Abstract
This article examines how the debates on a right to encryption, understood within the framework of digital constitutionalism, may be impacted by the development of quantum computing. An important question is how to ensure that fundamental rights and freedoms in the digital environment are adequately preserved, especially considering that the development of quantum capabilities is likely to occur in a disparate manner between developed and developing countries. For this reason, the article brings as an example the case of Brazil, a country that has a significant history of discussing digital rights and in which the issue of encryption is currently in debate before the Supreme Court. The paper is structured in three main parts, beginning with an overview of the discussions on the idea of a right to encryption within digital constitutionalism initiatives, particularly in Brazil. Next, the article examines how the development of quantum technologies may impact encryption, analyzing both technical and geopolitical repercussions of the race for quantum supremacy. Finally, it assesses the potential impacts of quantum computing on the enjoyment of fundamental rights in the digital environment and examines three different approaches: the development of post-quantum cryptography standards, the adjustment of domestic policies and further development of flexible legal and regulatory strategies, and global cooperation through binding and non-binding legal instruments. To conclude, the paper assesses the specific challenges faced by developing countries, such as Brazil, in connecting the debate on fundamental rights with the new technical and legal issues raised by emerging technologies.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
Data sharing not applicable to this article as no datasets were generated or analyzed during the current study.
Notes
These provisions can be found in Article 7, items II and III of MCI: “Art. 7. Access to the internet is essential to the exercise of citizenship, and the following rights are guaranteed to the users:
II—inviolability and secrecy of the flow of users’ communications through the Internet, except by court order, as provided by law;
The cases under discussion are Ação Direta de Inconstitucionalidade 5527, which challenges the constitutionality of certain provisions of Marco Civil da Internet that have been used by lower courts as grounds for blocking WhatsApp in the country, and Arguição de Descumprimento de Preceito Fundamental 403, which claims that WhatsApp blocks violate fundamental rights to communication and information.
These include, but are not limited to: (i) Hyper Text Transfer Protocol Secure (HTTPS)/Transport Layer Security (TLS)/Secure Sockets Layer (SSL), the current protocols for providing layers of security on web browsing; (ii) Public-Key Infrastructure (PKI), which supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party; and (iii) P Security (IPSec), an Internet Engineering Task Force (IETF) standard suite of protocols between two communication points across the IP network that provide data authentication, integrity, and confidentiality (“Applications and Limitations of Diffie-Hellman algorithm – GeeksforGeeks”, 2020). Other examples of these cryptographic systems implementations are Microsoft developer’s platform, Microsoft Azure (Benari, 2014); WhatsApp’s end-to-end encryption protocol (WhatsApp, 2020); and Bitcoin’s authentication algorithm (“Elliptic Curve Digital Signature Algorithm – Bitcoin Wiki”, 2021).
As an example, since the year 2000, the digital certification scheme in Brazil has been running under an IKE framework known as ICP-Brasil (“ICP-Brasil,” 2017). It has a very large and complex ecosystem, composed of certificate and register authorities, including banks, public institutions, and universities, among others. With the digital transformation of public services, the importance of ICP-Brasil is continuously increasing. However, the cost of adapting the current IKE framework to quantum-resistant technologies may be considerable, and the lack of timely adaptation may increase its vulnerability to cyberattacks. This is a problem that may be faced both by public and private organizations, especially in developing countries.
These include TLS, SSH, IKE, and IPsec.
A KEM is a cryptographic primitive that allows anyone in possession of some party’s public key to securely transmit a key to that party. A KEM can be viewed as a key-exchange protocol in which only a single message is transmitted; the main application is in combination with symmetric encryption to achieve public-key encryption of messages of arbitrary length. See Coretti et al. (2013).
The term perfect forward secrecy is commonly used to denote a feature of key agreement protocols which gives assurances that past session keys will not be compromised even if the private key of the server is compromised. One example of a protocol that supposedly implements this feature is the WhatsApp end-to-end encryption mechanism. See WhatsApp (2020).
