What is Encryption?
On one of your messaging apps, you could have seen notification words like “messages you send to this chat and calls are now secured with end–to–end encryption”. If this notification has ever bothered you or you have been wondering what it meant or its implications, worry no more. Encryption is the process of converting information or data into code (unrecognizable or encrypted form) to prevent unauthorised access. This, therefore, protects the information and data that you send over wireless networks and the internet. Today the 21st of October 2021, the Global Encryption day we call upon the players in the internet infrastructure to protect and promote encryption to make the internet safe for everyone.
Why is Encryption important?
In today’s world, it is nearly impossible not to communicate or do business without your personal data, private messages, and sensitive information relating to your business ending up on the web. In undertaking these activities, large amounts of data are managed online and stored in the cloud or on servers with an ongoing connection to the web which makes such data vulnerable to being hacked by the wrong elements on the internet or authoritarian governments to persecute persons with differing opinions or invade on their privacy. Encryption, therefore, affords you the opportunity to protect the data you send, receive and store on your computer system. Such data may include banking information through online banking platforms, passwords, social security numbers and any other personally identifiable information
What is your role?
In a bid to make the internet safer and promote the right to privacy on the internet, every user of the internet has a role to play in these efforts. The players in this space include individual users of the internet, governments and businesses that develop products for use on the internet.
The most important step to take in these efforts is to ensure that businesses offer End-To-End Encryption for users of their products and this should be default be a compliance requirement for any business that develops a service to be used on the internet. The governments are encouraged to put in place regulations that make it a compliance requirement for businesses to ensure that they offer their consumers End-To-End Encryption. There is however a worrying trend of governments seeing encryption as a threat and continue making demands to have access to information that would invade internet users’ privacy. This should be resisted and governments should respect the right of privacy of their citizens.
On the other hand, individual users of the internet are encouraged to use internet services that offer End-To-End Encryption or user-controlled encryption. As stakeholders, we all have a role to play in making the internet safe. Without encryption, your data is at risk and the internet is not safe.
What is the Regulatory Framework in Uganda?
As much as Uganda has enacted laws that relate to the regulation of electronic transactions and also address data protection and privacy concerns, more needs to be done. The regulatory framework as of now does not address the need to promote encryption as a compliance requirement. Nevertheless, the Data Protection and Privacy Act 2019 requires businesses that offer services over the internet to secure the integrity of the personal data in their possession or control by adopting appropriate, reasonable, technical, and organisational measures to prevent unauthorised access to the personal data in their control. The prevention of unauthorised access of personal data, in this case, could include encryption although efforts in enforcing the same should be heightened by the authority responsible to enforce the Data Protection and Privacy Act 2019. It’s commendable that the Personal Data Protection office has since been made operational and this would help in enforcing and implementation of the Data Protection and Privacy Act 2019.
It’s however important to note that more businesses like FinTechs, Online Banking, Telemedicine, telehealth, etc continue to have online platforms where personal data and other sensitive information would end up on the web. This calls for specific regulations that would require such entities to develop their applications on the foundations of ensuring the privacy and data protection of the user. In respect to businesses that are based in Uganda but process or store the personal data of their users outside Uganda, they are required to ensure that the country in which the data is processed or stored has adequate measures for the protection of personal data equivalent to the protection provided by Uganda’s Data Protection and Privacy Act 2019.
As we join the world to add a voice to protect encryption, we call upon governments to desist the attempts to have encryption backdoors that would enable them to access personal information without any limitations. This is a threat to the foundations of the internet and a violation of the right to privacy. “If you weaken encryption, people will die” Edward Snowden