Privacy propaganda: The war on encryption

June 23, 2021 / Dev Diary, Digital Security, Data Privacy, Session / By Alex Linton

Originally published on Session.

Encryption doesn’t mean encryption. Encryption is a code word that stands for freedom of speech, the free press, and the preservation of the human rights we all hold dear. Encryption is a weapon that’s pointed directly at the biggest, most concentrated powers in the world; encryption makes those in power accountable and helps protect vulnerable people from exploitation. Recently, we’ve seen the powers that be take a few wild swings at encryption and attempt to depict it as a mystical and nefarious evil wizard technology used exclusively faceless hooded figures. Anyone who knows anything about encryption knows this isn’t true: encryption is actually used every single day by basically everyone and anyone who owns a computer.

Even though encryption is a perfectly commonplace technology that’s used by every bank, business, or school in the world, that’s not what most regulators and lawmakers are really worried about. Nope, it’s end-to-end encryption (E2EE) which is in the crosshairs. End-to-end encryption can be used in lots of different ways, but it’s most famous for helping keep messaging apps private and secure. For lots of people, that’s not just useful — it’s essential. Nieman Lab’s guide to help journalists protect their sources highlights the importance of using encrypted communications (as a minimum) and keeping an awareness of the  “digital data trails” that can be used to identify sources. 

Recognise that encryption defends press freedom through support for the privacy of confidential digital communications with sources and whistleblowers.

Nieman Lab, ‘Here are 12 principles journalists should follow to make sure they’re protecting their sources

Encryption goes mainstream: the birth of a public enemy

Edward Snowden and President Barack Obama both spoke at the 2014 SXSW conference, each highlighting different sides of the encryption coin. On the surface, President Obama treaded carefully when pushed on the encryption issue. President Obama warned “you can’t take an absolutist stance on this [encryption]” and that a balanced approach was necessary. He  urged technologists to innovate in order to solve the debate over backdoors versus true security, but therein lies the issue: there is no compromise. President Obama hoped for a version of encryption that was super secure yet breakable when you really, really needed to break it. 

There are very real reasons why we want to make sure the government cannot just willy-nilly go into everyone’s iPhones

President Barack Obama at SXSW 2014

Solutions that use end-to-end encryption don’t allow for that ‘really, really need it’ situation, but they also protect perfectly against the ‘willy-nilly’ situation. With this in mind, it makes sense that Edward Snowden supports end-to-end encryption — it was ‘willy-nilly’ violations of citizen privacy which he originally worked to expose. 

Image source: ‘Edward Snowden Address SXSW 2014’ by ChrisGoldNY on Flickr

However, if end-to-end encryption can’t be broken on a technical level, maybe it has another weakness that can be exploited — a public image issue. It’s often the case that highly technical things are only understood and used by highly technical people. This means most people don’t really understand how encryption works, why it’s so important, or why they might want to use it. In his SXSW address, Snowden stressed how important it was not only to use encryption, but to explain it.

We need to think about encryption not as this arcane black art but as a basic protection

Edward Snowden at SXSW 2014

Since Snowden spoke in 2014, we’ve seen an effort to depict encryption not only as an arcane art, but cause for suspicion for anyone using it.

Once upon a time, in a place not so far away…

This article was prompted by some of the things we see and hear right here in Australia. Australia has a well documented history with anti-encryption legislation, most famously with the Assistance and Access Bill which sparked a lot of fear and anxiety in the tech community when it passed Australian parliament back in 2018. This time, a different piece of legislation is under the microscope, dubbed the Identify and Disrupt Bill, this proposed amendment to Australia’s surveillance laws would give law enforcement and intelligence agencies wide ranging powers including “modifying, adding, copying or deleting data”. 

The Australian Criminal Intelligence Commission (ACIC) made a submission to the parliament about the proposed amendment, and in their submission they made some…rather sensational claims. Their submission had us raising our eyebrows so much we decided the time had well and truly come to call out this trend of hostility towards encryption. 

…there is no legitimate reason for a law-abiding member of the community to own or use an encrypted communication platform.

