ENCRYPTION IN THE SERVICE OF HUMAN RIGHTS
Much has been made of the dangers that strong encryption poses to public safety and national security; indeed, some of the more extreme rhetoric paints computer encryption as though it were the most dangerous technological innovation since the atom bomb. My intent in this presentation is to illuminate why strong encryption is critical to the human rights movement, and how considerations of privacy, free expression, and even protection of human life raise deep concerns regarding some proposed controls on encryption. Human Rights Watch has not evaluated the specific provisions of the various legislative proposals tabled, nor is it at this time putting forth a model policy on encryption. It is, however, committed to the belief that encryption is an extremely important bulwark against grave human rights abuses, and that United States policy on encryption will have global ramifications.
Encryption and the Human Rights Movement
It is important to keep in mind that there is nothing new about cryptography or the use of codes, as Peter Wayner reminded us in this Tuesday's New York Times. Those who have relied on coded speech include not merely spies and criminals, but patriots such as Thomas Jefferson, dissidents such as Andrei Sakharov, political prisoners such as Doan Viet Hoat, and human rights organizations such as Human Rights Watch or Amnesty International. What is new is the Internet, a medium that enables swift and inexpensive global communication between individuals from every point on earth, and which promises to destroy the ability of abusive regimes to silence their people, hide their atrocities, and blockade the truth.
There has been no time that human rights concerns have been more visible than recent years as networks of local and international activists bring abuses to light. Global integration of telephone and fax lines are a direct cause. Whereas before we would wait months to learn of the arrest and imprisonment of dissidents in Vietnam, today their relatives simply call human rights monitors and the United Nations--leading to the paradox that it is easier to report on human rights in that country from abroad than within. Before, the government could easily suppress the dissemination of critical essays and monographs; today, writers can transmit their writings outside the country for distribution via the Internet. In Bosnia, Chechnya and Congo human rights monitors relay minute-by-minute information via satellite. Our organization has been able to help human rights activists escape at the height of the genocide in Rwanda and the coup in Cambodia thanks to the medium of telephone and fax. It is not accidental that the rise in global communications has coincided with the strongest world efforts yet to end impunity for heinous abuses, in the establishment of international criminal tribunals, truth commissions, peacekeeping missions, and the like. Far from producing a jaded public, the exposure of these crimes to light has fed a demand for justice.
It is no surprise that abusive authorities see the Internet as a threat and have tried to censor and control it, to some effect. In Burma, the SLORC has made it illegal to own any personal computer with networking hardware unless authorized by the government. Iraq this year announced a total ban on Internet access. The United Arab Emirates grants Internet access licenses through the police, and a man has been arrested in Bahrain on suspicion of transmitting information about the internal situation to persons abroad via the Internet. Vietnam and China and monitor political content on the Internet and block access to sites. In South Korea, you can be prosecuted for trying to access a North Korean Web page, and should you meet a North Korean on the Internet you must report to the police within seven days.
Encryption offers the most fundamental protection to those who seek to bring abuses to light in these circumstances. Every activist can reel off situations where some victim of abuse could have been protected, some human rights monitor spared retaliation, or some perpetrator exposed, had secure communication been possible. The implications for international efforts to end impunity are enormous. Presently, international organizations, to say nothing of local groups, are hobbled in how much information they can safely archive or transmit in conflict situations without jeopardizing the lives of witnesses and victims. It was only the U.S. government, for example, that had the capability to transport the documentation of Iraq's genocidal Anfal campaign against the Kurds. Censorship, intimidation and disinformation may lose much of their force if secure avenues of communication are opened to individuals around the world. Already, human rights groups in Hong Kong, anticipating greater controls on free expression, have planned mirror sites where there information may be available globally even if it is restricted in Hong Kong. In China, dissidents have established an anonymous electronic journal that they send to a site in the United States, from whence it is returned to Chinese e-mail addresses via a virtually untraceable distribution system. Encryption has the power to authenticate the identity of these authors to their partners abroad, and protect their identity from despots at home.
Encryption is also a means of authentication. Digital signatures are the encryption of message digests that can be decrypted by the recipient to verify both the identity of the sender and that the message has not subsequently been altered by anyone else. The value of this in commercial transactions is obvious, but it is also vital to human rights work. To be effective, human rights groups must build a reputation for responsible, accurate and unbiased reporting. Once a group has a reputation, others may wish to capitalize on it by impersonating the group. Human Rights Watch frequently must disavow connection with other groups who seek to capitalize on the "Watch" name and reputation. More sinister is the attempt of groups or governments to deliberately issue false or misleading information in the name of a human rights group. Impersonation can also be used to gain the trust of sources and expose dissidents and informants to persecution.
