Security and Law Book contents
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Chapter 6 - Protecting Human Rights through a Global Encryption Provision
Published online by Cambridge University Press: 23 January 2020
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Summary
INTRODUCTION
In a global digital economy, data pass through servers, located in different countries with diverse rules on data protection security. Different standards and requirements lead to the problem of the global system only being as strong (or weak) as cyber-security requirements in the “least trusted country”.
Encryption is oft en put forward by the crypto experts as an effective security measure. At its core, encryption transforms text-information into a seemingly random string of words and letters that can only be deciphered by using another bit of information, called the decryption key. The rules on use of encryption vary and some countries have adopted regimes that may compromise information and conversations despite use of appropriate encryption techniques. Encryption is also an important measure contributing to human rights, especially freedom of expression and the right to privacy. It keeps communications inaccessible and safe from prying eyes, enabling the sharing of opinion, accessing online information and organising with others to counter injustices. In data protection, encryption is a privacy preserving technique, that also contributes to security of processing personal data.
The data protection framework has seen two important changes in 2018 and 2019: the General Data Protection Regulation (GDPR) becoming applicable, and the modernisation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (so-called Convention no. 108+), respectively. Both instruments are oriented toward European states. However, due to their extraterritorial effects, the two instruments can be considered as means of globalising the data protection framework to achieve a worldwide adequate level of protection of personal data.
A connected world with international data flows could therefore benefit from globalised data protection rules. However, as discussed in this paper, progress has been slow, and not all instruments explicitly contain a reference to encryption. Nevertheless, if the international community decided to push for an obligation to use encryption under international law, some potentially applicable rules are already in place. Such an obligation would apply globally.
This paper attempts to address the challenge of finding such an obligation by examining provisions, relevant to encryption, that could potentially lead to a worldwide encryption requirement, thus obviating the problem of the least trusted country.
- Type
- Chapter
- Information
- Security and LawLegal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, pp. 129 - 160Publisher: IntersentiaPrint publication year: 2019