Side-channel attacks gain information about the targeted cryptosystem by observing its physical processes, such as the processor’s running time, electromagnetic emissions, and cryptographic hardware’s power consumption. See Pfefferkorn (2017).
According to NIST, “ideally an attacker should not gain an advantage by attacking multiple keys at once, whether the attacker’s goal is to compromise a single key pair, or to compromise a large number of keys.” See NIST (2016b, p. 19).
Data Protection by Design is related to the broader concept of Privacy by Design, used at the international level since the 1990s to refer to technological measures for ensuring privacy (EDPS, 2018, p. 4). However, Data Protection by Design refers to specific legal obligations established by Article 25(1) of the GDPR.
It is interesting to note that the provision explicitly suggests pseudonymization as an appropriate security measure to implement DPbD. In 2014, the former Article 29 Working Party presented pseudonymisation as a set of techniques that reduces the linkability of a dataset with the original identity of a data subject, highlighting secret-key encryption schemes as one of those (Article 29 Data Protection Working Party – ART29WP, 2014, p. 20).
Some examples are the OECD AI Principles (OECD, 2019) and the UNESCO Recommendation on the Ethics of Artificial Intelligence (UNESCO, 2021), as well as the Council of Europe Ad hoc Committee on Artificial Intelligence initiative, which was mandated to examine the feasibility of and potential elements of a legal framework for the development, design, and application of artificial intelligence (CAHAI, 2020). It should also be noted that some initiatives that started with non-binding instruments have been evolving to binding ones, such as the current debates surrounding the European proposal for an Artificial Intelligence Regulation European Commission.
References
Agencia Española de Protección de Datos - AEPD, & European Data Protection Supervisor - EDPS. (2021). 10 misunderstandings related to anonymisation (p. 3). Retrieved from https://edps.europa.eu/data-protection/our-work/publications/papers/aepd-edps-joint-paper-10-misunderstandings-related_en
Applications and limitations of Diffie-Hellman algorithm - GeeksforGeeks. GeeksforGeeks. (2020). Retrieved 30 December 2021, from https://www.geeksforgeeks.org/applications-and-limitations-of-diffie-hellman-algorithm/
Article 29 Data Protection Working Party. (2014). Opinion 05/2014 on anonymisation techniques - WP216 (p. 20). Brussels: European Commission. Retrieved from https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf
Bay, M. (2017). The ethics of unbreakable encryption: Rawlsian privacy and the San Bernardino iPhone. First Monday. https://doi.org/10.5210/fm.v22i2.7006
Benari, E. (2014). Azure blog and updates | Microsoft Azure. Azure.microsoft.com. Retrieved 30 Dec 2021, from https://azure.microsoft.com/en-ca/blog/tag/ecc/
Berkman Center for Internet and Society. (2016). Don’t panic: Making progress on the “Going Dark” debate. Cambridge, Massachusetts. Retrieved from https://cyber.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf
Brazil. (2020). Federal Supreme Court. Vote of the Justice Rapporteur Edson Fachin. Allegation of Noncompliance with a Fundamental Precept n. 403. Retrieved 9 June 2022, from https://www.conjur.com.br/dl/fachin-suspensao-whatsapp-decisao.pdf
Bruno, L., & Spano, I. (2021). Post-quantum encryption and privacy regulation: Can the law keep pace with technology?. Retrieved 11 Feb 2022, from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920272
Casacuberta, D., & Senges, M. (2008). Do we need new rights in cyberspace? Discussing the case of how to define on-line privacy in an Internet Bill of Rights. Enrahonar. Quaderns De Filosofia, 40, 99. Retrieved 9 June 2022, from https://doi.org/10.5565/rev/enrahonar.306
