The Right to Encryption: Why Should Encryption Be a Human Right?

May 12, 2025 /

Introduction

Over the past two decades, the world has witnessed a massive expansion of internet censorship and communications surveillance, making encryption a central issue in any digital rights discussion. Since Edward Snowden’s 2013 leaks, which exposed the scope of mass surveillance programs, the United Nations and human rights organizations have begun to recognize the significant threats to privacy in the digital age. Simultaneously, governments have sought to impose restrictions on encryption tools and anonymous communication, citing national security and counterterrorism concerns. This raises a fundamental dilemma about balancing security and human rights in cyberspace.

This paper advocates for encryption and anonymity as fundamental rights that should be recognized and protected. It first explores the nature of encryption and its technical and social importance, then examines how encryption serves as an extension of basic human rights such as privacy, freedom of expression, and freedom of association.

The paper also addresses the main arguments governments use to justify restricting the right to encryption, such as national security concerns and the alleged need for backdoors, highlighting the dangers these practices pose to individuals’ security and rights. It further examines the state of encryption in repressive contexts, where some laws criminalize its use or target activists and journalists who rely on it.

Finally, the paper offers practical recommendations for policymakers, including supporting the development and widespread adoption of encryption tools and advocating for the explicit legal recognition of these rights in both national and international legislation.

What Is Encryption and Why Do We Need It?

Encryption is a technical process that transforms information and data into an unreadable form to any unauthorized party, so that only those with the correct decryption key can understand it. Put more simply, it’s like writing messages in a “secret language” that only the intended recipient can understand.

For example, when sending a message through a secure app that uses encryption, the original text is converted into indecipherable symbols as it travels across the internet. These symbols only become readable again on the recipient’s device, which holds the key to decode them.

There are various encryption methods, including end-to-end encryption, which ensures that the content of a communication remains confidential from the moment it is sent until it is received, preventing any intermediary from being able to read it. Over the past decades, encryption technologies have evolved from being used exclusively by military and intelligence agencies to becoming tools available to the public, now integrated into many everyday digital products.

Most of the time, many individuals use encryption without even realizing it. When shopping online, checking email, or messaging through apps like WhatsApp or Signal, encryption protocols safeguard users’ sensitive personal information, such as credit card data and private messages, from being accessed by unauthorized parties.

For example, when visiting a secure website, a green padlock icon appears next to the “https” in the browser’s address bar, indicating that the connection between your browser and the server is encrypted and protected. Similarly, financial institutions and even governments rely on encryption to safeguard their confidential communications and sensitive files. This demonstrates that encryption is not just a tool for those with “malicious intent,” but rather a cornerstone in building digital trust and securing the information infrastructure in the modern age.

Beyond ensuring confidentiality, encryption provides other critically important technical benefits. It guarantees data integrity, protecting information from tampering during transmission. Through digital signature mechanisms tied to encryption, the recipient can verify that a message has not been altered or forged in transit.

Encryption as an Extension of Fundamental Rights

Encryption is not merely a technical tool for ensuring information confidentiality—it is, at its core, an extension of fundamental human rights in the digital age. It is intrinsically linked to the recognition of the right to privacy and the protection of personal life, as well as enabling individuals to enjoy freedom of expression and the free exchange of information. Encryption also strengthens the right to freedom of association and peaceful assembly online.

Privacy and the Sanctity of Private Life

Banning encryption is akin to “prohibiting curtains in homes.” It strips individuals of an essential tool for maintaining personal privacy. The right to privacy is universally recognized as a fundamental human right (enshrined in Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights, which protects individuals’ privacy and correspondence). Thus, in the digital age, encryption is one of the most vital practical means to safeguard this right. It protects the confidentiality of personal communications between individuals, as well as messages, calls, and cloud-stored images, keeping them safe from prying eyes, governments, and corporations.

The United Nations has emphasized in its resolutions that encryption is essential for enjoying the right to privacy and other human rights in the digital age. The existence of a protected “privacy zone” is fundamental to ensuring human dignity, and encryption provides this zone in cyberspace. Therefore, encryption is a natural extension of the right to privacy, serving as a technological means to guarantee the confidentiality of communications, which has long been considered an integral part of privacy.

Freedom of Opinion, Expression, and Information Circulation

Encryption is closely linked to freedom of expression. In environments where dissenting or independent voices are subject to surveillance and persecution, encryption becomes a shield that protects thinkers and opinion-holders in their communications and in sharing their views.

The UN Special Rapporteur on Freedom of Expression, David Kaye, explains that encryption creates a “privacy zone” that enables individuals to form and express their opinions without fear of prosecution or punishment. Through encrypted communication, a journalist can speak confidentially with their sources, and a citizen can express sensitive opinions without revealing their identity or the content of their message.

Encryption provides the secure space necessary for fostering free dialogue online. Many segments of society rely on encryption to safeguard their freedom of expression: journalists use it to protect their sources, human rights defenders to document violations and send reports, and whistleblowers to disclose information without being exposed. All these groups require both encryption and anonymity to ensure genuine freedom of expression without facing immediate danger.