Australian Criminal Intelligence Commission submission to the review of the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 

Supposedly avoiding state surveillance like the NSA’s illegal program which spied on regular citizens, opting-out of surveillance capitalism, and the work of journalists, activists, and human rights defenders isn’t legit. The narrative being pushed is that encryption is a magic lock-box with mysterious powers that only evil-doers can make use of. The rhetoric is that people should be afraid of encryption and the existential threat it poses to our community. The justification for these wide ranging powers is, naturally, to fight against the threat of crime and terrorism. Just causes — obviously — but we’ve heard all this before. 

Back in November 2018, Home Affairs Minister Peter Dutton warned of the potential for terror attacks during the upcoming Christmas period — saying the Assistance and Access Bill was an “urgent” and “vital piece of legislation” and encouraged its expedited passage through parliament. The bill was passed, and just a few months later it was used to conduct a police raid on Australia’s national broadcaster which were criticised as a threat to democracy and an attack on press freedom

Move to the big screen for the “culling”… John Lyons (@TheLyonsDen) June 5, 2019

Pictured: AFP officers reading emails at ABC Ultimo offices

With the raids on the ABC so fresh in public memory, it erodes a lot of trust that the government and its agencies will use the surveillance powers given to them discerningly and sparingly. While the conversation is centred around the prevention of heinous and organised crime, the legislation itself doesn’t make any mention of the specific offences which justify the powers being used. Maybe the legislation will be used to prevent and prosecute organised crime…maybe it will be used to intimidate journalists? And it’s not just us saying that, Senator Lidia Thorpe has her concerns over the laws, “no one’s safe under these new laws,” she said, adding it has “far-reaching implications for grassroots activists, and people standing up for their rights,” while Angelene Falk, the Australian Information Commissioner and Privacy Commissioner, recommended the bill be amended to narrow its scope and provide more oversight in its use.

On balance, the use of encryption, just like the use of good locks on doors, has the net effect of preventing a lot more crime than it might assist.

Matt Blaze, cryptographer

Of course, this conversation is happening all around the world — not just in Australia. Just a few years ago, Brazil banned WhatsApp in a disagreement over their encryption policy. And in 2019, Peter Dutton teamed up with US Attorney General William Barr and United Kingdom Home Secretary Priti Patel in a letter urging Facebook to ditch end-to-end encryption. A few months later, a new Personal Data Protection Bill was tabled in the Indian Parliament. The bill was supposed to address public order and national security concerns (sound familiar?), but sparked concerns it would turn India into an “Orwellian State”. In all corners of the world, there are examples of this rhetoric being used to topple privacy.

Protecting privacy

We’ve been down this road before, and it’s clear that access to end-to-end encryption is a basic requirement to preserve the privacy of people in our new digital age. Losing widespread access to end-to-end encryption would reduce civil liberties, infringe upon human rights, and usher in a new age of mass surveillance (if you don’t think we’re there yet). 

It’s pivotal we don’t allow public opinion to shift towards encryption, and by extension privacy and anonymity online, being ‘too dangerous’ for the masses. Privacy is not cause for suspicion. Privacy is not a crime. The classic slogan ‘if you have nothing to hide, you have nothing to fear’ has proven not to be true again and again. Doing the right thing is not an invitation for rampant surveillance. Your privacy isn’t a necessary sacrifice for you to become an upstanding citizen, and the idea that it is is incredibly dangerous to the principles that guide our community.

Session is well and truly ready for this fight, it’s built right into our DNA. We’re open-source, we’re decentralised, and we’re going to fight tooth and nail to protect everyone’s privacy. Having open-source, auditable, and verifiable code helps build trust your tech is actually doing what it says it’s doing, without any nasties built in; decentralisation increases censorship resistance and makes it harder to monitor the network. Being open-source and decentralised goes a long way to protecting against the issues being faced by privacy-positive technology. With that being said, not every tech project is built like Session. Oxen’s mission is to bring hardened privacy to the regular old apps we use every day. At the moment, a lot of those apps are in a fragile place when it comes to privacy. At this moment in history, there are two paths we can take. One path means working protects and preserves privacy. The other makes privacy a blood sacrifice that lets our technology prosper. While we’re already neck-deep in the battle for privacy, we don’t want to see other projects swallowed whole by the anti-encryption agenda.

It’s up to all of us to stand up for privacy. Not just for Session. Not just for ourselves. Our entire future depends on it. 

Latest blog posts