Instrumentalizing Fear to Control Encrypted Communications is Dangerously Anti-Democratic
Op-Ed by Jérémie Zimmermann, co-founder of La Quadrature du Net, initially published, edited, by Taz in German on February 12, 2015
Recent Paris attacks have triggered a wave of securitarian discourse and dangerous upcoming legislative measures that are spreading way beyond France. Increased control of communications online, surveillance, attacks against anonymous speech and encryption are already on the table, under the pretence of fighting an invisible enemy in a perpetual war.
In November 2014, French prime Minister Manuel Valls and Minister of Interior Cazeneuve had their new anti-terror law adopted by all benches. This law enables censorship of websites deemed by the ministry of Interior to vindicate terrorism, removes the procedural protection of the law on press freedom for speech considered "apology for terrorism", allows administrative restriction of movements and surveillance for individuals suspected of becoming future terrorists. The government's own human rights watchdog, the CNCDH (Commission Nationale Consultative pour les Droits de l'Homme) considered that the law was violating fundamental rights. But to top it all, after it was adopted in an emergency procedure, the anti-terror bill wasn't even reviewed by the Constitutional Court, as no political group dared to challenge it and appear as "pro-terrorists".
A few months before, in December 2013, the 2014-2019 Military Planning Act (Loi de Programmation Militaire) was adopted in similar conditions, enabling mass surveillance on administrative requests of many sources and types of data, for a wide range of stated purposes, probably legalizing what was already being done by French services.
Today, fear is all over an hysterized public debate instrumentalized to justify the rushing of new securitarian laws. Valls and Cazeneuve will in the next weeks introduce a new intelligence bill. In the current context, it is likely that this upcoming text will bring its own bouquet of measures related to increased surveillance, enhanced powers for the executive branch and police, and a constant reduction of the role of the judiciary as a safeguard to fundamental rights. All signs indicate that Internet will become a scapegoat target of these attacks on our freedoms.
This instrumentalization of terror to breach fundamental freedoms is not only about France, but a downwards spiral that affects citizens from all Europe.
UK Prime minister Cameron pretexted the Paris attacks to launch an offensive against freedom for citizens to communicate securely by encrypting their communications, which the anti-terror coordinator quickly backed in a preparatory note to the Council of the EU, proposing that "The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys)."1
Such attempts at taking control of encrypted communication tools exemplify a worrying trend towards the authoritarian extension of governmental and police powers as well as massive breaches of our fundamental freedoms.
Analyzing Edward Snowden's documents, we learned that the NSA spent 250M$ per year for its "BullRun" program, whose objective is to actively sabotage technology aimed at securing data and communications. Through various methods ranging from corrupting the standardisation bodies, to infiltrating development teams, bribing companies to ensure they would willfully weaken their technology or leave security holes or backdoors open, NSA ensured it could keep accessing communications going through all commercial technology from US companies. The immediate consequence is the precious teachings that trust is forever lost -until US law is profoundly changed- in these companies involved in the manufacturing of more than 90% of technologies that many use everyday: Apple, Microsoft, Google, Facebook, Cisco, Motorola, etc. Understanding this must bring necessary radical changes in our relationship to technology.
Such governmental sabotage of our everyday tools proves that there is no technology we can trust for the protection of our data and communication
that is not Free/Libre software, ie. software that belongs to everyone, as a common good, and over which we have -through the publication of its source code, its "recipe"- a collective capacity of understanding, participation, and control. It is way more difficult to include malicious functionalities in free/libre software that will enable surveillance if enough eye-balls and brains are being watchful.
Developing, improving and spreading free/libre software for end-to-end encryption and decentralized communications fosters domestic talents and economies. It empowers citizens to share technological knowledge and to be actors of the security of their own data and communication. Even
more, it is way to build resilient security models ensuring that our societies can better resist attempts at authoritarian control. Smart industrial policies could help foster the development of free/libre software and hardware (through fiscal incentives, public order, and higher education among others) as a strategic objective for a technological future enabling free and fair societies.
When D. Cameron asks rhetorically “[D]o we want to allow a means of communication between people which we [government] cannot read?”, the collective answer must be "Yes, absolutely, and governments should protect it!". The ability to write and communicate without being watched is an essential condition of freedom of expression and democracy. Secure private communications are one of the only tools citizens have across the globe to organize against oppression and tyranny.
Investigators of serious crimes always have many ways of accessing the content of someone's communications, through targeted surveillance which can and must be democratically controlled. Instead of weakening cryptography for every citizen in the world, they can for instance get the unencrypted input or output of someone's encrypted communication by bugging her computer, planting cameras or microphones, infiltrating networks, etc. This sort of "good'ol" targeted human investigation means, which must be under control of an independent judicial judge, are actually in most cases the ones that lead to the successful prevention of crime and terrorism. Other techniques, based on mass surveillance and in-depth compromission of technology are inefficient for that purpose. While enabling mass-scale economic and political espionage, they are a dreadful tool for social control, inevitably leading to abuses. This doctrine is incompatible with democracy.
If fundamental freedoms, including the right to communicate privately and to speak anonymously, are not absolutely protected by those who claim are fighting the criminals willing to destroy our societies, then we will for sure get the worse of both worlds: fear and authoritarian control.
As citizens, we must collectively resist this instrumentalisation of terror by those who want to attack our freedoms and control populations with the illusion that it will maintain them in power. To this end, we must invest energy in spreading, developing and improving technologies based on free software, decentralized communications and end-to-end encryption. Meanwhile, we must build a political momentum for an in-depth assessments of ongoing surveillance practices and regain control over intelligence institutions where they have gotten out of hand, and enact policies that will strongly and durably protect our freedoms online and offline.