Additionally, the absence or weakening of encryption can lead to a chilling effect on the exercise of people’s rights. When individuals feel that their privacy is under threat, they may resort to self-censorship, avoiding expressing their opinions or refraining from seeking sensitive information.

Freedom of Organization, Peaceful Assembly, and Association

In an era where activists and civil society organizations increasingly rely on the internet to coordinate, organize campaigns, and hold peaceful protests, encryption plays a vital role in enabling the right to organize. Encryption tools allow civil and political actors to communicate securely with one another and to exchange plans and information without being monitored by repressive authorities or surveillance systems.

Civil society organizations operating in repressive environments equally need to encrypt their emails and files to protect their members and support networks. Without encryption, these activists’ communications become easily compromised, exposing their activities and movements, enabling authorities to thwart their efforts and potentially persecute them, thereby undermining freedom of assembly and association. Thus, encryption serves as an extension of freedom of association just as it does for freedom of expression: both provide the necessary protection for exercising the right to participate in public affairs.

In addition to these core rights, encryption indirectly protects other rights. It is essential for safeguarding individuals’ right to personal security and the integrity of their data. Consequently, it has implications for their economic rights (such as protecting bank account information and commercial transactions) and legal rights (for example, ensuring the confidentiality of communications between clients and their lawyers).

Responding to Government Arguments Against Encryption

Despite the essential role encryption plays in protecting rights and ensuring cybersecurity, its recognition as a fundamental human right faces opposition from many governments and security agencies worldwide. This opposition is primarily based on national security, counterterrorism, and crime prevention justifications. Opponents portray encryption as an obstacle to law enforcement agencies in tracking criminals or describe it as a “dark space” where lawbreakers can hide.

This section presents the main arguments put forward by governments to undermine the right to use encryption, alongside clarifying the technical facts and human rights considerations.

Argument 1: “Encryption hinders the fight against terrorism and organized crime and threatens national security.”

Some governments claim that the widespread use of strong encryption tools provides terrorists and cybercriminals with a “safe space” to plan and communicate out of the reach of authorities. For example, security officials in Western countries have justified efforts to restrict encryption as a way to tighten control over terrorist activities, ensuring that they have “no place to hide” online.

A European report issued after a series of terrorist attacks across the continent stated that groups like ISIS had used encrypted apps such as WhatsApp and Viber, rendering their communications “inaccessible” to security agencies.

Consequently, these governments view unrestricted strong encryption as “tying the hands” of security agencies, forcing them to “operate with one hand tied behind their backs” in combating terrorism. This sentiment was echoed by a U.S. prosecutor who argued: “Why should we permit criminal activity in spaces where law enforcement agencies cannot reach?”

This argument relies on exaggerated claims and overlooks other important aspects of the issue. First, security agencies possess multiple technical and legal tools to pursue criminals, even with encryption in place. For example, encryption does not conceal everything; metadata (such as IP addresses, connection times, and data size) is typically available and can provide a clear picture of suspicious activities, allowing authorities to investigate further.

Second, investigators often have access to device content through court orders via other means. These include hacking the device itself or exploiting vulnerabilities in communication apps, without the need to break standard encryption. Third, law enforcement agencies have not proven that criminals’ use of encryption constitutes an absolute barrier that cannot be overcome.

In this context, David Kaye challenged security authorities, in a report he prepared for the United Nations, to prove a single instance where it was utterly impossible to access necessary content for completing any investigation due to encryption alone.

In reality, law enforcement has successfully resolved numerous high-profile cases even when suspects used encrypted apps, through a combination of traditional investigative work and alternative digital evidence. Therefore, portraying encryption as an insurmountable obstacle to justice is a misleading and oversimplified narrative.

Argument 2: “We need backdoors in encryption systems to enable authorities to access data when necessary.”

This is the most common argument among Western governments, in particular. Instead of calling for an outright ban on encryption, which is vital for economic security, some voices advocate for a technical workaround that would allow content to be decrypted through an official authorization when deemed necessary. Proponents of this idea often refer to it using terms like “exceptional access” or “government-controlled master key encryption.”

This means compelling communication service providers, such as Apple, Facebook, and others, to create a loophole in their systems, allowing security agencies to bypass encrypted messages if granted a court order.

Proponents of this proposal argue that it strikes the right balance: preserving the benefits of encryption while ensuring that criminals do not escape justice. For example, the UK government has repeatedly raised this issue, with former Prime Minister David Cameron stating in 2015 that he “would not allow encryption that the government cannot break.”

The FBI also pressured U.S. tech companies for years to include a backdoor in their devices, especially following the infamous San Bernardino incident. After the 2016 attack, the court ordered Apple to unlock the iPhone belonging to one of the attackers. Such demands are based on the notion that “every lock should have a key held by the authorities.”

