Encryption
Why encryption matters
Encryption is a cornerstone of digital security, protecting sensitive information from being accessed by unauthorised parties. It ensures the confidentiality of communications, safeguards financial transactions, and is critical for the safe operation of the internet. Beyond its technical applications, encryption underpins fundamental human rights such as privacy and freedom of expression, especially in the digital age.
For civil society, encryption serves as both a shield and a tool:
- Shield: It protects activists, journalists, and marginalised groups from surveillance and persecution, particularly in authoritarian contexts.
- Tool: Encryption enables secure advocacy, organising, and mobilisation efforts globally.
Balancing the use of encryption for privacy with the need for national security is a contentious issue, but one where civil society plays a crucial role in ensuring that human rights are not sacrificed.
Key challenges in encryption governance
The security vs privacy debate
Encryption enables individuals and organisations to safeguard their data, but it also poses challenges for law enforcement. Governments often argue for access to encrypted communications to combat crime and terrorism. However, purposely-designed backdoors or weakened encryption can expose all users to potential exploitation by malicious actors, undermining trust in digital systems.
Global disparities in encryption access
The availability and use of strong encryption vary significantly across regions. In the Global South, where technical capacity and digital literacy may be lower, individuals and organisations often lack access to robust encryption tools. This disparity exposes vulnerable communities to greater risks of surveillance and cybercrime.
The push for international regulation
Efforts to create international frameworks for encryption, such as the Wassenaar Arrangement and OECD guidelines, have been controversial and largely ineffective. These frameworks often reflect the interests of powerful states and corporations, sidelining the needs and perspectives of civil society.
Encryption and human rights
Encryption is not just a technical issue – it is a human rights issue as well. Key intersections include:
- Privacy: Encryption protects individuals from mass surveillance, unlawful monitoring, and identity theft.
- Freedom of expression: Activists and journalists rely on encryption to communicate and report without fear of reprisal.
- Economic equality: Encryption supports secure e-commerce and digital financial inclusion, which are essential for bridging economic divides.
The UN Special Rapporteur on freedom of expression has emphasised the importance of encryption and anonymity in protecting privacy and fostering freedom of expression. Civil society must champion these principles to ensure that encryption policies respect human rights and address the needs of marginalised communities.
The policy dimensions of encryption
Encryption policy affects individuals, organisations, and governments on multiple levels:
Social and governance impact: Weak encryption or government-imposed backdoors can erode public trust in technology. Civil society should advocate for transparency and accountability in encryption policies to safeguard public interest.
Human rights and accountability: Encryption is essential for protecting privacy and enabling secure communications for human rights defenders, particularly in oppressive regimes.
Economic and developmental impact: Strong encryption is vital for secure online transactions, digital innovation, and economic growth. Civil society can push for policies that promote encryption as a driver of sustainable development.
Forums where encryption is addressed
Civil society can engage in various forums and processes where encryption policies are debated and shaped.
At the UN, encryption is frequently discussed in the context of human rights and development. The Human Rights Council and the UN General Assembly have addressed encryption’s critical role in protecting privacy and fostering secure digital communications. Civil society can contribute to these debates, ensuring that encryption remains a cornerstone for protecting digital rights.
The OECD Guidelines on Cryptography Policy, though non-binding, have shaped national encryption policies for decades. These guidelines encourage the development of encryption standards that balance security, privacy, and economic considerations. Civil society organisations can use these guidelines as a reference point to advocate for equitable and rights-respecting encryption practices.
The Wassenaar Arrangement is a multilateral export control regime that includes encryption technologies in its scope. Member states collaborate to regulate the export of sensitive encryption tools, ensuring these technologies are not misused while balancing innovation and security. Civil society can monitor these processes and advocate for transparency and fairness in export controls that may affect access to strong encryption.