Encryption Protects Ukrainians, Dissident Russians, and You

After Russia's invasion of Ukraine, getting information through firewalls and past the eyes of censors has become a major concern for both Ukrainians and those Russians critical of Putin's regime. That encryption has emerged as an important tool should surprise exactly nobody who has paid any attention to the evolving efforts of activists, journalists, and private citizens to escape the notice of thuggish rulers. That's a lesson to take to heart not just for people overseas, but also here at home.

"Secure, encrypted communications give people the power to organize and access information that authoritarian regimes don't want seen," Sen. Ron Wyden (D–Ore.) tweeted March 3. "End-to-end encryption is life or death for people living in authoritarian countries like Russia, China, or Saudi Arabia."

Wyden deserves kudos for his consistent messaging on this issue. He's a rare political figure who champions privacy, recently criticizing legislative attacks on encryption as well as publicizing domestic surveillance by the CIA. (Unfortunately, he isn't so great on economic freedom, for which he's been called out by his own son.) The Oregon lawmaker went on to specify that users should be careful about which tools they use: "If a service isn't end-to-end encrypted by default, it isn't safe."

That advice applies most particularly to Telegram, which is enormously popular in eastern Europe in part because its founder, Pavel Durov, fled Russia to escape Putin's regime and was inspired to promote secure messaging technology. But many of its users misunderstand the app and think all of their online conversations are protected, when only "secret chats" enjoy end-to-end encryption. The Electronic Frontier Foundation publishes a guide to securely using Telegram.

Telegram's complexities sparked a vigorous discussion about the best way to keep information safe from prying eyes. That's a pressing concern for Ukrainian officials, journalists covering the war, Russians criticizing Vladimir Putin, and anybody engaged in potentially sensitive discussions and not entirely certain just whose boot might be on their throats in the near future. Signal enjoys a good reputation as an encrypted messaging app and has seen a surge in popularity, The Tor Project offered an online guide for defeating surveillance and censorship, and established services including Meta, which owns Facebook and Instagram, hustled to enable end-to-end encryption.

"If you need to communicate with a group and it is important that Telegram should not have access to the data or metadata surrounding these communications, move your communication to an alternative platform such as Signal (see our guides for Android and iOS), Wire, Threema, or WhatsApp," advised the EFF.

What is not in dispute is the absolute necessity of the "power to organize and access information that authoritarian regimes don't want seen" as Wyden put it. There's little doubt that Ukrainians organizing the defense of their country and the escape of their loved ones, Russians sounding off about their regime and seeking reliable news, and journalists covering the carnage need secure communications that can't be intercepted by prying eyes. That capability is also important for operations overseas seeking to get information to those embroiled in the conflict. Ironically, that includes media sponsored by governments with a history of hostility to private communications. The British government's BBC published instructions on using censorship-circumventing Psiphon and anonymity-enhancing Tor to get around Russian restrictions on foreign media. U.S. government-owned services encourage similar workarounds.

"Russia has imposed unprecedented censorship on our Russian-language news sites," advises Radio Free Europe/Radio Liberty. "To continue accessing our reporting in Russian, readers in Russia can use a VPN, such as nthLink, which is a free solution supported by the Open Technology Fund. VPNs will also give them access to the blocked social media platforms.

It's helpful advice, but a bit jarring considering that these services belong to governments dedicated to monitoring and controlling the flow of information.

"The UK government and a coalition of charities are urging the British public to put pressure on Facebook not to introduce end-to-end encryption (E2EE) on its Messenger service," the BBC itself reported just weeks ago. "The public debate is likely to be fierce, as privacy campaigners and technology companies argue the system is needed to protect personal privacy and data security. And the battle is being watched closely around the world, as many governments are also keen to halt the spread of end-to-end encryption in its current form."

Among those governments keen to halt the spread of end-to-end encryption is the Russian government from which Telegram's Pavel Durov fled and around which western media now craft secure data connections. But it also includes the governments of Australia, Canada, India, Japan, New Zealand, the United Kingdom, and the United States. In 2020 they issued a joint statement insisting that "Particular implementations of encryption technology, however, pose significant challenges to public safety." The signatory governments called for encryption restrictions to save the children, which is the go-to justification for all-too-much authoritarian legislation. Kids are the excuse American lawmakers exploit to push the encryption curbs in the EARN IT Act, currently pending in Congress. 

"End-to-end encryption is life or death for people living in authoritarian countries like Russia, China, or Saudi Arabia," Wyden warned in promoting the technology. But as Ukrainians know, sometimes authoritarianism comes across the border without an invitation. The Canadian government's recent attacks on lockdown protesters show that supposedly free countries can slip into authoritarianism with little warning. And we're still trying to figure out the full import of the CIA's domestic spying program years after Edward Snowden warned us of earlier snooping.

"The CIA's surveillance program is reminiscent of the mass surveillance programs conducted by the NSA, though the details released thus far paint a disturbing picture of potential wide-scale violations of people's privacy," the EFF noted last month. "To start, the CIA program has apparently been conducted outside the statutory reforms and oversight of the intelligence community instituted after revelations by Edward Snowden in 2013."

There's no class of governments that can be trusted with access to people's private communications since the folks making the rules might change or turn out to be much less trustworthy than previously imagined. Privacy has to be protected for everybody because we don't know ahead of time when it will be most necessary. Encryption should be enhanced and made more available precisely because government officials are made unhappy when we shield our information from their prying eyes.