Derecho a la Privacidad y la Encriptación frente a la vigilancia masiva

Derecho a la Privacidad y a la Encriptación

Los riesgos para los derechos fundamentales de privacidad y libertad de expresión de los ciudadanos que suponen las prácticas abusivas de vigilancia de empresas privadas y/o gobiernos están actualmente siendo debatidos en la Unión Europea y a nivel internacional.

Como ciudadanos, tenemos derecho a protegernos de prácticas como estas. Nuestros datos personales y nuestras comunicaciones son parte de nuestra vida privada, y como tal deben ser tratados.

Carta abierta a los gobiernos por un encriptado fuerte, unas comunicaciones seguras y en defensa de la privacidad:

Alentamos a los líderes mundiales a apoyar la seguridad de los usuarios, empresas y gobiernos mediante el fortalecimiento de la integridad de las comunicaciones y los sistemas. Para lograrlo, los gobiernos deberían rechazar leyes, políticas y otros mandatos o prácticas, –incluyendo acuerdos secretos con las empresas– que limiten el acceso o socaven el cifrado y otras tecnologías y herramientas de comunicación segura.

  • – Los gobiernos no deberían prohibir ni limitar el acceso de los usuarios a las tecnologías de cifrado; o prohibir el uso de cifrado por grados o tipos;
  • – Los gobiernos no deberían exigir el diseño o la implementación de «puertas traseras» (backdoors) o vulnerabilidades en herramientas, tecnologías o servicios;
  • – Los gobiernos no deberían requerir que las herramientas, tecnologías o servicios sean diseñados o desarrollados para permitir el acceso de terceros a datos sin cifrar o a las claves de cifrado;
  • – Los gobiernos no deberían tratar de debilitar o socavar los estándares de cifrado o influir intencio-nalmente en su desarrollo, a menos que sea para promover un mayor nivel de seguridad de la in-formación.
  • – Ningún gobierno debería exigir algoritmos, estándares, herramientas o tecnologías de cifrado in-seguros. Tampoco debería, por acuerdo privado o público, obligar o presionar a entidades para que actúen de manera incompatible con los principios anteriores.

Documentos oficiales de la Unión Europea y de las Naciones unidas reconocen la encriptación punto a punto como la única opción en manos de la población para defenderse contra la vigilancia masiva. Así mismo, los informes hacen hincapié en la necesidad de fomentar políticas que prohíban las prácticas que pretendan limitar el uso de o debilitar técnicamente la encriptación.

Hemos resumido los contenidos de ambos documentos a continuación (en inglés) y ponemos a disposición los documentos íntegros enlazados, para que puedan ser usados como herramienta y base para defender y exigir nuestro derecho a la privacidad y a la encriptación:

European Parliament Science and Technology Options Assessment (STOA) on Mass Surveillance

Read the full text

The publication of the secret documents leaked by Edward Snowden disclosing controversial mass surveillance programmes by intelligence and national security agencies has evoked an international debate on the right of citizens to be protected from illegitimate or warrantless collection and analysis of their data and meta-data.

The agencies involved in mass surveillance practices justify these methods with the doctrine of pre-emptive prevention of crime and terrorism. While targeted lawful interception constitutes a necessary and legitimate instrument of intelligence and law enforcement agencies, mass surveillance is considered a threat to civil liberties such as the right to freedom of opinion and expression. These civil liberties are essential human rights in democratic societies and of particular importance for safeguarding independent journalism and political opposition.

For an end user it is practically impossible to detect whether data and meta-data generated is being analysed or used by third parties and even less, if a system is subject to a complex attack orchestrated by powerful opponents like government agencies.

To protect citizens’ rights of privacy and freedom of expression in front of mass surveillance the issue must be addressed technical and politically.

Technical options available to citizens for counteracting mass surveillance, first and above all, encryption, a statement that is shared and confirmed by the security community and Edward Snowden, who says that “Properly implemented strong crypto systems are one of the few things that you can rely on.”

Yet, policy makers must understand that the problem of mass surveillance cannot be solved on a technical terrain, but needs to be addressed on a political level.

Security agencies will always have a competitive advantage in winning a race for technological supremacy in Internet security due to the resources at their command.

An adequate balance between civil liberties and legitimate national security interests has to be found, based on a public discussion that empowers citizens to decide upon their civil rights affected and the societal values at stake.

To reduce the risk of privacy intrusion by mass surveillance encryption must be promoted and defended. Policy options that are considered of help in reducing the risk of privacy intrusion.

a) Promote and invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness

b) The promotion of open source operating systems and applications that allow for constant inspection and scrutiny by a large community of experts and verification and validation bodies

c) Investing in and stimulating the integration of user friendly, utility-like encryption software solutions

d) Regulate Telecom Operators to apply security mechanisms in form of adequate encryption over their entire networks, avoiding backhauls

e) Invest in user awareness creation (“know the digital traces you are leaving”) about who, under which conditions, where and when can access private data and what is being done with it

f) Regulations that require applications to adopt maximum privacy settings as default


United Nations report on the promotion and protection of the right to freedom of opinion and expression

Read the full text

Contemporary digital technologies offer Governments, corporations and criminals unprecedented capacity to interfere with the rights to freedom of opinion and expression, and to perform online censorship, mass and targeted surveillance and data collection, digital attacks on civil society and repression force individuals around the world.

Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artists and others to exercise the rights to freedom of opinion and expression. Such security may be essential for the exercise of rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.

Because of their importance, restrictions on encryption and anonymity must be strictly limited. The United Nations rapporteur on the promotion and protection of the right to freedom of opinion and expression therefore recommends the following:

  • States should adopt policies of non-restriction or comprehensive protection of encryption and anonymity, only adopt restrictions on a case-specific basis and that meet the requirements of legality, necessity, proportionality and legitimacy in objective, require court orders for any specific limitation.
  • Discussions of encryption and anonymity have all too often focused only on their potential use for criminal purposes in times of terrorism. But emergency situations do not relieve States of the obligation to ensure respect for international human rights law. General debate should highlight the protection that encryption and anonymity provide, especially to the groups most at risk of unlawful interferences.
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online and promote security and privacy online through public education. Legislation and regulations protecting human rights defenders and journalists should also include provisions enabling access and providing support to use the technologies to secure their communications.
  • States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards. In addition, States should refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users. Corporate actors should likewise consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms).
  • Court-ordered decryption may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people).
  • States, international organizations, corporations and civil society groups should promote online security and access to encryption and anonymity without discrimination.
  • Companies, like States, should refrain from blocking or limiting the transmission of encrypted communications and permit anonymous communication.
  • Corporate actors that supply technology to undermine encryption and anonymity should be especially transparent as to their products and customers.
  • The use of encryption and anonymity tools and better digital literacy should be encouraged. Since the value of encryption and anonymity tools depends on their widespread adoption; states, civil society organizations and corporations are encouraged to engage in a campaign to bring encryption by design and default to users around the world and, where necessary, to ensure that users at risk be provided the tools to exercise their right to freedom of opinion and expression securely.