Encryption and privacy and LGBT

February 23, 2016 |

The encryption debate did not begin or end with the FBI bringing action against Apple to compel it to crack open its operating system.  And it is not confined to that issue.  There have been continuous efforts over the years to permit law enforcement, security services or governments to have access to crypto keys or build in back doors.  A recent survey by Bruce Schneier and others in A Worldwide Survey of Encryption Products  makes it clear that laws restricting encryption products will have at best limited effectiveness.  The summary of findings make that clear providing:

•We have identified 865 hardware or software products incorporating encryption from 55 different countries. This includes 546 encryption products from outside the US, representing two-thirds of the total. ..

•The most common non-US country for encryption products is Germany , with 112 products. This is followed by the United Kingdom, Canada, France, and Sweden, in that order.

•The five most common countries for encryption products—including the US—account for two-thirds of the total. But smaller countries like Algeria, Argentina, Belize, the British Virgin Islands, Chile, Cyprus, Estonia, Iraq, Malaysia, St. Kitts and Nevis, Tanzania, and Thailand each produce at least one encryption product.

•Of the 546 foreign encryption products we found, 56% are available for sale and 44% are free.66% are proprietary,
and 34% are open source. Some for-sale products also have a free version.
•We identified 587 entities—primarily companies—that either sell or give away encryption products. Of those, 374, or about two-thirds, are outside the US.
•Of the 546 foreign encryption products, we found 47 file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and found 61 virtual private networking products.
•The 546 foreign encryption products compare with 805 from the 1999 survey. These numbers are really lower bounds more than anything else, as neither survey claimed to be comprehensive. Very few of the products from the 1999 survey appear in the current one, illustrating how much this market has changed in 17 years.
•The potential of an NSA-installed backdoor in US encryption products is rarely mentioned in the marketing material for the foreign-made encryption products. This is, of course, likely to change if US policy changes.
•There is no difference in advertised strength of encryption products produced in or outside the US. Both domestic and foreign encryption products regularly use strong published encryption algorithms such as AES. Smaller companies, both domestic and foreign, are prone to use their own proprietary algorithms.
• Some encryption products are jurisdictionally agile. They have source code stored in multiple jurisdictions simultaneously, or their services are offered from servers in multiple jurisdictions. Some organizations can change jurisdictions, effectively moving to countries with more favorable laws.

This survey has been part of the research in Wired’s Encryption Is Worldwide: Yet Another Reason Why a US Ban Makes No Sense.  A different, but equally important issue, is the importance of encryption in anonymous and pseudonymous communications, made possible by encryption.  This is the subject of  approach has been taken in  Privacy is a right, not a luxury – and it’s increasingly at risk for LGBT people.  It provides:

The US government’s effort to force Apple to build a novel “back door” to a single phone could lead to all of our encrypted data on virtually all of our mobile devices and personal computers being compromised by nefarious adversaries seeking to cause us harm, as many have rightly noted before me.

But for queer and transgender people who, as I once did, rely on device encryption to allow us to lead our private lives without legal consequences, the potential repercussions of the government’s efforts to eliminate that encryption are utterly chilling. And even if Apple prevails in court this time, lawmakers across the US and throughout the world are now considering laws that would require that all companies build back doors into all of our devices by default.

In the years preceding my imprisonment, I worked as a software programmer, designing and developing web interfaces, secure databases and communication software; later, I was employed as an intelligence analyst for the US army. Throughout each of these jobs, we used different kinds of encryption to keep prying eyes out of information we handled.

Then, while I worked for the military, its Don’t Ask, Don’t Tell policy forced me to live a double life: I was working for an organization that would’ve fired me had I not been able to remain a closeted transgender woman in a serious relationship with my then boyfriend. I regularly depended on device encryption to shield the information on my personal computer and mobile devices from my friends and colleagues, especially when we lived and worked in close quarters.

However, folks like me face even higher stakes than that. For instance, a trans woman living and working in a less open country (like Russia, Uganda and Nigeria) can face even more serious legal consequences – including imprisonment, torture and even execution – if exposed. Queer and trans people living in such countries depend on encrypted devices to build and maintain their communities and voices while avoiding dangerous scrutiny.

That is why I support Apple in its fight against the FBI: we should fight any government or organization that seeks to remove our community’s strongest and most effective means to guard ourselves from discrimination, persecution, torture and genocide.

Apple CEO Tim Cook has already argued that requiring the company to create a bypass or “back door” would set a dangerous precedent and that it would undermine the security of all such mobile devices. Other technology companies, including Twitter and Facebook, have weighed in by restating their position that they would “fight aggressively against requirements for companies to weaken the security” of their devices and services.

I disagree with Apple on many things – such as its exclusive use of proprietary software and arbitrary restrictions on users seeking to copy, share, edit and create software on their devices. However, I strongly feel that defending its users’ and customers’ right to strong encryption in court is incredibly important.

Prosecutors and law enforcement agencies have a genuine interest in obtaining evidence of wrongdoing, but we need to limit how such evidence is collected. In the case of Apple, complying with this order would almost certainly have negative consequences that would outweigh any law enforcement value, because it could allow anyone from individual criminals to powerful organizations and countries to exploit such “back doors”.

And, while in the US and Europe it is easy to forget that our governments have used law enforcement resources to target participants in the civil rights movement, environmentalists, anti-corporate protesters and queer and trans people, many of those same communities in other countries don’t have the luxury of forgetting the ways in which their governments claim to be protecting society by persecuting vulnerable communities.

Privacy is not a luxury in America: it is a right – one that we need to defend in the digital realm as much as in the physical realm. We need to stay vigilant to maintain access to that right, though … especially as technology continues to advance, and especially when a single order by a US judge to unlock one mobile device threatens to alter the entire digital privacy world as we know it.

The interesting thing about the FBI v Apple issue is that it is morphing from a data security/integrity of product issue to a civil rights issue and sentiment issue.  Perhaps that was inevitable in an environment where arid arguments about what is involved in breaking into a program and the commercial and reputational consequences flowing from that.

One Response to “Encryption and privacy and LGBT”

  1. Encryption and privacy and LGBT | Australian Law Blogs

    […] Encryption and privacy and LGBT […]

Leave a Reply