Government attacks on the encryption of online communication threaten human rights around the world, warned Amnesty International in a briefing published today as tech giant Apple challenges the US Federal Bureau of Investigation (FBI) in court over an order to provide software to bypass iPhone encryption.
The briefing, Encryption: A Matter of Human Rights, which is Amnesty International’s first official stance on encryption and human rights, says that people everywhere should be able to encrypt their communications and personal data as an essential protection of their rights to privacy and free speech.
“At stake in the Apple case is whether a future administration could exploit the next national moment of crisis, and use its access to our phones to target journalists, or persecute activists and minorities, said Naureen Shah, director of security and human rights at Amnesty International USA.
“Encryption is a basic prerequisite for privacy and free speech in the digital age. Banning encryption is like banning envelopes and curtains. It takes away a basic tool for keeping your private life private,” said Sherif Elsayed-Ali, Amnesty International’s Deputy Director for Global Issues.
“Governments trying to undermine encryption should think twice before they open this Pandora’s Box. Weakening privacy online could have disastrous consequences for free societies, particularly for the human rights activists and journalists who hold our leaders to account.”
Demanding ‘backdoors’ can violate human rights
The briefing warns against attempts to make companies create a “backdoor” in encryption software. It says these measures violate international human rights law, because they indiscriminately undermine the security of the communications and private data of anyone using the software.
In the Apple v FBI case, seeking to access the data on the particular phone in question may be legitimate. However, it is the method of accessing it – which would require a company to customize its software in order to defeat its security features – that risks setting the stage for the US government, and potentially other governments, to compel technology companies to modify their products to weaken or otherwise circumvent encryption.
Such “backdoors” not only threaten online privacy, but can also have a chilling effect on the exercise of free expression and expose online communications and individuals' data to security threats such as criminals stealing credit card data.
“The Apple case shows what is at stake in the encryption debate. It is not just about one phone, but whether governments should be able to dictate the security of software that protects the privacy of millions of people,” said Sherif Elsayed-Ali.
“Opening a “backdoor” in security for governments risks opening the door to both cyber criminals who want to hack your phone and governments around the world who want to spy on and repress critics.”
“If the US authorities force one of the world’s biggest tech companies to make its products less secure, the danger is that governments around the world will follow suit and demand similarly intrusive powers from the hundreds of smaller companies developing privacy technology.”
Encryption under threat
With online censorship and surveillance a growing threat to human rights, undermining encryption could threaten the ability of people around the world to freely communicate and use the internet, such as human rights activists who challenge the authorities, journalists who uncover corruption, and lawyers holding powerful governments to account, Amnesty International said.
Several countries already limit who can encrypt their communication or the strength of encryption allowed, such as Cuba, Pakistan and India. Others, such as Russia, Morocco, Kazakhstan, Pakistan and Colombia, sometimes go as far as banning it altogether.
Amnesty International’s briefing sets out limited circumstances in which encryption can be restricted, such as when restrictions are necessary to achieve a legitimate end, and are proportionate to the aim for which they are imposed.
Instead of blocking encryption, Amnesty International is calling on governments to actively promote and protect online communications, including by facilitating the use of encryption tools and services, so that everyone has to means to defend themselves from unauthorized access to, theft or monitoring of their personal information, be it from foreign states, international organisations, corporations or private individuals.
Amnesty International is also calling on companies to provide an adequate level of encryption to protect their personal data.
“Banning or undermining encryption will have one clear result: making us all less secure and undermining our privacy. Some governments are trying to limit encryption, ostensibly for security reasons, but this fails to take into account the serious ramifications that weakening encryption would have for online security. That is short-sighted and misguided,” said Sherif Elsayed-Ali.