Quick chat about Cryptography, Human Rights and The Moral Character of the Cryptographic Work
Written by
DTE UFPE (See all posts from this author)
7 de August de 2017
Another text from our series of external guests, this time written by the Research Group on Law and Technology at the Federal University of Pernambuco, with the collaboration of the researchers André Lucas Fernandes, André Ramiro, Paula Côrte Real and Raquel Saraiva.
The problem of unrestricted security in electronic communications has been taking place in public debate, precisely because it is a mechanism that increasingly involves the majority share of the society. Cryptography, the most widespread security technique in this scenario, has contributed to the humanitarian and social contours of mathematics itself, giving a new dimension, above all, to what we mean by human rights, proving to be a key topic in recent discussions on Internet Governance.
“Modern cryptography involves the study of mathematical techniques for securing digital information, systems, and distributed computations against adversarial attacks.”[1] Encryption, one of the techniques studied by cryptography, can be defined as “the problem of how two parties can communicate in secret in the presence of an eavesdropper”[2].
Fact is, with increasing dependence on technological means for communication, plus, the widening and deepening of state electronic surveillance means, encryption (often associated to anonymity) ends up becoming a necessary tool for the preservation, in especial, of privacy and freedom of expression.
Along with new and different forms of expression brought by the Internet and electronic communications in general, new means of interference in the privacy of users have also been initiated. They are the faces of a duality intrinsic to the advent of technological advances. At the same time that entities create new opportunities for innovation and communication, the production, dissemination, and storage of an exponentially greater amount of private data also rises. This process, which indiscriminately generates a database of civil society, relativizes what we understand and live in terms of privacy; by giving margin to the political persecution, it inaugurates what is being called surveillance architecture or surveillance capitalism. Information Security, therefore, comes to the fore (an idea still not sufficiently disseminated among the dynamic strata of the population), becoming a fundamental aspect for the guarantee of the right to confidentiality of personal information and, in addition, the preservation of Human Rights.
Declarations of a diplomatic and international nature often lead to problems, mainly regarding to originally transnational structures, such as the Internet and the range of national provisions on the use of Cryptography, in particular when human rights are at stake.
This happens because some countries have laws that limit or even prohibit the use of encryption. For example: in Pakistan, encryption is banned; In India, ISPs should restrict the level of encryption for individuals, groups, and associations to a 40-bit size key in symmetric-key algorithms or equivalent; In Cuba, to use encryption tools, a government authorization is required; Turkey requires companies that sell encryption tools to provide the government with copies of the encryption keys before offering the tools to the public; Meanwhile, France, the United Kingdom and Spain, states popularly known as western democratic referrals, may require companies to provide encryption keys or decrypt data, not to mention the latest provisions of the Chinese State on the regulation of use of Virtual Private Networks (VPNs), further widening the slandered “Great Firewall of China”.
As such, international entities such as Amnesty International and UNESCO have issued reports both in 2016 on the issue of the use of encryption tools for communications and how they act in the defense of civil society against human rights abuses, especially in countries of restricted democracy. In the words of David Kaye, Special Rapporteur for Freedom of Expression of the United Nations:
“Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artists and others to exercise the rights to freedom of opinion and expression.”
However, it is possible to talk about side effects to anti-democratic regimes. Civil society articulations for the promotion of human rights are constantly developing tools that contribute to the protection of communications and anonymity, taking PETs (Privacy Enhancing Technologies) to a new level of use, previously restricted to market and state operations.
Many of the traditional encryption tools used by popular application providers are not developed by large companies but by experts and engineer communities from civil society. This is the case, for example, of the Signal cryptography protocol, developed by Open Whisper Systems, of The Onion Router (Tor), for the promotion of anonymity, built on the idea that users can help each other as a way to “cover” each other against state surveillance; or the TrackMeNot tool, an attempt to obscure the mapping of possible patterns about user interests from metadata capture.
They are, at the same time, causes and consequences of what is left of a free and open Internet, which enables innovation and allows technological (and cryptographic) development to return to the public good, beyond the commercial interest. The reality constantly renewed by scientific advances challenges the maintenance of human rights, shaping values, power relations and shedding light on the diverse relationships between technologies and societies, especially in an international context.
But there is another issue that deserves prominence in this debate, with which it directly relates, and it refers to the sociopolitical role played by the developers of encryption technologies.
It is known that information is power. Like other technological methods, cryptography has the power to reconfigure power arrangements, since it enables communications and information to be available or not and to which people. Encryption, depending on how and to which applications are implemented, has the capacity to empower or weaken citizens by bringing them closer to or away from public information, from exercising the right to privacy and to freedom of expression, and even from each other.
According to that, the American cryptographer Phillip Rogaway maintains that cryptography thus becomes a political instrument and intrinsically has a moral dimension. The revelations about the NSA surveillance program pointed to a certain failure in cryptographic work, as they allowed civil society communications to be fragile and vulnerable through illegal interceptions. This happened due to the fact that work and development in the field of cryptography were operated far from the moral function of scientific activity, perceived as being politically neutral, restricted in the resolution of mathematical puzzles, with little reflection about the impact of these technologies on the people who use them.
In the post-war period, relations between ethics, science and society were raised as a way of fostering a new model of technological development, in view of the inhumane consequences of the use of scientific techniques for the development of war weapons. An example of this is the work of the physicist Robert Oppenheimer, who was always reconsidering, during and after his Manhattan Project years, the ethical implications of the work he headed. The initial impulse of this postwar era, however, was only incorporated by a minority of scientists and engineers, who came to view their work with intrinsically social values.
The moral foundation of cryptographic work must be taken into account when designing cryptographic implementation policies, as well as when developing and researching them. For, as said, the development of the encryption of communications has repercussions on the relations of power and ends up shaping society. Cryptographers may not have been directly responsible for the initial design of the Internet infrastructure, for the communications interceptions, or for mass surveillance. But they are, among other agents, the ones capable of reversing the path of violations of privacy and freedom of expression by devising fair means of securing human rights to those who use of electronic communications. Or, as Rogaway suggests,
“With few exceptions, the atomic scientists who worked on disarmament were not the same individuals as those who built the bomb. Their colleagues – fellow physicists – did that. Cryptographers didn’t turn the Internet into an instrument of total surveillance, but our colleagues|fellow computer scientists and engineers|did that. And cryptographers have some capacity to help.”
Cryptography is, therefore, a fundamental tool for the protection of human rights. Policies around its implementation have direct social consequences, interfering with the exercise of fundamental rights and the configuration of society. The way this is faced will give a certain bias in shaping the intended future, a future intrinsic to the technological path and to the forms of communication. Hence, a new look should be launched on the use of cryptography, giving it the incentive to operate in favor of society, by launching an ethical dimension to the daily scientific development.
Text written by the Research group on Law and Technology at the Federal University of Pernambuco, with the collaboration of the researchers André Lucas Fernandes, André Ramiro, Paula Côrte Real and Raquel Saraiva.
[1] KATZ, Jonathan; LINDELL, Yehuda. Introduction to modern cryptography. Second Edition. Boca Raton. CRC Press, 2015, p. 3.
[2] BONEH, Dan; SHOUP, Victor. A graduate course in applied cryptography. Draft edition, December 2016.