserve a safe, private space for free expression at a time when governments are expanding invasive surveillance worldwide.” Human Rights Watch and 25 other human rights and media freedom organizations released a joint statement on June 17 urging countries to adopt the report’s recommendations.
Digital technologies have enabled intrusive surveillance on an unprecedented scope and scale. Such surveillance allows governments to identify journalistic sources, government critics, or members of persecuted minority groups and expose them to reprisals. Ordinary users also face a range of online dangers, from abusive surveillance to victimization by cybercriminals and other malicious actors. The special rapporteur recognized that strong encryption and anonymity defends Internet users from such threats and creates a “zone of privacy to protect opinion and belief” and other rights.
In recent years, many governments have sought to restrict access to strong encryption or limit anonymity online in the name of national security and public order. Russia and China have imposed real-name registration requirements on social media users or bloggers, limiting anonymous expression. The Chinese government is also considering new regulations to require technology companies to build “back doors” into hardware and software and has begun blocking encrypted web traffic.
Government officials in the US and UK have expressed concern that increased use of encryption on social media services or mobile devices will make it more difficult to prevent terrorism. These officials have accused Internet companies of creating “zones of lawlessness” and “dark places” where terrorists and criminals can flourish because some communications may not be accessible to law enforcement. Prime Minister David Cameron of the UK has pledged to ensure that no communications will be unreachable by its security services, suggesting that applications that do not comply with access requirements might be banned. Other officials in the US and UK have urged technology companies on install back doors or other vulnerabilities to allow law enforcement to circumvent protections.
Governments have an obligation to investigate and prosecute crimes and prevent terrorist attacks. But as the special rapporteur confirmed, “In the contemporary technological environment, intentionally compromising encryption, even for arguably legitimate purposes, weakens everyone’s security online.”
Human rights defenders, journalists, and ordinary users rely on encryption, often implemented by the private sector, to secure their communications, Human Rights Watch said. Back doors and other vulnerabilities cannot be kept secret from bad actors with the skills to exploit such weaknesses, disproportionately undermining human rights. Technical security experts confirm that mandates that require companies to introduce intentional vulnerabilities into secure products also undermine cybersecurity.
Countries should support the report’s recommendations, Human Rights Watch and the other groups said:
The special rapporteur has also called on the private sector to review their practices and ensure respect for human rights norms. The security practices of information and communications technology companies can significantly promote or compromise encryption and anonymity, along with user rights, online. These companies have a responsibility to respect the human rights of their users, including when faced with demands from governments to undermine the security of their users and restrict privacy online, Human Rights Watch said.
Technology companies should employ strong encryption and support anonymous communication across digital products and services. Companies should also resist government requests to weaken the security of online services and devices and oppose real name registration requirements.
“This report directly challenges the claim of some governments that encryption is primarily a tool for terrorists and criminals by illustrating how important it is to a range of human rights,” Wong said. “As a first step, governments should repeal real name registration requirements and stop trying to force companies to build in back doors that weaken security online.”