Wednesday, 3 June 2015

UN Report Argues Online Anonymity Is a Universal Human Right

Stalemate might be the best way to describe the international debate over encryption and anonymity. The online privacy that the tech industry and civil liberty groups advocate for is the very threat to national security that state actors fight against.

Last week, however, a United Nations report added its opinion to the conversation:

Encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection.

The report on the promotion and protection of the right to freedom of opinion and expression closely evaluated submissions of information from state actors and non-governmental stakeholders alike; throughout, Special Rapporteur and author David Kaye called into question normalized government practices, as well as their underlying rationale.

The report makes several key points that the privacy-versus-security debate often overlooks:

1. Online anonymity is a fundamental right, not a force for evil. Kaye explains, “the “dark” side of encryption and anonymity is a reflection of the fact that wrongdoing offline takes place online as well.” Encryption and anonymity have not created crime; people have. Online privacy should not be reduced to an open invitation to hackers, thieves, and other criminals when it is in fact a fundamental human right. 

The report recognizes that complete anonymity is necessary for online privacy and cites metadata analysis and state censorship as reasons individuals seek protection: “A VPN connection, or use of Tor or a proxy server, combined with encryption, may be the only way in which an individual is able to access or share information in such environments.”

2. States have become overly reliant on surveillance as a method of national security. Governments tend to see online privacy as a threat to national security. The report, however, emphasizes that today’s surveillance, which goes beyond limited and exceptional circumstances, infringes upon human rights: “Surveillance systems, both targeted and mass, may undermine the right to form an opinion, as the fear of unwilling disclosure of online activity, such as search and browsing, likely deters individuals from accessing information, particularly where such surveillance leads to repressive outcomes.” 

There are countless examples of governments today pushing for weak encryption standards, backdoors, key escrows, and real-name registration, all in the name of keeping the populace safe from terrorism. Kaye asks states to think more broadly: “States downplay the value of traditional non-digital tools in law enforcement and counter-terrorism efforts, including transnational cooperation.”

3. Corporations often dictate the extent to which digital privacy is upheld or compromised. The report focuses on the role of government in digital privacy, but still mentions the corporations that produce hardware and software and collect and store user data, highlighting the interconnected relationship between the two. Kaye concludes that future research into the role corporations should play is needed, but also insinuates where that research might lead: “The responsibility to respect human rights applies throughout a company’s global operations regardless of where its users are located, and exists independently of whether the State meets its own human rights obligations.” As data breaches become increasingly common, Kaye is willing to push to define the accountability of companies in maintaining privacy.

A report from the United Nations is uniquely positioned to encourage governments to rethink their approaches to online privacy. Perhaps this is just the push that the privacy-versus-security debate needs to find some common ground.

No comments:

Post a Comment