Are we about to lose the last pillar of our digital security?
Breaking encryption and criminalising its use will not resolve the deep societal issues we are facing. Instead, governments should protect and promote the very tool that ensures our digital security.
If you use encrypted apps like WhatsApp, Signal or ProtonMail, you should be concerned about the potential passing of a new European law. This draft law threatens to install de facto spyware on each device and spy on your private communications with friends, colleagues, and families even though they are encrypted.
This is part of a wider trend in Europe, where police hack entire networks of communications, and where people are being put on trial, detained or questioned for using encrypted tools or attending digital literacy training courses.
Journalists, political opponents and human rights defenders are targeted with spying software, undermining their safety and preventing them from combating power abuses. There is an increased political push by states and law enforcement for surveillance measures and backdoors to everyone’s private spaces.
At EDRi, we hear from people whose life depends on their digital safety every day. These are journalists, land defenders, women activists, human rights advocates, sex workers and ordinary people who value their privacy. Breaking encryption and criminalising its use will not resolve the deep societal issues we are facing. Instead, governments should protect and promote the very tool that ensures our digital security.
What are the current attacks on encryption?
For decades, states have advocated for the creation of backdoors granting “exceptional access” to encrypted data. Without success. Today, they are turning to companies to put them directly in charge of scanning all their content and detecting unwanted ones.
For example, the European Union is proposing a new law — the CSA Regulation — that purportedly aims to combat the dissemination of child sexual abuse material. No matter if you are under suspicion of having committed a crime or not, you and the other hundreds of millions of people living in the EU will be affected.
What it does, however, is turn your phone or smartwatch into a spying machine. No matter if you are under suspicion of having committed a crime or not, you and the other hundreds of millions of people living in the EU will be affected.
What it does, however, is turn your phone or smartwatch into a spying machine. No matter if you are under suspicion of having committed a crime or not, you and the other hundreds of millions of people living in the EU will be affected.
The governments of Spain and Cyprus have made it clear that they see this law as their opportunity to get broad access to people’s private encrypted messages. And it would not stop here: Spain also explicitly calls to ban end-to-end encryption. The demonisation of encryption is ever more seen in states’ repressive actions against activists.
Could using basic digital tools get you in trouble?
Recent cases show that the use of encrypted tools is perceived as “suspicious” or “clandestine” behaviour. Sean Binder and Sarah Mardini, two young activists, were doing search and rescue operations in Greece to save people on the move.
However, since 2021, they’ve been facing a charge of espionage because they coordinated with other humanitarian actors through WhatsApp, the encrypted messaging service used by 2 billion people across the world.
As Binder told The Guardian in November 2021, “As absurd as the charges may be, they cast a shadow over your life that makes it impossible to move on.” Trivial facts such as using Signal and other mainstream encrypted apps, common digital anonymity tools like Tor or participating in digital security training are used as evidence [of hiding] criminal activity.
Another case of criminalisation involves seven people put on trial in France for using encrypted tools. Trivial facts such as using Signal and other mainstream encrypted apps, common digital anonymity tools like Tor or participating in digital security training are used as evidence that they attempt to hide criminal activity.
“In our case, the French state attempts to criminalise the use of these tools in order to delegitimise and erase all possibilities to protect ourselves online. Its goal is to intensify the already ferocious repression of activists,” one of the accused in the so-called 8 December case, Camille, shared with French advocacy group La Quadrature du Net.
Privacy empowers, surveillance weakens
On top of this, EU states drag their feet when it comes to putting an end to the dangerous market of surveillance technologies. Coined as the “Insecurity Industry” by Edward Snowden, the ex-NSA agent who revealed ten years ago the US extensive spying activities, this market has become uncontrollable.
It brought to the world extremely intrusive software like the infamous Pegasus, that can turn your phone into a 24-hour spying machine that hears and sees everything you do. In Spain, this tool affected 65 direct victims, and thousands of collateral ones, leading to the largest case of certified cyber-surveillance in history. And yet nothing is being done to effectively stop the production, sale and use of such spyware.
In the face of such attacks, it is all the more important to protect encryption and people’s digital security. Encryption enables confidential communications and sustains our capacity to work, organise, socialise, love and care for each other safely.
For example, online spaces are essential for young people as they explore their own identities, form their opinions and beliefs, and connect with others. Making social media, instant messaging apps and video games empowering and safe spaces for youth can only be possible if private companies, governments and others respect the integrity and privacy of these spaces.
Grave consequences for the lives of many
Evidence shows that 80% of young people would not feel comfortable exploring their sexuality or being politically active if authorities were able to monitor their digital communication. In the case of women defenders, indigenous land defenders, racial justice activists and defenders of migrant rights, unsafe communications can have life-or-death consequences.
For instance, Black Lives Matter organisers and demonstrators have shared that they feel safer communicating with end-to-end encryption. Given the grave consequences for the lives of many, and especially the most marginalised, it is crucial that everyone’s privacy is ensured.
Similarly, sex workers’ lives depend on private communication and encryption as they are being brutally criminalised and discriminated against in all countries.
“I rely on the internet to work and I also want to stay safe. I am used to not being protected by my government but at least don’t prevent me from protecting myself. I don’t need this extra fear of ‘they are watching everything I do and I can’t do anything about it,” Ember, a sex worker, told the European Sex Workers’ Rights Alliance.
Given the grave consequences for the lives of many, and especially the most marginalised, it is crucial that everyone’s privacy is ensured.
Yet, the CSA Regulation could undermine encryption and enable mass surveillance. As the European Parliament is about to vote on this draft law, it has the unique opportunity to safeguard the trust we have in secure and confidential communications by rejecting it.
This article was first published here by Euronews.