header banner
OPINION

Navigating the Global Encryption Policy Debate: Security vs. Privacy

Encryption technology has become ubiquitous in the digital age, providing individuals, companies, and governments with a way to secure their sensitive data and communications. By encoding information in an unreadable format, encryption allows people to keep their activities private and prevent unauthorized access to their data. This has enabled the rise of secure messaging apps like WhatsApp and Signal that use end-to-end encryption to protect user privacy.
By Bivek Chaudhary

Encryption technology has become ubiquitous in the digital age, providing individuals, companies, and governments with a way to secure their sensitive data and communications. By encoding information in an unreadable format, encryption allows people to keep their activities private and prevent unauthorized access to their data. This has enabled the rise of secure messaging apps like WhatsApp and Signal that use end-to-end encryption to protect user privacy. However, the same encryption that enables private communications also allows criminals, terrorists, and other malicious actors to “go dark” and evade government surveillance. Law enforcement agencies have long warned that impenetrable encryption hinders their ability to investigate crimes and threatens public safety. This tension has recently reignited the global debate on whether tech companies should be legally required to build encryption backdoors for government access.


Encryption backdoors refer to intentionally building weaknesses into encryption algorithms and systems so that select authorized parties can bypass encryption to access scrambled data and communications. Those in favor argue that these backdoors would only be used by law enforcement to target legitimate threats, balancing public safety with personal liberty. But technologists, privacy advocates, and tech companies strongly oppose backdoors, arguing that they intrinsically undermine cyber security for all legitimate users. Once a backdoor exists, they contend it is impossible to control who may discover and exploit it for nefarious purposes beyond its original intent. This complex issue sits at the intersection of national security, individual privacy, free speech, cyber security, and public safety. As encryption continues to spread rapidly across the globe, fostering constructive international dialogue and cooperation will be key to developing balanced policies that protect civil liberties while investigating crimes in the digital age.


Global perspectives on the issue vary based on different national interests and threats. Countries like China and Russia have more authoritarian stances favoring control over encryption to maintain state power. Western democracies must balance liberal privacy values with public safety concerns. Nations facing high terrorism risks see strong encryption as enabling violence, while human rights advocates view it as essential for protecting dissent. The details of these perspectives will be explored in this article. But the core debate centers on whether the risks of encryption backdoors outweigh their purported benefits for law enforcement and national security. Is society better off with unfettered strong encryption despite the challenges it poses for surveillance? Or should tech companies be forced to compromise cryptography to maintain public safety, even if this introduces new cyber security risks? There are reasonable arguments on both sides but no easy answers.


Perspectives from India and Nepal


India has taken steps towards mandating encryption backdoors that have sparked controversy in the tech and human rights communities. In 2018, India proposed rules that would require messaging apps like WhatsApp to trace the "originators" of messages if asked by government authorities. While the rules have not yet been implemented, critics argue that this would essentially create encryption backdoors in popular messaging apps.


Related story

Facebook to roll out 'end to end encryption' on Messenger


Proponents in India insist that these policies are necessary for national security and law enforcement purposes. India has suffered numerous terrorist attacks and contends that encrypted messaging enables terrorists to coordinate without detection. Authorities argue that they cannot allow apps like WhatsApp to be exploited by dangerous groups planning attacks on Indian soil. However, cybersecurity experts within India have pushed back against these rules over privacy and security concerns. They argue that Indian authorities have abused surveillance powers before, and backdoors could enable mass government surveillance over law-abiding citizens. Critics also contend that terrorists would simply migrate to apps without backdoors, while average citizens would suffer the consequences of weakened security. In neighboring Nepal, controversial cyber laws also raise alarms about potential infringement of privacy rights. Nepal passed an Electronic Transaction Act in 2063, granting the government expanded powers to censor online content, conduct surveillance, and make arrests for speech offenses. While authorities claim these powers are needed to tackle growing cybercrime, civil liberty groups argue that the law's vague language opens the door to abuse. Given Nepal's history of political instability, there are fears that backdoors could allow governmental abuse of surveillance against dissidents under the pretext of fighting terrorism and cybercrime.


