There’s No Duty of Care without Strong Encryption Thumbnail
Encryption 27 May 2020

There’s No Duty of Care without Strong Encryption

By Konstantinos KomaitisFormer Senior Director, Policy Strategy and Development
Ryan PolkDirector, Internet Policy

On 15 May, the Telegraph reported that The Five Eyes intelligence alliance planned to meet to explore legal options to block plans to implement end-to-end encryption on Facebook Messenger. According to the UK-based newspaper, the discussions between the governments of the United States, the United Kingdom, Australia, Canada, and New Zealand would focus on how the “duty of care,” a basic concept found in tort law, could be stretched to force online platforms to remove or refrain from implementing end-to-end encryption. (A duty of care is the legal responsibility of a person or organization to avoid any behaviors or omissions that could reasonably be foreseen to cause harm to others.)

If this is true, this is an attempt to justify their calls for encryption backdoors.

It’s easy to predict what such a strategy might look like – the playbook is familiar. In this case, if duty of care becomes the rationale for banning end-to-end encryption, it could be used as a framework to ban future deployments. Additionally, similar to other legislation, including the Online Harms, there will be an argument that social media companies have a special duty of care to protect vulnerable groups. This is nothing more than window-dressing. If there were a special duty of care to protect social media users, it would require stronger security and privacy protections – not weaker ones. End-to-end encryption can provide those protections, and governments should encourage platforms to protect their users, not make them more vulnerable.

True duty of care needs strong encryption.

Governments argue against social media companies applying end-to-end encryption by saying law enforcement  should be able to monitor some forms of communication in order to protect vulnerable groups. However, experts, including those from the cybersecurity community, agree that there is no way to facilitate access to encrypted communications for some without weakening the security of everyone on the service. Any method that would allow law enforcement or a service provider to gain access to encrypted content can be found and exploited by criminals or other bad actors – leaving all users at greater risk. That is why technology companies are adding end-to-end encryption to their services.

For journalists, whistleblowers, domestic violence victims, the LGBTQ+ community, and many other people belonging to high-risk communities, end-to-end encrypted communications play a crucial role in ensuring their personal safety. This is especially true now, when communications are forced online by restrictions due to COVID-19. For these communities, confidential communication can be a life or death situation. But it’s not just about high-risk communities. All users benefit from the added security provided by end-to-end encryption. For instance, strong encryption makes it harder for would be scammers, blackmailers, and other criminals to access communications and information that would make their attacks far more effective.

Governments have a duty of care towards all of us, whether we are from a vulnerable community or not. It is part of their social and political responsibility. In exercising that care, governments should not pursue policies that would undermine the deployment and use of end-to-end encryption in social media or other online services. Instead, they should encourage its adoption.

After the Cambridge Analytica scandal laid Facebook’s data collection practices bare, many became aware of the desire by some of the tech giants to mine and sell our data. Governments, including the UK and the US, condemned the scandal and parliamentary and congressional investigations took place. Well implemented end-to-end encryption would prevent Facebook from collecting the contents of Facebook messages to sell to third parties, helping to lessen some of the targeted disinformation campaigns facing democracies worldwide. If no one but the users themselves can access their own data, Facebook doesn’t have a chance to sell that data either. As the Internet Society and over 100 civil society organizations stated in an open letter last year to Facebook, “ensuring default end-to-end security will provide a substantial boon to worldwide communications freedom, to public safety, and to democratic values.”

As the Five Eyes continue to discuss duty of care legislation for online platforms, support for end-to-end encryption must be at the forefront. This is their true duty of care.

Join a global movement of people working to make sure governments don’t take away our strongest digital tools to keep ourselves and our children safe online. Become an Internet Society member today.


Image by Meghan Schiereck via Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption 21 September 2023

Techxit: The UK Declares Its Exit from the High-Tech Startup World

No one in their right mind would now want to start up a high-tech company in the UK. With...

Encryption 11 August 2023

Encryption, Bad Bills, and Ripple Effects: How Riana Pfefferkorn Protects the Internet

We spoke with Riana Pfefferkorn, research scholar at the Stanford Internet Observatory, about encryption and protecting the Internet.

Strengthening the Internet 14 June 2023

Speak Out Against Bills That Threaten End-to-End Encryption

The EARN IT Act, STOP CSAM Act, and KOSA in the United States threaten to weaken end-to-end encryption which...