To serve any of these functions, encryption must be effective. It must be strong, with key lengths that prevent easy decryption, it must be available worldwide, and keys to codes must be secure against those who would use them abusively to intercept messages or impersonate authors.
Why are these concerns relevant to United States domestic encryption policy? One reason is that the United States has traditionally been in the forefront of defining and protecting freedom of expression. Any regime adopted in this country will have profound influence on what other governments do and how they justify it. We will be in a poor position to criticize abusively implemented restrictions placed on electronic communications if they are patterned on our own. There are many countries even where court supervision of government communication intercepts would offer little or no protection, because courts are not independent.
Another reason is that it is inevitable that our government on occasion will wish to share decrypted information, either for purposes of law enforcement, diplomacy, or defense of national security. There is nothing particularly alarming about the sharing of legitimately-gathered intelligence or investigatory materials per se, but when those materials are obtained from using a private party's key, several concerns arise. One is the possibility that the key itself may be shared or communicated--thus opening the door to future surveillance of every conversation or file of the targeted individual. This is roughly analogous to not just giving a third party the transcript of a wiretap, but handing over the actual wiretap setup as well. Two, the acquisition by our government of an individual's encryption key is a powerful temptation to conduct an abusively expansive search. Such a key might give access not only to a certain set of e-mail conversations, but to every document in that holder's possession, and indeed, to all future communications encrypted with that key. At present, there is no way to guarantee that the government could not use a key beyond a stipulated time limit; knowledge of a key cannot be "turned off' the way the telephone company terminates a wiretap that a court deems arbitrary. Although the simplest method for surveillance would be to gain access to the user's Internet service provider, it is theoretically possible, and indeed likely, that the United States government could tap e-mail by trapping the information packets that comprise any particular message at a large number of publicly accessible Internet nodes in the country. Foreign governments, of course, could simply tap the main line that connects their country to the rest of the world. Where governments can censor the Internet through these main lines, they can tap messages as well.
Human Rights Principles and Specific Policy Issues
Encryption is more than a shield for human rights activists. It is both a method and a subject of communication that is fully protected by the right of free expression, which is set forth not only in the First Amendment to the United States Constitution but also in Article 19 of the International Covenant on Civil and Political Rights, to which the United States is a party. That international treaty provides in pertinent part:
Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.
Speech expressed via the medium of the Internet is no less speech if it is encoded; it deserves the full protection of both international and constitutional law. Moreover, it is established in United States law that computer programs themselves are speech expressive of ideas, as evidenced by the fact they are protected by copyright, not patent. In particular, encryption programs are speech, as the federal court for the Northern District of California made clear last year in Bernstein v. Department of State: "Software relating to encryption is simply a topic of speech employed by some scientists involved in applied research. Hence Snuffle is speech afforded the full protection of the First Amendment not because it enables encryption, but because it is itself speech."
From this flows several conclusions. That language itself is part and parcel of expression is internationally accepted, and recognized in United States law. The use of encryption alone should not subject an individual to criminal sanction, any more than the use of Pig Latin or Swahili to communicate. The sorts of countries most eager to ban the use of encryption, such as China and Iran, are not known for respect of freedom of speech. Second, under the Covenant, the communication of encryption programs to others, regardless of frontiers, cannot be subject to a blanket ban, but may be restricted only as "necessary in a democratic society" for important government interests such as national security or public safety, narrowly construed. The determination of necessity involves assessing whether the restriction is proportional in severity and intensity to the purpose being sought. For example, it would not be acceptable to merely invoke a general concern with national security or public safety as a justification to limit encryption; rather, the specific limitation would have to be weighed to test if it is the least restrictive means of securing the government interest.
Encryption is also an important bulwark against violations of privacy in an age where computerization and data banks enable the collection of huge amounts of personal information on individuals. Article 17(l) of the International Covenant on Civil and Political Rights provides:
No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation.
