Riseup, a tech collective that provides security-minded communications to activists worldwide, sounded the alarm last month when a judge in Spain stated that the use of their email service is a practice, he believes, associated with terrorism.
Javier Gómez Bermúdez is a judge of Audiencia Nacional, a special high court in Spain that deals with serious crimes such as terrorism and genocide. According to press reports, he ordered arrest warrants that were carried out on December 16th against alleged members of an anarchist group. The arrests were part of Operation Pandora, a coordinated campaign against “anarchist activity” that has been called an attempt “to criminalize anarchist social movements.” The police seized books, cell phones, and computers, and arrested 11 activists. Few details are known about the situation, since the judge has declared the case secret.
At least one lawmaker, David Companyon, has speculated that the raids are a “stunt to garner support for Spain’s recently approved ‘gag law.’” The new law severely restricts demonstrations, setting huge fines for activities such as insulting police officers (€600), burning a national flag (up to €30,000), or demonstrating outside parliament buildings or key installations (up to €600,000). Considering the provisions of the law, it’s no surprise that many see the raid, conducted against a group with political ideas that the government appears to find threatening, as connected.
In a statement, Riseup noted:
Four of the detainees have been released, but seven have been jailed pending trial. The reasons given by the judge for their continued detention include the possession of certain books, "the production of publications and forms of communication”, and the fact that the defendants “used emails with extreme security measures, such as the RISE UP server.
It’s unclear exactly what the judge means by “extreme security measures.” As Riseup points out, “many of the ‘extreme security measures’ used by Riseup are common best practices for online security.” It seems the inherent assumption behind the judge’s decision is that using services that follow best practices for online security should be considered suspicious. This clearly runs contrary to the presumption of innocence, a core requirement of international human rights law. But what’s more, using services with strong security is how individuals can exercise their right to privacy and expression in the digital age while staying safe. Every new data breach and security disaster reminds us of this.
Calling the desire to be safe online “extreme” is incredibly disturbing. But it’s hardly surprising. During the “Crypto wars” of the 1990s, the US government propagated the idea that strong encryption should be treated like a weapon. That may be because strong security makes it harder for agencies like the NSA to brazenly surveil everyone—and makes it harder to repress groups with political ideas that threaten the status quo. There’s no question that anarchists fall into that category, and it’s perhaps that issue that has the Spanish government concerned.
In its statement, Riseup explains that it “has an obligation to protect the privacy of its users,” and “is not willing to allow illegal backdoors or sell our users’ data to third parties.”
There’s strong evidence that the NSA has ensured that backdoors are built into many products and services. Companies and groups such as Riseup want to provide users with reliable, secure network services even when—in fact especially when—dealing with requests from law enforcement and lawyers to hand over private user information and logs. They have developed strong policies to protect themselves from legal liability, but more importantly to protect the safety and privacy of their users.
The need for that privacy and security cannot be overstated. In his landmark report to the 23rd session of the Human Rights Council, the U.N.'s free speech watchdog, Frank La Rue made clear that secure communication are critical for an open society. La Rue stated:
Individuals should be free to use whatever technology they choose to secure their communications, and that states should not interfere with the use of encryption technologies.
Without adequate protection to privacy, security and anonymity of communications, no one can be sure that his or her private communications are not under states’ scrutiny.
Privacy is an essential feature of any free society. Alongside the “gag law,” repressing private, secure communications sends a distressing signal about the Spanish government’s intentions. But there is still time for the court to correct this decision. If the reason these activists are being held truly is their perfectly reasonable and common decision to secure their own communications, they should be released now.