ACLU to UN: Encryption is Not A Problem to be Solved, But a Crucial Tool For Freedom and Security

A few weeks ago, a U.N. Special Rapporteur solicited comments for a report on the relationship between free expression and the use of encryption and anonymity online. The report that he is writing will be submitted to the Human Rights Council in June and could help shape the international discussion surrounding the role of encryption and anonymity today.

Yesterday, we submitted our comments addressing both of those extraordinarily significant and timely topics.

We made two points that we think are critical:

  1. We explained that encryption and anonymity are the modern safeguards for free expression. Without them, online communications are effectively unprotected as they traverse the Internet, vulnerable to interception and review in bulk. Encryption makes mass surveillance significantly more costly, and anonymity allows dissidents, whistleblowers, and human-rights defenders to freely express themselves, organize, and expose governmental abuse without fear of retribution.
  1. We argued that strong encryption is essential to cybersecurity. You won’t hear this point addressed at any length by the FBI or others pushing for “backdoors” in the encryption that secures the Internet. But the point could not be more important—without strong encryption, we would be essentially defenseless against the increasingly regular and devastating cyberattacks that officials have warned us about.

What the FBI and others have focused on, instead, is their claim that encryption makes surveillance harder.

As we explain in our submission, there is an unavoidable respect in which that might be true: securing our communications with encryption necessarily secures them against everyone—against democracies, oppressive regimes, and criminal hackers alike. But the debate over encryption is simultaneously about much less and much more: much less because encryption poses nothing like the existential threat officials have cautioned, and much more because the proposals offered thus far would not simply trade a little security for a little surveillance. Rather, they would wholly subvert our security by sacrificing our best defense against the growing threat of cyberattack: strong encryption.

In other words, the security that encryption provides is not a problem to be solved, but rather the solution (or at least a critical part of one) to a looming disaster. This is so for several reasons.

First, law-enforcement authorities are now operating in a “golden age of surveillance.” While technology promises to secure the content of our communications, it has at the same time made our lives more transparent to law enforcement than ever before. With little effort, police forces can now determine a suspect’s exact location over a period of months, his every confederate, and every other digital fingerprint he leaves when interacting with technology. Federal, state, and local law-enforcement authorities in the United States have eagerly embraced these unprecedented surveillance capabilities. The security that encryption provides must be judged not in a vacuum, but in the context of the pervasive surveillance enabled by our increasingly digitized lives.

Second, prohibiting technology companies from offering backdoor-free communication services would do little to aid in the most important investigations. Sophisticated criminals and terrorists already have access to a wide array of encryption technologies that do not rely on intermediaries like Apple or Google. The primary effect of preventing Apple and Google from offering their own backdoor-free encryption, therefore, would only be to make everyone else less secure.

Third, for those who do pose serious threats, governments often have other tools at their disposal. For example, where the NSA cannot crack the encryption used by its targets, it circumvents it in other ways. The FBI, too, has tools that allow it to remotely hack into its targets’ computers and surreptitiously log passwords or gain access to private data. Those methods generally have the virtue of being targeted in nature. In other words, they do not undermine the security of everyone in order to monitor the few.

Proposals to deliberately weaken encryption must be recognized for what they are: efforts to prioritize surveillance over cybersecurity. The balance should come out exactly the other way. In recent years, there have been major hacks of U.S. government agencies, educational institutions, and private corporations. Tens or hundreds of millions of individuals have had their private data compromised. Major companies have endured unprecedented intrusions into their systems. And even the government has seen sensitive military information stolen. Virtually every high-level intelligence official in the United States has identified cyberattacks as the most serious threat to the nation’s security.

Strong encryption is our first line of defense against that threat. Weakening that encryption would make us all—private citizens and companies alike—more vulnerable to attack. Backdoor access may make law enforcement more efficient, but it would do so only at the expense of everyone’s security.

View comments (33)
Read the Terms of Use

Anonymous

Point 2 is dead-on 100% correct. It would be like closing down gun shops and expecting criminals to not have guns. It's literally nothing but feel-good legislation.

Point 3 is correct but could possible benefit from just a little clarification in the entry. Properly-implemented encryption technology is mathematically unbreakable at this point in time. The NSA can and has successfully attacked *improperly* implemented encryption, and they have successfully attacked specific targets through other non-encryption-related methods (e.g. installing a key logger on their computer).

I think this article might want to also mention that without encryption, there is no internet commerce. You could extrapolate that out further by saying that if we, against our better judgment, gave the government some sort of backdoor access, this backdoor WOULD inevitably be lost or stolen, and then, at that point in time, ALL internet commerce would be vulnerable to attack. It would be a huge nightmare.

Sten Williams

You won't believe if I say that the most common students mistake for all systems is anonymity loss. Such an effect is called "loss of identity" but sometimes it's replaced by "anonymity loss" as well. Here's the link to the source -
https://essaydune.com/most-common-college-writing-mistakes/ for share.

mahjong online

This si the free mahjong games which makes the free membership for the mah jong and gets the mahjong online and gets the right cheats and VIP entry to free online mahjong games as a result of which http://mahjongfreegames.online

Anonymous

TweakBox
ACMarket
Terrarium TV

Anonymous

This is just great that you can have the http://pokemongohacker.net/ online here for free pokecoins whenever you want.

blhnjk

Cartoon HD APK
ShowBox APK
Nox

Anonymous

Preferences across xbox one and MIcrosoft pc games. at the heart http://xblivecodes.net of direct x 12 is than ever before maximizing use of existing graphics hardware.

mahjong

This is the way of doing things as a result of which you can play mahjong games and get the free online mahjong games so that you can get free membership with each cheat and code believe me its ahjong online http://mahjongfreegames.online

ASDFDSAZ

root explorer
Freedom APK
appvn
psiphon

Popcorn Time

Popcorn Time APK Download
Popcorn Time for ios
Popcorn Time for Pc
Popcorn Time for Mac
Popcorn Time APK Download

Pages

Stay Informed