Celeste, E. (2019). Digital constitutionalism: A new systematic theorisation. International Review Of Law, Computers & Technology, 33(1), 76–99. Retrieved 30 Dec 2021, from https://doi.org/10.1080/13600869.2019.1562604
Clarke, L. (2021). Geopolitics threat to new-era quantum computing research - Tech Monitor. Tech Monitor. Retrieved 30 Dec 2021, from https://techmonitor.ai/technology/emerging-technology/geopolitics-protectionism-threaten-quantum-computing-research
Coretti, S., Maurer, U., & Tackmann, B. (2013). A constructive perspective on key encapsulation. Lecture Notes In Computer Science, 226–239. Retrieved 11 Feb 2022, from https://doi.org/10.1007/978-3-642-42001-6_16
Council of Europe Ad hoc Committee on Artificial Intelligence - CAHAI. (2020). Feasibility study. Retrieved from https://rm.coe.int/cahai-2020-23-final-eng-feasibility-study-/1680a0c6da
de Wolf, R. (2017). The potential impact of quantum computers on society. Ethics and Information Technology, 19(4), 271–276. https://doi.org/10.1007/s10676-017-9439-z
Deeks, A. (2020). The international legal dynamics of encryption. Retrieved 11 Feb 2022, from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3587438
Dobner, P., & Loughlin, M. (2010). The twilight of constitutionalism? New York: Oxford University Press. Elliptic Curve Digital Signature Algorithm - Bitcoin Wiki. En.bitcoin.it. (2021). Retrieved 30 Dec 2021, from https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm
European Commission. (2021). Proposal for a regulation of the European parliament and of the council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain union legislative acts. Eur-lex.europa.eu. Retrieved 11 Feb 2022, from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0206
European Data Protection Supervisor - EDPS. (2018). Opinion 5/2018: Preliminary opinion on privacy by design. Brussels: EDPS. Retrieved 11 Feb 2022 from https://edps.europa.eu/sites/edp/files/publication/18-05-31_preliminary_opinion_on_privacy_by_design_en_0.pdf
European Data Protection Supervisor - EDPS. (2021). TechDispatch #2/2020: Quantum computing and cryptography. Brussels: EDPS. Retrieved 11 Feb 2022 from https://edps.europa.eu/data-protection/our-work/publications/techdispatch/techdispatch-22020-quantum-computing-and_en
Fundação Instituto de Educação de Barueri - FIEB. (2022). SENAI vai coordenar Rede Nacional de Computação Quântica MCTI/SOFTEX. Fieb.org.br. Retrieved 11 Feb 2022, from https://www.fieb.org.br/noticias/senai-vai-coordenar-rede-nacional-de-computacao-quantica-mcti-softex/
Gidney, C., & Ekerå, M. (2021). How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits. Quantum, 5(433). https://doi.org/10.22331/q-2021-04-15-433
Giles, M. (2019). Explainer: What is post-quantum cryptography?. MIT Technology Review. Retrieved 30 Dec 2021, from https://www.technologyreview.com/2019/07/12/134211/explainer-what-is-post-quantum-cryptography
Gill, L., Redeker, D., & Gasser, U. (2015). Towards digital constitutionalism? Mapping attempts to craft an Internet Bill of Rights. SSRN Electronic Journal. Retrieved 30 Dec 2021, from https://doi.org/10.2139/ssrn.2687120
Gregorio, G. (2022). Digital constitutionalism in Europe. Reframing rights and powers in the algorithmic society.
Harrow, A., & Montanaro, A. (2017). Quantum computational supremacy. Nature, 549(7671), 203–209. https://doi.org/10.1038/nature23458
Hoofnagle, C., & Garfinkel, S. (2022). Law and policy for the quantum age (pp. 126–139). Cambridge University Press.
ICP-Brasil. Instituto Nacional de Tecnologia da Informação. (2017). Retrieved 30 Dec 2021, from https://www.gov.br/iti/pt-br/assuntos/icp-brasil
Kaye, D. (2015). Report of the special rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye. New York: United Nations. Retrieved from https://www.undocs.org/A/HRC/29/32.