The concept of a “secure backdoor” is a dangerous illusion. Encryption is a mathematical technology that cannot be selectively applied to benefit one party without exposing others. Any vulnerability introduced into an encrypted system can be discovered and exploited by other actors, whether hackers, authoritarian governments, or cybercriminal groups.

In other words, there is no loophole that only the “good guys” can access. If a backdoor exists, everyone can get through it. This is confirmed by UN Special Rapporteur David Kaye, who stated: “Compromised encryption will not remain secret from those with the skills to exploit vulnerabilities (…) any deliberate weakening of encryption undermines the security of all.” This ultimately weakens the global digital security infrastructure and makes it more vulnerable to attacks.

Amnesty International has explicitly warned that such measures violate international human rights law, as they undermine the security and privacy of everyone indiscriminately. The issue is not about monitoring a specific criminal, but about putting billions of private communications at risk. Creating an exceptional access point for the government today could mean opening the door tomorrow for hackers or repressive regimes to exploit it against opponents. 

Organizations like the EFF have emphasized that, from a legal perspective, if encrypted content must be disclosed for a legitimate reason, it should be done through judicial mechanisms with strict and narrow safeguards (for example, targeting a specific suspected device through a court order, rather than providing a general access point for all devices).

There are deep concerns that the existence of a backdoor would tempt authorities themselves to engage in unlawful surveillance or expand the definition of “national security necessity” to justify monitoring activists and journalists. Given past instances of governments’ involvement in mass surveillance, the existence of master keys capable of decrypting communications would be a powerful tool prone to abuse and a serious threat to human rights.

Argument 3: “A balance must be struck between liberty and security; some privacy must be sacrificed for public safety.”

Policymakers sometimes promote the idea that liberty and security are two sides of a scale; gaining more of one necessarily requires sacrificing some of the other. In the context of encryption, this often translates into calls for reduced privacy in communications, allowing for regulated surveillance or encryption restrictions to enable security agencies to fulfill their duty to protect the public.

This idea exploits the public’s natural fear of terrorist and criminal threats, presenting itself as a binary choice with no alternative: either “absolute digital freedom exploited by bad guys” or “strict surveillance that protects us from them.”

Yet this equation is both false and dangerous. The relationship between security and freedom is not a zero-sum game; it is possible to achieve both by strengthening digital security itself. Encryption supports security—it does not weaken it—by protecting citizens from data breaches and the theft of financial and personal information. It also shields companies and governments from espionage and cyberattacks. Therefore, weakening encryption in the name of security may lead to the exact opposite result.

Access Now describes any policy that weakens encryption as, in reality, “a policy of weakening security.” The organization has affirmed that undermining encryption is equivalent to undermining everyone’s digital safety. For instance, if a tech company is forced to build a backdoor into its smartphones, cybercriminals will be the first to try to exploit it.

As a result, everyone, including ordinary users and government officials, will be less secure. Sacrificing digital privacy and encryption under the guise of achieving security could ultimately lead to insecurity and widespread vulnerabilities that threaten both national and private sector information infrastructures.

From a human rights perspective, freedoms are allies of security, not its enemies. Long-term societal security cannot be ensured without respecting the rights of individuals. Experience shows that societies engaged in excessive surveillance under the pretext of security have not achieved sustainable security. Instead, they have undermined citizens’ trust and produced serious violations. Denying individuals access to secure means of communication, such as encryption and anonymity, makes society less free and safe. 

Therefore, the issue should not be framed as a trade-off between freedom and security, but rather as a means to strengthen both simultaneously. This can be achieved through policies that protect privacy while also employing legitimate methods to pursue real crimes, without compromising the security of institutions or individuals.

Argument 4: “Widespread encryption hinders investigations into child sexual abuse material (CSAM).”

Some agencies raise this sensitive argument in opposition to companies like Facebook’s planning to implement end-to-end encryption across their platforms. These entities express concern that predators might use encrypted services to communicate and exchange exploitative content without detection. There have been campaigns against encrypting the Messenger app, arguing that it would prevent the detection of child abuse networks.

This concern appears legitimate at first glance (protecting children is a priority), but it must also be weighed against the reality that most of these crimes are detected through proactive methods that scan everyone’s messages. Additionally, solutions like client-side scanning technology are controversial due to the potential violation of privacy.

From a principled perspective, even the most serious crimes should not be addressed by weakening the security system for everyone. Instead, the focus should be on tracking perpetrators through targeted technical and legal means, rather than using it as an excuse for a global breach of privacy.

Encryption in Repressive Contexts

Recognizing encryption as a fundamental human right becomes even more critical when considering repressive contexts in some countries. In these environments, the discussion is no longer theoretical about balancing security and privacy; it extends to criminalizing encryption itself or prosecuting its users, and exploiting its absence as a tool for suppressing opposition and civil society.

Restrictions and Legislation Criminalizing or Limiting Encryption

Some governments have enacted laws that either prohibit or heavily restrict the use of strong encryption tools by the public. For example, Pakistan and India have imposed restrictions on encryption, allowing only the use of weak encryption tools or requiring a special license to use more powerful encryption systems.

