The risks for citizens’ fundamental rights of privacy and freedom of expression caused by abusive practices involving surveillance of private companies and/or governments are currently being debated in the European Union and internationally.

As citizens, we are entitled to protect ourselves from this kind of practices. Our personal data and our communications are part of our private life, and as such should be treated.

An open letter to the leaders of the world’s governments for a strong encryption, secure communications and the defense of privacy:

https://securetheinternet.org/

We encourage you to support the safety and security of users, companies, and governments by strengthening the integrity of communications and systems. In doing so, governments should reject laws, policies, or other mandates or practices, including secret agreements with companies, that limit access to or undermine encryption and other secure communications tools and technologies.

  • – Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;
  • – Governments should not mandate the design or implementation of “backdoors” or vulnerabilities into tools, technologies, or services;
  • – Governments should not require that tools, technologies, or services are designed or developed to allow for third-party access to unencrypted data or encryption keys;
  • – Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and
  • – Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

Official documents from the European Union and United Nations recognize the end-to-end encryption as the only option available for the citizens to defend themselves against mass surveillance. Likewise, the reports emphasize the need to promote policies that prohibit any attempt to limit the use of or technically weaken encryption.

We summarized the contents of both documents and make available the full texts (linked below) so that they can be used as a tool and basis to defend and demand our right to privacy and encryption:

European Parliament Science and Technology Options Assessment (STOA) on Mass Surveillance

Read the full text

The publication of the secret documents leaked by Edward Snowden disclosing controversial mass surveillance programmes by intelligence and national security agencies has evoked an international debate on the right of citizens to be protected from illegitimate or warrantless collection and analysis of their data and meta-data.

The agencies involved in mass surveillance practices justify these methods with the doctrine of pre-emptive prevention of crime and terrorism. While targeted lawful interception constitutes a necessary and legitimate instrument of intelligence and law enforcement agencies, mass surveillance is considered a threat to civil liberties such as the right to freedom of opinion and expression. These civil liberties are essential human rights in democratic societies and of particular importance for safeguarding independent journalism and political opposition.

For an end user it is practically impossible to detect whether data and meta-data generated is being analysed or used by third parties and even less, if a system is subject to a complex attack orchestrated by powerful opponents like government agencies.

To protect citizens’ rights of privacy and freedom of expression in front of mass surveillance the issue must be addressed technical and politically.

Technical options available to citizens for counteracting mass surveillance, first and above all, encryption, a statement that is shared and confirmed by the security community and Edward Snowden, who says that “Properly implemented strong crypto systems are one of the few things that you can rely on.”

Yet, policy makers must understand that the problem of mass surveillance cannot be solved on a technical terrain, but needs to be addressed on a political level.

Security agencies will always have a competitive advantage in winning a race for technological supremacy in Internet security due to the resources at their command.

An adequate balance between civil liberties and legitimate national security interests has to be found, based on a public discussion that empowers citizens to decide upon their civil rights affected and the societal values at stake.

To reduce the risk of privacy intrusion by mass surveillance encryption must be promoted and defended. Policy options that are considered of help in reducing the risk of privacy intrusion.

a) Promote and invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness

b) The promotion of open source operating systems and applications that allow for constant inspection and scrutiny by a large community of experts and verification and validation bodies

c) Investing in and stimulating the integration of user friendly, utility-like encryption software solutions

d) Regulate Telecom Operators to apply security mechanisms in form of adequate encryption over their entire networks, avoiding backhauls

e) Invest in user awareness creation (“know the digital traces you are leaving”) about who, under which conditions, where and when can access private data and what is being done with it

f) Regulations that require applications to adopt maximum privacy settings as default

 

United Nations report on the promotion and protection of the right to freedom of opinion and expression

Read the full text

Contemporary digital technologies offer Governments, corporations and criminals unprecedented capacity to interfere with the rights to freedom of opinion and expression, and to perform online censorship, mass and targeted surveillance and data collection, digital attacks on civil society and repression force individuals around the world.

Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artists and others to exercise the rights to freedom of opinion and expression. Such security may be essential for the exercise of rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.

Because of their importance, restrictions on encryption and anonymity must be strictly limited. The United Nations rapporteur on the promotion and protection of the right to freedom of opinion and expression therefore recommends the following:

  • States should adopt policies of non-restriction or comprehensive protection of encryption and anonymity, only adopt restrictions on a case-specific basis and that meet the requirements of legality, necessity, proportionality and legitimacy in objective, require court orders for any specific limitation.
  • Discussions of encryption and anonymity have all too often focused only on their potential use for criminal purposes in times of terrorism. But emergency situations do not relieve States of the obligation to ensure respect for international human rights law. General debate should highlight the protection that encryption and anonymity provide, especially to the groups most at risk of unlawful interferences.
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online and promote security and privacy online through public education. Legislation and regulations protecting human rights defenders and journalists should also include provisions enabling access and providing support to use the technologies to secure their communications.
  • States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards. In addition, States should refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users. Corporate actors should likewise consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms).
  • Court-ordered decryption may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people).
  • States, international organizations, corporations and civil society groups should promote online security and access to encryption and anonymity without discrimination.
  • Companies, like States, should refrain from blocking or limiting the transmission of encrypted communications and permit anonymous communication.
  • Corporate actors that supply technology to undermine encryption and anonymity should be especially transparent as to their products and customers.
  • The use of encryption and anonymity tools and better digital literacy should be encouraged. Since the value of encryption and anonymity tools depends on their widespread adoption; states, civil society organizations and corporations are encouraged to engage in a campaign to bring encryption by design and default to users around the world and, where necessary, to ensure that users at risk be provided the tools to exercise their right to freedom of opinion and expression securely.