The right to encrypt
As you may have heard, the government of the United Kingdom is trying to pass an Online Safety Bill. This piece of legislation would have far-reaching and negative consequences for online security and privacy. In an open letter well-known communication channels such as WhatsApp and Signal object. They believe that the Bill could “break end-to-end encryption” and would “open the door to routine, general and indiscriminate surveillance of personal messages.”
It can be hard to find your bearings in the discussion about online privacy. Government rhetoric construes the issue as if it was about whether or not you think criminals should be held accountable. There’s little room for discussion about that. But this rhetorical focus on crime is a red herring. Law enforcement agencies already have a wide range of powers to track down or spy on criminals. What is really at stake is our right to privacy, and whether it is worth anything still. I think it is worth a lot. As I see it, it has never been more important to stand up for online privacy and argue that we have a right to encrypt.
Life in a prison
So what is the Online Safety Bill trying to achieve? Many things, but a significant goal is to encourage proactive and arbitrary invasion of privacy. The UK government wants to see to it that online communication is screened by default. Messages and photographs you share with friends or colleagues should be disclosed to some third party to be scanned for illegal content, much like how messages sent to family and friends by prisoners in high-security prisons are currently checked by prison staff.
But unlike the prison, which requires the intervention of a judge, the UK government is trying to promote arbitrary screening. Regardless of what you’ve done or said, and free from the need of any court order or warrant, your messages and photographs will be treated as suspicious.
That’s going to lead to universal scanning of all user content, all the time.
The Bill does not make law enforcement agencies themselves responsible for the screening. Instead, it requires websites and apps like WhatsApp and Signal to do the work for them. Outsourcing surveillance. As the Electronic Frontier Foundation writes,
Clause 110 [of the Online Safety Bill] mandates that websites and apps must proactively prevent harmful content from appearing on messaging services. That’s going to lead to universal scanning of all user content, all the time.
I think this is an Orwellian prospect. It is on a par with requiring of telephone operators that they eavesdrop on all conversations on phone lines, or expecting the postal services to open all the letters you send to make sure you’ve not written something that violates the law. Article 12 of the Universal Declaration of Human Rights determines that no one shall be subjected to arbitrary interference with their privacy, family, home or correspondence. And yet that seems exactly what the Online Safety Bill is demanding of the internet.
Why everyone needs encryption
But it gets worse. This is not just about screening messages that are sent in plain text. It is about screening encrypted messages, which currently means the bulk of online communication. Indeed, it seems that law enforcement agencies are particularly unhappy with the fact that more or less everyone these days can communicate in a way that successfully prevents prying eyes or eavesdropping. To most this added security would seem an advance, but not to those who want to spy on people.
High safety standards define the internet as we now know it, and rightly so. Internet communication by itself allows messages to be intercepted easily. Much of it travels through airwaves, which require no more than an antenna to receive. Without encryption, being online would be an unacceptable security risk. Paying on the web would become a gamble; your chat messages would be readable to anyone who can intercept network traffic (which is easy to do); and your smart speaker would end up under the control of more or less anyone who manages to sniff your network.
Encryption can mitigate these risks by making it impossible for third parties to read your communication. And note, these third parties include the websites or apps you use to communicate. End-to-end encryption prevents anyone apart from the intended receiver from accessing the contents of your messages, because current encryption standards are virtually unbreakable. Only the party you are communicating with can decipher what you send them.
This is why messaging apps like WhatsApp and Signal say that the Online Safety Bill could break end-to-end encryption. If platforms a required to screen messages, they will need access to their contents. And this means abandoning encryption altogether or building in some kind of ‘backdoor’ mechanism, which in practice amounts to abandoning encryption as well. Also the Electronic Frontier Foundation observes that what the Bill requires is neither compatible with our right to privacy, nor with encryption.
A worldwide push
Currently the Online Safety Bill is in the House of Lords and is likely to become law this summer. If from then on the government requires third-party screening, and if third-party screening is impossible when messages are encrypted end-to-end, then the UK government will already this summer effectively abolish end-to-end encryption on much of the internet in the United Kingdom. For citizens of the UK this would be bad news. They already have to face the fact that their offline lives are a mess because of their government’s incompetence, and now this Bill threatens to impose chaos on their online lives as well. John Thornhill in the Financial Times, says that this might make the UK “a strange kind of cyber pariah”.
But it is much worse than that. The real issue seems to extend well beyond the witless politics of the UK. The Online Safety Bill is merely an embodiment of a broader and worldwide push to undermine encryption.
Earlier in April the Global Encryption Coalition reported that senior officials from the United States and European Union want to join forces to shape public opinion against encryption. The aim is to legitimise access to encrypted communications by law enforcement agencies. It is not the first time this is happening, and the measure they are seeking is a mandatory ‘backdoor’, a change in communication software that allows encryption to be bypassed. Or, as the officials record the idea euphemistically in the minutes of their meeting about this, “to mirror privacy by design with lawful access by design”.
A ‘backdoor’ to bypass encryption would mean that a service like WhatsApp can continue to use what seems to be end-to-end encryption, but where law enforcement can directly or indirectly access the unencrypted messages without having to decrypt them. It is exactly such a backdoor that those drafting the UK’s Online Safety Bill seem to have in mind when they expect websites and apps to screen communications, including ones that were encrypted. So instead of a cyber pariah, it would be better to see the UK as the Orwellian front-runner. They seem currently closest to realising the unfettered access to communication the United States and the European Union are eyeballing as well.
But let’s be clear about it, requiring a backdoor to encryption software is unacceptable. This is the consensus among everyone except those that want to use the backdoor to spy on people. It is unacceptable first because it would break end-to-end encryption, as it would no longer be true that only someone in possession of the decryption key can access a message’s contents. This would break the internet as we know it. Specifically, backdoors introduce a costly security risk. These loopholes will inevitably be discovered, and before you know it it’s a free-for-all where your boss or your stalker can pay some dodgy website to snoop on you.