These restrictions make individuals who use apps relying on complex encryption subject to accountability. Some countries have gone even further by completely banning encryption during certain periods or limiting its use to specific groups. Reports have surfaced about countries such as Russia, Kazakhstan, and Pakistan entirely banning specific encryption programs or protocols at various times.

Targeting Individuals for Using Encryption

In repressive environments, a person’s use of privacy-protecting technologies may be viewed as evidence of involvement in anti-government activity. For example, in 2015, journalists from Vice were arrested in Turkey and charged with “supporting a terrorist organization” merely because their translator was using encryption software on his personal computer.

At the time, Turkish authorities considered the use of a widely available encryption program as evidence of the suspects’ communication with extremist groups, claiming that ISIS used the same software. This case illustrates how encryption itself can be criminalized, turning anyone who uses strong encryption into a suspect.

In another case, also in Turkey, several human rights activists were detained while participating in a digital security training workshop. The authorities fabricated terrorism-related charges against them simply for “daring to learn about encryption and digital protection tools.” Such incidents send an intimidating message to all internet users: that using encryption places individuals under suspicion.

These practices are not limited to Turkey. In other countries, individuals have been imprisoned or investigated simply for using applications like Tor or VPNs to bypass censorship. For example, Iran classifies the use of anonymity tools on the internet as a cybercrime.

In China, the government has made it increasingly difficult to use VPNs by banning many of them and requiring service providers to monitor communications, making it nearly impossible for activists to use any form of encryption without being detected.

In Ethiopia, the 2014 indictment against the “Zone 9 bloggers” revealed that part of the treason charges were based on the bloggers’ use of encryption and anonymity tools in their journalistic work. All of this reflects a repressive approach that deliberately renders digital communication unsafe in order to facilitate the surveillance of dissent.

The Impact on Civil Society and Journalism

When the use of encryption becomes legally or technically risky, it is civil society as a whole that pays the price. Journalists in such environments will struggle to protect their sources, putting both themselves and their informants at risk and discouraging people from coming forward with important information.

Similarly, the communications of human rights activists will be subject to surveillance, potentially exposing their strategies and putting members of their networks in danger. Political opposition also finds its movements tracked and easily thwarted. This creates a climate of fear that leads many to resort to self-censorship and to scale back their legitimate activities.

Additionally, ordinary citizens would also be harmed. Without encryption and its tools, their data becomes vulnerable to breaches by criminal entities, not just the government. Citizens face two bad choices: 

One, becoming a criminal in the eyes of the authorities if they choose to protect their privacy with strong encryption. Two, relinquishing that protection and becoming an easy target for hackers and authorities who might spy on their private lives without accountability.

Encryption as a Human Right

There has been a growing movement within human rights and international circles advocating for the recognition of encryption as a human right or an integral part of those rights. This involves acknowledging that the use of encryption and anonymity technologies is a practice protected under recognized human rights, particularly the right to privacy and freedom of expression. Such practices should not be restricted except under strict controls and very limited exceptions.

The United Nations has highlighted the importance of encryption on several occasions. In 2015, David Kaye, the Special Rapporteur on Freedom of Opinion and Expression, presented a report to the UN Human Rights Council focusing on the role of encryption and anonymity in ensuring freedom of expression.

The report concluded with clear recommendations, including: individuals should not be prohibited from using encryption, and states should refrain from imposing tools that weaken encryption or demand decryption keys, except under the strictest judicial circumstances.

The report also emphasized that freedom of expression in the digital age inherently includes the freedom to use encryption, and any restrictions on it must be considered exceptions that require strong justification based on international standards (legitimacy, necessity, and proportionality). This stance reinforced the idea that encryption is a right to be respected, rather than a commercial product.

In the following years, other UN entities adopted this view. The Human Rights Council and the UN Secretary-General issued statements affirming “the fundamental importance of encryption and anonymizing tools in ensuring the enjoyment of human rights in the digital age.” 

In 2017, the Human Rights Council adopted its first resolution explicitly mentioning encryption, urging states not to arbitrarily interfere with technologies that secure the privacy of digital communications.

The United Nations General Assembly reaffirmed this resolution in 2020. It explicitly called on states to adopt “encryption policies that ensure and protect the privacy of individuals’ digital communications.” The resolution also urged states not to impose technical restrictions that would weaken the security of digital technologies, and encouraged the private sector to provide secure, encrypted platforms. This language implicitly reflects the international community’s recognition that encryption is essential for realizing a range of human rights, rather than being an obstacle to them.

Those resolutions also linked encryption to issues such as gender and vulnerable groups. They noted that enabling women and marginalized communities to access encryption and anonymity helps bridge the digital divide and ensures their safe participation online.

Restricting access to encryption, either legally or through a lack of understanding, constitutes a significant human rights issue. This can effectively prevent specific groups, such as female activists and journalists who are often targets of surveillance and online harassment, from exercising their rights to freedom of expression and participation.

