Is encryption a basic human right? Amnesty International believes so, becoming one of the latest to weigh in on the Apple v FBI case. In this world of digital communication, encryption is intrinsically tied to privacy and the right to free speech. Amnesty has speculated that undermining encryption as the FBI requested from Apple could potentially open a 'Pandora's Box' for human rights.
Encryption image from Shutterstock, remixed by Gizmodo
“Encryption is a basic prerequisite for privacy and free speech in the digital age. Banning encryption is like banning envelopes and curtains. It takes away a basic tool for keeping your private life private,” said Sherif Elsayed-Ali, Amnesty International’s Deputy Director for Global Issues.
Encryption is banned in a number of countries including Russia, Morocco, Kazakhstan, Pakistan and Colombia, while other countries such as Cuba, Pakistan and India have strict limitations on who can encrypt their communications, or the strength of encryption that is allowed. Conservative governments from Britain and even here in Australia have also considered banning encryption — but according to Amnesty, encryption be considered a basic human right.
Amnesty has released a briefing in response to the matter — Encryption: A Matter of Human Rights — making it Amnesty International's first official stance on encryption, as it pertains to human rights. It concludes that everyone should be free to encrypt their communications and personal data in order to preserve their essential rights to privacy and free speech. Government attacks on encryption — like the FBI's demand for Apple to provide a 'backdoor' to bypass iPhone encryption — has the potential to threaten human rights around the world.
“Governments trying to undermine encryption should think twice before they open this Pandora’s Box," said Elsayed-Ali "Weakening privacy online could have disastrous consequences for free societies, particularly for the human rights activists and journalists who hold our leaders to account.”
While Amnesty accepts that, as in the case of Apple v FBI, seeking access to the data on one particular phone may be a legitimate request, the act of creating a 'backdoor' that can bypass any phone's encryption can be a risk to human rights — and could even violate international human rights law. Setting this precedent would risk giving the US government — and other international governments — the ability to compel technology companies to weaken or circumvent their encryption, moving ever closer to the line of banning it entirely.
“The Apple case shows what is at stake in the encryption debate. It is not just about one phone, but whether governments should be able to dictate the security of software that protects the privacy of millions of people,” said Sherif Elsayed-Ali.
Looking past the obvious risk to online privacy, Amnesty says that creating 'backdoors' can also have a 'chilling effect' on the exercise of free speech and freedom of expression through online mediums. It can even pose a security risk when personal data is poorly protected, opening the door to threats such as criminals stealing credit card data, or identity theft. “Opening a “backdoor” in security for governments risks opening the door to both cyber criminals who want to hack your phone and governments around the world who want to spy on and repress critics,” said Elsayed-Ali.
Amnesty has set out limited circumstances where encryption can be restricted — but only where they are necessary to achieve a legitimate end and are proportionate to what they are trying to achieve. It finishes by calling on governments to instead be more active in protecting online communications and even facilitating the use of encryption tools — allowing everyone to defend themselves from unauthorised access to their communications and data whether it's from international agencies, corporations or individuals. Amnesty also takes the opportunity to send a timely reminder to companies to provide an adequate level of encryption to protect their own personal data.
“Banning or undermining encryption will have one clear result: making us all less secure and undermining our privacy. Some governments are trying to limit encryption, ostensibly for security reasons, but this fails to take into account the serious ramifications that weakening encryption would have for online security. That is short-sighted and misguided,” said Elsayed-Ali.