Privacy and Encryption

What we do have are a few scattered instances under which narrow private issues are protected, such as personal details in electronic transactions under the Electronic Transactions Law and private family life information under the Cybercrime Law.

Privacy is a hard issue to convince authorities to recognise because it competes with the interest of the state in surveying as much information as possible in order to prevent misconduct, crime and terrorism.

There is no doubt that some notions of security are important and justified when there is an eminent and real threat. The impact of this security does not hinder our use of technology and does not infringe on our privacy.

It is hard to argue that Oman has managed to strike a fine balance between the right of privacy of individuals and the right of the state to ensure security, obviously because privacy is not at all recognised as a right in this country.

There are more than a few instances where Oman's obsession with security has led to the creation of impractical and unworkable regulations. An outrageous example of such a provision is Article 48 of the Telecommunications Law which provides that, “Encryption shall not be used in telecommunications or between computer networks without a licence from the minister.”

Anyone with a basic level of knowledge about how the Internet works would instantly recognise that this provision is ridiculous. Any private interaction on the Internet requires using an encryption and requiring a person to seek approval before creating an encrypted connection to another computer is just impossible to achieve.

Every time you visit a website that has a URL that starts with https, you would be using an encrypted connection to connect to the server that hosts the website. For example, if you would like to send an email using Gmail or pay a bill using your online banking system, you would be potentially violating Article 48 because you didn't acquire the necessary licence from the minister.

The same goes for anyone who has ever created a protected wireless network at home or played a multiplayer video game between two handheld game consoles. I am not aware of any instance where this provision was actually enforced, except probably for Skype. The authorities argue that one of the numerous reasons why it is blocked is that it is encrypted and they claim this is in violation of Omani laws.

The authorities need to appreciate that encryption is not just used by criminals and terrorists to scheme secretly, but also by consumers to protect themselves from criminals and terrorists. They can intercept our communications if we do not take reasonable measures to protect ourselves.

Creating a policy that is out of touch with the real world makes it impossible to ever implement that policy. It contributes to spreading the idea that the law is meaningless and irrelevant.

It is not acceptable for the authorities to continue to think that we should not encrypt our communications because our property, identity, and privacy are all at constant risk every time we go online, and we should have the right to protect ourselves as we see fit.

Riyadh Abdul Aziz is a blogger interested in the relationship between the web and society who works as a legal researcher for the government of Oman. He is interested in technology, intellectual property, and law. You can e-mail Riyadh at riyadh.aziz@apexmedia.co.om