Why we support effective encryption
We know that encryption was on the agenda at the recent Five Eyes spy network meeting in Ottawa, with Australia taking the lead in calling for law enforcement and spy access to encrypted messages:
As Australia’s priority issue, I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption. These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies. – Senator Brandis.
In ooposition we were proud to co-sign, with 83 other organisations and individuals, a letter defending strong encryption (PDF):
This protection demands an unequivocal rejection of laws, policies, or other mandates or practices—including secret agreements with companies—that limit access to or undermine encryption and other secure communications tools and technologies.
Today, we reiterate that call with renewed urgency. We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same.
You can read elsewhere about the technical difficulties (if not impossibilities) of developing effective encryption that can also be read by government spies, but why is this issue important to us and why is it important to civil liberties?
Firstly, it can't be justified
We do support New Zealand law enforcement agencies being able to, with appropriate justification and oversight, intercept private communications. Stopping and catching criminals is a benefit to society.
But allowing this doesn't break anything, whereas weakening encryption means breaking the technological foundations that internet security and privacy are built upon.
- You can't create backdoors that won't be leaked.
- You can't expect global companies to allow five governments to have backdoor access without allowing all governments backdoor access.
- You can't mandate poor encryption with the hope that other people won't be smart enough to find the flaws.
- You can't force criminals to use your broken encryption when they already have secure tools.
New Zealand law already forces internet providers to decrypt traffic on demand if they supply the encryption (see TICS Act 2013 s24). The impact of this has been low because most New Zealanders rely on services and applications hosted overseas rather than NZ providers. That said, we still think this is bad law.
The NZ Bill of Rights says that "the rights and freedoms may be subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society."
New Zealand is not suffering from a wave of crime and terrorism where the perpetrators are using encryption to avoid capture and detection. Breaking encryption for everyone and weakening the security of the internet we rely on for commerce, for personal relationships, for entertainment, for the entire scope of our digital lives can't be justified based on the current threats we see in New Zealand.
Secondly, government surveillance is a very real threat
We've published many articles about the threat to our freedom from increasing government surveillance. We've talked about how people's perception of this spying limits freedom of expression, discourages the sharing of political views, and reduces democratic participation.
Civil liberties is about protecting people from the power of the state to ensure that our government continues to work for us rather than against us. While we're mainly concerned with New Zealanders, this is a global battle and there are many governments internationally who want this ability to further oppress their people. Let's not be an example to them.
Ultimately, we see that the surveillance state is more of a threat to our freedom and wellbeing than criminal activities shielded by encryption.