20 Sep 2024 | News and features, United Kingdom
In August 2021, when the Taliban took over Kabul and home searches became ubiquitous, women started to delete anything they thought could get them in trouble. Books were burned, qualifications were shredded, laptops were smashed. But for 21 members of a women’s creative writing group, a lifeline remained: their WhatsApp group. Over the next year they would use this forum to share news with one another (a story that has since been chronicled in the recently published book My Dear Kabul, which was published by Coronet and is an Untold Narratives project, a development programme for marginalised writers). Doing so through WhatsApp was not incidental. Instead the app’s use of end-to-end-encryption provided a strong level of protection. The only way the Taliban would know what they were saying was if they found their phones, seized them, forced them to hand over passwords and went into their accounts. They could not otherwise read their messages.
End-to-end encryption is not sexy. Nor do those four words sound especially interesting. It’s easy to switch off when a conversation about it starts. But as this anecdote shows it’s vitally important. Another story we recently heard, also from Afghanistan: a man hid from the Taliban in a cave and used WhatsApp to call for help. Through it, safe passage to Pakistan was arranged.
It’s not just in Afghanistan where end-to-end encryption is essential. At Index we wouldn’t be able to do our work without it. We use encrypted apps to message between our UK-based staff and to keep in touch with our network of correspondents around the world, from Iran to Hong Kong. We use it to keep ourselves safe and we use it to keep others safe. Our responsibility for them is made manifest by our commitment to keep our communication and their data secure.
Beyond these safety concerns we know end-to-end encryption is important for other reasons: It’s important because we share many personal details online, from who we are dating and who we vote for to when our passport expires, what our bank details are and even our online passwords. In the wrong hands these details are very damaging. It’s important too because privacy is essential both in its own right and as a guarantor of our other fundamental freedoms. Our online messages shouldn’t be open to all, much as our phone lines shouldn’t be tapped. Human rights defenders, journalists, activists and MPs message via platforms like Signal and WhatsApp for their work, as do people more broadly who are unsettled by the principle of not having privacy.
Fortunately, today accessible, affordable and easy-to-use encryption is everywhere. The problem is its future looks uncertain.
Last October, the Online Safety Act was passed in the UK, a sprawling piece of legislation that puts the onus on social media firms and search engines to protect children from harmful content online. It’s due to come into force in the second half of 2025. In it, Section 121 gives Ofcom powers to require technology companies to “use accredited technology” that could undermine encryption. At the time of the Act’s passage, the government made assurances this would not happen but comments from senior political figures like Sadiq Khan, who believe amendments to the acts are needed, have done little to reassure people.
It’s not just UK politicians who are calling for a “back door”.
“Until recently, traditional phone tapping gave us information about serious crime and terrorism. Today, people use Telegram, WhatsApp, Signal, Facebook, etc. (…) These are encrypted messaging systems (…) We need to be able to negotiate what you call a ‘back door’ with these companies. We need to be able to say, ‘Mr. Whatsapp, Mr. Telegram, I suspect that Mr. X may be about to do something, give me his conversations,’” said French Interior Minister Gérald Darmanin last year.
Over the last few years police across Europe, led by French, Belgium and Dutch forces, have breached the encryption of users on Sky ECC and EncroChat too. Many criminals were arrested on the back of these hacking operations, which were hailed a success by law enforcement. That may be the case. It’s just that people who were not involved in any criminal activity would also have had their messages intercepted. While on those occasions public outcry was muted, it won’t be if more commonly used tools such as WhatsApp or Signal are made vulnerable.
Back to the UK, if encryption is broken it would be a disaster. Not only would companies like Signal leave our shores, other nations would likely follow suit.
For this reason we’re pleased to announce the launch of a new Index campaign highlighting why encryption is crucial. WhatsApp, the messaging app, have kindly given us a grant to support the work. As with any grant, the grantee has no influence over our policy positions or our work (and we will continue to report critically on Meta, WhatsApp’s parent company, as we would any other entity).
We’re excited to get stuck into the work. We’ll be talking to MPs, lawyers, people at Ofcom and others both inside and outside the UK. With a new raft of MPs here and with conversations about social media very much in the spotlight everywhere it’s a crucial moment to make the case for encryption loud and clear, both publicly and, if we so chose, in a private, encrypted forum.
21 Jul 2022 | Opinion, Ruth's blog, United Kingdom
For over fifty years, Index on Censorship has supported dissidents, journalists and activists in part by training them on the most current technology. In recent years that has included how to use encryption and encrypted communication apps, helping them to protect themselves from repressive regimes in the easiest and most comprehensive ways possible. This training was especially necessary when accessing encryption proved to be a specialist pursuit, involving intensive training, helping people on the ground to understand the options and downloading often complex peer-to-peer messaging apps.
Now, thankfully, encryption is everywhere; human rights defenders, journalists and MPs use platforms like Signal, Telegram and WhatsApp to exchange everything from gossip to public interest data. Encryption is critical for investigative journalists who need to communicate with sources and to protect their investigations against hostile actors, whether states or criminal gangs.
And for all of us encryption has its uses: sending family photos and sharing personal information. After all, who hasn’t sent their bank details to a friend?
Telegram is used by activists, journalists and politicans. Photo: Christian Wiediger/Unsplash
For Index on Censorship, protecting encryption is a critical frontline in the fight for freedom of expression. Free speech isn’t just about the words themselves: it is the freedom to exchange information, the freedom to gather information and the freedom to confide ideas and thoughts to others without the risk of arrest and detention. Encryption is now central to our collective ability to exercise the right to freedom of expression.
