The majority of the world’s population currently lives under governments that have already implemented, or are considering, bans on end-to-end encryption. These encryption bans have significant implications for privacy and security as well as the global decline in democracy.
At RSA last week, Professor Lesley Seebeck, CEO of the Australian National University’s Cyber Institute, and I detailed how governments across the globe increasingly seek government-mandated access to data, thus threatening to restrict one of the most fundamental means to safeguard security and privacy. The detrimental effect to our privacy, data security, economy, and national security cannot be overstated. But all is not lost. There is a growing movement in support of data protection, security, and privacy that maintains, at its core, a foundational commitment to encryption. This movement also signifies a counterforce to digital authoritarianism, and provides a nascent glance at what a digital democracy can – and must – look like.
The Vital Role of Encryption for Security and Privacy
Why do we believe encryption plays such an essential role in safeguarding not only our data but democracy as well? Nation-states have perpetrated the biggest theft of intellectual property as well as personal data, and criminals and other non-state actors have adopted a similar playbook. At the same time, data monetization has reached an extent, and influence, unimaginable to most a few years ago and techno-dictators seek complete information control via mandated data access, surveillance, and storage within their borders.
In a globalized, digital economy, going off the grid is not a feasible reality nor is simply accepting defeatism. Our smartphones, website visits, and many of our interpersonal and business communications can now be protected by encryption, ensuring that would-be bad actors cannot access our data. Even for those who claim they have nothing to hide (which is often a vacuous argument against encryption), the details of financial account information and passwords certainly is not something anyone would want access for all. It also ignores the vital role encryption plays for those in at-risk communities, such as journalists, non-governmental organizations, human rights activists, and domestic abuse survivors. Not to mention that encryption helps protect data and block many common attack vectors.
The Global Push to Mandate Government Access to Data
Unfortunately, across the globe, these protections are under threat as governments demand exceptional access to any and all data. This extends well beyond Chinese and Russian legislation that combines data localization and storage requirements with authorized access. From Malawi to Thailand, Turkey to India, and Australia to the United States, governments are using similar language to mandate exceptional access to data under the auspices of national security.
On the one hand, this is to be expected in authoritarian regimes as they implement strategies for complete information control. Exceptional access is their legal requirement coinciding with disinformation, cyber-attacks, bots, censorship, internet shutdowns, and even hardware controls that together comprise the digital authoritarian playbook.
On the other hand, exceptional access is orthogonal to a digital democracy despite democratic governments seeking to undermine this foundational right. When Australia passed the Assistance and Access Bill in 2018, it was unfortunately not an anomaly but indicative of a broader trend. The world’s largest democracy, India, is currently debating a similar bill, which would mandate exceptional access, while in the United States the techlash is fueling the push against encryption. The recently proposed EARN It Act, which appears to be a Trojan horse for exceptional access, is just the latest Department of Justice effort to undermine encryption with foreseeable, but unintended consequences.
Imagine a World With Encryption Backdoors
Let’s imagine for a minute that the EARN It Act, or any similar law, passes in the United States. Encryption will still exist and criminals, adversaries, and the full range of malicious actors will benefit from its protections while the greater American public will not. There already is a growing underground market for encrypted devices, and this will only grow for both criminal and terrorist organizations as they move to the illicit encrypted devices. The gigabytes of data that Apple provided to the FBI to assist in the Pensacola case would no longer be available in future scenarios. Similar collaboration would no longer be available to take down exploitation and abuse sites. By one estimate, the tech platforms reported these incidents 45 million times last year, and numerous innovations in investigative statecraft continue to disrupt exploitation sites and other criminal networks.
The notion of going dark would take on a whole new meaning as bad actors would either use DIY encrypted devices, or just as likely, move to foreign-made applications such as Weibo and WeChat. It is highly unlikely those Chinese companies will provide the same trove of data as is currently provided from the American tech platforms. While encryption would remain a vital tool for malicious actors, law-abiding citizens and corporations could no longer rely on a foundational form of security and data protection thanks to the exceptional access, weakened encryption mandates. Greater surveillance and data compromises would inhibit both security and privacy, undermining individual rights while also weakening national and economic security.
Looking Ahead at Digital Democracies
That dystopian reality does not have to be the future of digital democracies. In fact, there is a growing global grassroots movement where individuals are demanding greater data protection. This has most recently manifested in the European Union’s General Data Protection Regulation, one core part of which includes the requirement for reasonable security safeguards. Based on numerous fines allocated since its inception, encryption – or the lack thereof – is directly identified as essential to GDPR compliance.
We are at a critical juncture, with decisions made around encryption at the epicenter in determining the future of security and privacy. There is not yet a digital democracy playbook, but it is emerging and encryption will be foundational to it. Only through a combination of governance, norms, and technologies can democracies fight the rising tide of digital authoritarianism and instead foster a future that inspires innovation, individual rights, and security and privacy. It is on all of us now to do the heavy lifting of democracy and demand these rights and inspire others to do the same. While this latest generation in crypto wars may seem esoteric, it will prove vital for the future of democracy and innovation across the globe.
Check out the full video here.