The pincer movement against encryption
While two of the Vice journalists who were recently arrested in Turkey and charged with terror offenses have now been released, this remain a deeply concerning incident.* It is the latest episode in what is a pincer movement against our right to protect our data.
Two British journalists and their Turkey-based Iraqi translator working for VICE News were arrested last Thursday and charged with "engaging in terrorist activity". According to Turkish authorities, one member of the group had an encryption system installed on his computer that is often used by the Islamic State of Iraq and the Levant (ISIL).
The first 'Crypto War' was seemingly won a generation ago by privacy advocates. The US Government did not want the public - in the US or anywhere - to be able to encrypt data that the Government couldn't then decrypt. They rightly lost that battle, but the war does continue to this day. What has just happened in Turkey is just the latest in a recent set of salvos by governments around the world against encryption and users' ability to control who has access to their information.
There are parallels with David Miranda's arrest in 2013 under the UK's Terrorism Act 2000. The partner of journalist Glen Greenwald, Miranda's alleged use of encryption to protect vital whistleblower revelations was used as cause to arrest him under terrorism legislation.
Arresting people for protecting their data sends out a very disturbing message that people are guilty until they prove themselves innocent. Governments who are the most vociferous proponents of surveillance tend to be those those that treat everyone as a suspect. The natural conclusion of their 'if you have nothing to hide you have nothing to fear’ rhetoric is that we will all have to leave our precious data unprotected, open, insecure. That will make us vulnerable not only to Government snoopers, but any cyber criminal who wants to steal our data for their personal gain.
We've seen repeated statements from leading government officials about wanting so-called “back-doors” to our secure communications. British Prime Minister David Cameron and US President Barack Obama have been critical of companies for delivering strong encryption to their customers. FBI Director James Comey has been pushing for back-door access to secure communications, repeatedly saying that there must be a way to allow access to law enforcement.
Encryption is often portrayed as tantamount to hiding criminality. In a recent op-ed in the New York Times, the Manhattan District Attorney, The Paris Chief Prosecutor, the Commissioner of the City of London Police and the Chief Prosecutor of the High Court of Spain together argue that encryption not only makes law enforcement harder, but that it is directly responsible for killers remaining at large. Such strident claims do not stand up to scrutiny.
David Kaye, the UN Special Rapporteur on Freedom of Opinion and Expression argues that encryption “has posed few barriers to law enforcement, based on United States Justice Department statistics. In fact, in the digital age, law enforcement officials have all the tools of metadata collection, geo-location and traditional physical surveillance and police work to do their job well. The focus on encryption is often a canard that distracts from police and intelligence failures.”
Trying to control encryption will not stop criminals finding ways of communicating 'under the radar' but it certainly would limit everyone else's ability to protect themselves from even the most rudimentarily skilled cyber criminal.
Encryption is essential for everything from how we access our bank accounts online to how human rights activists can operate within repressive regimes. Using encryption is standard practice for many journalists, not to mention lawyers and others who need to work on sensitive issues with security, confidentiality and privacy. Anyone who uses Apple's iMessage, Facetime or Facebook's WhatsApp are using end-to-end encryption, meaning that even those mighty companies cannot monitor our communications - even if compelled to do so by any government. It is good and it is right that technology exists to empower us all to protect ourselves. We need more technology like this, not less.
At Privacy International, we regularly communicate with journalists, lawyers and others who will often encrypt their communications. They have a right to both safeguard their communications and to not be treated with suspicion because they do so.
Governments should be promoting the use of encryption, not criminalising it. Will it become a crime to protect our own data? Are we not safe to travel because we actually take measures to protect our devices?
Such brazenness from these Governments means that without pushback, the activities of the Turkish authorities could become the norm in modern democracies too. It is vital that taking rudimentary precautions to protect our privacy and security in the digital age are encouraged by governments and certainly not punished.
The case against encryption is just another example of doublespeak from Governments around the world. In the wake of threats to our security, they talk about upholding our freedoms. But the irony is that if we take steps to protect our own security we might be deprived of our freedom. Governments across the world want to have it both ways - they want to protect our data from the 'bad guys' but want the 'good guys' to have full access to it. Security does not work that way. Our globalised communications network means that every email and text message you send crosses borders across the world, and left unencrypted it is vulnerable to anyone, whether we consider them to be the good guys or bad guys. In short, your data is either secure or it is not.
It is encryption that will give us security and freedom. We need to vigorously defend the empowerment that encryption provides for all of us.
* As of publication, the third member of the Vice crew, a Turkish based Iraqi translator and journalist, Mohammed Ismael Rasool, remains in custody.