Stalemate might be the best way to describe the
international debate over encryption and anonymity. The online privacy that the
tech industry and civil liberty groups advocate for is the very threat to
national security that state actors fight against.
Last week, however, a United Nations report added its
opinion to the conversation:
Encryption and anonymity enable individuals to exercise their
rights to freedom of opinion and expression in the digital age and, as such,
deserve strong protection.
The report on the promotion and protection of the
right to freedom of opinion and expression closely evaluated submissions of
information from state actors and non-governmental stakeholders alike;
throughout, Special Rapporteur and author David Kaye called into question normalized
government practices, as well as their underlying rationale.
The report makes several key points that the privacy-versus-security
debate often overlooks:
1. Online anonymity
is a fundamental right, not a force for evil. Kaye explains, “the “dark” side of encryption and anonymity is a reflection of
the fact that wrongdoing offline takes place online as well.” Encryption and
anonymity have not created crime; people have. Online privacy should not be
reduced to an open invitation to hackers, thieves, and other criminals when it
is in fact a fundamental human right.
The report recognizes that complete anonymity is
necessary for online privacy and cites metadata analysis and state censorship
as reasons individuals seek protection: “A VPN connection, or use of Tor or a
proxy server, combined with encryption, may be the only way in which an
individual is able to access or share information in such environments.”
2. States have become overly reliant on surveillance as a method
of national security. Governments tend to see online
privacy as a threat to national security. The report, however, emphasizes that today’s
surveillance, which goes beyond limited and exceptional circumstances, infringes
upon human rights: “Surveillance systems, both targeted and mass, may
undermine the right to form an opinion, as the fear of unwilling disclosure of
online activity, such as search and browsing, likely deters individuals from accessing
information, particularly where such surveillance leads to repressive
outcomes.”
There are countless examples of governments today pushing
for weak encryption standards, backdoors, key escrows, and real-name
registration, all in the name of keeping the populace safe from terrorism. Kaye
asks states to think more broadly: “States downplay the value of traditional
non-digital tools in law enforcement and counter-terrorism efforts, including
transnational cooperation.”
3. Corporations
often dictate the extent to which digital privacy is upheld or compromised.
The report focuses on the role of government in digital privacy, but still mentions
the corporations that produce hardware and software and collect and store user
data, highlighting the interconnected relationship between the two. Kaye concludes
that future research into the role corporations should play is needed, but
also insinuates where that research might lead: “The responsibility to respect
human rights applies throughout a company’s global operations regardless of
where its users are located, and exists independently of whether the State
meets its own human rights obligations.” As data breaches become increasingly
common, Kaye is willing to push to define the accountability of companies in
maintaining privacy.
A report from the United Nations is uniquely positioned to
encourage governments to rethink their approaches to online privacy. Perhaps
this is just the push that the privacy-versus-security debate needs to find
some common ground.
No comments:
Post a Comment