Kop, M. (2020). Regulating transformative technology in the Quantum Age: Intellectual property, standardization & sustainable innovation, 2 TTLF Newsletter on Transatlantic Antitrust and IPR Developments Stanford-Vienna Transatlantic Technology Law Forum, Stanford University, 18. https://law.stanford.edu/publications/regulating-transformative-technology-in-the-quantum-age-intellectual-property-standardization-sustainable-innovation/
Kop, M. (2021). Establishing a legal-ethical framework for quantum technology. Yale Journal Of Law & Technology, 14. https://yjolt.org/blog/establishing-legal-ethical-framework-quantum-technology/
Mancuso, M., & Rapa, A. (2020). Anticipating a turning point in US export controls for tech | Publications | Kirkland & Ellis LLP. Kirkland.com. Retrieved 30 Dec 2021, from https://www.kirkland.com/publications/article/2020/01/anticipating-turning-point-us-export-controls-tech
Mavroeidis, V., Vishi, K., D., M., & Jøsang, A. (2018). The impact of quantum computing on present cryptography. International Journal Of Advanced Computer Science And Applications, 9(3), 3. https://doi.org/10.14569/ijacsa.2018.090354
Medeiros, F., & Bygrave, L. (2015). Brazil’s Marco Civil da Internet: Does it live up to the hype? Computer Law & Security Review, 31(1), 120–130. https://doi.org/10.1016/j.clsr.2014.12.001
Ménard, A., Ostojic, I., Patel, M., & Volz, D. (2020). A game plan for quantum computing. McKinsey Quarterly. Retrieved 30 Dec 2021, from https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/a-game-plan-for-quantum-computing
Mendes, G. F., & Fernandes, V. O. (2020). Constitucionalismo digital e jurisdição constitucional: Uma agenda de pesquisa para o caso brasileiro. Revista Brasileira De Direito, Passo Fundo, 16(1), 1–33.
Moncau, L. F. M., & Arguelhes, D. W. (2020). The Marco Civil da Internet and digital constitutionalism. In: Giancarlo Frosio. (Org.). The Oxford handbook of online intermediary liability. 1ed. Oxford University Press, 1, 190–214. Retrieved 11 Feb 2021, from https://doi.org/10.1093/oxfordhb/9780198837138.001.0001/oxfordhb-9780198837138-e-10
Moraes, T. (2020). Sparkling lights in the going dark: Legal safeguards for law enforcement’s encryption circumvention measures. European Data Protection Law Review, 6(1), 41–55. https://doi.org/10.21552/edpl/2020/1/7
National Institute of Standards and Technology - NIST. (2016a). Report on post-quantum cryptography. U.S. Department of Commerce. Retrieved from https://nvlpubs.nist.gov/nistpubs/ir/2016a/NIST.IR.8105.pdf
National Institute of Standards and Technology - NIST. (2016b). Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. U.S. Department of Commerce. Retrieved from https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016b.pdf
National Institute of Standards and Technology - NIST. (2020). Status report on the second round of the NIST post-quantum cryptography standardization process. (p. 12) U.S. Department of Commerce. Retrieved from https://doi.org/10.6028/NIST.IR.8309
National Institute of Standards and Technology - NIST. (2021). Post-quantum cryptography: The good, the bad, and the powerful [Video]. Retrieved 30 Dec 2021, from https://www.nist.gov/video/post-quantum-cryptography-good-bad-and-powerful
Organization for Economic Cooperation and Development - OECD. (1997). Recommendation of the council concerning guidelines for cryptography policy. Retrieved 24 May 2022, from https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0289
Organization for Economic Cooperation and Development - OECD. (2019). The OECD artificial intelligence (AI) principles - OECD.AI. Oecd.ai. Retrieved 11 Feb 2022, from https://oecd.ai/en/ai-principles
Organization for Economic Cooperation and Development - OECD. (2020). Digital economy outlook. Retrieved 24 May 2022, from https://www.oecd-ilibrary.org/science-and-technology/oecd-digital-economy-outlook-2020_bb167041-en
Pfefferkorn, R. (2017). Everything radiates: Does the fourth amendment regulate side-channel cryptanalysis?. Connecticut Law Review, 49, 1398. Retrieved 30 Dec 2021, from https://law.stanford.edu/publications/everything-radiates-does-the-fourth-amendment-regulate-side-channel-cryptanalysis/
Post-Quantum Cryptography. NIST. (2017). Retrieved 30 Dec 2021, from https://csrc.nist.gov/projects/post-quantum-cryptography
Rand, L., & Rand, T. (2021). The ‘Prime Factors’ of quantum cryptography regulation. (p. 16) Retrieved 30 Dec 2021, from https://doi.org/10.2139/ssrn.3904342
Rieffel, E., & Polak, W. (2011). Quantum computing: A gentle introduction (1st ed., p. 14). The MIT Press.
