Government efforts to access private communications are nothing new. In decades past, such attempts at prying were often justified on national security grounds.
However, policymakers today point to child safety and disinformation as reasons to limit privacy protections. Established democracies are often leading this charge, inadvertently paving the way for the world’s autocrats.
Yet people around the world are not taking these policies lying down. They speak out, using events such as Global Encryption Day to highlight the importance of privacy and security, not just for themselves, but for their communities and societies.
As vociferous opposition continues to stymie government efforts to expand surveillance powers, it has become clear that public pressure works.
Encryption, which scrambles digital data so that it can be read only by someone with the means to decode it, has become ubiquitous, because it keeps information confidential and secure while authenticating the identity of the person with whom one is communicating.
Today, billions of people use encryption to send digital messages and e-mails, transfer money, load Web sites and protect their data. The gold standard in security is “end-to-end” encryption (E2EE), as only the participants have access to the data — not even the service provider can decipher it.
Despite its immense value and global appeal, encryption is under threat worldwide. It is used by law-abiding citizens to protect themselves, but also by bad actors to hide their malicious activities. For this reason, law enforcement authorities oppose encryption designs, especially E2EE, that prevent them from accessing data.
Yet even after decades of research, there is still no known way to grant law enforcement access without undermining encryption’s privacy and security features. The makers of encrypted devices and services have therefore resisted calls to build in “backdoor” government access, which would make all of their users more vulnerable.
The harmful online activities that concern police do not happen only in encrypted spaces. Hate speech, disinformation and other objectionable content remain a pernicious problem on social-media platforms and other sites, motivating a worldwide legislative push to force tech companies to improve their services.
For example, the British Parliament recently passed the Online Safety Bill after several turbulent years during which pressure from civil society changed its scope significantly. The final version focuses mainly on the removal of illegal content and mitigating risks to children.
Yet the bill still has serious flaws. For example, Parliament failed to include language safeguarding encryption. Moreover, the law gives the British Office of Communications (Ofcom), which regulates information exchange, the authority to compel social media platforms and messaging services to mass scan their users’ files and communications for evidence of child sexual abuse.
No one contests that fighting child exploitation is immensely important, but Ofcom’s power covers E2EE messaging services, which by definition cannot be accessed by service providers. Thus, the only way these services could comply with an Ofcom order is by making fundamental changes to their encryption design.
In other words, the bill gives Ofcom the power to force service providers to undermine their own encryption. Apple, Meta and Signal have all promised to pull their E2EE apps from the UK rather than comply with any government order to diminish their users’ privacy and security.
In response, Ofcom has publicly vowed not to use its new authority, at least for now.
It did so with good reason: Important bodies have concluded that scanning technologies are not sufficiently accurate, would limit fundamental rights and would likely fail the proportionality test — the disadvantages would outweigh the advantages.
Furthermore, criminals could easily circumvent these controls by encrypting content using a separate application. Ofcom would be wise to tread carefully, lest it risk the privacy and security of Internet users for the sake of unproven and potentially ineffective technologies.
Ofcom’s (supposed) forbearance recalls Australian authorities’ conduct since the passage of a contentious 2018 law granting new governmental powers to compel communications providers to add backdoor access to their products. Civil society and cybersecurity experts raised alarms about the law’s dangers for privacy and security, and legislators said the bill was flawed, but it passed anyway.
Five years later, not a single compulsory notice has been issued. This might reflect a deliberate choice: Exercising such a power risks political blowback. Wield the sword too enthusiastically and it might be taken away; better to keep it sheathed in favor of other, less controversial tools.
Then again, government forbearance might also indicate that the controversial new power was unnecessary in the first place.
Public scrutiny of government powers keeps them in check. That is how a democracy is meant to work. In promising not to use its new tool, Ofcom appears to have grasped that the government’s legitimacy is at stake.
However, as the UK bill inspires similar legislation in other countries, some of which are less democratic and have a track record of weaponizing digital technologies against their citizens, this nuance is likely to be lost.
The first test will come in the EU, where legislators are fighting over a draft regulation to expand tech companies’ child safety obligations. Like the British bill, the proposed Child Sex Abuse Regulation (CSAR) has already gone through numerous revisions, as member states lock horns over protecting E2EE.
Derisively called “chat control,” the draft CSAR has been widely decried for potentially forcing European service providers to scan all public and private communications, which would amount to an illegal general monitoring obligation.
Recent reporting stoked these concerns by revealing that the European Union Agency for Law Enforcement Cooperation, requested unlimited access to and use of the data produced beyond the purposes identified in the regulation; it appears to have no intention of restraining itself.
Continued public pressure is necessary to push for reform of “the most criticized draft EU law of all time.”
If government surveillance is a concern in an established democratic entity such as the EU, what hope is there for beleaguered democracies such as Turkey, India and Brazil, much less autocracies?
Fortunately, the public movement in support of encryption is growing, with advocacy groups such as the Global Encryption Coalition leading the charge.
By engaging with civil society, technologists and the public, governments can design regulations that respect privacy, data security and freedom of expression while helping to protect users from harm. Doing so is the only way to make sure that the Internet works for everyone.
Riana Pfefferkorn is a research scholar at the Stanford Internet Observatory. Callum Voge is sirector of Government Affairs and Advocacy at the Internet Society.
Copyright: Project Syndicate
After more than a year of review, the National Security Bureau on Monday said it has completed a sweeping declassification of political archives from the Martial Law period, transferring the full collection to the National Archives Administration under the National Development Council. The move marks another significant step in Taiwan’s long journey toward transitional justice. The newly opened files span the architecture of authoritarian control: internal security and loyalty investigations, intelligence and counterintelligence operations, exit and entry controls, overseas surveillance of Taiwan independence activists, and case materials related to sedition and rebellion charges. For academics of Taiwan’s White Terror era —
On Feb. 7, the New York Times ran a column by Nicholas Kristof (“What if the valedictorians were America’s cool kids?”) that blindly and lavishly praised education in Taiwan and in Asia more broadly. We are used to this kind of Orientalist admiration for what is, at the end of the day, paradoxically very Anglo-centered. They could have praised Europeans for valuing education, too, but one rarely sees an American praising Europe, right? It immediately made me think of something I have observed. If Taiwanese education looks so wonderful through the eyes of the archetypal expat, gazing from an ivory tower, how
China has apparently emerged as one of the clearest and most predictable beneficiaries of US President Donald Trump’s “America First” and “Make America Great Again” approach. Many countries are scrambling to defend their interests and reputation regarding an increasingly unpredictable and self-seeking US. There is a growing consensus among foreign policy pundits that the world has already entered the beginning of the end of Pax Americana, the US-led international order. Consequently, a number of countries are reversing their foreign policy preferences. The result has been an accelerating turn toward China as an alternative economic partner, with Beijing hosting Western leaders, albeit
After 37 US lawmakers wrote to express concern over legislators’ stalling of critical budgets, Legislative Speaker Han Kuo-yu (韓國瑜) pledged to make the Executive Yuan’s proposed NT$1.25 trillion (US$39.7 billion) special defense budget a top priority for legislative review. On Tuesday, it was finally listed on the legislator’s plenary agenda for Friday next week. The special defense budget was proposed by President William Lai’s (賴清德) administration in November last year to enhance the nation’s defense capabilities against external threats from China. However, the legislature, dominated by the opposition Chinese Nationalist Party (KMT) and Taiwan People’s Party (TPP), repeatedly blocked its review. The
RSS