Human rights and encryption

In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.

[citation needed] The TLS protocol, which becomes visible to the normal internet user through the HTTPS header, is widely used for securing online commerce, e-government services and health applications as well as devices that make up networked infrastructures, e.g., routers, cameras.

The integrity of these Privacy Enhancing Technologies (PETs), depends on delicate design decisions as well as the willingness of the service provider to be transparent and accountable.

[1] Following the discovery of vulnerabilities, there is a growing awareness that there needs to be more investment in the auditing of widely used code coming out of the free and open software community.

The pervasiveness of business models that depend on the collection and processing of user data can be an obstacle for adopting cryptographic mechanisms for protecting information at rest.

Many of the available encryption tools are not developed or offered by traditional service providers or organizations but by experts in the free and open-source software (FOSS) and Internet engineering communities.

These PETs include standalone encryption applications as well as browser add-ons that help maintain the confidentiality of web-based communications or permit anonymous access to online services and search engines.

[14] As noted by the Berkman Center report, metadata is generally not encrypted in ways that make it inaccessible for governments, and accordingly "provides an enormous amount of surveillance data that was unavailable before [internet communication technologies] became widespread.

[17] In 2016, the Ministers of the Interior of France and Germany jointly stated the need to work on solutions for the challenges law enforcement can face as a result of end-to-end encryption, in particular when offered from a foreign jurisdiction.

"[1] The United Nations Educational, Scientific and Cultural Organization (UNESCO) identified encryption as a relevant element for policy on privacy and freedom of expression.

The Keystones Report (2015) articulates that "to the extent that our data can be considered representative of ourselves, encryption has a role to play in protecting who we are, and in preventing abuse of user content.

"[22] The report recognizes "the role that anonymity and encryption can play as enablers of privacy protection and freedom of expression" and proposes that UNESCO facilitate dialogue on these issues.

Generally, the available guidance at the international level clarifies that when limitations are imposed on encryption, relevant human rights guarantees have to be strictly observed.

This involved the adoption of the Communications Assistance for Law Enforcement Act (CALEA), containing requirements for telecommunications providers and equipment manufacturers to ensure the possibility of effective wiretapping.

[24] It also involved a debate over existing export controls on strong encryption products (considering their classification as munition) and a criminal investigation into cryptographic email software developer and activist Phil Zimmermann.

The case was dropped and the general debate resolved after the liberalization of export controls on most commercial products with strong encryption features and the transfer of these items from the U.S.A.

The policy, issued under Section 84A of the Indian Information Technology (Amendment) Act, 2008 was short-lived, but worries remain about the lack of safeguards for privacy and freedom of expression that the draft illustrated.

[1] Section 84A of the Indian Information Technology (Amendment) Act, 2008 empowers the government to formulate rules on modes of encryption for the electronic medium.

Legal commentators have noted the lack of transparency about what types of encryption use and deployment are permitted and required under Indian law, especially in the field of electronic communications services.

[1] Thus, the Central Indian Government has, in theory, a broad exclusive monopoly over electronic communications which includes the privilege to provide telecommunication and Internet services in India.

Brazil has a well-established e-government model: The Brazilian Public Key Infrastructure (Infraestrutura de Chaves Públicas Brasileira – ICP-Brasil [pt]).

In practice, the ICP-Brasil digital certificate acts as a virtual identity that enables secure and unique identification of the author of a message or transaction made in an electronic medium such as the web.

[33] Since it switched to a full end-to-end encryption, the service has been periodically blocked as a result of a court order in an attempt to make the company comply with demands for information.

[38] In Egypt, Article 64 of the 2003 Telecommunication Regulation Law states that the use of encryption devices is prohibited without the written consent of the NTRA, the military, and national security authorities.

Ghana recently introduced a draft law aiming at intercepting electronic and postal communications of citizens, to aid crime prevention.

[1] In addition to the duty to not infringe these rights, States have a positive obligation to effectively ensure the enjoyment of freedom of expression and privacy of every individual under their jurisdiction.

The substantial rights have to be construed in a way that they also contain the duty to make governance systems transparent, at least to the extent that allows citizens to assess who made a decision and what measures have been taken.

Since a great amount of data is traveling through their routers and is stored in their clouds, they offer ideal points of access for the intelligence community and non-state actors.

The role has to be reflected in the human rights debate as well, and it calls for a comprehensive integration of security of user information and communication in the emerging Internet governance model of today.

[1] "UNESCO considers an interference with the right to encryption as a guarantee enshrined in the freedom of expression and in privacy as being especially severe if: This article incorporates text from a free content work.