Encryption: the last bastion against massive surveillance
Written by
Verónica Arroyo (See all posts from this author)
2 de September de 2020
Most of the time, when we discuss encryption, at some point we end up talking about child pronography, crimes on the deep web and we get stuck between our beliefs and our reality. This piece wants to get out of that conversation and start a new one where we are the principal character.
“I have nothing to hide”
News media tells us that criminals are using technology for crimes like child pronography, terrorism, human traffiking, among others. We obviously do not like that, so we think that something should be done to stop it. In that context, some people are proposing to break up the encryption of the messaging app they are using, so the police can know about their plans. We like this idea. Encryption is seen as the obstacle, and we are fine removing it even if we use the same messaging app because: “I have nothing to hide”.
I believe that this excuse is the result of a mix of little knowledge about the issue and a limited scope conversation. Encryption is more complex and cannot be minimized as an obstacle; I will show that later. Also, crimes are just one side of the story, as another angle for this conversation is how encryption helps to protect activists, dissidents, and minorities.
Using that excuse over and over is allowing more threats against everyption. These days, there are proposals to ban encryption, to have backdoors, to weaken encryption standards, to have ghost users, and more [1][2]. When these ideas are on the table, we like them because they seem a good way to remove that obstacle according to our limited knowledge and scope.
Weakening or banning encryption belongs to a more wide discussion about massive surveillance measures. So our process of acceptance is similar. We are happy with policies or technology that can help the police catch those criminals. As in the case of measures to ban or weaken encryption, we do not care because again: “I have nothing to hide”.
However, in the particular case of massive surveillance, the government strengthens their message in favor of those measures saying that they are fighting for public security, and recently due to COVID-19, for public health. The problem is that behind that narrative there is a deeper idea called “being safe”, which tackles our own existence as human beings.
Therefore, it is not just because we do not care (nothing to hide) but also because we fear for our existence in this world. We are really into this process of acceptance, that it seems there is no chance to challenge the current status quo by amplifying our knowledge and the scope of our discussion. I am here to challenge that.
Let’s open our eyes, they are already awaken
We live in a space that is already massively surveilled by governments and corporations. There is a vast list of examples. We can talk for hours about cameras, data retention policies, massive data collection, sensors, centralized databases, profiling, third party trackers, social rates, and more. The idea of massive surveillance is not new, but how and why it started?
Lizzie O’Shea, in her book “Future Histories”, describes how the first police force appeared in London, in the late 18th century. According to her, it was a private effort that aimed to protect private goods and businesses. It seems that the reason has not changed through all these years. While referring to the massive surveillance deployed by the National Security Agency she quotes the journalist Glenn Greenwald saying that it was a United State’s effort to “maintain its grip on the world”[3].
In that sense, massive surveillance might exist because some entities, people or groups want to protect their goods and their status. Thus, they make rules and deploy monitoring systems for that purpose. We can even think that the conceptualization of massive surveillance comes from them and not from the ones who are surveilled. Sounds creepy right?
Sometimes when people talk about massive surveillance, they usually mention the book “1984” by George Orwell. Nevertheless, the scary violence, pain, and brainwashing billboards displaying “Big brother is watching you” are not present in this society. I mean there is no cruel imposition of ideas. That is the reason, other people believe that our society is closer to the one described in Brave New World by Aldous Huxley.
This author describes a society that is controlled in a gentle and complex way. People are surveilled since their creation and the objective is to make them happy. The idea of happiness, though, is specially defined and gently imposed[4]. This gentle way of governing, especially while collecting personal data, is something we experience these days. It can come in the form of a funny app that plays with your face, or “it comes more likely offering us a cappuccino and just the way we know you like it” says Shoshana Zuboff [5].
Putting all these ideas together, we could say that we live in a massive surveilled space that was gently imposed. This idea can have different particularities depending where we are located. If we are in Latin America, we must add to the equation structural problems such as: opacity, corruption, inaccuracy, discrimination, digital iliteracy, among others.
At this point, I want you to wake up and see what is happening. It is not anymore about the criminals, it is about us and our way of living, our freedom, our self determination. We need to do something; the first idea that comes to mind is to use the shield called right to privacy, however, the concept of privacy is vanishing. Let me explain.
“Privacy is something which has emerged out of the urban boom from the industrial revolution” says Vint Cerf[6].
The idea of privacy did not exist before, we lived with community values, we even had public bathrooms[7]. Later, Samuel D. Warren and Louis D. Brandeis defined it as
“(…) general right to privacy for thoughts, emotions, and sensations, these should receive the same protection, whether expressed in writing, or in conduct, in conversation, in attitudes, or in facial expression (…)”[8].