Five years ago, Jamie Bartlett wrote for Index on Censorship about how his experience of police intimidation in Croatia, a democratic EU member state, changed his view on encryption. In Jamie’s case it offered a secure means of communicating with a source who the authorities had made it clear they did not want him to speak to.
Today, in too many states, encryption is now essential. As we speak the reality on the ground in authoritarian regimes including China, Hong Kong, Belarus and Russia, the difference between using an encrypted messaging app to express yourself, or unencrypted communications will mean the difference between freedom and imprisonment, if not worse.
Promoting and defending encryption is essential for any organisation that promotes and defends free speech. That’s why Index on Censorship is delighted to announce that we’ve received a grant from WhatsApp, the messaging app, to support our work in defending encryption. The grant of £150,000 will be used for our general work in defending digital freedom and our work streams will not be determined by any one other than my team at Index. From our perspective this grant is incredibly welcome as it will allow us to develop new content that explains the importance of encryption to the public, allows us to get new legal advice on why encryption should be protected as a fundamental defence of our human rights, as well as bringing new voices into the debate on why encryption is so critical to defend free speech.
As with any grant, the grantee has no influence whatsoever over Index on Censorship policy positions or our work itself. Index has had its criticisms of Meta (WhatsApp’s parent company) in the past and I’m sure we will in the future, and we’ll continue to speak freely to any government or company.
Right now, we’re continuing to argue for a pause to the UK government’s rush to push through its flawed Online Safety Bill, ensuring we have the opportunity to work with Ministers to amend the bill to remove the flawed ‘legal but harmful’ provisions in the legislation (as demolished by Gavin Millar QC’s power legal opinion for Index) and also ensure the potential undermining of encryption is taken out of this legislation.
We’ve got a lot to do – but the political weather is changing in the right direction.
14 Jul 2022 | Opinion, Ruth's blog, United Kingdom
“Unintended consequences”, “ideologically incoherent”, “won’t change culture or make us safer”.
I have written all these words and many more about the British Government’s Online Safety Bill. Index on Censorship has spent the last eighteen months campaigning against the worst excesses of the Online Safety Bill and how it would undermine freedom of expression online.
Our lines have been clear:
1. What is legal to say offline should be legal online.
2. End to end encryption should not be undermined.
3. Online anonymity needs to be protected.
The current proposals that were progressing through the British Parliament undermined each of these principles and were going to set a new standard of speech online which would have led to speech codes, heavily censored platforms, no secure online messaging and a threat to online anonymity which would have undermined dissidents living in repressive regimes.
So honestly, I am relieved that the government has, at almost the last minute, paused the legislation.
I am not opposed to regulation, I do not for a second believe that the internet is a nice place to spend time and nor would I advocate that there shouldn’t be many more protections for children and those who are vulnerable online. We do need regulation to limit children’s exposure to illegal and inappropriate content but we need to do it in such a way that protects all of our rights.
This legislation, in its current iteration, failed to do that, it was a disaster for freedom of expression online. The proposed “Legal but Harmful’ category of speech would have led to over deletion by online platforms on a scale never seen before. Algorithms aren’t people and frankly they will struggle to identify nuance, context or satire or even regional colloquialisms. With fines and the threat of prison sentences, platforms will obviously err on the side of caution and the unintended consequence would be mass deletion.
So today, we welcome the fact that the legislation has been paused and we call on the new prime minister and the next secretary of state to think again in the autumn about what we are actually trying to achieve when we regulate online platforms. Because honestly, we won’t be able to make the internet nicer by waving a magic wand and removing everything unpleasant – we need to be more imaginative in our approach and consider the wider cultural and educational impact.
So, as I have said in the media overnight, this is a fundamentally broken bill – the next prime minister needs a total rethink. It would give tech executives like Nick Clegg and Mark Zuckerberg massive amounts of control over what we all can say online, would make the UK the first democracy in the world to break encrypted messaging apps, and it would make people who have experienced abuse online less safe by forcing platforms to delete vital evidence.
Let’s start again.
10 Dec 2019 | Australia, Digital Freedom, Digital Freedom Statements, News and features, Statements, United Kingdom, United States
Index joined 52 other civil society organisations as well as private companies and security researchers in calling on governments to allow technology companies to offer strong encryption tools such as Signal or WhatsApp to the public.
The statement highlights the dangers to the security and privacy of billions of internet users around the world, should governments enforce the removal of end-to-end encryption protection on consumer messaging services, which are often used by journalists on assignments. It also points out that building “back doors” just for “good actors” is not possible.
According to the letter sent to US, British and Australian ministers: “Technology companies could not give governments back door access to encrypted communications without also weakening the security of critical infrastructure, and the devices and services upon which the national security and intelligence communities themselves rely.”
The letter goes on to describe the numerous problems critical national infrastructure, industry, businesses and private individuals would face if such ‘backdoor access’ was granted.
The appeal comes as a response to a joint letter by UK Home Secretary Priti Patel, and her US and Australian counterparts in October, and following a United States Department of Justice event describing encrypted communications tools as ‘lawless spaces’.
The full sourced statement, and list of signatories can be found here: https://newamericadotorg.s3.amazonaws.com/documents/Coalition_Response_Letter_-_Encryption_DOJ_event_and_letter_to_Facebook.pdf
