UN Warns UK – Internet Encryption and Privacy Must be Protected

The United Nations special rapporteur for protecting and promoting freedom of opinion and expression, David Kaye, has published a new report that warns the United Kingdom and other countries against adopting measures into law that would add a backdoor for Internet encryption, which it said risked “weakening everyone’s online security“.

The UK Prime Minister, David Cameron, has already signalled his intention to introduce tough new mass Internet surveillance powers (here) and part of this appears to involve a controversial drive that would also give the Government access to secure encrypted communications (here).

Encryption is a vital service and without it you don’t have credit card payments or secure financial transactions, similarly your emails wouldn’t be private and global businesses would struggle to communicate confidential plans and new system designs for fear that they might be stolen. Put simply, encryption is everywhere and we all use it; often without even realising.

But the Government are understandably concerned that bad people can use encryption too, such as criminals or terrorists, and as such they’re seeking new powers that would allow them to gain access to encrypted content. “The question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not,” said Cameron. But the UN report disagrees.

David Kaye said:

“Some call for efforts to weaken or compromise encryption standards such that only Governments may enjoy access to encrypted communications. However, compromised encryption cannot be kept secret from those with the skill to find and exploit the weak points, whether State or non-State, legitimate or criminal.

It is a seemingly universal position among technologists that there is no special access that can be made available only to government authorities, even ones that, in principle, have the public interest in mind. In the contemporary technological environment, intentionally compromising encryption, even for arguably legitimate purposes, weakens everyone’s security online.”

Indeed another problem with all this is that the Internet is a global platform and criminals, of course, won’t play ball. It’s difficult to get the secure keys for systems that exist outside of your control or jurisdiction and the Government would probably have better luck banning water from the sea.

As the boss of Internet provider AAISP, Adrian Kennard, said earlier this year, “If you take what [Cameron] said literally it would mean whispering to your partner in bed would be illegal in case the government planted microphone could not pick up what you said.”

David Kaye added:

“Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief. For instance, they enable private communications and can shield an opinion from outside scrutiny, particularly important in hostile political, social, religious and legal environments.

Where States impose unlawful censorship through filtering and other technologies, the use of encryption and anonymity may empower individuals to circumvent barriers and access information and ideas without the intrusion of authorities.

Journalists, researchers, lawyers and civil society rely on encryption and anonymity to shield themselves (and their sources, clients and partners) from surveillance and harassment. The ability to search the web, develop ideas and communicate securely may be the only way in which many can explore basic aspects of identity, such as one’s gender, religion, ethnicity, national origin or sexuality.”

The report also notes that most Governments already have the tools at their disposal to use against criminals, such as wiretapping, geo-location and tracking, data-mining, traditional physical surveillance and many others. In addition, security services also use encryption to protect their operations and the same risk of exposure would apply to them too.

Kaye ultimately concludes that encryption and other Internet privacy tools are important to the core legal rights, such as freedom of opinion and expression. Restrictions on encryption and anonymity, says Kaye, must thus be “strictly limited according to principles of legality, necessity, proportionality and legitimacy in objective“.