Rota, D. (2018). A quantum leap in international law on cyberwarfare: An analysis of international cooperation with quantum computing on the horizon. Harvard Law School National Security Journal. Retrieved 30 Dec 2021, from https://harvardnsj.org/2018/11/a-quantum-leap-in-international-law-on-cyberwarfare-an-analysis-on-the-need-for-international-cooperation-with-quantum-computing-on-the-horizon/
Silva, P., Mangeth, A., & Perrone, C. (2021). The encryption debate in Brazil: 2021 update. Carnegie Endowment for International Peace. Retrieved 11 Feb 2022, from https://carnegieendowment.org/2021/03/31/encryption-debate-in-brazil-2021-update-pub-84238
Solove, D. (2011). Nothing to hide: The false tradeoff between privacy and security. Yale University Press. https://doi.org/10.5860/choice.49-2979
Suzor, N. (2018). Digital constitutionalism: Using the rule of law to evaluate the legitimacy of governance by platforms. Social Media + Society, 4(3), 205630511878781. https://doi.org/10.1177/2056305118787812
Teubner, G. (2012). Constitutional fragments: Societal constitutionalism and globalization. Oxford University Press.
U.S-China Economic and Security Review Commission. (2021). Unfinished business: Export control and foreign investment reforms. Retrieved 11 Feb 2022 from https://www.uscc.gov/sites/default/files/2021-06/Unfinished_Business-Export_Control_and_Foreign_Investment_Reforms.pdf
U.S. House Judiciary Committee and House Energy and Commerce Committee. (2016). Encryption working group year-end report. Retrieved 11 Feb 2022 from https://www.americanbar.org/content/dam/aba/administrative/law_national_security/Encryption%20Working%20Group%20YE%20Rep.pdf
United Nations Educational, Scientific and Cultural Organization - UNESCO. (2016). Human rights and encryption. Paris: UNESCO. Retrieved 24 May 2022 from https://unesdoc.unesco.org/ark:/48223/pf0000246527
United Nations Educational, Scientific and Cultural Organization - UNESCO. (2021). Recommendation on the ethics of artificial intelligence. Retrieved 11 Feb 2022 from https://en.unesco.org/artificial-intelligence/ethics
United Nations Human Rights Council - UNHCR. (2019). Resolution adopted by the Human Rights Council on 26 September 2019 on the right to privacy in the digital age. Retrieved 11 Feb 2022 from https://digitallibrary.un.org/record/3837297
United Nations Human Rights Council - UNHCR. (2020). Resolution adopted by the Human Rights Council on 6 October 2020 on the safety of journalists. Retrieved 11 Feb 2022 from https://undocs.org/en/A/HRC/RES/45/18
Walden, I. (2018). ‘The sky is falling!’ – Responses to the ‘Going Dark’ problem. Computer Law & Security Review, 34(4), 901–907. https://doi.org/10.1016/j.clsr.2018.05.013
WhatsApp. (2020). WhatsApp encryption overview: Technical white paper. WhatsApp. Retrieved 11 Feb 2022 from https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
Yilma, K. (2017). Digital privacy and virtues of multilateral digital constitutionalism—Preliminary thoughts. International Journal of Law and Information Technology, 25(2), 115–138. https://doi.org/10.1093/ijlit/eax001
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors declare no competing interests.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Wimmer, M., Moraes, T.G. Quantum Computing, Digital Constitutionalism, and the Right to Encryption: Perspectives from Brazil. DISO 1, 12 (2022). https://doi.org/10.1007/s44206-022-00012-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s44206-022-00012-4