May 3rd is World Press Freedom Day to raise awareness of the importance of freedom of the press and to remind governments to respect and uphold these freedoms. Governments, and the powerful in general, need to be held accountable. That won’t happen without transparency. And journalists are essential as they have time and resources to dive into the inner workings of large organizations.
On the other hand, citizens need to be able to communicate privately. Unlike big companies, the rich, or governments, ordinary citizens can’t protect their data from abuse by the powerful. It is important to be able to communicate without fear and mass surveillance.
This makes encryption such an important feature. While big organizations can protect their data, even if encryption were weakened or outlawed, normal people can’t.
To support a safe web, Nextcloud, along with 46 other organizations and businesses, has signed an open letter calling on governments to uphold privacy rather than restrict the use of encrypted services.
Encrypted data are at the forefront of the battle for online privacy, freedom of the press, opinion and expression. Many journalists, whistleblowers and activists rely on secure, encrypted solutions to protect their data and their identity.
At Nextcloud, we advocate for ensuring data privacy and security for all so everyone is provided this right. Through our open source mission, we strive to keep the internet free and inclusive. Our collaboration platform was built for users to self-host so they can protect their data, engage in private dialogues and communicate openly about their opinions.
On World Press Freedom Day, we, the undersigned organisations and companies — a global network of over 40 organisations have united to defend the right to privacy. We are writing this open letter to urgently appeal to governments to publicly pledge your support to protect encryption and ensure a free and open Internet.
Encryption is a critical tool for user privacy, data security, safety online, press freedom, self determination, and free expression. Without encryption, users’ data and communications can be accessed by law enforcement and malicious actors. Government attacks on encrypted services threaten privacy and puts users at risk. This might seem like a distant problem primarily faced in authoritarian countries but the threat is just as real and knocking at the doors of democratic nations.
Many in the EU, the USA, UK, Canada and Australia would like to force encrypted services to backdoor their encryption or otherwise block access to encrypted tools and services such as Tor, Signal, or Tutanota. Encrypted services are at the forefront of the battle for online privacy, freedom of the press, freedom of opinion and expression. Many journalists, whistleblowers and activists depend on secure, encrypted solutions to protect their data as well as their identity. Access to these tools can be literally life or death for those who rely on them.
Today, on World Press Freedom Day, we urge democratic leaders not to follow the path of authoritarian governments like Russia and Iran, who actively limit their citizens’ access to encrypted services. Protect encryption and uphold the human right to privacy. This is key to ensuring safety online, free and secure identity development, self-determination, free expression, freedom of the press, and other rights that are at the core of democracy.
Attacks on encryption are attacks on right to privacy
Encrypted services weaken their level of security to comply with legislative guidelines
Governments block access to noncompliant encrypted services – putting these governments on the same level as autocratic systems like Russia and Iran.
Services such as Signal, Tutanota and Threema have already announced that they will not weaken their encryption to comply with such stipulations, likely forcing countries like the UK to block access to these services instead. In India, many trusted VPN services already left due to the chilling effect of its new cybersecurity order CERT-In which forces VPN providers to maintain logs on users, thereby undermining their purpose and subjecting users to surveillance instead of circumventing it.
The ban on encrypted services is not surprising from authoritarian regimes. We worry that democratic governments like the UK, the US, the European Union, India and Australia are moving in the same direction.
Free and open internet
Everyone deserves a free and open internet. The internet must remain inclusive, free, and fair by providing everyone with unfettered access to online services, including encrypted services. This enables users to exercise their right to privacy, their right to engage in private discourse, and their right to hold those in power accountable by shedding light on human rights abuses, corruption, misinformation and environmental destruction – something that is vital to the democratic process of forming public opinion.
For this exact reason, access to encrypted services is blocked in authoritarian regimes like Russia and Iran – a precedent that must not be followed by democratic countries.
Taking away the right to privacy online limits the ability to exercise fundamental human rights such as freedom of expression and opinion, press freedom, and freedom of speech.
As organisations that believe in the power of the right to privacy as an enabler of free speech and freedom of the press, we call on all governments to:
Ensure that encryption is not being undermined via overreaching legislative initiatives.
Ensure that technologies providing secure, encrypted services are not being blocked or throttled.
Revisit any bills, laws and policies that legitimise undermining encryption or blocking access to services offering encrypted communication, particularly the Surveillance Legislation Amendment Act in Australia, the EARN IT Act in the US, the Online Safety Bill in the UK, Bill C26 in Canada, India’s Directions 20(3)/2022 – CERT-In and the proposed version of the rules to prevent and combat child sexual abuse in the EU.
The undersigned civil society organisations and companies worldwide appreciate your swift attention to these recommendations and pledge our support in assisting your efforts to deter future attacks on confidential communication.
18 Million Rising
Advocacy for Principled Action in Government
Alliance for Encryption in Latin America and the Caribbean – AC-LAC
Big Brother Watch
Center for Democracy & Technology
Center for Human Rights and Privacy
comun.al, Digital Resilience Lab (Mexico)
Community And Family Aid Foundation-Ghana
Defending Rights & Dissent
E-Governance and Internet Governance Foundation for Africa (EGIGFA)EGIGFA
ESOP – Associação de Empresas de Software Open Source Portuguesas
Fight for the Future
Global Partners Digital
Internet Society Catalan Chapter (ISOC-CAT)
ISOC Brazil – Brazilian Chapter of the Internet Society
Media Rights Agenda
Mullvad VPN AB
Organization for Identity & Cultural Development (OICD.net)
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
The serious security flaws in ownCloud (now owned by Kiteworks) do NOT affect Nextcloud. We have strict security processes in place, and do not ship test data from libraries that can cause security breaches.