Perspectives from the US and UK


The encryption debate has been heated in both the United States and the United Kingdom, which contend with balancing privacy rights with national security interests. In the US, the FBI and the Department of Justice have long advocated for encryption backdoors under warrant-authorized lawful access. They argue that strong encryption handicaps law enforcement and intelligence abilities to monitor criminals and terrorists operating online. However, the US tech industry has resisted calls for backdoors on the grounds that it would undermine user cybersecurity, privacy rights, and trust in digital services. The UK government has also pushed for encryption backdoors in recent years, even proposing legislatively mandating a "ghost protocol" for authoritative access. British intelligence agencies contend that they cannot intercept terrorist communications on encrypted platforms. But critics counter that it sets an international precedent that authoritarian regimes could exploit to demand their own backdoors. Both countries have seen vigorous public debate around finding a balance between investigating legitimate threats and intruding into personal privacy. Opponents argue that warrant-backed access to encrypted devices risks "exceptional access" becoming the norm. But officials claim that strictly controlled backdoor access tailored for serious crimes can achieve equilibrium between privacy and public safety.


Perspectives from Rights Groups, Multinationals, and the Tech Industry


Global digital rights groups have strongly condemned proposals for encryption backdoors as enabling mass surveillance and violating privacy. Organizations like the Electronic Frontier Foundation argue that backdoors intrinsically weaken security and their use inevitably expands beyond stated intents. Multinational organizations have also cautioned against undermining encryption. The United Nations High Commissioner for Human Rights has criticized encryption backdoors as contrary to rights of freedom of expression and opinion. They contend that encryption provides vital protection for journalists, dissidents, and human rights defenders globally. The technology industry has been one of the loudest voices against backdoors. Companies like Apple and Facebook argue that deliberately compromising encryption security would harm user trust and have far-reaching economic impacts. Tech experts also contend that it is technically infeasible to build backdoors that could only be leveraged by “good guys”. Silicon Valley firmly believes that mandating backdoors would embolden repressive regimes to demand the same access for authoritarian purposes. Furthermore, once a backdoor exists, it creates permanent vulnerabilities that could be discovered and maliciously exploited by bad actors. However, some technologists have proposed potential compromise solutions like client-side scanning and lawful device unlocking. But most argue that these approaches have significant limitations compared to the risks of debilitating encryption globally. Overall, the tech industry remains leery of any policies that undermine cyber security and user trust.


Conclusion


The encryption debate ultimately involves complex trade-offs between critical values like privacy, free speech, cyber security, public safety, and national security. There are reasonable arguments on both sides with no unambiguous solutions. However, several key considerations emerge from analyzing the global discourse:


· Encryption is now fundamental to the digital economy and securing sensitive data. Deliberately compromising encryption could have cascading effects on user trust, e-commerce, financial systems, and critical infrastructure security.


· Backdoors create permanent vulnerabilities exploitable by malicious actors once discovered. The risks may outweigh purported gains for law enforcement and national security.


· Mass surveillance concerns must be balanced with investigating legitimate threats. Oversight and strict limitations are essential to prevent governmental overreach if backdoors were permitted.


· Alternative compromise solutions like client-side scanning and lawful device access have technical limitations compared to decryption backdoors. But they may provide avenues for negotiation.


· International cooperation will be key to developing balanced encryption policies upholding both security and civil liberties globally across jurisdictions.


While strong encryption does hamper traditional law enforcement capacities, it provides enormous benefits for personal privacy, commerce, cyber security, and human rights. Any restrictions on cryptography must be weighed extremely carefully against long-term economic, social, and political consequences worldwide. Constructive multi-stakeholder dialogue remains critical to finding reasonable compromises accommodating all viewpoints.

Related Stories
OPINION

Assessing privacy law

SOCIETY

What is the right to privacy? What is its arrangem...

SOCIETY

Govt attempts to curtail citizens' right to privac...

My City

Norway fines dating app Grindr $7.16M over privacy...

OPINION

Digitization and Data Privacy in Nepal