Civil society groups urge governments to promote and protect encryption and anonymity

Human Rights Council

Today at the 29th session of the UN’s Human Rights Council (HRC) in Geneva, Access joined a group of more than 25 civil society organizations in a joint statement that calls on all governments to promote the use of strong encryption technologies, and to protect the right to seek, receive, and impart information anonymously online.

The groups submitted the joint statement to the Council in concert with the presentation today by David Kaye, the new UN Special Rapporteur on freedom of opinion and expression, of his landmark report on encryption and anonymity. The report affirms that anonymity and encryption are necessary for the advancement of human rights in the digital age. These tools provide journalists, human rights activists, and members of minority groups with the protective measures they need for exercising their rights to freedom of opinion and expression.

Access and our cosigners emphasized that people across the globe are facing threats to fundamental rights, such as blanket state surveillance and unauthorized access to private data. Governments have a duty to protect our right to privacy and allow us to use encryption and anonymity tools without obstruction by government regulations or corporate policies.

Below we take a look at the specific recommendations in the letter, and give you information about the issues that will be addressed at the 29th session of the HRC.

Recommendations for governments

The statement lists concrete recommendations for governments in direct reference to the Special Rapporteur’s report [DOC]. First, “any laws or regulations that restrict the use of encryption or anonymity online should be revised to comply with the three-part test set out by the Special Rapporteur,” in accordance with the principles of legality, necessity, proportionality, and legitimacy in objective. Laws or regulations that impose broad restrictions, mandated backdoors, or weak encryption standards do not meet these criteria. On top of creating chilling effects, introducing any such weaknesses into digital architecture for the purposes of surveillance is an attack on the security of the internet as a whole.

Countries should also adopt and implement the report’s core recommendations with regards to protecting anonymity online, such as refraining from requiring identification of users as a condition for accessing online services, or mandating ID registration for SIM cards. Governments should not limit access to anonymity tools, as they are critical for people to circumvent barriers such as unlawful censorship, and allow the access to information and ideas necessary to develop opinions.

Recommendations for ICT companies

However, it is not just governments who have responsibilities when it comes to ensuring users’ right to secure communications and anonymity online. In the statement, the groups also call on information and communications technology (ICT) companies to take necessary steps, including using end-to-end encryption by default  “in every online service and product” and “resisting efforts by governments to require [internet services] to compromise anonymity and encryption.”

Companies should also revise their policies to enable encryption and anonymity in order to “create a zone of privacy to protect opinion and belief.” The groups call on companies to commit to ensuring users’ right to anonymity using measures such as refraining from requiring users to provide real-names when registering for service accounts and maintaining the security of users’ credentials.

The Special Rapporteur’s report closes by inviting all stakeholders, including civil society, to engage in a campaign to bring encryption by design and default to people around the world, and, where necessary, to ensure that users at risk be provided with the tools for exercising their right to freedom of opinion and expression securely.

We hope that the Special Rapporteur’s presentation and recommendations, as endorsed by civil society groups including Access, will prompt national representatives to take action and spark reform in their respective countries.

Digital rights issues at stake at the 29th HRC session

Three years after the Human Rights Council adopted a landmark resolution affirming that “the same rights people have offline must also be protected online,” the HRC continues to serve as a platform for the recognition and advancement of digital rights.

If you would like to review the issues and events on our radar at the 29th session, we invite you to read the detailed policy brief that we prepared with our partners at the Association for Progressive Communications. The brief highlights events such as the announcement of the results of the selection process for a new Special Rapporteur on the right to privacy — whose mandate was formally established at the last session of the Human Rights Council in March — and issues such the need for National Action Plans on business and human rights.

We also invite you to follow the proceedings online, using the Twitter hashtag of the session #HRC29, or watching the plenary sessions which will be live streamed and archived here.