Donate
There’s No Duty of Care without Strong Encryption Thumbnail
‹ Back
Encryption 27 May 2020

There’s No Duty of Care without Strong Encryption

Konstantinos Komaitis
By Konstantinos KomaitisSenior Director, Policy Strategy and Development
Ryan Polk
Ryan PolkSenior Policy Advisor

On 15 May, the Telegraph reported that The Five Eyes intelligence alliance planned to meet to explore legal options to block plans to implement end-to-end encryption on Facebook Messenger. According to the UK-based newspaper, the discussions between the governments of the United States, the United Kingdom, Australia, Canada, and New Zealand would focus on how the “duty of care,” a basic concept found in tort law, could be stretched to force online platforms to remove or refrain from implementing end-to-end encryption. (A duty of care is the legal responsibility of a person or organization to avoid any behaviors or omissions that could reasonably be foreseen to cause harm to others.)

If this is true, this is an attempt to justify their calls for encryption backdoors.

It’s easy to predict what such a strategy might look like – the playbook is familiar. In this case, if duty of care becomes the rationale for banning end-to-end encryption, it could be used as a framework to ban future deployments. Additionally, similar to other legislation, including the Online Harms, there will be an argument that social media companies have a special duty of care to protect vulnerable groups. This is nothing more than window-dressing. If there were a special duty of care to protect social media users, it would require stronger security and privacy protections – not weaker ones. End-to-end encryption can provide those protections, and governments should encourage platforms to protect their users, not make them more vulnerable.

True duty of care needs strong encryption.

Governments argue against social media companies applying end-to-end encryption by saying law enforcement  should be able to monitor some forms of communication in order to protect vulnerable groups. However, experts, including those from the cybersecurity community, agree that there is no way to facilitate access to encrypted communications for some without weakening the security of everyone on the service. Any method that would allow law enforcement or a service provider to gain access to encrypted content can be found and exploited by criminals or other bad actors – leaving all users at greater risk. That is why technology companies are adding end-to-end encryption to their services.

For journalists, whistleblowers, domestic violence victims, the LGBTQ+ community, and many other people belonging to high-risk communities, end-to-end encrypted communications play a crucial role in ensuring their personal safety. This is especially true now, when communications are forced online by restrictions due to COVID-19. For these communities, confidential communication can be a life or death situation. But it’s not just about high-risk communities. All users benefit from the added security provided by end-to-end encryption. For instance, strong encryption makes it harder for would be scammers, blackmailers, and other criminals to access communications and information that would make their attacks far more effective.

Governments have a duty of care towards all of us, whether we are from a vulnerable community or not. It is part of their social and political responsibility. In exercising that care, governments should not pursue policies that would undermine the deployment and use of end-to-end encryption in social media or other online services. Instead, they should encourage its adoption.

After the Cambridge Analytica scandal laid Facebook’s data collection practices bare, many became aware of the desire by some of the tech giants to mine and sell our data. Governments, including the UK and the US, condemned the scandal and parliamentary and congressional investigations took place. Well implemented end-to-end encryption would prevent Facebook from collecting the contents of Facebook messages to sell to third parties, helping to lessen some of the targeted disinformation campaigns facing democracies worldwide. If no one but the users themselves can access their own data, Facebook doesn’t have a chance to sell that data either. As the Internet Society and over 100 civil society organizations stated in an open letter last year to Facebook, “ensuring default end-to-end security will provide a substantial boon to worldwide communications freedom, to public safety, and to democratic values.”

As the Five Eyes continue to discuss duty of care legislation for online platforms, support for end-to-end encryption must be at the forefront. This is their true duty of care.

Join a global movement of people working to make sure governments don’t take away our strongest digital tools to keep ourselves and our children safe online. Become an Internet Society member today.


Image by Meghan Schiereck via Unsplash

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Making Intermediaries Liable for Encrypted Content Breaks Trust and Security
Making Intermediaries Liable for Encrypted Content Breaks Trust and Security
Encryption4 June 2020

Making Intermediaries Liable for Encrypted Content Breaks Trust and Security

In December 2018, the Indian Ministry of Electronics & Information Technology (MeitY) proposed a significant change to its intermediary rules....

Encryption and Law Enforcement Can Work Together
Encryption and Law Enforcement Can Work Together
Encryption26 October 2017

Encryption and Law Enforcement Can Work Together

The Internet Society and Chatham House will be hosting a roundtable of experts to deconstruct the debate on encryption and...

Considerations Regarding Encryption and Exceptional Access Briefing
Considerations Regarding Encryption and Exceptional Access Briefing
Encryption13 June 2018

Considerations Regarding Encryption and Exceptional Access Briefing

On June 12, 2018, the Internet Society hosted a briefing for Congressional staff on Considerations Regarding Encryption and Exceptional Access....

Join the conversation with Internet Society members around the world