In addition, the United Nations Educational, Scientific and Cultural Organization (UNESCO) and other UN bodies have issued reports calling for the respect of encryption. The United Nations High Commissioner for Human Rights also warned about the dangers posed by modern surveillance technologies and called for strengthening the use of encryption to protect privacy.

Leading international organizations in the field of digital rights have also emphasized the importance of recognizing encryption as a fundamental right. In 2016, Amnesty International issued a report titled “Encryption: A Human Rights Issue,” which clearly reflects the organization’s stance on this matter. The report stated that “people everywhere should be able to encrypt their communications and personal data as a basic protection of their rights to privacy and freedom of expression.”

Access Now has also made the defense of encryption one of its core global focus areas. The organization has launched campaigns and partnered with dozens of institutions to internationally advocate for encryption, aiming to influence global policies in favor of its recognition. Access Now emphasized that “when we defend encryption, we are defending human rights. Encryption enables us to stay safe online and communicate freely and privately.” The organization also described encryption as a matter of life or death for certain groups, such as human rights defenders and vulnerable communities.

Privacy International and the Electronic Frontier Foundation (EFF) have taken similar stances. For instance, EFF has submitted statements to the United Nations affirming that encryption and anonymity are “guardians of freedom of expression” and must not be compromised. The organization also developed a guide titled “Defending Encryption” to equip activists with arguments to counter government efforts aimed at weakening encryption.

ARTICLE 19, an organization focused on freedom of expression, also issued a detailed policy paper stating that “freedom of expression in the digital age is meaningless without the right to anonymity and encryption.” The organization called on states to explicitly recognize in their laws that freedom of expression includes the right to use encryption and remain anonymous.

Despite these strong stances, none have been translated into explicit legal guarantees by states. There is still no international treaty that obligates countries to respect the right to encryption as an independent right. Addressing this gap requires work on several fronts, including:

  • The international community, at the global level, should push for a stronger UN resolution or even a legal commentary from the International Court of Justice or the Human Rights Council, clarifying the limits of legality in restricting encryption. A general comment from the UN Human Rights Committee should interpret Article 17 (Privacy) of the International Covenant to include the protection of encryption clearly.
  • On the regional and national levels, the right to encryption can be incorporated into the constitutions or laws of countries. For example, Brazil has an Internet Bill of Rights that guarantees net neutrality and freedom of expression, which could be expanded to ensure the non-prohibition of encryption. Similarly, some European countries have laws that promote the use of encryption (as part of the General Data Protection Regulation, which encourages encryption). However, issuing explicit provisions such as “Users have the right to protect their communications and data using encryption technologies without interference except by the law” would restrain any future attempts to criminalize or restrict encryption.
  • Reliance on legal precedents in relevant cases is also important. For instance, in the United States, there is an ongoing legal debate about whether compelling an individual to disclose their password or encryption key constitutes a violation of the Fifth Amendment (the right against self-incrimination). Similarly, human rights courts, such as the European Court of Human Rights, may eventually rule on cases concerning the legality of blocking secure websites or prosecuting individuals for encrypting their communications.

Proposed Ethical and Human Rights Framework

Based on the stances above, a human rights framework can be formulated to affirm the following principles:

  • The Right of Individuals to Encryption: This refers to the right to use encryption tools and software to protect the confidentiality of one’s data and communications. It is an extension of the right to privacy and freedom of expression, and is supported by customary international law (through modern interpretations).
  • Arbitrary Ban or Decryption as a Violation: The prohibition of encryption or the forced decryption of data constitutes a violation unless it meets strict conditions: legitimate aim, pressing necessity, proportionality, and judicial oversight. Any demand for decryption must be supported by an individual court order, not by general legislation.
  • Promoting Encryption as a National Duty to Ensure Citizens’ Digital Security: This means not only refraining from restricting encryption but also taking active steps to disseminate it and raise public awareness of its importance.
  • Technology Companies and Service Providers Must Adopt Strong Encryption by Default: They should implement robust encryption as the standard (default) setting, assess internal policies that may weaken user privacy, and resist government pressures to introduce backdoors, as doing so would violate their responsibility to uphold users’ rights.
  • Anonymity is an Inherent Right and Integral to the Framework:
    The right to encryption is meaningless without a parallel right to anonymity, provided the individual’s actions are lawful.

All these points aim to make encryption the default norm in the digital world, not just a technical option. Tampering with it should be viewed as an ethical and legal exception, akin to violating the sanctity of one’s home or traditional mail.

The Right to Anonymity 

The right to anonymity (concealing one’s identity) is closely linked to encryption and is often mentioned alongside it in digital rights literature. Anonymity refers to an individual’s right not to reveal their true identity while engaging in online activities, to use internet services without being forcibly identified or arbitrarily tracked.

