A couple sits under the words of the First Amendment of the US Constitution, which declares the right to freedom of speech and freedom of the press |
Many governments are neglecting or ignoring their duty to protect online encryption that helps ensure freedom of expression and privacy, the UN expert on digital privacy rights said on Monday.
In many states including Russia, China, Iran, Turkey, Pakistan and Britain, citizens cannot count on keeping their online conversations private, according to a report prepared for the UN Human Rights Council by special rapporteur Joseph Cannataci.
There had been a surge in state restrictions on encryption in the past three years, Cannataci wrote in a report submitted to a three-week session of the Council that began on Monday.
โSince 2015, states have intensified their efforts to weaken encryption used in widely available communications products and services,โ the report said.
It said pressure has been mounting for companies to install โbackdoorsโ in software to give law enforcement officials access to encrypted messages or secured devices, thereby giving hackers a potential vulnerability to exploit, even though governments already have many other investigative tools they could use.
โA stateโs obligations to respect and ensure the rights to freedom of opinion and expression and to privacy include the responsibility to protect encryption,โ the report said.
It said other measures that systematically weaken encryption and digital security, such as key escrows and data localisation requirements, also interfere with usersโ rights.
Limits to encryption must be necessary, legal, legitimate and proportional, the report said. Blanket bans plainly did not meet those conditions.
But many states had criminalised the use of encryption, the report said, citing Iranโs 2010 ban, Pakistanโs โvague criminal prohibitionsโ which could be interpreted to crack down on encryption tools, and Turkeyโs detention of thousands of citizens for using an encrypted messaging app.
Other countries, including Russia, Vietnam and Malawi, required government approval of encryption tools. Russia and Iran had both banned the Telegram messaging app, after the company refused to give up the encryption keys.
Chinaโs 2016 Cybersecurity Law requires network operators to โprovide technical support and assistanceโ to state and public security for national security and law enforcement, while Uganda and Mexico use malware to monitor government critics, according to the report.
Britainโs 2016 Investigatory Powers Act, known by critics as the โSnoopersโ Charterโ, gave the government vaguely formulated powers that could oblige network operators to include backdoors, remove end-to-end encryption and cooperate with a wide range of government hacking measures, the report said.
It recommended that states pass laws spelling out permissible restrictions on encryption and anonymity.