My position on privacy and cryptography  

Maybe it sounds strange to begin a page entitled "My position" with quotations from someone else. However, these quotations just show that concerns about privacy, security and unreasonable acts by the authorities are not a new thing.

"I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man."
-- Thomas Jefferson

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks." 
-- UN Universal Declaration of Human Rights

"I am of the opinion that I am the only person who decides who is allowed to read what I write - and that certainly goes for private communications. If you feel that way, too, you may wish to avail yourself of security and privacy information as well as existing encryption software before it is too late."
-- USENET signature

"Whatever you do will be insignificant, but it is very important that you do it."
-- Mahatma Gandhi.

My position is quite simple:

  1. Privacy is a human right. The right to privacy is as important as the right to free speech.
  2. It is a fact that governments and authorities dislike this right (together with many others). This includes governments who are committed (or pay lip service) to it.
  3. It is up to the citizen to uphold this right in theory (i.e., by preventing the adoption of legislation that would limit or nullify this right) as well as in practice (by using cryptographic and/or steganographic techniques that make it impossible or impracticably expensive for authorities to violate a citizen's right to privacy).
  4. Having to trust the authorities not to violate one's privacy is not acceptable. The large majority - if not all - of the world governments have already exhausted their credibility in this respect. Therefore, one has to enforce privacy. Strong cryptography achieves this goal as far as stored or transmitted information is concerned.
  5. Cryptography is an indispensable tool to achieve privacy. The right to free use of cryptography is therefore fundamental, and as important as the rights to privacy and free speech.
  6. Finally, no authority or act of authority is justified in itself. Its only justification of existence is the good of the people, and its only right to existence is by the approval of the people. And, only as long as the people agree to the existence of the authority, and its acts.

Most of the world governments are verbally committed to principles similar to those stated above. In practice, however, things are quite different. Even though cryptography may be legal in your country, your use of strong cryptographic software may subject you to close scrutiny by the authorities. The fact that you are keeping information private, in many authorities' view, equates with you having something criminal to hide. On the other hand, the right to privacy is granted by most constitutions. In my opinion, the best way to conserve a right is to exercise it continuously, and openly oppose the all-too-frequent attempts by authorities to gradually reduce it into an abstract formulation without real meaning. Cryptography is an effective way to enforce privacy. The intelligent use of strong cryptography, on a regular basis and for all your information storage and transmission, enforces your right to privacy. The outlawing or restriction of the use of encryption is to be seen as a first step towards reducing the people's privacy and freedom.

The following countries have signed the Wassenaar convention, which restrict the export of cryptographic software and mandates that cryptographic software to be exported to non-signatory countries must be made significantly easier to break than full-strength implementations: 
Argentina, Australia, Austria, Belgium, Bulgaria, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, the Netherlands, New Zealand, Norway, Poland, Portugal, the Republic of Korea, Romania, the Russian Federation, Slovakia, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom and the United States.

Aside from the above restrictions, several other countries forbid or make restrictions on the choice and/or use of cryptographic software by private persons. A very incomplete list includes:
France, Iran, Irak, the People's Republic of China, Singapore, Vietnam.

Other countries allow the private use of cryptography, but make it mandatory (under penalty of jail sentence in the United Kingdom, for instance) for a citizen to reveal to authorities the encryption keys used to encrypt any materials. In practice, these countries thus forbid the use of cryptography for the purpose of protecting information from the scrutiny of authorities, and assert that their citizens, in this context, have no right to keep information private.