In this context, it is essential to distinguish between anonymity and privacy. Privacy is a broader concept that concerns protecting an individual’s personal information and preventing its disclosure without consent. This includes their identity, the content of their communications, and any sensitive data. On the other hand, anonymity specifically refers to the concealment of identity, ensuring that a person is not identified by name or personal details when interacting in a given context.

For example, a person might post a comment online using a pseudonym, without revealing their real name to readers; in this case, the individual is exercising anonymity. This does not necessarily mean that the content they share is private or confidential. It may be publicly accessible to everyone but is not linked to their real identity.

So, the distinction is clear: privacy may involve keeping the content of communication private or controlling who has access to it, while anonymity refers to not revealing the identity of the person behind the content or activity. Both privacy and anonymity can exist independently of each other.

For example, someone might send an encrypted message to a friend, ensuring the privacy of the content is protected, even though the recipient’s identity is known. On the other hand, a person might post a public tweet under a pseudonym, which does not protect the privacy of the content but ensures the anonymity of the person posting it.

In practice, anonymity and encryption often work together to provide the best protection. Encryption safeguards the content of the communication, while anonymity conceals the identities of the communicators. Both aim to protect individuals from censorship, retaliation, or discrimination based on their views or affiliations.

The UN report highlights this crucial relationship: encryption protects the content of communications, but it doesn’t necessarily hide all identifying data, such as the IP address. That’s where anonymity tools, like Tor networks or proxy services, come into play, ensuring the user’s identity remains hidden on the network. Human rights experts emphasize that true privacy cannot be achieved without the ability to control the information shared about oneself and how it is used. This includes the right to remain anonymous if one chooses.

The Necessity of Anonymity for Protecting Rights

Anonymity is not a luxury; it has long played a pivotal role in freedom of expression. Anonymous expression allows ideas to be discussed on their own merits, without bias toward the speaker’s identity, and protects speakers from the fear of personal repercussions. Today, in the digital age, the need for anonymity has increased for several reasons:

  • Fear of Retaliation or Punishment: Whistleblowers or government employees who expose misconduct need to hide their identities when leaking information to the press or the public. Otherwise, they risk losing their jobs or facing legal consequences. Anonymity in this case encourages the exposure of violations and the delivery of truths to society.
  • Avoiding Discrimination or Social Stigma: Certain groups use pseudonyms to avoid discrimination from society or employers based on their identities or beliefs. For example, anonymity is essential for LGBTQ+ individuals who engage in conservative environments using pseudonyms to freely discuss their issues without being exposed locally. Similarly, women may sometimes prefer not to reveal their true identities on public discussion platforms to avoid harassment and assault.
  • Victims of Domestic Violence: Survivors of domestic violence, who flee from an abuser who could be searching for them, need to remain anonymous online (and sometimes change their names) to avoid being tracked down by the abuser.
  • Free Discussion of Sensitive Issues: Such as religion, sex, and politics in repressive societies. People may hesitate to ask questions or express their doubts using their real identities for fear of stigma or persecution. Anonymity allows for a more honest space for dialogue on these topics.
  • Protecting Legitimate Digital Activity: Anonymity and encryption protect civil society networks from infiltration and dismantling.

The right to remain anonymous protects individuals from the power of “biased public opinion” or the oppression of the state or influential figures. EFF has emphasized this, stating that “there are countless reasons why people choose to use names other than the ones they were born with, including concerns for their lives and livelihoods, avoiding discrimination, or simply the desire for their words to be judged independently of their backgrounds.”

Attacks on the Right to Anonymity

Despite the benefits of anonymity, recent years have witnessed a growing trend among governments to eliminate the state of anonymity online. This trend takes several forms, as follows:

  • Mandatory “Know Your Customer” (KYC) Policies: Many countries require telecom companies and social media platforms to authenticate users’ identities. For example, several countries require newcomers to register SIM cards with their passport details under the guise of combating crime, effectively making it impossible for mobile phone users to remain anonymous to the state. Additionally, Chinese social media platforms require accounts to be linked to national identity numbers, and Facebook followed a real-name policy for years (later partially revoked after criticism).
  • Banning Anonymizing Tools: Some countries, like China and Iran, prohibit or criminalize using tools like the Tor network, while others, such as Russia, Belarus, and China, block VPN services. These tools are designed to conceal the user’s identity and address, so blocking them effectively removes the ability to remain anonymous.
  • Legislative Proposals Requiring ID for Online Registration: Several countries have discussed or implemented laws requiring social media users to authenticate their identity with the platform, even if they appear publicly under a pseudonym.
  • Justifications for Attacks on Anonymity: Governments often justify these measures as a way to combat hate speech, extremism, and misinformation. They argue that anonymity encourages aggression or rudeness (such as the “troll” phenomenon) and that revealing identities would lead to more decent discourse. This rationale ignores the fact that much harassment occurs even through real accounts. Additionally, ending anonymity would harm victims themselves, who may only report crimes or discuss their issues under the cover of a pseudonym.

