Image: Don’t stop encrypting

What encryption is, and why Kenyans should keep using it

Following the recent presidential elections in Kenya, the country’s new leader William Ruto promptly declared that the use of end-to-end encrypted (E2EE) messaging platforms was no longer necessary, since his government would not spy on citizens’ private communications. While we applaud President Ruto’s public commitment to privacy, it’s critically important that Kenyans continue to use secure, private E2EE messaging platforms. 

To understand why end-to-end encryption is so critical and useful, we need to first understand how it works. Put simply, encryption means encoding information so that only the people authorized to see it – you and your intended recipient – can decode it. You already use encryption every day, although you may not realize it: it’s what makes mobile banking transactions, online shopping, and other basic online activities work. It also protects the personal, and potentially sensitive, information you may share via secure messaging apps like WhatsApp or Signal. This in turn protects you from surveillance, hacking, or crimes like identity theft. When you communicate using end-to-end encryption, even the service provider cannot access the information you exchange. 

But don’t just take our word for it. You’ll find strong endorsements for encryption as a vital privacy and security measure central for the digital economy and cybersecurity in Kenya’s Digital Economy Blueprint and the African Union Convention on Cybersecurity and Personal Data Protection.

Here are some more good reasons you should continue using secure messaging platforms and support strong encryption: 

  1. Giving law enforcement exceptional access threatens human rights and democracy

Kenyans increasingly turn to E2EE messaging platforms to protect their privacy. Yet government authorities around the world continue to press for exceptional access — a special “back door” — for law enforcement. Make no mistake: any such access makes encrypted platforms less secure, and  limits your ability to exercise your human and democratic rights to privacy, freedom of expression, freedom of association, and access to information. In fact, Principle 40 of the Declaration of Principles on Freedom of Expression and Access to Information in Africa prohibits member states from adopting laws that “prohibit or weaken encryption, including backdoors, key escrows and data localisation requirements, unless such measures are justifiable and compatible with international human rights law and standards.”

The UN Office of the United Nations High Commissioner for Human Rights (OHCHR) specifically warns governments against undermining encryption, stating, “[E]ncryption is a key enabler of privacy and security online and is essential for safeguarding rights. In recent years, various Governments have taken actions, which, intentionally or not, risk undermining the security and confidentiality of encrypted communications. This has concerning implications for the enjoyment of the right to privacy and other human rights.” 

  1. Strong encryption strengthens both privacy and security

Privacy is a fundamental human right and Kenya’s constitution has important protections for privacy. Any laws or policies that seek to limit this right must be proportionate, necessary, and legal. It is not true that giving law enforcement exceptional access to people’s private information is a prerequisite for ensuring their security. Digitisation has already made large amounts of previously obscure data easily available to law enforcement.  As more and more African countries digitise government services, this entails the processing of more and more personal and often highly sensitive data. As governments themselves become vulnerable to cyber attacks, Kenyans need encryption more than ever to strengthen both privacy and security.

  1. Strong encryption keeps everyone safer online, including children

Some argue that strong encryption is a barrier to keeping children safe online or combating the proliferation of child sexual abuse material (CSAM). However, this line of argument is a red herring; encryption and child safety are not on opposite sides in a “privacy vs. safety” debate. In fact, privacy is essential for everyone’s safety. Since encryption provides a way to authenticate people’s identities online, it is a tool to keep children safe – while also helping to protect their data, along with their rights to privacy, freedom of expression, and access to information.

  1. Strong encryption is crucial for cybersecurity and protects national security

Government departments, including intelligence, healthcare, and election agencies, regularly rely on encryption to securely share highly sensitive information within and outside of their networks. While it is true that criminals also use encryption for nefarious ends, laws to weaken encryption locally would not stop criminals from getting access to secure platforms or services hosted elsewhere. In fact, it would likely drive their operations beyond the relevant jurisdiction, making it harder to access their communications and bring them to justice . 

Implementing E2EE as the rule, rather than the exception, also fosters a more secure online environment. When only some systems are encrypted, they are seen as higher value targets for hacking. If all messaging platforms were encrypted by default and interoperable, it would reduce the risk of devastating data leaks or breaches when people send messages between platforms. 

Which E2EE platforms should I use?

While everyone has unique needs when it comes to security, we generally recommend these secure messaging services.

  • Signal: Available for free on both iOS and Android platforms, Signal has E2EE enabled for messages, voice calls, and video calls. You can set up a timer for disappearing messages and use it on your desktop, but you will need an existing phone number. 
  • WhatsApp: Available for free on both iOS and Android platforms, WhatsApp enables E2EE for both calls and messaging, and can be used on your browser. It also requires a phone number to get started. 
  • Wire:  Available on both iOS and Android platforms, Wire  has E2EE enabled for messages, video calls, and voice calls. You can also set a timer for disappearing messages, or delete messages in your recipient’s devices. You can register with either an email address or phone number. 

If you’re a human rights defender,  and you need emergency assistance with digital safety, please reach out to Access Now’s Digital Security Helpline

You can get more detailed information about secure messaging apps here. For those looking to deepen their knowledge about encryption and why it matters, read our brief busting encryption myths.