UN Report on the Value of Encryption to Freedom Worldwide
The United Nation’s Office of the High Commissioner released a report on the value of encryption and anonymity to the world:
Summary: In the present report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur addresses the use of encryption and anonymity in digital communications. Drawing from research on international and national norms and jurisprudence, and the input of States and civil society, the report concludes that encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection.
Here’s the bottom line:
60. States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. In addition, States should refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users. Corporate actors should likewise consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms). Court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals.
One news report called this “wishy-washy when it came to government-mandated backdoors to undermine encryption,” but I don’t see that. Government mandated backdoors, key escrow, and weak encryption are all bad. Corporations should offer their users strong encryption and anonymity. Any systems that still leave corporations with the keys and/or the data — and there are going to be lots of them — should only give them up to the government in the face of an individual and lawful court order.
I think the principles are reasonable.