Keyword: encryption

The right to encryption: Privacy as preventing unlawful access external link

van Daalen, O.
Computer Law & Security Review, vol. 49, 2023

Abstract

Encryption technologies are a fundamental building block of modern digital infrastructure, but plans to curb these technologies continue to spring up. Even in the European Union, where their application is by now firmly embedded in legislation, lawmakers are again calling for measures which would impact these technologies. One of the most important arguments in this debate are human rights, most notably the rights to privacy and to freedom of expression. And although some authors have in the past explored how encryption technologies support human rights, this connection is not yet firmly grounded in an analysis of European human rights case law. This contribution aims to fill this gap, developing a framework for assessing restrictions of encryption technologies under the rights to privacy and freedom of expression as protected under the European Convention of Human Rights (the Convention) and the Charter of Fundamental rights in the European Union (the Charter). In the first section, the relevant function of encryption technologies, restricting access to information (called confidentiality), is discussed. In the second section, an overview of some governmental policies and practices impacting these technologies is provided. This continues with a discussion of the case law on the rights to privacy, data protection and freedom of expression, arguing that these rights are not only about ensuring lawful access by governments to protected information, but also about preventing unlawful access by others. And because encryption technologies are an important technology to reduce the risk of this unlawful access, it is then proposed that this risk is central to the assessment of governance measures in the field of encryption technologies. The article concludes by recommending that states perform an in-depth assessement of this when proposing new measures, and that courts when reviewing them also place the risk of unlawful access central to the analysis of interference and proportionality.

communications confidentiality, encryption, Freedom of expression, Human rights, Privacy, unlawful access

Bibtex

Article{nokey, title = {The right to encryption: Privacy as preventing unlawful access}, author = {van Daalen, O.}, url = {https://www.sciencedirect.com/science/article/pii/S0267364923000146}, doi = {https://doi.org/10.1016/j.clsr.2023.105804}, year = {2023}, date = {2023-05-23}, journal = {Computer Law & Security Review}, volume = {49}, pages = {}, abstract = {Encryption technologies are a fundamental building block of modern digital infrastructure, but plans to curb these technologies continue to spring up. Even in the European Union, where their application is by now firmly embedded in legislation, lawmakers are again calling for measures which would impact these technologies. One of the most important arguments in this debate are human rights, most notably the rights to privacy and to freedom of expression. And although some authors have in the past explored how encryption technologies support human rights, this connection is not yet firmly grounded in an analysis of European human rights case law. This contribution aims to fill this gap, developing a framework for assessing restrictions of encryption technologies under the rights to privacy and freedom of expression as protected under the European Convention of Human Rights (the Convention) and the Charter of Fundamental rights in the European Union (the Charter). In the first section, the relevant function of encryption technologies, restricting access to information (called confidentiality), is discussed. In the second section, an overview of some governmental policies and practices impacting these technologies is provided. This continues with a discussion of the case law on the rights to privacy, data protection and freedom of expression, arguing that these rights are not only about ensuring lawful access by governments to protected information, but also about preventing unlawful access by others. And because encryption technologies are an important technology to reduce the risk of this unlawful access, it is then proposed that this risk is central to the assessment of governance measures in the field of encryption technologies. The article concludes by recommending that states perform an in-depth assessement of this when proposing new measures, and that courts when reviewing them also place the risk of unlawful access central to the analysis of interference and proportionality.}, keywords = {communications confidentiality, encryption, Freedom of expression, Human rights, Privacy, unlawful access}, }

Putting Data Protection by Design on the Blockchain external link

Giannopoulou, A.
European Data Protection Law Review, vol. 7, num: 3, pp: 388-399, 2021

Abstract

The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.

anonymity, blockchain, Data Protection by Design, encryption, EU General Data Protection Regulation, frontpage, Privacy

Bibtex

Article{Giannopoulou2021, title = {Putting Data Protection by Design on the Blockchain}, author = {Giannopoulou, A.}, doi = {https://doi.org/10.21552/edpl/2021/3/7}, year = {1022}, date = {2021-10-22}, journal = {European Data Protection Law Review}, volume = {7}, number = {3}, pages = {388-399}, abstract = {The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.}, keywords = {anonymity, blockchain, Data Protection by Design, encryption, EU General Data Protection Regulation, frontpage, Privacy}, }

Human rights and encryption external link

Schulz, W. & van Hoboken, J.
pp: 83 pp., 2016

Abstract

The study provides an overview of encryption technologies and their impact on human rights. It analyzes in-depth the role of encryption in the media and communications landscape, and the impact on different services, entities and end users. It highlights good practices and examines the legal environment surrounding encryption as well as various case studies of encryption policies. Built on this exploration and analysis, the research provides recommendations on encryption policy that are useful for various stakeholders. These include signaling the need to counter the lack of gender sensitivity in the current debate, and also highlighting ideas for enhancing “encryption literacy”.

encryption, frontpage, Human rights, unesco

Bibtex

Report{Schulz2016, title = {Human rights and encryption}, author = {Schulz, W. and van Hoboken, J.}, url = {http://www.ivir.nl/publicaties/download/human_rights_and_encryption.pdf}, year = {1201}, date = {2016-12-01}, abstract = {The study provides an overview of encryption technologies and their impact on human rights. It analyzes in-depth the role of encryption in the media and communications landscape, and the impact on different services, entities and end users. It highlights good practices and examines the legal environment surrounding encryption as well as various case studies of encryption policies. Built on this exploration and analysis, the research provides recommendations on encryption policy that are useful for various stakeholders. These include signaling the need to counter the lack of gender sensitivity in the current debate, and also highlighting ideas for enhancing “encryption literacy”.}, keywords = {encryption, frontpage, Human rights, unesco}, }

Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy external link

Arnbak, A.
2014

Abstract

This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.

Constitutional and administrative law, cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad

Bibtex

Presentation{nokey, title = {Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy}, author = {Arnbak, A.}, url = {http://www.ivir.nl/publicaties/download/1421.pdf}, year = {1014}, date = {2014-10-14}, abstract = {This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.}, keywords = {Constitutional and administrative law, cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad}, }