As the 118th U.S. Congress begins, the stakes surrounding our privacy rights have never been higher. For decades, lawmakers have utterly failed to defend everyday people – much less those who are most vulnerable online – from dangerous encroachments into our digital privacy. Just last week, the American Civil Liberties Union (ACLU) revealed a massive surveillance dragnet of people who use services like Western Union to send remittances.
Now, both sides of the aisle begin 2023 having painted a target on the backs of privacy-preserving software projects and those who build them. This attitude poses a real danger not only in the U.S., but for people across the globe. It’s time for software projects that value privacy to get organized.
Lia Holland is the campaigns and communications director, and and Eseohe Ojo is a campaigner, at Fight for the Future. This article is part of CoinDesk’s “Policy Week.”
This is why our organization, Fight for the Future, has released a letter signed by 40+ open-source, decentralized and/or privacy-preserving projects that asks lawmakers to protect a pro-privacy future. Signatories on this letter include Tor, The Blockchain Association, Nym, Protocol Labs, Proton, Zcash, Tutanota and Mysterium.
We have four simple asks:
Constitutional and human rights protections, both on- and offline
The first ask to Congress is straightforward: Do more to protect our constitutional and human right to privacy. The right to privacy has always been a foundational principle of the U.S. There are express or implied rights to privacy in the First, Third, Fourth, Fifth, Ninth and Fourteenth amendments to the Constitution. Even the legal victory that established a constitutionally protected right to code was about encryption, meaning it was about privacy. Unfortunately, that decision did not settle the law.
Threats to the right to code and the right to privacy are inextricably entwined, especially as more of our lives move into digital spaces where our rights are ignored and invasive surveillance is the default.
To seriously and vigorously defend these rights, many in Congress would need to shift their thinking on the simple act of writing code – to recognize that this freedom is core to the technologies that empower democracy and must be defended. That also means our representatives must analyze the potential impacts of new laws and regulatory action on First Amendment protections when drafting new legislation. This should be the rule, not the exception.
Champions of the right to privacy and the First Amendment must stridently oppose any actions that criminalize building and using privacy tools or the simple act of writing or running code. Proactively, lawmakers should consult those most impacted and consider new legislative shields to defend our rights against the corrosive powers of short-termism, political theater and poorly drafted bills, as well as from Big Tech and Finance’s lobbying pressure.
Support the decentralization of power
Secondly, Congress should be unwavering in its efforts to address power imbalances and support decentralization of power. The argument of the surveillance state is simple: safety demands sacrifice. If you aren’t doing anything wrong, you have nothing to worry about. This thinking is deeply flawed because surveillance concentrates power – and surveillance states and human rights abuses go hand in hand.
From East Germany pre-reunification to current-day Russia or Saudi Arabia, to communities across the U.S. and U.K., the dangers of surveillance are clear. We’ve seen the results in the news, in history books and in dystopian fiction like “1984.” The more you are surveilled, the more power state and corporate actors have over your life.
This issue compounds as decisions about our basic digital infrastructure and online safety are made unilaterally by out-of-touch billionaires. Surveillance capitalism pervades our digital economy, causing market forces to constantly erode user privacy by design.
It’s beyond time for Congress to invest in creating more resilient digital infrastructure, where power is decentralized and decisions are made by users, not the market or Mark Zuckerberg and Elon Musk. There are a host of strong legislative actions that would break Big Tech’s monopolistic and oppressive stranglehold on the internet.
Lawmakers should also be analyzing regulations for their potential to unintentionally entrench Big Tech by, for example, making compliance so expensive or business so risky that only the largest players can afford to exist.
Solutions and paradigm shifts often come from the margins, and the open source software community’s experimentation in community-owned and governed alternatives to Big Tech should be encouraged and embraced for the liberatory activity it is.
Champion privacy technologies
Another obvious action Congress should take is championing privacy technologies, such as end-to-end encryption (E2EE). Although our situation is dire, all is not lost when it comes to our digital privacy. Open-source developers and activists have done wonders for the human right to privacy by creating and promoting access to tools like end-to-end encryption and zero-knowledge proofs.
Privacy innovations can restore trust in our communications and financial activity. Yet, many prominent lawmakers are reacting to these tools with condemnation. They find surveillance appealing as it proposes a convenient, if facile, way to combat real problems such as illegal activity, tax avoidance and sanctions dodging: surveil everyone at all times.
See also: Zero-Knowledge Cryptography in 2023: The Year Privacy Becomes Practical / Opinion
It’s not worth it. This backsliding on our constitutional rights puts open source development of privacy tools in danger. Proposed legislation has effectively required that software developers put surveillance tools in their projects if they could ever possibly be used to host or transact in cryptocurrencies.
These moves from Washington, D.C., have shocked the open-source software community, and chilled the creation and use of human rights preserving tech. Instead, lawmakers must reverse course on pressuring companies not to implement or to break end-to-end encryption and other privacy-preserving technologies, and speak out when the FBI and Attorney General try to paint privacy as nothing more than a shield for criminality.
Pass data privacy laws
The final demand is the passage of long-overdue data privacy legislation. Even as Congress undermines privacy in practice, a nonpartisan majority of lawmakers understand that privacy is important to their constituents. Many conservatives, especially libertarians, want to protect private spaces from government intrusion and censorious corporate spying. Meanwhile, marginalized communities, which often lean left in their politics, need private spaces to protect themselves from authority figures who would harm or deplatform them to score cheap political victories.
Various forms of digital privacy legislation, including some that are well-intended but deeply flawed, have swirled around the U.S. Capitol for years. There has been no groundswell of support for these bills, and none have come close to passing. It’s time to change that and show Congress’ commitment to protecting constituents from surveillance, identity theft, discrimination and harassment.
Lawmakers need to work with key stakeholders including marginalized communities, anti-surveillance civil society organizations and open-source developers of privacy tools to craft a new privacy standard for everyone that includes severe crackdowns on the titanic government and commercial surveillance operations that have infected our internet.
See also: Why Crypto Should Support the American Data Privacy and Protection Act / Opinion
As these demands make abundantly clear, the value of privacy and privacy tools is not abstract. The essential nature of protecting our data is easily illustrated by any basic analysis of real-world threats to activists, journalists, abuse survivors and everyday people around the world. At home, the “penumbra” rights to privacy based on landmark U.S. Supreme Court cases are now being rolled back. Roe was overturned, and the threat to same-sex marriage established in Obergefell was severe enough that Congress passed the Respect for Marriage Act. Today, more – not less – marginalized people are at risk of being criminalized by surveillance-enhanced state laws and state police action.
The U.S.’ role in protecting and preserving human rights around the world should rank among the greatest prides of democracy. Traditionally, the U.S. has used diplomatic pressure to promote freedom of association, organization and access to information. All of these freedoms rely on privacy as a backstop against arrests and violent crackdowns.
It’s not just diplomatic pressure that allows the advancement of human rights, it’s privacy tools that are often created and run in the U.S. In October, for example, over 18,000 people in the U.S. ran Tor Snowflake to help internet users facing censorship in countries such as Russia and Iran privately circumvent it. Tor was created by MIT graduates and U.S. Naval Research Lab personnel to prevent tracking, surveillance and censorship worldwide.
Failure to protect the right to privacy will hurt democracy and, particularly, marginalized communities both in the U.S. and abroad. A growing number of technology and thought leaders are urgently calling on the U.S. Congress to return to the principles of the Constitution, as well as their own innate understanding of the harm surveillance has wrought among their core constituencies.
Everyday people should never be treated as criminals, guilty until government and corporate invasions into their privacy prove them innocent – and the time for our legislators to take action is now.