Privacy, Data Security

Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption

business man with smartphone mobile and laptop notebook computer in network social digital online connect to data concept

A group of more than 40 media and digital rights organizations are calling on Five Eyes nations and democratic governments around the world to reject efforts to weaken encryption and support a global vision of a free and open internet.

In recent years, governments around the world have been making (another) major push to pass laws that would force companies to give law enforcement access to encrypted communications built into their products, something encryption advocates say would amount to a dangerous backdoor.

In an open letter published Tuesday and sent to policymakers in the U.S., the European Union, Canada, the UK and India, dozens of organizations expressed alarm over a series of new laws that have either passed or are being considered by democratic countries, saying many would weaken privacy protections for activists, dissidents, journalists and citizens around the world who must operate in secrecy to stay safe.

“Encrypted services are at the forefront of the battle for online privacy, freedom of the press, freedom of opinion and expression. Many journalists, whistleblowers and activists depend on secure, encrypted solutions to protect their data as well as their identity,” the groups wrote. “Access to these tools can be literally life or death for those who rely on them.”

Signatories on the letter include the Tor Project, encrypted apps Threema and Tutanota, Proton AG (the Swiss makers of ProtonMail), digital rights nonprofits the Center for Democracy & Technology and Fight for the Future, the E-Governance and Internet Governance Foundation for Africa, and the Surveillance Technology Oversight Project (STOP).

The letter calls out nations from the Five Eyes alliance in particular, highlighting proposed legislation like the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2023 (EARN IT Act) in the U.S., the Online Safety Act in the UK and legislation under consideration in the Canadian Parliament as examples of a worrying trend that threatens privacy and security in some of the world’s foremost democracies. The term Five Eyes refers to an alliance intelligence agencies that include the United States and Australia, Canada, New Zealand and the United Kingdom.

“Government attacks on encrypted services threaten privacy and puts users at risk. This might seem like a distant problem primarily faced in authoritarian countries but the threat is just as real and knocking at the doors of democratic nations,” the groups write.

A group of 132 human rights and LGBTQ organizations sent a separate open letter to U.S. Congressional leaders Tuesday urging them not to pass the EARN IT Act.

The call for changing encryption laws has been an ongoing debate in many of these countries for decades, as technology and the internet has made phones and other devices critical to modern communication and a key source of evidence for law enforcement. The U.S. Department of Justice has waged multiple lobbying efforts since the 1990s to convince Congress to pass legislation requiring access to encrypted communications during investigations or when there is a warrant.

“Service providers, device manufacturers, and application developers are deploying products and services with encryption that can only be decrypted by the end user or customer. Because of warrant-proof encryption, the government often cannot obtain the electronic evidence and intelligence necessary to investigate and prosecute threats to public safety and national security, even with a warrant or court order,” the department’s Office of Legal Policy wrote last year.

Tech companies have said there is no way to create that kind of access for legitimate criminal and national security investigations without watering down security protocols or placing encryption keys in the hands of the government or a third-party, where they could be abused, hacked or stolen.

The letter calls on nations to ensure legislatures aren’t engaging in overreach when they write laws around encryption, ensure encrypted communications aren’t being blocked or throttled to reduce access and “revisit any bills, laws and policies that legitimize undermining encryption or blocking access to services offering encrypted communication.”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.