Moreover, a backdoor in encryption software would make arbitrary screening of private online communication possible — indeed, the point of the Online Safety Bill — and arbitrary screening is a plain violation of the human right to privacy as encoded by the UN. Human rights violations are unacceptable.
In a recent letter to the Financial Times Andersen Cheng claims to have found a solution. “What law enforcement agencies, the government and platforms all miss”, Cheng writes, is “encryption key splitting.” The basic idea of this is obvious. Just give law enforcement agencies the decryption keys whenever you encrypt something. This removes the need for any backdoor. It is not a new idea at all and it is known as the ‘key escrow’ system, an idea floated under the Clinton administration in the United States. It means that law enforcement bodies can always come in via the front door, simply by using the key to decrypt communication in the same way sender and receiver are using such a key.
But for reasons I hope you can imagine already, handing your encryption keys to a third party is extremely unattractive from a security perspective. You would have to trust this party not to abuse the considerable power it gives them, a trust that many people would be unwilling to give to governments cracking down on climate protest or businesses keen to monetise personal data. And even more important, having some authority sit on a massive stash of encryption keys would immediately make them a prime target for cyber crime and cyber warfare.
To avoid this, Cheng proposes to split each key into parts, so that several different authorities will each only have a part of your key. Those parts individually are useless, but if these various authorities jointly agree that decryption of someone’s communication is justified, they can work together and open your messages. You can compare this to the rule used in the military that makes it that nuclear missiles can only be shot into orbit if several people use their individual keys or launch codes.
Encryption key splitting as proposed by Cheng would require both sides to make concessions. On the one hand, it would seem a good way to avoid arbitrary screening of encrypted communication. If multiple authorities would have to agree that something may be decrypted, it will be easier to follow existing practices of requiring court orders or warrants before someone’s right to privacy may be overruled. This would certainly be a better safeguard on privacy. On the other hand, it would mean that, although encryption would not strictly be broken, a third party would have a way of reading encrypted communication. This would be a better way to enforce lawful access, but weaken the privacy of encryption.
A legal solution
I think Cheng’s proposal is a distraction from the real issue. Yes, encryption key splitting is a cryptographically provable technology, as Cheng emphasises. But something cryptographically sound may still be a practical nightmare. If you are online, the websites and apps you use will generate and renew large numbers of keys, each of which would have to be copied, broken up, and transmitted across various networks to authorities. The additional infrastructure for this would make the internet even more complicated and more vulnerable to interception and leaks. And who would control the key spitting and distribution? Issues of trust and security would inevitably rear their heads. For example, it would remain a realistic scenario that malicious actors would pay or blackmail people working for those various authorities to leak the parts of keys.
Cheng’s solution is the classic ’technical fix’ to a problem that is primarily a legal one. As Steven W. Schlesinger and Shlomit Yanisky-Ravid make clear in a 2022 paper, a much more elegant solution is to legislate a circumscribed right to encrypt data. Instead of focusing on removing encryption, they argue that the way forward is to define more precisely a right people have to encrypt, and define the limits to that right.
A right to data encryption would mean that everyone must be allowed to encrypt their data, unless certain exceptional circumstances apply. This default entitlement to encrypt fits well within Article 12 of the Universal Declaration of Human Rights, which determines a right to privacy. A right to data encryption is a way to ensure that the right to privacy is respected also in digital and online spheres of life.
Schlesinger and Yanisky-Ravid make clear that it should only be a negative right, and not a positive or claim right. This means that the state would not be responsible for facilitating encryption, in the way many states are now responsible for facilitating education or health care. A negative right to encrypt means just that the state ought not interfere when people choose to encrypt their data.
As with more or less every right, the right to data encryption would come with certain limitations. These are conditions that allow the right to be overruled in light of other factors. The authors make clear that a right to data encryption
can include a modified warrant system like that of the criminal justice system, pursuant to which a designated court can determine whether there is probable cause and reasonable circumstances necessitating governmental access to encrypted data. (2022:592)
In other words, if a court rules that someone’s right to encrypt may be overruled because there is a reasonable suspicion of a criminal offence, authorities may require them to undo the encryption and disclose the original message. This requirement could be backed up by fines or, in serious cases, a prison sentence.
The result would be a situation that closely parallels Cheng’s solution, but without the need for uprooting the infrastructure of the internet, and without introducing problems with trust and security vulnerabilities. It would avoid arbitrary screening of encrypted communication, as any requirement to undo encryption would have to be warranted by judge. It would allow government or law enforcement to seek access to messages in cases where a reasonable suspicion of criminal activity can be shown.
In addition, the circumscribed right to encrypt data as proposed by Schlesinger and Yanisky-Ravid would leave end-to-end encryption and with it the relative security of online communication completely intact.
So understood, instating a right to encrypt would add additional artillery to the already wide range of powers law enforcement authorities have to track down or spy on criminals, while at the same time it would reinforce people’s right to privacy. A win-win situation.
A craving for more surveillance
Unfortunately, I don’t think it will satisfy the international cabal of law enforcement agencies. Simply having a way of forcing criminals to decrypt their messages is not enough, as also Thornhill remarks in his Financial Times opinion piece. He writes that those agencies “want broader powers to force tech companies to filter illegal content pre-emptively”. It’s not about making sure traditional investigative powers also work online. It’s about exploiting the opportunities offered by vast online networks to expand those traditional powers enormously. It’s a craving for more surveillance.
This is why it has never been more important to defend a right to encrypt. Only by establishing such a right will online privacy remain possible. It may well be one of the few protections still available against an ever more Orwellian society.