[This is a statement of the members of the Steering Committee of the Global Encryption Coalition, which consists of the Center for Democracy & Technology, Global Partners Digital, and the Internet Society.]
The new OHCHR Report on Privacy in the Digital Age (Report) is perhaps the strongest endorsement of encryption ever issued by the world body, and, as well, the strongest indictment it has issued against governmental attacks on encryption. The Report, presented today at the UN Human Rights Council in Geneva endorses “the key role of encryption in ensuring the enjoyment of the right to privacy and other rights.”
From the Report:
“Encryption is a key enabler of privacy and security online and is essential for safeguarding rights, including the rights to freedom of opinion and expression, freedom of association and peaceful assembly, security, health and non-discrimination. Encryption ensures that people can share information freely, without fear that their information may become known to others, be they State authorities or cybercriminals. Encryption is essential if people are to feel secure in freely exchanging information with others on a range of experiences, thoughts and identities, including sensitive health or financial information, knowledge about gender identities and sexual orientation, artistic expression and information in connection with minority status.”
The OHCR also debunked myths that certain governmental mandates are consistent with end-to-end encryption. It pointed out that client side scanning (scanning for objectionable content on personal devices rather than scanning for such content at the server) is fundamentally incompatible with end-to-end encryption because it requires the provider to be able to access the contents of communications. It also explained that traceability mandates — requirements that providers of social media services be able to trace back communications to their original source — erode the protections that encryption promises.
The Report specifically singled out current governmental attacks on encryption, including the European Commission’s proposed regulation on Child Sexual Abuse, the United Kingdom’s Online Safety Bill, the U.S. EARN IT Act, and India’s new Intermediary Guidelines. In addition to warning about attacks on encryption, the Report also addressed the risks to human rights posed by use of hacking tools such as the NSO Group’s Pegasus, camera surveillance of public spaces, and the monitoring of social media.
The Report’s strong endorsement of encryption is consistent with the submission we made in this proceeding, and we encourage governmental bodies around the world to read it, and heed it.