Around the world, cyber attacks threaten national security and democracy. That’s why encryption is important: it’s the foundation for trust online and one of the best tools we have to keep our private communications and digital infrastructure secure. Yet in the face of these attacks — including the hacking revealed by the Pegasus Project — government authorities have persisted in arguing for encryption “backdoors” that would destabilize the internet and make everyone less safe. Meanwhile, Apple has announced a plan to circumvent end-to-end encryption — a choice that would limit people’s control of their own devices and put our privacy and security in jeopardy.
Our latest report, Policy brief: 10 facts to counter encryption myths, is a rebuttal of the most common arguments we are seeing over the last few years for weakening or bypassing encryption. It explains why encryption is important, not only for protecting privacy, free expression, and other human rights, but also for bulwarking the economy, preserving democracy, and ensuring national security. We debunk the most dangerous encryption myths — those that form the basis for deeply flawed laws and policies. We should not have to suffer more attacks, data breaches, or political scandals for decision-makers to see why encryption is important and should be protected, not undermined. A “security” policy proposal that undermines encryption is an insecurity policy — and it’s time to stop pretending otherwise.
READ THE BRIEF
Fact #1: Strong encryption is essential for internet security
Myth: Backdoors for targeted or exceptional access by law enforcement will not undermine internet security
- Encryption is a mathematical process that cannot be selectively applied. Any demand for a backdoor that only works for the government is essentially at war with mathematics.
- A backdoor to encrypted content is a security flaw that makes the entire system and the underlying data vulnerable. Even if it is created only for government access, it will inevitably be exploited by a host of other malicious actors.
Fact #2: Giving law enforcement exceptional access threatens human rights and democracy
Myth: Law enforcement backdoors will not impact our rights or democracy
- Encryption is critical to democratic governance and the protection of the right to privacy and the right to freedom of expression in the digital age. Weakening encryption through exceptional access mechanisms jeopardizes these basic human rights, and democracy as a whole.
- It’s particularly necessary for certain individuals and groups, including journalists, lawyers, doctors, and vulnerable communities whose work and lives depend on the availability of communication channels free from the possibility of surveillance.
Fact #3: Strong encryption strengthens privacy and security
Myth: To achieve security, we must sacrifice privacy
- The framing of the debate on encryption policy as “privacy versus security” is inaccurate and premised on a false binary. The two are mutually reinforcing principles.
- A more appropriate framing of the debate would be “security versus security,” as encryption not only protects privacy, it protects security. This reframing would help ensure a “security” policy does not become an “insecurity” policy, creating more dangers than it seeks to prevent.
Fact #4: Law enforcement has entered the golden age of surveillance — without breaking encryption
Myth: Law enforcement is facing a “going dark” problem which makes it necessary to break encryption
- The “going dark” metaphor is inaccurate. It implies that technological changes have diminished surveillance capabilities, when they have vastly expanded. Encryption is not, and is not likely to become, as pervasive as governments suggest.
- A more accurate metaphor for current times is “a golden age of surveillance,” as far more data about individuals is available today than ever before. Many previously unrecorded details, such as location and contact data, can be compiled to create “digital dossiers” that paint an intimate portrait of our daily lives.
Fact #5: Backdoors to encrypted systems will not stop criminals and terrorists from using strong encryption
Myth: Weakening encryption is an effective measure to counter terrorism and criminal activity
- The effect of limitations on encryption backdoors is that the general public is deprived of a platform where data and fundamental rights are protected. Criminals will simply shift to encrypted platforms available in foreign jurisdictions or on the black market, or they may even create their own.
- Increased surveillance capabilities often lead to invasive surveillance without sufficient evidence of its effectiveness. One study in the U.S. suggests that the link between increased surveillance capabilities and prevention of terrorism is tenuous. Regardless of efficacy for fighting terrorism, it is not necessary or proportionate to jeopardize the privacy and security of all users of a platform in the hope of identifying the fraction that engages in criminal conduct.
Fact #6: Strong encryption contributes to children’s safety online
Myth: Encryption makes the internet unsafe for children
- Like other criminals, perpetrators of crimes against children will turn to alternative encrypted platforms offered in foreign jurisdictions, or create their own platforms, to hide their activities. That means the criminal activity will persist – it will simply move out of law enforcement’s reach, precluding lawful access even to metadata that can be instrumental in investigations.
- Children need encrypted platforms where the identity of individuals they are interacting with can be authenticated, and where their personal information is not at risk of exposure to third parties. With more children online due to the global pandemic, governments and companies should encourage use of strong encryption to keep children safe, not deliberately introduce security vulnerabilities into the technology they use.
Fact #7: Mandating “traceability” will risk privacy and chill free expression
Myth: Traceability must be implemented to prevent the spread of disinformation
- Traceability puts anonymity and the right to privacy at risk and has a chilling effect on free speech. It is therefore incompatible with both human rights and democracy.
- Traceability has limited utility in practice and will not serve as an effective tool to combat disinformation.
Fact #8: Strong encryption is crucial for cybersecurity and protects national security
Myth: Exceptional access to encrypted content is necessary to protect national security
- Strong encryption is vital for a resilient cybersecurity infrastructure that safeguards national security. Undermining encryption imperils national security.
- The increase in cybersecurity incidents and targeted breaches is an argument for, not against, strong encryption. Without it, we would see more unauthorized access and exposure of classified information, a boon to cybercriminals or state-sponsored adversaries. We would also see more successful attacks on essential infrastructure such as healthcare systems, elections, and public transport, as encrypted systems help keep their operations secure.
Fact #9: Strong encryption maintains trust in the digital ecosystem and supports economic growth
Myth: Deliberately undermining encryption will have no effect on the economy
- Encryption is a cornerstone of the modern digital economy, maintaining the confidentiality of customers’ data and the authenticity of financial transactions. Trust in encrypted systems spurs investment, innovation, and economic growth
- It can prevent or mitigate the impact of cybersecurity incidents that would otherwise do more damage and cost more money. It both reduces the risk of data breaches and controls the costs of such breaches, aiding commercial interests and supporting the economy as a whole.
Fact #10: Law enforcement and intelligence agencies don’t have to break encryption to investigate crime
Myth: Authorities have no alternative but to break encryption
- Intelligence and law enforcement agencies already benefit greatly from the vast increase in data about individuals that is available in the digital age. There is no evidence to show that undermining encryption is a necessary, proportionate, or effective means to achieve government objectives in modern, rights-respecting democracies.
- In most cases, authorities still rely primarily on traditional evidence such as witnesses, informants, physical evidence, and business records from banks and cell companies. Undermining encryption and weakening security for everyone in an attempt to get all possible evidence in specific cases does not align with human rights and freedoms, and in practice, will never be a substitute for good investigative work.