Defending the right to anonymity in the face of these attacks requires emphasizing several aspects, including:

  • Anonymity is part of freedom of expression and privacy: This should be explicitly recognized in laws. Article 19 organization has called on states to clearly stipulate that freedom of expression includes the right to speak, browse, and publish anonymously. Such an acknowledgment would make any restriction on anonymity subject to tests of necessity and proportionality.
  • Rejecting mandatory identity laws: Any legislation that requires users of social media platforms or mobile phone owners to reveal their identity should be treated with great caution. The option to remain anonymous should be maintained, with legal tools available to unmask identity only when there is a court order following serious violations (such as criminal defamation or direct threats).
  • Demanding platform policies that better respect anonymity: For example, allowing pseudonyms and not forcing users to publicly disclose their real names. Facebook faced pressure from groups like domestic violence survivors and the LGBTQ+ community to modify its “real name” policy, leading the platform to ease it.

Recommendations to Strengthen the Right to Encryption and Anonymity

In light of the discussion in this paper, it is clear that protecting encryption and anonymity is essential to ensuring human rights in the digital age. The following section presents brief practical recommendations aimed at governments, legislators, tech companies, and civil society to safeguard and support these rights:

  • Rejecting Backdoors or Weakening Encryption: Governments should publicly commit to not requiring companies to include any intentional vulnerabilities or backdoors in their digital products. Any existing or proposed legislation that forces this should be repealed and strongly opposed. Additionally, any requirements to weaken encryption should be prevented. The principle that “there are no engineering exceptions in encryption for government entities” should be widely adopted, as any vulnerability opened for the government will also be accessible to criminals. Law enforcement authorities should focus instead on targeted methods (such as individual device search warrants) that do not undermine everyone’s security.
  • Promoting the Widespread Use of Encryption Tools: Governments should take the initiative to facilitate the use of encryption rather than hinder it. Practically, this means removing any restrictions on the import or export of encryption technologies, explicitly allowing the use of anonymizing software, and integrating encryption into government services (such as adopting encrypted email between citizens and administrations). Governments should also support the development of open-source encryption software and tools and raise public awareness about using them effectively.
  • Incorporating the principle of encryption into policies and laws: National legal frameworks should be updated to include explicit provisions that protect the right to encryption. For example, a clause can be added to telecommunications or cybercrime laws stating that “no person may be compelled to disclose their encryption key, except by court order in the context of a specific criminal investigation,” with strict limitations. Laws that criminalize or restrict encryption should be repealed or amended. For instance, any law requiring a permit to use a VPN or specific encryption methods should be reconsidered. In contrast, supportive laws should be enacted, such as recognizing the right of journalists to protect their digital sources, which includes their right to use encryption and not disclose their keys. This should also be considered in freedom of information laws and whistleblower protection laws.
  • Legal recognition of the right to anonymity: Countries should review their legislation to remove any provisions that require individuals to register with their real names on social media platforms, as these exceed what is permissible under human rights standards. Legal texts should prohibit public authorities from forcing individuals to disclose their identities when expressing opinions, except through the judiciary and in cases of extreme necessity. For example, regulations can be issued that require security agencies to obtain user data from companies only after a substantiated court order and prevent them from tracking individuals online solely for using pseudonyms.
  • Repealing comprehensive surveillance laws and enhancing judicial oversight: Many violations of encryption and anonymity arise from broad laws that allow extensive surveillance (such as anti-cybercrime laws). These laws should be reviewed to ensure they do not permit blanket decryption requests or the installation of malicious software for widespread hacking. Any process that violates communication privacy should be subject to effective judicial and parliamentary oversight. This includes ensuring that any order to reveal the identity of an anonymous account holder or decrypt a message goes through an independent court, with the opportunity for legal objection.
  • Companies’ Commitment to strong encryption technologies by default: Technology companies and service providers should adopt end-to-end encryption (E2EE) as a standard for messaging applications and cloud storage wherever possible. They must resist pressures to weaken encryption.
  • Raising awareness and empowering users: Civil society organizations and those concerned with digital rights should launch campaigns to educate people on the importance of encryption and anonymity. Many government concerns exploit the public’s lack of technological knowledge to portray these tools as malicious. Therefore, initiatives such as digital security training for journalists and activists should be expanded, and technical support through hotlines (like Helpline Access Now) should be provided to assist those facing digital security risks. The more widespread the use of encryption among ordinary people, the less able governments will be to stigmatize or prohibit it.
  • International coalition and agreements: Countries that are committed to internet freedom should unite to launch a global initiative to protect encryption. This could be achieved through an international forum that establishes voluntary standards or, in the longer term, by considering a multilateral treaty that guarantees the right to encryption.
  • Review and update legal and policy curricula: It is recommended that academic institutions and research centers include the concept of “digital rights,” including the right to encryption and anonymity, in their studies and curricula. This will create a new generation of legal professionals and policymakers who understand cyberspace and recognize that protecting rights online is an extension of protecting them offline. Such long-term institutional awareness will make it harder to enact infringing legislation and will bring rationality and balance to the discussion of the issue.

