To Save Democracy, We Must Stand Up for Strong Encryption

Ben Grazda is the US Campaigner at Access Now.

On May 27, 1789, James Madison, before he was elected as the fourth US president, wrote a letter to Thomas Jefferson about the state of affairs in the new American republic. In it, he discussed the creation of the first federal agencies and a new list of rights that would be proposed as amendments to the Constitution, which would later become the Bill of Rights.

Notably, this letter was partially encrypted — one of thousands of encrypted letters the founding fathers sent to one another. The privacy of these communications helped to make the formation of the US federal government possible.

Today, to preserve the democracy those early legislators built, the US government must extend the same principles to the digital age and guarantee the privacy of communications through encryption.

In simple terms, encryption means encoding information so that the only recipients who can decode it are those authorized by the sender. Encryption prevents surveillance, hacking, and crimes like identity theft. When people communicate using end-to-end encryption, even the service provider cannot access the information.

Encryption is often associated with spy movies or IT managers, but it is in fact common and crucial in normal life. Encryption makes mobile banking transactions, online shopping, and other basic online activities safer. It also protects potentially sensitive personal information we may share on secure messaging services like WhatsApp or Signal. It is one of the most critical tools we have for staying safe and secure in a digitally networked world, allowing us to protect our vital systems and infrastructure and maintain the constitutionally protected right to privacy.

To be clear, in the US, personal data is not secure. The Fourth Amendment is supposed to protect US citizens against illegal search and seizure, but state and federal agencies circumvent this constitutional protection by buying intimate information from companies that suck up personal data. In just a few of many examples, the Department of Homeland Security (DHS) and Internal Revenue Service (IRS) have spent millions of taxpayer dollars to buy location data, and the US military has bought data on people based on their religion. Add to that requests from law enforcement: Facebook recently turned over unencrypted messages between a mother and daughter in Nebraska at the request of authorities who wanted to prosecute them for seeking an abortion.

This is all the more reason why the ability to control our data, in this case by confidently communicating privately, matters. Yet this important tool is now under threat – from lawmakers in the US who should know better.

Congress is now considering a slate of bills – including the EARN IT Act and the STOP CSAM Act – that would undermine encryption. Members of Congress who support these pieces of legislation cite the safety of children as the rationale. But these proposals would only serve to degrade privacy and security for everyone, including children. They create existential liability for online platforms that may unknowingly host child sexual abuse material (CSAM), which incentivizes the platforms to weaken the security of their systems to allow for scanning for CSAM content — opening up new vulnerabilities that criminals or states could exploit, in order to escape liability.

The risks to basic security, privacy, civic freedoms, and democracy are enormous. As the ACLU and 60 other organizations pointed out in a recent letter to Majority Leader Chuck Schumer (D-NY), “A world without encryption would harm journalists who use encrypted messages to contact their sources, doctors who use it to speak with patients, domestic violence victims who rely on completely private communications to escape dangerous situations at home, and businesses discussing finances with clients.”

As Senator Ron Wyden (D-OR) said last year when the EARN IT Act was reintroduced, “The EARN IT Act threatens the privacy and security of law-abiding Americans by targeting any form of private, secure devices and communication. As a result, the bill will make it easier for predators to track and spy on children and also harm the free speech and free expression of vulnerable groups.”

As civil society groups pointed out, the STOP CSAM Act would likewise “also make it more difficult to communicate without the interference of the government, hackers, or anyone else.”

The Bill of Rights enshrined a few fundamental, specific rights to privacy. The First Amendment creates the freedom of thought and speech crucial for conversations with our families, neighbors, and politicians. The Fourth Amendment creates a right for freedom from invasive and baseless searches crucial for our right to personal security. This right to privacy never went away, but in our technological age we need new legal protections to safeguard it.

October 21st is Global Encryption Day, a time to reflect on the risks we face if we cannot communicate privately and speak freely. If we are to continue to create a more perfect union in the US, one where everyone — including those most at risk of government surveillance and persecution — can speak up for their own rights, we must stand up for the right to private, encrypted communications, and against attacks on our founding principles. Those elected to Congress must oppose any bill that threatens our right to privacy, pass strong, comprehensive privacy and data protection legislation, and support encryption as the natural extension of our founding values.