The discourse on the need for end-to-end (E2E) encryption on digital platforms is largely centered around the seemingly irreconcilable interaction between the right to privacy and government authorities’ duty to prevent criminal activities. Technology is developing at a rapid rate and is posing increasing risks to both privacy and national security; users’ personal data has never been more susceptible, and criminal organizations have never had such an accessible outlet and medium to execute their malign plans. Given the increased dependency on technology and digital platforms, the importance of striking a balance between the need to protect users’ data and curbing illegal activities is paramount. However, is achieving the two in consonance with each other even possible, or are we seeking to accomplish an unachievable goal, to begin with?
Governments across the world are struggling to walk this tightrope. Consequently, the Five Eyes Alliance—which comprises of the United States (US), the United Kingdom (UK), Canada, Australia, and New Zealand—issued an international statement urging companies like Facebook to formulate a plan to provide government authorities with access to encrypted communications to help them combat the increasing threat posed by criminal activities on such platforms. However, the countries acknowledged the importance of E2E encryption in protecting “personal data, privacy, intellectual property, trade secrets, and cybersecurity.” Further, they also admitted that protecting users’ data was explicitly crucial for journalists, human rights activists, and other vulnerable communities. Consequently, the Alliance called for a “reasonable proposal” that is wary of protecting these rights but also provides the government authorities with the information necessary to prevent crimes on their sovereign territories.
However, the balance that the Alliance seeks to strike is practically impossible to achieve. Several tech experts and human rights defenders have proposed an extra layer of checks by requiring directions issued by courts or internal investigations by tech companies before handing over the key to the encrypted data. To begin with, governments are unlikely to accept such a solution that gives them only limited or regulated access to encrypted data. This is because most investigations on issues pertaining to national security are time-sensitive. Relying on court orders or administrative approvals that are contingent upon an assessment of the necessity of access to the encrypted data will cause unnecessary delays to the government authorities’ investigations. Moreover, most countries already have provisions that allow government authorities access to encrypted data that it deems necessary for criminal investigations. For instance, Australia, the US and the UK have laws that enable government authorities to access users’ data after securing a court order for the same. However, now, these countries are seeking to secure backdoor access to data in order to avoid the delay caused by this process. Hence, the proposed solution proposed by tech experts would vitiate the entire purpose behind the repeated calls by the Alliance and other countries, who wish to gain expedited access to encrypted data.
The more concerning alternative is granting the authorities unhindered access to user data. Several countries, such as China, Saudi Arabia, and Pakistan, have already brought an end to E2E encryption in their respective jurisdictions. However, according to Human Rights Watch, these devices are rarely used to access information on terrorist activities or other serious crimes. Instead, they are used to monitor private conversations and crack down on dissent. For instance, China has laws that ban applications from encrypting communications. This is used by Chinese authorities to track and persecute private political conversations on applications like WeChat.
Moreover, several experts say that instead of curbing criminal activities on the platforms, creating backdoors to allow governments to access encrypted data will, in fact, disproportionately impact ordinary, law-abiding citizens. If tech companies create such provisions, citizens will become more vulnerable to hacking, privacy breaches, and attacks by foreign entities as these backdoors can be exploited by cybercriminals too. Further, in most countries that introduced such laws, individuals who engaged in criminal activities found alternatives by using encrypted platforms on the black market. Hence, if tech companies decide to provide governments with unhindered and unregulated access to the key for the encrypted data, this could lead to an overall deterioration in the rights of the civil society, while doing very little to bring an end to organised crime.
This is particularly concerning in light of the crucial role played by applications and communication channels that allow E2E encryption in promoting freedom of speech and expression by providing a safe outlet for dissent. In fact, this year, demonstrators across the world relied on such platforms to organise protests without the fear of intervention by government authorities. For instance, during the recent protests in Thailand, the E2E encrypted platform called Telegram was used by organisers of the demonstrations. Further, during the outbreak of the Black Lives Matter protests in the US, a similar app called Signal saw a 50% increase in downloads. Applications that allow E2E encryption have also been used in Hong Kong, Lebanon and Venezuela. It is clear that E2E encryption is essential to protect dissent and other fundamental rights such as freedom of speech and expression, particularly in countries that are already cracking down on human rights. Hence, by allowing the encryption of users’ data, governments will have to resort to more constitutional forms of gathering information by preventing authorities from arbitrarily accessing data and engaging in mass surveillance.
Worryingly, the Alliance’s proposal claims that such measures necessary to protect national security, and this may be enough to convince some sections of the public. Over the past few years, there has been a trend towards right-wing and populist tendencies across the globe, wherein certain demographics are held to be uniquely responsible for extremism and criminal activities, despite the fact that such illicit activities are present across all sections of society. In this scenario, right-leaning individuals and communities have become more likely to be willing to surrender their privacy rights as it furthers their aim of targeting people belonging to specific demographics. It appears that the Alliance is cognizant of this societal shift and is perhaps riding a wave of populism to advocate for a proposal that would allow their respective governments to increase surveillance and crack down on dissent. This could prospectively lead to the further disenfranchisement of already marginalized communities; worse yet, it opens up all sections of society to government overreach and intrusion.
What is especially concerning is that the proposal was brought forward by countries that have long reinstated and proved their commitment to democratic principles such as freedom of speech and expression and have criticised other countries for adopting measures that curb dissent. Further, the European Union, which is known for housing the most robust laws on data privacy, is also likely to pass a legislation that mandates providing backdoor access of encrypted data to the European Parliament by the end of next year. With more and more democracies prioritising the need to crack down on crimes and attacks on national security, the digital world is likely to be subject to increased interference by governments by surrendering crucial civil rights of users. While there is a strong argument to be made for the need for curbing criminal activities on such platforms, the cost at which this will be achieved is extremely high and could cause irreparable damage to the democratic roots holding societies together.
Walking the Tightrope in the Crusade Against End-to-End Encryption
Striking a balance between protecting users’ right to privacy and allowing governments access to users’ encrypted data is impossible to achieve.
October 22, 2020
SOURCE: REUTERS