Encryption is one of the best methods we have to protect the privacy of data while it is stored on our devices or being sent over the internet. It is used in browsers, VPNs, emails, messaging apps and password managers and can protect, among others, files, folders, discs and USB devices. When encryption is used correctly, it is almost impossible or extremely time consuming to break with current technologies (and post-quantum encryption algorithms are already being developed).
End-to-end encryption (E2EE) is a secure communication process in which data is encrypted on a sender's device before it is sent to a server and only the people communicating can read the exchanged messages. When a message is encrypted, the information contained in it is scrambled into unreadable text that only recipients with a decryption key, known as the cryptographic key, can decrypt and read.
However, even if end-to-end-encryption is used, it is possible to see on the network that the message is being transferred, as well as the metadata associated with it (for example, the date and time it was sent, the participants, the email subject, the type of document, etc). It is also important to make sure the device used for communication is secure and authentication is required to access the apps and software where communication is conducted; otherwise, encrypted messages can be read by third parties if they gain access to the unprotected device.
Encryption is vital to keeping people's communications secure from government or corporate surveillance, malicious hackers, stalkers and others. Encryption is especially important for people who may be targeted for what they do (e.g. human rights defenders, journalists and dissidents) or for who they are (e.g. LGBTQI people and religious or ethnic minorities, among others). As APC member Open Net Korea states, it is saying something “in a secret language that is known only to a closed group of people.”
As we stated in our explainer on cybersecurity, weakened encryption undermines human rights. It can make it easier for malicious actors to gain access to people’s personal information and communications, and can lead to journalists’ sources being revealed, human rights defenders being targeted by governments, and a person in an abusive relationship being blackmailed.
Encryption overall, and end-to-end encryption in particular, provide the privacy and security necessary for the exercise of a range of rights such as the right to privacy, to be free from discrimination, and for the exercise of the freedoms of expression and of association and assembly, among others.