Encrypt. Now.

October 16, 2023 · 6 min read

We have come to a point where end-to-end encrypting all your private data and private communications is no longer an ethical option, but an ethical duty.

Imagine a new law was being discussed in your country to make it mandatory that all buildings have glass walls. All houses would be transparent. The (stated) goal of the law is to make it harder for criminals to hide their wrongdoings. It would be difficult to stock up on illegal drugs or to operate an industrial printer of counterfeit money without the police (and, incidentally, some of your neighbours) noticing. Domestic violence and child abuse would be visible through transparent walls. Let's say that the new law will allow you to have a shower curtain, a little folding screen in your bedroom, and blankets on your bed. Except for those meagre provisions, assume that your government (and random passers-by, and potentially anyone) will be able to watch what you do at all times.

Now imagine you are a regular, law-abiding citizen who can afford to lead a “transparent” life most of the time, and manage to get some limited “privacy” only occasionally. Given how hard it is for individual citizens to steer the behemoth that is the State and its government, and since you personally “have nothing to hide”, you could be tempted to simply give up and prepare to obey the new law.

But you should resist.

You should strongly oppose that bill and help build resistance to it. Most importantly, if such a law ever came into effect you would be morally obliged to disobey, to boycott.

Under such a law, good people in need of privacy would be at risk. Whistleblowers, investigative journalists, clinical doctors and psychologists and other health professionals, lawyers, the courts, the police, the military and spies absolutely need secrecy (to varying degrees, and at different times) to do their job. Some scientists and engineers need strong privacy, too (those in charge of vital infrastructure like the electrical grid or the backbone of the internet, gain-of-function research, nuclear tech, or cybersecurity). And some people need secrecy to be physically safe: prosecuted minorities, sexual dissidents, opposition leaders, activists, heterodox thinkers, people who are divergent in many ways.

Enter the European Commission's “Proposal for a Regulation of the European Parliament and of the Council Laying Down Rules to Prevent and Combat Child Sexual Abuse”:

The European Union is a heterogeneous group of 27 countries. Some of its member states, like Hungary and Poland, are still immature barely-liberal regimes with more than a whiff of political repression (“flawed democracies”). As recently as last year there was strong evidence of “attempts by national security services to illegally access information on political opponents through their phones” in those two countries. But not even the most robust democracy in the world (another European country) should be trusted with a fundamentally unethical law like Chat Control.

In light of alarming proposals like Chat Control, everyone should make the effort to escape the opaque protocols and the convenient Trojan Horses that are popular social networks and messaging services, and make their daily communication truly private. We should make strong encryption a staple of our digital life.

We should all use PGP, SSL or equivalent tools; VPNs, Tor and/or SSH tunnelling; IPFS, or other distributed file systems — and ditch proprietary OS's in favour of Linux or truly free Android distros. We should switch to Protonmail or similar webmail; to Matrix, Signal or similar messaging. Ad-blocking, URL cleansing and third-party cookie rejection should be the default for everyone. Those tools and techniques should cease to be arcane nice-to-haves for nerds: we must get more non-technical people onboard.

All this is a moral imperative to those of us who have the ability and the means to follow this strategy and to educate others about it.

As long as we still have access to computing resources, free software and some form of encrypted tunnelling, we can resist: those are the minimum requirements for a humanist digital environment to sustain itself. In the future it might be that by developing and using some software and exchanging certain sequences of bits we will be breaking some law. Such a law would be wrong and unjust.

More than twenty years ago, some of us were sprinkling our regular e-mail with words like “iraq”, “bomb” and “attack”, often on a line appended to the end of messages, in response to talk about TLAs scanning all digital communication in the wake of the “war on terror”. I don't know if that strategy was effective in the end, but the goal we pursued with it was right.

In the same spirit, today everyone should communicate safely in private, if only to erect a collective smoke screen that will confuse the mass surveillance apparatus and protect the most vulnerable among us.

(For similar reasons, everyone should choose free software when that's feasible; demand open source and open standards and document formats from all public institutions; and defend blockchains — including cryptocurrencies — and the “right to repair”. Strategically though, it may be better to stick to a minimum set of common demands for the sake of building the largest coalition possible now.)

There is strength in numbers: that's how civil disobedience works. It would be naive to think that we can get everyone in the EU to understand the imminent threat of (even deeper) mass surveillance and to act on it. But if a significant fraction of European citizens recognised the seriousness of the situation and made the little effort required to secure their data and their communications, there is no way a law like Chat Control could be enforced.

EFF's surveillance self-defence guide
Bruce Schneier: “The Value of Privacy”
StopChatControl.eu campaign (#StopChatControl)

Glass building image by Stable Diffusion & tripu