The United Nation's Office of the High Commissioner released a report Thursday heralding encryption, but it was wishy-washy when it came to government-mandated backdoors to undermine encryption.
The report said:
Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age. Such security may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.
This isn't the first time the UN weighed in on the digital age. In 2011, it declared Internet access a human right.
The latest report, by special rapporteur David Kaye, comes amid government calls—from the United States to Europe—for technology companies to provide authorities so-called backdoor access into encrypted apps and services.
The latest official to enter the backdoor chorus was National Security Agency chief Mike Rogers, who said on Wednesday that governments should be given access to encrypted products just like they do with telephone communications. "Why can't we create a similar kind of framework within the Internet and the digital age?" he asked.
The UN report said government-ordered decryption was OK if done on a "case-by-case basis":
States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. In addition, States should refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users. Corporate actors should likewise consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms). Court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals.
The UN report, however, did not mention how "court-ordered decryption" could be carried out unless tech companies built backdoors into their encrypted products.
Kaye's paper, to be presented to the UN's Human Rights Council next month, did not take as hard a line as tech giants Apple, Google, and Microsoft did last week. The companies urged President Barack Obama not to support any US policy that would require the tech sector to install backdoors into their products so the authorities could access encrypted data.
The White House is formulating a position on encryption backdoors in response to UK Prime Minister David Cameron, FBI Director James Comey, and former Attorney General Eric Holder demanding backdoor access.
reader comments
51