The theory was good; albeit, in practice we can feel that our privacy is violated only if it affects other aspects such as honor, reputation, health, third people’s rights, freedom, self determination, among others. In that sense, if those external aspects are not present, we won’t necessarily feel that our privacy has been violated.
The spread of information and communication technology has increased this lack of feeling. We cannot see how personal data is being processed massively; then, normally, we don’t mind when algorithms categorize us and create a consumer profile. The idea of privacy we once had is losing its meaning in our daily and connected life. Thus, maybe it is time to look at encryption which happens to be more tangible.
The power of Encryption
Encryption is “the process of disguising a message in such a way as to hide its substance” says Bruce Schneier[9]. The objective: only the sender and the recipient can read the message. Once the message is encrypted it flies to the sender who will need to decrypt it, which means to convert the encrypted message into plain text.
Algorithms and keys make encryption possible, and there is an entire science dedicated to study them called cryptography. Cryptographers are always studying how they can better authenticate the parties, make sure the message has not been changed, and avoid that the sender later denies her/his participation. The idea is to create secure communications. By “communications”, I not only mean the ones that happen in WhatsApp or Signal, but elsewhere.
We can find encryption is our daily life [10]. It is key in bank transactions, where the bank and us must have a secure channel to protect sensitive information. It is also important when we navigate on the web. There are special certificates that make a website more secure. In that way, any information we put in that website will be only seen by the website owner and us. We can also use encryption to protect our files from intruders.
Encryption will be more important as we use more devices connected to the internet, such as smart watches or augmented reality glasses. Without encryption our life can be exposed. Maybe we will say “I have nothing to hide”; but remember, we are already living in a massive surveilled space that is shaping our behavior and thoughts (including that excuse) using sweet treats. Do we want to continue with that surveillance model that did not ask for our opinion?
In a massive surveilled society, encryption could be the only space left to be free and to self determine our life. Imagine, encryption can allow us to have a space to communicate freely, to buy and use things without the watching of others. If we all use encryption, maybe we can create a community of resistance; and in the future we could reframe the concept of privacy so it can be relevant in a world that is becoming more “collective”.
Conclusion
We are in a good moment to take action. Encryption is being threatened and we allowed it based on a imposed limited point of view. Now that we could see a snapshot of the whole problem, it is on us to choose encryption as a way of life. We can start with short actions, such as prioritizing services that use encryption or enabling encryption whenever possible. If we want to take a step further, we can audit the algorithms, or participate publicly in debates. This time, it is on us to defend our freedom and our right to self determination.
- Global Partners Digital (2017) Travel Guide to the Digital World: encryption policy for human rights defenders. pp. 32-37
- Instituto de Pesquisa em Direito e Tecnologia do Recife – IP.rec (2020) O mosaico legislativo da criptografia no Brasil: uma análise de projetos de lei. pp. 23-32, 44-48.
- Lizzie O’Shea, Lizzie (2020). Future Histories: What Ada Lovelace, Tom Paine, and the Paris Commune Can Teach Us about Digital Technology. p.103
- Huxley, Aldous (1932) Brave New World.
- Zuboff, Shoshana (2020) Real corporate accountability for surveillance capitalism with Shoshana Zuboff and Chris Gilliard. In RightsCon.
- Ferenstein,Greg (2013) Google’s Cerf says “Privacy might be an anomaly”. Historically, he is right.
- Ferenstein,Greg (2015) The Birth And Death Of Privacy: 3,000 Years of History Told Through 46 Images.
- Warren, Samuel D. and Louis D. Brandeis (1980) The Right to Privacy. Harvard Law Review 4, no. 5 (December 15). p. 206
- Schneier Bruce (2015) Applied Cryptography. Protocols, Algorithms, and Source Code in C. Second Edition. p.15
- Polk, Ryan and April Froncek (2019) Your day with encryption.
*The views and opinions expressed in this blogpost are those of the author.
Illustration by Freepik Stories.
Written by
Verónica Arroyo (See all posts from this author)
Verónica Arroyo studied law in the Pontificia Universidad Católica del Perú. She is a Latin America Policy Associate at Access Now based in Lima. Her main focus is privacy and new technologies. Verónica worked in a Peruvian law firm and was a teacher assistant in Human Rights, Antitrust and Media Law before joining Access Now. She was awarded several internet governance fellowships.