Back to main site

    Encryption and Anonymity on the Internet

    Module 4: Data Privacy and Data Protection

    Encryption refers to a mathematical process of converting messages, information or data into a form unreadable by anyone except the intended recipient, and in doing so protecting the confidentiality and integrity of content against third-party access or manipulation.(1) With “public key encryption” – the dominant form of end-to-end security for data in transit – the sender uses the recipient’s public key to encrypt the message and its attachments, and the recipient uses her or his own private key to decrypt them.(2) It is also possible to encrypt data at rest that is stored on one’s device, such as a laptop or hard drive.(3)

    Anonymity can be defined either as acting or communicating without using or presenting one’s name or identity, or as acting or communicating in a way that protects the determination of one’s name or identity, or using an invented or assumed name that may not necessarily be associated with one’s legal or customary identity.(4) Anonymity may be distinguished from pseudo‑anonymity: the former refers to taking no name at all, whilst the latter refers to taking an assumed name.(5) Anonymity may be distinguished from pseudo‑anonymity: the former refers to taking no name at all, whilst the latter refers to taking an assumed name.(6)

    Encryption and anonymity are necessary tools for the full enjoyment of digital rights, and enjoy protection by virtue of the critical role that they play in securing the rights to freedom of expression and privacy.  As described by the United Nations Special Rapporteur (UNSR) on freedom of expression:(7)

    “Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief.  For instance, they enable private communications and can shield an opinion from outside scrutiny, particularly important in hostile political, social, religious and legal environments.  Where States impose unlawful censorship through filtering and other technologies, the use of encryption and anonymity may empower individuals to circumvent barriers and access information and ideas without the intrusion of authorities.  Journalists, researchers, lawyers and civil society rely on encryption and anonymity to shield themselves (and their sources, clients and partners) from surveillance and harassment.  The ability to search the web, develop ideas and communicate securely may be the only way in which many can explore basic aspects of identity, such as one’s gender, religion, ethnicity, national origin or sexuality.  Artists rely on encryption and anonymity to safeguard and protect their right to expression, especially in situations where it is not only the State creating limitations but also society that does not tolerate unconventional opinions or expression.”

    Encryption and anonymity are especially useful for the development and sharing of opinions online, particularly in circumstances where a person fears that their communications may be subject to interference or attack by state or non-state actors. These are therefore specific technologies through which individuals may exercise their rights. Accordingly, restrictions on encryption and anonymity must meet the three-part test to justify the restriction.

    According to the UNSR on freedom of expression, while encryption and anonymity may have the potential to frustrate law enforcement and counter-terrorism officials and complicate surveillance, state authorities have generally failed to provide appropriate public safety justifications to support any restrictions or to identify situations where the restriction has been necessary to achieve a legitimate goal.(8) Outright prohibitions on the individual use of encryption technology disproportionately restricts the right to freedom of expression as it deprives all online users in a particular jurisdiction of the right to carve out a space for opinion and expression, without any particular claim of the use of encryption being for unlawful ends.(9) Likewise, state regulation of encryption may be tantamount to a ban, for example through requiring licences for encryption use, setting weak technical standards for encryption or controlling the import and export of encryption tools.(10)

    The UNSR on freedom of expression has, therefore, called on states to promote strong encryption and anonymity, and noted that decryption orders should only be permissible when they result from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (not to a mass of people), and subject to a judicial warrant and the protection of due process rights.(11)

    The 2019 ACHPR Declaration of Principles on Freedom of Expression and Access to Information likewise provides that states should not adopt laws or other measures prohibiting or weakening encryption, including backdoors or key escrows unless such measures are justifiable and compatible with international human rights law and standards.(12)

    More Resources on Surveillance and Encryption


    1. Report of the UNSR on Freedom of Expression, ‘Report on anonymity, encryption and the human rights framework’, A/HRC/29/32, (2015) (UNSR Report on Anonymity and Encryption) at para 7 (accessible at: For further discussion and resources, see UCI Law International Justice Clinic, ‘Selected references: Unofficial companion report to Report of the Special Rapporteur (A/HRC/29/32) on encryption, anonymity and freedom of expression’ (accessible at: Back
    2. Id. Back
    3. Id. Back
    4. Electronic Frontier Foundation, Anonymity and encryption, 10 February 2015 at p 3 (accessible at: Back
    5. Id. Back
    6. Id. Back
    7. UNSR Report on Anonymity and Encryption at para 12. Back
    8. Id. at para 36. Back
    9. Id. at para 40. Back
    10. Id. at para 41. Back
    11. Id. at paras 59-60. Back