A single day doesn't pass without authorities or politicians trying to bridle encryption. They push for backdoors in software and devices, closely monitor encryption software and service providers, and keep an even closer eye on way too many people. So many people come to ask: "Is encryption a crime?".
One very recent, striking example that raised the question is Scotland Yard's accusations of a man for six separate acts of preparing terrorism, including researching encryption, developing an “encrypted version” of his blog (HTTPS?), and instructing others how to use encryption. Yes, you read that right. Encryption.
He was also charged with owning a USB cufflink with a bootable operating system, presumably Tails. Since when is using an open, free OS with the capacity for general-purpose encryption an act of terrorism?...
WARNING: These charges will make your eyes pop
Here's a direct copy-paste of the charges discussed here:
"Count 3: Preparation for terrorism. Between 31 December 2015 and 22 September 2016 [name redacted], with the intention of assisting another or others to commit acts of terrorism, engaged in conduct in preparation for giving effect to his intention namely, by researching an encryption programme, developing an encrypted version of his blog site and publishing the instructions around the use of programme on his blog site. Contrary to section 5 Terrorism Act 2006."
"Count 5: On or before 22 September 2016 [name redacted] had in his possession an article namely one Universal Serial Bus (USB) cufflink that had an operating system loaded on to it for a purpose connected with the commission, preparation or instigation of terrorism, contrary to section 57 Terrorism Act 2000."
So the intent of this criminal act is to aid and assist terrorism, but the criminal act itself is still researching, deploying, and teaching cryptography. This is even hard to comprehend!
"He hasn’t been charged for helping terrorists.
He has been charged for having an encrypted blog. The reason authorities have chosen to charge him, is because that blog may contain material that helps terrorists. The distinction is small, but it has a massive impact on how we apply laws in the UK.
Helping other people conduce killing of other humans is already illegal in the UK, so that is what he should be charged with if there is evidence he did it.
But he has literally been charged with “instruction or training in the use of encryption programmes”.
It shouldn’t matter what the encryption was going to be used for, no-one should ever be charged with doing that."
Following that logic, you could be jailed for astronomical noise
As early as five years ego, in 2012, one person made a very troubling prediction that's obviously coming true. This is Rick Falkvinge, Head of Privacy at Private Internet Access and founder of the first Pirate Party. He said: "In the UK, you will gol to jail not just for encryption, but for astronomical noise, too."
Now, reacting to the Scotland Yard case, he continued:
"It’s already a crime to not give up keys to an encrypted document in the UK (effectively making encryption illegal), but it’s worse than that – it’s a five-years-in-prison offense to not give up the keys to something that appears encrypted to law enforcement, but may not actually be. In other words, carrying astronomical noise is a jailable offense, because it is indistinguishable from something encrypted, unless you can pull the documents the police claim are hidden in the radio noise from a magic hat. This case takes the UK significantly closer to such a reality, with charging a person for terrorism (!) merely for following privacy best practices."
Common sense, Scotland Yard – It's that simple
If you think about what encryption really is, it's mathematics. Hence, if researching and teaching encryption is a criminal act of terrorism, then basically all maths students, teachers and enthusiasts are potential terrorists. Now this is a "Wait. What!?" moment, isn't it?
In case you'd like to take the question to Google and type, say, "is encryption illegal", there's a good chance you'll see a thread on Quora among the top results.
"Encryption is not only legal, but essential! It is the basis upon which all modern society sits. Whenever you send any message to or from an electronic device, it is broadcast to ALL devices connected to the internet. They aren't supposed to listen, but it's trivial to make a device that does.
Unencrypted passwords? I'm you now.
Unencrypted bank info? Welcome to poverty.
Unencrypted political conversation? Hellfire missile impact in 3....2.....1.....
The end of encryption means the end of the free world."
It's as simple as that. Not only encryption itself isn't illegal, it's the norm, an absolute necessity for many people and organizations around the world. It's insane to blame even the worst of criminals for using encryption. Sure, they can be accused of the real crimes they did, but not for using encryption.
Elvis Jackson, an IT author and blogger, says:
"The simplest answer to your question is a big ‘No’. Encryption is not illegal. With the increase in the number of cyber attacks, the need for encryption has also increased. Therefore, encryption is important in today’s digital age.
If encryption was to be illegal, then all the security agencies, and military organizations, would not have used encryption algorithms to safeguard their secrets.
Encryption helps internet users to enhance their online privacy and security while using internet. Hence, encryption is absolutely a legal phenomenon."
An endless play of cat and mouse, not the end of a global industry
Still, due to its close historical relation to warfare and espionage, encryption has always been a matter of national security in many countries around the world, especially the ones often engaged in conflicts and attempts at political and economic domination. Thus, following the instinct of war, there are people who want to be able to see everything without having to reveal their own privacy. You know who I'm talking about. Those who want to know everyone's secrets but keep theirs.
Anyway, the world is full with security companies that offer encryption services, like Secure Group. Even giants like Facebook now offer end-to-end encryption, no matter it's more of a statement than a real security solution. Or what about using the default full disk encryption in an Android phone or an iPhone? That's completely normal and recommendable.
These are all companies that create jobs, pay taxes, contribute to economy, and do not deal with terrorists or other criminals. Because security and privacy aren't for the bad guys only. Everyone deserves security and privacy of their own data and communication and there's nothing wrong with that.
The takeaway? Don't do terrorism. Do encrypt.