The members of the Global Encryption Coalition’s Steering Committee — the Center for Democracy & Technology, Internet Society, Global Partners Digital, Mozilla Corp. and the Internet Freedom Foundation — issued the following statement on the EU-US collaboration against encryption on April 5, 2023:
Among the troubling strategies of those who are threatening the right to privacy, whatever their stated motives, overtly shaping public opinion against encryption is once again rearing its head. Recent media reports state that senior government officials in the US and EU agreed to cooperate on measures to shape public opinion with the goal of legitimising the demands of law enforcement agencies to access encrypted communications. This occurred at the EU-US Senior Officials Meeting on Justice and Home Affairs, held in Stockholm on 16 and 17 March, the minutes of which are now available. The delegations “… concurred on the need to mirror privacy by design with lawful access by design…,” apparent code language for mandating the undermining or removal of strong encryption practices. The Internet Society, Global Partners Digital, the Center for Democracy & Technology (CDT), Mozilla, and the Internet Freedom Foundation (IFF), members of the Steering Committee of the Global Encryption Coalition, issued the following joint statement in response:
“This development is a worrying rehash of previous attempts to influence public opinion against encryption, placing the security of the private information of billions of people at risk. The overwhelming benefits of encryption cannot be contested, as is clear from the widespread deployment of encryption by default across the technology landscape. In fact, it is a glaring indication of this reality that discourse manipulation is now being used to undermine it.
Encryption keeps information confidential, preventing unauthorised third parties from accessing private content. It is now deployed on over 90% of web traffic, on most of the commonly used messaging applications, and it protects user data in all prominent operating systems. Encryption also protects information in cellular networks, business and government communications, financial transactions, and a limitless list of other use cases that are fundamental to modern commerce and a digital society.
As we have stated in the past, there is no effective way to weaken encryption for some use cases such as law enforcement while keeping it strong for others. Any weakness designed to facilitate law enforcement access can equally be exploited by malicious actors, putting anyone using that kind of encryption at greater risk of harm, often beyond just individual services. Forcing software vendors to build backdoors or preventing them from implementing end-to-end encryption puts the safety of society at large at increased risk.
The general public is often a beneficiary of encryption multiple times a day – from visiting websites, using cell phones, making payments – without even realising its presence. This is testament to the quality of the tremendous work it has taken to make encryption ubiquitous. It is at the heart of a trusted internet, an enabler of both economic benefits and human rights. With ill-considered legislations like the EU’s CSAM directive and the UK’s Online Safety Bill barrelling through legislative processes, the consequences of such public discourse manipulation against encryption could be dire for data security world-wide.
Moreover, while web platforms have – as key stakeholders – engaged in relevant lawmaking processes, their engagement in this instance has consistently been to protect clients and users, which requires resisting all attempts to undermine encryption. This should not be understood as ‘hypocrisy’ (as was reportedly claimed at the meeting), but rather as the uniform application of their corporate responsibilities to protect human rights regardless of jurisdiction.
Rather than seeking to undermine encryption, governments should instead focus on leveraging the wide ranging powers law enforcement agencies already have. They should reject ideas like client-side scanning, which falsely purports to preserve encryption while instead creating an automated, on-device censor that violates the entire purpose of encryption. We will continue to monitor these developments closely and defend encryption around the world.”
The Global Encryption Coalition is a three-year old coalition with over 330 members in 99 countries around the world who are dedicated to protecting and promoting the use of encryption.