Publication Date: July 2017
Research and Editorial Team: Matthias Schulze, German Institute for International and Security Affairs
Encryption under Threat

This report analyses the existing and increasing clash of privacy and cybersecurity with security defence, in particular in the field of encrypted communications.

Released by the German Institute for International and Security Affairs, the report begins considering more authoritarian states such as China and Russia, where legislation provides the necessity of state licenses for VPN softwares. In Russia, moreover, there is a law for memorizing personal data and conceding backdoors to encrypted programs to authorities.

The analysis continues focusing on liberal democracies such as the UK, Australia and the US. As to the UK, since 2016, encryption can be overcomed during investigations and commercial companies can be asked to permit forms of surveillance on their own customers. Australia and the US are going to enact similar laws, in the context of the “Five Eyes” intelligence alliance among the US, Canada, the UK, Australia e New Zealand: in order to exclude potential terrorists from the use of cryptography, they push toward the enactment of increasingly strict regulations of the cyberspace.

With regard to these topics, the report continues, Germany's position is contradictory. If from one side it recognizes the importance of cryptography in the realm of digital public services and e-commerce, lately this approach changed. In the name of the risks for national security, a June 2017 law authorises the surveillance of smartphones, collecting information before they are encrypted and, eventually, sent. This policy do requires to make a balance between national security and privacy as well as cybersecurity. The IT community warned that creating these “backdoors” for authorities in case of ongoing investigations automatically opens the doors to others as well. In order to control communications before their dispatch, the device has to be weakened through malwares/spywares, exposing it to hackers and data thieves. As James Clapper, the former director of the American Intelligence, pointed out, this process costs more than terrorism.

Moreover, the report notes that terrorists know how to avoid traceable applications and softwares, thus rendering this worlwide weaking of cybersecurity a process with minimum results. The consequences for common people and in particular for journalists and human rights defenders are increasing, especially in the “Internet of Things” era. Finally, at a symbolical level, some practices in liberal democracies end up legitimating similar approaches in more authoritarian states.

To conclude, the Insitute suggests that Germany should sustain encrypting technologies, establishing an ad hoc commission for evaluating the real necessity and the consequences of this kind of cyber-surveillance and looking for alternative solutions for the security cause, such as cyber-crime investigations in the darknet. 

Tags: Encryption Cybersecurity Surveillance Political pressure Whistleblowing Privacy Digital safety Digital rights Germany United Kingdom Russia

The content of this article can be used according to the terms of Creative Commons: Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) . To do so use the the wording "this article was originally published on the Resource Centre on Media Freedom in Europe" including a direct active link to the original article page.