Support Encryption for Everybody or Place Your Faith in Government Snoops
Government agencies have repeatedly proven themselves to be abusive.
Encrypted messaging is dangerous because it enables contacts among racists and extremists, argues the Southern Poverty Law Center (SPLC) in a recent feature. The piece, though, fails to demonstrate that hiding data from prying eyes is bad in itself, making its emphasis on encryption odd. It's a choice that can only feed into escalating campaigns by governments and their security services to mandate access to private communications, potentially compromising the civil rights that the SPLC supposedly champions.
"Far-right extremists and white supremacist terrorists have embraced Telegram as their platform of choice, signaling a shift away from these groups' traditional methods of organizing and toward a dangerous future defined by leaderless resistance and 'lone actor' terrorism," Hannah Gais and Megan Squire argue in "How an Encrypted Messaging Platform is Changing Extremist Movements," published by the SPLC on February 16. "In addition to enabling the spread of propaganda, Telegram's built-in features also facilitate recruitment by making it easy for extremists to set up public or private encrypted discussion groups," they add.
Despite the headline and brief mentions of Telegram's encryption features, the bulk of the article examines the app's utility for mass organizing. The authors also object to Telegram's allegedly permissive attitude towards extremists and the ease with which such groups dodge restrictions. The article, then, is a complaint about the ease with which evolving technology allows even unsavory people to connect with one another, mixed with a guilt-by-association smear of encryption at a time when it's under renewed assault by the powers that be.
"On Privacy Day, European end-to-end encrypted services ProtonMail, Threema, Tresorit and Tutanota are calling on EU policy makers to rethink proposals made in December's Council Resolution on Encryption," the four companies announced on January 28. "While it's not explicitly stated in the resolution, it's widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors. However, the resolution makes a fundamental misunderstanding: encryption is an absolute, data is either encrypted or it isn't, users have privacy or they don't."
The resolution to which they responded, published in December 2020, called for "security through encryption and security despite encryption" and complained "there are instances where encryption renders access to and analysis of evidence extremely challenging or impossible in practice." It added that "Competent authorities must be able to access data in a lawful and targeted manner" in a signal that the European Union favors encryption only if it doesn't inconvenience government snoops.
Earlier, in October, the "Five Eyes" intelligence alliance of Australia, Canada, New Zealand, the United Kingdom, and the United States joined with India and Japan in a similar resolution.
"We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people," the governments acknowledged in a joint statement. "Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content," they added.
But, if governments can penetrate communications privacy to address "challenges to public safety," there's nothing to stop them from putting "journalists, human rights defenders and other vulnerable people" in that category. Importantly, Pavel Durov, the man who founded the Telegram app to which the SPLC objects, fled Russia after rejecting government demands that he compromise privacy.
"Two years ago, Pavel Durov refused to grant Russian security services access to users' encrypted messages on his popular Telegram messaging app, then a favorite of Russian opposition groups," the Washington Post noted last June. "Using a combination of wily cyber-dodging tactics and the force of Telegram's growing reach, the 35-year-old Russian-born entrepreneur humiliated and outmaneuvered Russia's state telecommunications regulator, Roskomnadzor."
Of course, communications and encryption are neutral technologies. If they protect opposition groups against repressive governments, they also shield racists and extremists from scrutiny. Some people seem to have decided that it's worth sacrificing journalists and political dissidents in order to target unsavory elements. The SPLC isn't the first group to raise the issue.
"The rise of Telegram and Signal could inflame the debate over encryption, which helps protect the privacy of people's digital communications but can stymie the authorities in crime investigations because conversations are hidden," The New York Times pointed out last month. "Any move to the apps by far-right groups in particular has worried U.S. authorities…"
Those same U.S. authorities, let's remember, have engaged in extensive domestic surveillance that the FBI itself admits "was later rightfully criticized by Congress and the American people for abridging first amendment rights and for other reasons." The SPLC, born in the civil rights movement but under fire for a seeming loss of purpose, must still understand how useful encryption would have been to activists like Martin Luther King, Jr. The technology could have spared them much grief from hostile government agents.
"The U.S. Federal Bureau of Investigation (FBI) began monitoring Martin Luther King, Jr., in December 1955, during his involvement with the Montgomery bus boycott, and engaged in covert operations against him throughout the 1960s," notes The Martin Luther King, Jr. Research and Education Institute at Stanford University. "Under the FBI's domestic counterintelligence program (COINTELPRO) King was subjected to various kinds of FBI surveillance that produced alleged evidence of extramarital affairs, though no evidence of Communist influence."
It's not surprising that security agencies would want enhanced capability for their surveillance programs. It is foolish, though, to think that compromising communications privacy for bad actors won't have the same impact on everybody else, or that encryption can be reserved as a protection only for people somehow designated as on the side of the angels. As the European encrypted services emphasized in their joint statement, "encryption is an absolute, data is either encrypted or it isn't, users have privacy or they don't." We either allow that everybody is entitled to privacy protections, or we place our trust in government agencies that have repeatedly proven themselves to be abusive.