Last year, Australia passed a controversial bill weakening security on the iPhones and software people rely on in today’s digital world. This sweeping law could force tech companies to access encrypted data.
Australia is not alone in designing a national security strategy that responds to geopolitical trends, defence needs, and outside interference but also emerging non-traditional security concerns such as climate change, cyber issues, and transnational organized crime. Since all of this is allied to global digitalization, it is no surprise that surveillance and encryption are also the focus of new policies.
In Canada, Privacy Commissioner Daniel Therrien has said companies that manufacture telecommunication devices have a responsibility to protect the personal information of their customers. But, he argued that companies are also subject to laws and judicial warrants that grant access to personal information that may be legitimately needed when public safety is at risk.
“Finding the right balance between encryption and the needs of law enforcement is a tough nut to crack and I don’t think anyone has the exact answer as to where to draw the line at this point,” he said. “This is definitely a debate we need to have in Canada.”
In August 2019, Citizen Lab, based at the Munk School of Global Affairs at the University of Toronto, noted that while Canada has “historically opposed the calls of its western allies to undermine the encryption protocols and associated applications that secure Canadians’ communications and devices from criminal and illicit activities,” this position appears to have changed.
It noted a communique issued in July 2019 by Canada, Australia, New Zealand, the United Kingdom and the United States — all members of the “Five Eyes” intelligence sharing partnership — which stated, among other things, that:
“Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.”
What this effectively means, in a Canadian context, is that, “the Government of Canada has formally asserted its opposition to the strong encryption relied upon by government employees, politicians, business persons, and citizens and residents of Canada in the course of all of their daily and routine activities,” according to Citizen Lab.
In “Protecting Your Security and Rights Online” (Inter Press Service, January 23, 2019) Rebecca Ricks writes:
“At a time when governments across the globe are engaging in increasingly invasive surveillance, unfettered public access to encryption protects our basic rights to privacy and freedom of expression. Users should call on their governments to promote strong encryption, not undercut efforts to protect our safety and rights.”
Encryption is supposed to ensure that information stays private by scrambling data so that no one else can see it or read it without a decryption key. In practice, security forces and corporate interests are keen to be able to crack any code. Unfettered public access to encryption is not in their interests.
There are two different types of end-to-end encryption:
- Symmetric key algorithms that use related or identical encryption keys for both encryption and decryption — “private-key cryptography.”
- Asymmetric key algorithms that use different keys for encryption and decryption — “public-key cryptography.”
Government agencies have been known to steal keys by removing computers, or by putting malware on them using physical access or phishing attacks. This undoes the protection cryptography offers. It is comparable to having a secure lock on your door, but for someone to copy it and be able to get into your house without picking the lock.
As Ricks points out:
“Access to encrypted tools is critical to maintaining the safety of people who are disproportionately subjected to surveillance and scrutiny, whether victims of domestic abuse or minorities and other marginalized members of society. Political dissidents, journalists, and activists in particular are vulnerable to retaliation for expressing their views or exposing wrongdoing.”
How can we address international and national security issues and tackle serious crime such as drug and people trafficking while simultaneously guaranteeing privacy and people’s civic rights? What are your views?
Philip Lee is WACC general secretary and editor of its international journal Media Development. His edited publications include The Democratization of Communication (1995), Many Voices, One Vision: The Right to Communicate in Practice (2004); Communicating Peace: Entertaining Angels Unawares (2008); and Public Memory, Public Media, and the Politics of Justice (ed. with Pradip N. Thomas) (2012).
WACC Global is an international NGO that promotes communication as a basic human right, essential to people’s dignity and community. It is a member of the ACT Alliance.
Image: Marcus Spiske/Unsplash