Encryption and Anonymity on the Internet
Module 4: Data Privacy and Data Protection
Encryption refers to an automated process of converting messages, information or data into a form unreadable by anyone except the intended recipient, and in doing so protecting the confidentiality and integrity of content against third party access or manipulation.(1) With a “public key encryption” — the dominant form of end-to-end encryption for data in transit — the sender uses the recipient’s public key to encrypt the information, and the recipient uses her or his own private key to decrypt it.(2)It is also possible to encrypt data that is stored on one’s device, such as a laptop or smartphone.(3)
Anonymity can be defined either as acting or communicating without using or presenting one’s name or identity, or as acting or communicating in a way that makes it impossible to determine one’s name or identity, or using an invented or assumed name that is not associated with one’s legal or customary identity.(4) Anonymity may be distinguished from pseudo‑anonymity: the former refers to taking no name at all, whilst the latter refers to taking an assumed name.(5) Here again, it is common to reveal the identity to chosen users.
Encryption and anonymity are necessary tools for the full enjoyment of digital rights and enjoy protection by virtue of the critical role that they play in securing the rights to freedom of expression and privacy. As described by the United Nations Special Rapporteur (UNSR) on freedom of expression:(6)
“Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief. For instance, they enable private communications and can shield an opinion from outside scrutiny, particularly important in hostile political, social, religious and legal environments. Where States impose unlawful censorship through filtering and other technologies, the use of encryption and anonymity may empower individuals to circumvent barriers and access information and ideas without the intrusion of authorities. Journalists, researchers, lawyers and civil society rely on encryption and anonymity to shield themselves (and their sources, clients and partners) from surveillance and harassment. The ability to search the web, develop ideas and communicate securely may be the only way in which many can explore basic aspects of identity, such as one’s gender, religion, ethnicity, national origin or sexuality. Artists rely on encryption and anonymity to safeguard and protect their right to expression, especially in situations where it is not only the State creating limitations but also society that does not tolerate unconventional opinions or expression.”
Encryption and anonymity are especially useful for the development and sharing of opinions online, particularly in circumstances where people may be concerned that their communications may be subject to interference or attack by state or non-state actors. These are therefore specific technologies through which individuals may exercise their rights. Accordingly, any restrictions on encryption and anonymity must meet the three-part test.
According to the UNSR on freedom of expression, while encryption and anonymity may frustrate law enforcement and counter-terrorism officials and complicate surveillance, state authorities have generally failed to provide appropriate public justifications to support restrictions on their use or to identify situations where such restrictions are necessary to achieve a legitimate goal.(7) Outright prohibitions on the individual use of encryption technology disproportionately restrict the right to freedom of expression as they deprive all online users in a particular jurisdiction of the right to use these tools to carve out a space for opinion and expression, regardless of whether or not they are being used for unlawful ends.(8) Likewise, state regulation of encryption may be tantamount to a ban, for example through requiring licences to use encryption, setting weak technical standards for encryption or controlling the import and export of encryption tools.(9)
The UNSR on freedom of expression has called on states to promote strong encryption and anonymity, and noted that decryption orders should only be permissible when they result from transparent and publicly-accessible laws applied solely on a targeted, case-by-case basis to individuals (not to a group of people), and subject to a judicial warrant and the protection of due process rights of individuals.(10)