Conclusion

It is clear from this paper that encryption and anonymity are no longer mere technical issues or luxuries for professionals; they have become essential for protecting human dignity and safeguarding rights in the digital age. Turning encryption into a human right means acknowledging that individuals’ freedom to secure their communications and data is a natural extension of their fundamental freedoms.

This right ensures the existence of a “private digital space” for every individual, just as traditional rights guarantee the inviolability of the home and correspondence. In this protected space, secured by encryption, individuals can think and create without constant surveillance.

On the other hand, undermining encryption and anonymity leads to dire consequences for both individuals and society. A world without encryption would be one of constant surveillance. In such a world, freedom of expression would shrink; journalists would fear for their sources, citizens would hesitate to express dissenting opinions, and thinkers would refrain from exploring unconventional ideas. This world would also witness a deterioration in digital security for everyone, making personal data breaches and financial information theft easier to carry out.

The right to encryption is part of the necessary modernization of the human rights framework to keep up with the new reality. Just as the concepts of rights have evolved to encompass new dimensions with the development of societies, the information age demands an expansion of personal rights to include individuals’ control over their data and digital identity.

Recognizing this right would solidify the principle that the rights and freedoms that apply outside the internet also apply within it. Therefore, making encryption a human right is not just a technical or legal demand, but a necessity in the face of the growing encroachment of surveillance and control.

Sources:

  1. Anthonie Nordzij, “Encryption and the Right to Privacy and Freedom of Expression,” Journal of Human Rights Practice, Volume 16, Issue 1, 2024. https://academic.oup.com/jhrp/article/16/1/397/7234270
  2. United Nations Human Rights Council, Draft Resolution A/HRC/48/L.9/Rev.1. https://docs.un.org/en/A/HRC/48/L.9/REV.1
  3. United Nations General Assembly, Resolution A/RES/75/176 on the right to privacy in the digital age. https://docs.un.org/en/A/RES/75/176
  4. Access Now, “UN adopts historic resolution on privacy in the digital age,” 2020. https://www.accessnow.org/un-privacy-resolution/
  5. Access Now, “Why encryption is important,” 2016. https://www.accessnow.org/why-encryption-is-important/
  6. Amnesty International Netherlands, “Apple vs. FBI: Undermining encryption opens a Pandora’s box for human rights,” 2016. https://www.amnesty.nl/actueel/apple-vs-fbi-undermining-encryption-opens-a-pandoras-box-for-human-rights
  7. Amnesty International USA, “Encryption: A Matter of Human Rights,” POL 40/3682/2016. https://www.amnestyusa.org/wp-content/uploads/2017/04/encryption_-a_matter_of_human_rights-_pol_40-3682-2016.pdf
  8. Association for Progressive Communications (APC), “What is encryption and why is it key to human rights.” https://www.apc.org/en/news/what-encryption-and-why-it-key-human-rights
  9. Electronic Frontier Foundation (EFF), “Tell the UN: Anonymity and Encryption Are Vital to Free Expression,” 2015. https://www.eff.org/deeplinks/2015/02/tell-un-anonymity-encryption
  10. Electronic Frontier Foundation (EFF), “Global Condemnation of Turkey’s Detention of Innocent Digital Security Trainers,” 2017. https://www.eff.org/deeplinks/2017/07/global-condemnation-turkeys-detention-innocent-digital-security-trainers
  11. Electronic Frontier Foundation (EFF), “The Right to Anonymity is Vital to Free Expression—Now and Always,” 2020. https://www.eff.org/deeplinks/2020/03/right-anonymity-vital-free-expression-now-and-always
  12. Europol, “Changes in modus operandi of Islamic State terrorist attacks,” 2016. https://www.europol.europa.eu/publications-events/publications/changes-in-modus-operandi-of-islamic-state-terrorist-attacks
  13. David Kaye, UN Special Rapporteur Report, “Encryption and Anonymity,” 2015. https://www.justsecurity.org/wp-content/uploads/2015/06/Kaye-HRC-Report-Encryption-Anonymity.pdf
  14. OHCHR, “The Right to Privacy in the Digital Age,” A/HRC/51/17. https://www.ohchr.org/ar/documents/thematic-reports/ahrc5117-right-privacy-digital-age
  15. OHCHR, International Covenant on Civil and Political Rights (ICCPR). https://www.ohchr.org/ar/instruments-mechanisms/instruments/international-covenant-civil-and-political-rights
  16. OHCHR, “Human Rights, Encryption and Anonymity in the Digital Age,” 2015. https://www.ohchr.org/en/stories/2015/06/human-rights-encryption-and-anonymity-digital-age
  17. United Nations, Universal Declaration of Human Rights. https://www.un.org/ar/about-us/universal-declaration-of-human-rights

More Publications..

The Right to Privacy in Egyptian Laws.. Legislative Obstacles and Unfinished Steps

Non-discrimination

5G Networks and Possible Impacts on Human Rights