The prohibition on arbitrary or unlawful interference covers surveillance techniques such as wiretaps and interception of Internet communication. The requirement that searches be lawful entails that they must be legally authorized in such a way as to give persons notice of what precise circumstances would warrant interference. In U.S. terms, the expectation of privacy in certain situations (and certainly communication via encryption is one such situation) cannot be casually breached. A search is arbitrary where it creates a disproportional burden on the rights of individuals given the threat to a state interest such as crime prevention. Searches in the context of a criminal investigation should be judicially supervised and of limited scope to prevent the unnecessary derogation of individual freedom. The United Nations Human Rights Committee, which is charged with interpreting the International Covenant on Civil and Political Rights, has stated that "Surveillance, whether electronic or otherwise ... should be prohibited," noting that the decision to use "authorized interference" must be made on "a case-by-case" basis.
Wiretaps have been criticized because they are to a certain extent indiscriminate, breaching the privacy of any caller connected to a specific telephone line that is under surveillance. To counter abuse, they are limited in duration and authorized only where there is a showing that other means would not produce the necessary evidence. Interception using private encryption keys presents an even greater potential to violate the rights of innocent interlocutors as it renders accessible every coded communication with a particular user, and not just those using a particular telephone line. Nor has the technological problem of "taking back" the key from the government been solved, should a law enforcement use be deemed unwarranted. Alerting the key owner so that the key could be changed would expose and possibly compromise a criminal investigation, but keeping the key owner in the dark would give the government the ability to conduct an unlimited search. With regard to personal information held on computers or data banks, the United Nations Human Rights Committee has stipulated that every person should be able to "ascertain which public authorities or private individuals or bodies control or may control their files"
Moreover, international law requires the state not only to refrain from arbitrary interference with privacy, but to affirmatively protect everyone from such attacks. Any requirement that persons leave the keys to their encoded communications immediately raises the question of risk. Most information has a price; and much of what will be encrypted will be thought of as valuable information. It is hard to imagine that whatever certification is required for trustees of these keys, they will be in all cases impervious to corruption, or simple human error. Even assuming no failing on the part of the trustee, there is no reason that hackers, who seem able to breach the Department of Defense's computer network, will not try their hand at key repositories as well. These risks cast doubt on whether key escrow, whether mandated or imposed through government pressure on the market, may compromise the ability of individuals to be safe from attacks on their privacy and reputation.
Perhaps the most powerful fact in the entire encryption debate is that strong encryption is already available and in use worldwide. Restrictions on the export of programs that are already available abroad thus raises the prospect of suppression of speech in the face of prior disclosure, a practice condemned even where it is accepted that such speech indeed implicates national security.
The availability of strong encryption throws into question the actual utility of key recovery and export bans to law enforcement. There is no doubt that some criminals will use the less secure forms of communication, but the serious professional cartels and syndicates that populate the arguments of control advocates will no doubt go to the trouble to use the more secure technology, available now at trivial cost. The issue is not whether key recovery would be useful to law enforcement -- there is no doubt this is so. The question is, at what cost to the rights of millions of innocent individuals? Principles of human rights and criminal justice are premised on the idea that it is better that the guilty sometimes go free if that is necessary to protect the rights of the innocent. When the incremental utility of key recovery is weighed against the threat to speech and privacy of individuals worldwide, it is not at all clear that the balance is in favor of law enforcement.
The Modern Surveillance Society
I will close by noting that the encryption debate goes to the heart of what sort of society Americans envisage for the twenty-first century. There are hints of an ominous trend in the government's efforts to pressure industry into designing infrastructure in a way that facilitates surveillance. Controversial digital telephony legislation was opposed by the industry and civil rights advocates because it forces the industry to adopt design features that facilitate wiretapping in a way that lends itself to over broad or abusive surveillance. It goes against the grain in this country to press industry into such a role. Who would not be repelled by the prospect of the government asking the hotel construction contractors to install listening devices in every new room, even if it promised never to use them except on a court order? Would you buy a home safe from a company that will send the combination to the local police on request?
The surveillance mentality is a characteristic of totalitarian states, such as the former Soviet Union, or China, where the individual's freedom invariably is subordinated in the name of public interest, variously defined by the powers of the day. The surveillance mechanisms of those regimes -- internal travel documents, personal dossiers, household registration, work histories, family histories -- are costly, requiring huge bureaucracies, continuous data collection and millions of informants. Surveillance in the electronic age, however, can be done cheaply with a few people pressing a few buttons, capturing floods of data without the subject ever knowing. When we consider the risks posed to law and order from encryption, we must also weigh the prospect of government access to our private lives on an unimagined scale, and its potential to repress or inhibit free speech, not only within our borders but globally.
Deputy General Counsel
Human Rights Watch
August 1, 1997