Derecho a la Privacidad y la Encriptación frente a la vigilancia masiva

Dret a la Privacitat i l’Encriptació

Els perills per als drets fonamentals de privacitat i llibertat d’expressió dels ciutadans que suposen les pràctiques abusives de vigilància d’empreses privades i/o governs s’estan debatent a la Unió Europea i a nivell internacional.

Com a ciutadans, tenim dret a protegir-nos de pràctiques com aquestes. Les nostres dades personals i les nostres comunicacions són part de la nostra vida privada, i com a tal han de ser tractats.

Carta oberta als governs per un encriptat forta, unes comunicacions segures i en defensa de la privacitat:

Encoratgem als líders mundials a donar suport a la seguretat dels usuaris, empreses i governs mitjançant l’enfortiment de la integritat de les comunicacions i els sistemes. Per aconseguir-ho, els governs haurien de rebutjar lleis, polítiques i altres mandats o pràctiques, -incloent acords secrets amb les empreses- que limitin l’accés o malmetin el xifrat i altres tecnologies i eines de comunicació segura.

  • – Els governs no haurien de prohibir ni limitar l’accés dels usuaris a les tecnologies de xifrat; o prohibir l’ús de xifrat per graus o tipus;
  • – Els governs no haurien d’exigir el disseny o la implementació de “portes del darrere” (backdoors) o vulnerabilitats en eines, tecnologies o serveis;
  • – Els governs no haurien de requerir que les eines, tecnologies o serveis siguin dissenyats o desenvolupats per permetre l’accés de tercers a dades sense xifrar o a les claus de xifrat;
  • – Els governs no haurien de tractar d’afeblir o soscavar els estàndards de xifrat o influir intencio-ment en el seu desenvolupament, llevat que sigui per promoure un major nivell de seguretat de la informació formació.
  • -Cap govern hauria d’exigir algoritmes, estàndards, eines o tecnologies de xifrat in-seguros. Tampoc hauria, mitjançant acord privat o públic, obligar o pressionar entitats perquè actuïn de manera incompatible amb els principis anteriors.

Documents oficials de la Unió Europea i de les Nacions Unides reconeixen l’encriptació cap a cap com l’única opció en mans de la població per defensar-se contra la vigilància massiva. Així mateix, els informes posen l’accent en la necessitat de fomentar polítiques que prohibeixin les pràctiques que pretenguin limitar l’ús o afeblir tècnicament la encriptació.

Hem resumit els continguts de tots dos documents a continuació (en anglès) i posem a disposició els documents íntegres enllaçats, perquè puguin ser usats com a eina i base per defensar i exigir el nostre dret a la privacitat ia la encriptació:

European Parliament Science and Technology Options Assessment (STOA) on Mass Surveillance

Read the full text

The publication of the secret documents leaked by Edward Snowden disclosing controversial mass surveillance programmes by intelligence and national security agencies has evoked an international debate on the right of citizens to be protected from illegitimate or warrantless collection and analysis of their data and meta-data.

The agencies involved in mass surveillance practices justify these methods with the doctrine of pre-emptive prevention of crime and terrorism. While targeted lawful interception constitutes a necessary and legitimate instrument of intelligence and law enforcement agencies, mass surveillance is considered a threat to civil liberties such as the right to freedom of opinion and expression. These civil liberties are essential human rights in democratic societies and of particular importance for safeguarding independent journalism and political opposition.

For an end user it is practically impossible to detect whether data and meta-data generated is being analysed or used by third parties and even less, if a system is subject to a complex attack orchestrated by powerful opponents like government agencies.

To protect citizens’ rights of privacy and freedom of expression in front of mass surveillance the issue must be addressed technical and politically.

Technical options available to citizens for counteracting mass surveillance, first and above all, encryption, a statement that is shared and confirmed by the security community and Edward Snowden, who says that “Properly implemented strong crypto systems are one of the few things that you can rely on.”

Yet, policy makers must understand that the problem of mass surveillance cannot be solved on a technical terrain, but needs to be addressed on a political level.

Security agencies will always have a competitive advantage in winning a race for technological supremacy in Internet security due to the resources at their command.

An adequate balance between civil liberties and legitimate national security interests has to be found, based on a public discussion that empowers citizens to decide upon their civil rights affected and the societal values at stake.

To reduce the risk of privacy intrusion by mass surveillance encryption must be promoted and defended. Policy options that are considered of help in reducing the risk of privacy intrusion.

a) Promote and invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness

b) The promotion of open source operating systems and applications that allow for constant inspection and scrutiny by a large community of experts and verification and validation bodies

c) Investing in and stimulating the integration of user friendly, utility-like encryption software solutions

d) Regulate Telecom Operators to apply security mechanisms in form of adequate encryption over their entire networks, avoiding backhauls

e) Invest in user awareness creation (“know the digital traces you are leaving”) about who, under which conditions, where and when can access private data and what is being done with it

f) Regulations that require applications to adopt maximum privacy settings as default


United Nations report on the promotion and protection of the right to freedom of opinion and expression

Read the full text

Contemporary digital technologies offer Governments, corporations and criminals unprecedented capacity to interfere with the rights to freedom of opinion and expression, and to perform online censorship, mass and targeted surveillance and data collection, digital attacks on civil society and repression force individuals around the world.

Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artists and others to exercise the rights to freedom of opinion and expression. Such security may be essential for the exercise of rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.

Because of their importance, restrictions on encryption and anonymity must be strictly limited. The United Nations rapporteur on the promotion and protection of the right to freedom of opinion and expression therefore recommends the following:

  • States should adopt policies of non-restriction or comprehensive protection of encryption and anonymity, only adopt restrictions on a case-specific basis and that meet the requirements of legality, necessity, proportionality and legitimacy in objective, require court orders for any specific limitation.
  • Discussions of encryption and anonymity have all too often focused only on their potential use for criminal purposes in times of terrorism. But emergency situations do not relieve States of the obligation to ensure respect for international human rights law. General debate should highlight the protection that encryption and anonymity provide, especially to the groups most at risk of unlawful interferences.
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online and promote security and privacy online through public education. Legislation and regulations protecting human rights defenders and journalists should also include provisions enabling access and providing support to use the technologies to secure their communications.
  • States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards. In addition, States should refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users. Corporate actors should likewise consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms).
  • Court-ordered decryption may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people).
  • States, international organizations, corporations and civil society groups should promote online security and access to encryption and anonymity without discrimination.
  • Companies, like States, should refrain from blocking or limiting the transmission of encrypted communications and permit anonymous communication.
  • Corporate actors that supply technology to undermine encryption and anonymity should be especially transparent as to their products and customers.
  • The use of encryption and anonymity tools and better digital literacy should be encouraged. Since the value of encryption and anonymity tools depends on their widespread adoption; states, civil society organizations and corporations are encouraged to engage in a campaign to bring encryption by design and default to users around the world and, where necessary, to ensure that users at risk be provided the tools to exercise their right to freedom of opinion and expression securely.