CAMBRIDGE, MA, USA, Jan 23 2019 (IPS) — On Dec. 6, the Australian parliament rushed to pass a bill that could weaken security on the phones and software people rely on every day, in Australia and worldwide. The sweeping law could force tech companies to take vaguely described actions to access encrypted data.
For example, authorities could order Apple and WhatsApp to send secretly altered software updates that would undermine the encryption they use to protect our data and communications.
At a time when governments across the globe are engaging in increasingly invasive surveillance, unfettered public access to encryption protects our basic rights to privacy and freedom of expression. Users should call on their governments to promote strong encryption, not undercut efforts to protect our safety and rights.
Encryption ensures that our information stays private, whether we are browsing the web, buying things, chatting online, or sending an email. We may not always know it, but the security of our networks relies on encryption, which scrambles our data so no one else can see what we’ve written or said unless we want to share it with them.
Strong encryption also ensures our safety in other critical ways. It protects our communications networks, our power grids, our hospitals, and our transportation systems.
Encryption is especially important for the most vulnerable among us. Access to encrypted tools is critical to maintaining the safety of people who are disproportionately subjected to surveillance and scrutiny, whether victims of domestic abuse or minorities and other marginalized members of society. Political dissidents, journalists, and activists are vulnerable to retaliation for expressing their views or exposing wrongdoing. By encrypting our devices and our messages by default, we–along with the companies that build these tools–are taking steps to ensure that we can speak out without endangering ourselves.
Encryption also helps protect us in our personal lives, keeping us safe from online harassers, abusive partners, or other malicious people. The market for commercial spyware products has skyrocketed, and there is mounting evidence that these tools are being used to monitor, abuse, intimidate, and victimize people, especially intimate partners. When our tools use encryption by default, we have more control over our information from people in our lives who might want to hurt us.
As companies and nongovernmental organizations have taken steps to secure communications by using encryption, many governments have complained that it is hampering their ability to investigate criminals and conduct surveillance. In recent years, some governments have called for building intentional weaknesses, or backdoors, into encrypted technologies.
The Australian law passed despite strong opposition by cybersecurity experts, human rights groups, and some members of parliament. It is modelled on the UK’s Investigatory Powers Act, which similarly requires companies to potentially break encryption and hack into their own systems. In the US, law enforcement officials continue to call for anti-encryption legislation, even though they have been criticized for overstating the problem encryption poses to investigations.
Cybersecurity experts have repeatedly explained that laws addressing the challenges raised by encryption misunderstand how the technology works. There is no plausible way to build tools to undermine encryption without eroding everyone’s security. People with technical expertise and bad intentions will figure out how to manipulate such tools. By weakening encrypted technologies for government agencies, we weaken it for everyone.
The issue is so important that UN human rights experts have warned governments that weakening encryption could have a devastating impact on human rights. Governments should be seeking to strengthen, not weaken, encryption.
Digital security is about tradeoffs: There will always be risks when you use the internet. Encryption simply helps us manage those risks and make sure that we are taking steps toward securing our communications. Human Rights Watch has created a new interactive game about digital security to help people understand why encryption is needed to protect us.
The Australian government promised to consider amendments to the anti-encryption law next year in response to opposition. We hope the public will use the game to understand just how much their security could be put at risk if the law isn’t substantially revised to prevent encryption backdoors.
We all pay a price when the tools we rely on every day to keep us secure are compromised.
Rebecca Ricks was the 2017-2018 Ford-Mozilla Open Web Fellow at Human Rights Watch. She now works as an independent researcher.