On World Press Freedom Day, we, the undersigned organisations and companies — a global network of over 40 organisations have united to defend the right to privacy.  We are writing this open letter to urgently appeal to governments to publicly pledge your support to protect encryption and ensure a free and open Internet.

Encryption is a critical tool for user privacy, data security, safety online, press freedom, self determination, and free expression. Without encryption, users’ data and communications can be accessed by law enforcement and malicious actors. Government attacks on encrypted services threaten privacy and puts users at risk. This might seem like a distant problem primarily faced in authoritarian countries but the threat is just as real and knocking at the doors of democratic nations. 

Many in the EU, the USA, UK, Canada and Australia would like to force encrypted services to backdoor their encryption or otherwise block access to encrypted tools and services such as Tor, Signal, or Tutanota. Encrypted services are at the forefront of the battle for online privacy, freedom of the press, freedom of opinion and expression. Many journalists, whistleblowers and activists depend on secure, encrypted solutions to protect their data as well as their identity. Access to these tools can be literally life or death for those who rely on them.

Today, on World Press Freedom Day, we urge democratic leaders not to follow the path of authoritarian governments like Russia and Iran, who actively limit their citizens’ access to encrypted services. Protect encryption and uphold the human right to privacy. This is key to ensuring safety online, free and secure identity development, self-determination, free expression, freedom of the press, and other rights that are at the core of democracy. 

Attacks on encryption are attacks on right to privacy

End-to-end encryption makes it impossible for messaging apps such as WhatsApp and Signal to share users’ messages with anyone, including law enforcement, politicians, government officials, hackers. It also stops the companies themselves from using user data for ads, marketing and more profit-grabbing schemes. The value of this technology in defending privacy cannot be overstated, but is also seen as a threat to law enforcement who argue that the ability to freely access individuals’ communications is critical for criminal investigations. This messaging has spurred worrying initiatives such as the Online Safety Bill in the UK, the Lawful Access to Encrypted Data Act and EARN IT Act  in the USA, India’s Directions 20(3)/2022 – CERT-In, Bill C26 in Canada, the Surveillance Legislation Amendment Act in Australia as well as the proposed rules to prevent and combat child sexual abuse in the EU. These laws aim to take away the right to privacy online by forcing encrypted services to weaken the security of their users and give law enforcement access to user information upon request. Should these laws pass, there are only two options:

  1. Encrypted services weaken their level of security to comply with legislative guidelines

OR

  1. Governments block access to noncompliant encrypted services – putting these governments on the same level as autocratic systems like Russia and Iran.

Services such as Signal, Tutanota and Threema have already announced that they will not weaken their encryption to comply with such stipulations, likely forcing countries like the UK to block access to these services instead. In India, many trusted VPN services already left due to the chilling effect of its new cybersecurity order CERT-In which forces VPN providers to maintain logs on users, thereby undermining their purpose and subjecting users to surveillance instead of circumventing it.

The ban on encrypted services is not surprising from authoritarian regimes. We worry that democratic governments like the UK, the US, the European Union, India and Australia are moving in the same direction.

Free and open internet

Everyone deserves a free and open internet. The internet must remain inclusive, free, and fair by providing everyone with unfettered access to online services, including encrypted services. This enables users to exercise their right to privacy, their right to engage in private discourse, and their right to hold those in power accountable by shedding light on human rights abuses, corruption, misinformation and environmental destruction – something that is vital to the democratic process of forming public opinion.

For this exact reason, access to encrypted services is blocked in authoritarian regimes like Russia and Iran – a precedent that must not be followed by democratic countries.

Taking away the right to privacy online limits the ability to exercise fundamental human rights such as freedom of expression and opinion, press freedom, and freedom of speech.

As organisations that believe in the power of the right to privacy as an enabler of free speech and freedom of the press, we call on all governments to:

  • Ensure that encryption is not being undermined via overreaching legislative initiatives.
  • Ensure that technologies providing secure, encrypted services are not being blocked or throttled.
  • Revisit any bills, laws and policies that legitimise undermining encryption or blocking access to services offering encrypted communication, particularly the Surveillance Legislation Amendment Act in Australia, the EARN IT Act in the US, the Online Safety Bill in the UK, Bill C26 in Canada, India’s Directions 20(3)/2022 – CERT-In and the proposed version of the rules to prevent and combat child sexual abuse in the EU.

The undersigned civil society organisations and companies worldwide appreciate your swift attention to these recommendations and pledge our support in assisting your efforts to deter future attacks on confidential communication.

Signed,

18 Million Rising

Advocacy for Principled Action in Government

Alliance for Encryption in Latin America and the Caribbean – AC-LAC

Authress

Betapersei SC

Big Brother Watch

Blacknight

Center for Democracy & Technology

Center for Human Rights and Privacy

comun.al, Digital Resilience Lab (Mexico)

Community And Family Aid Foundation-Ghana

Defending Rights & Dissent

E-Governance and Internet Governance Foundation for Africa (EGIGFA)EGIGFA

ESOP – Associação de Empresas de Software Open Source Portuguesas

Fight for the Future

Global Partners Digital

Guardian Project

Institute of Information Cyprus — 101.cy

International Civil Liberties Monitoring Group

Internet Society

Internet Society Catalan Chapter (ISOC-CAT)

Interpeer gUG

ISOC Brazil – Brazilian Chapter of the Internet Society

JCA-NET(Japan)

mailbox.org

mail.de GmbH

Media Alliance

Media Rights Agenda

Mozilla

Mullvad VPN AB

Myntex Inc

Mysterium Network

NetTek Ltd

Nextcloud GmbH

NicFab

Oakland Privacy

OpenMedia

Organization for Identity & Cultural Development (OICD.net)

Oxen Privacy Tech Foundation (OPTF)

Prostasia Foundation

Proton AG

Privacy & Access Council of Canada

Restore The Fourth

Rhosys AG

Science & Design

Secure Justice

Standard Notes

S.T.O.P. – Surveillance Technology Oversight Project

Superbloom (previously Simply Secure)

The Document Foundation (TDF) / LibreOffice

The Tor Project

Threema

Tresorit AG

Tutanota

West Africa ICT Action Network 

Youth Observatory

/tmp/lab Hackerspace