Making and breaking with science and conscience The human rights-compatibility of information security governance in the context of quantum computing and encryption

If you squint, everything is information – and the rest are computers in disguise. One of the important questions of the 21st century then is: who gets access to this information, and who gets to control these systems? Information security measures have an important role to play here, and states have in the past decades adopted various rules in this domain. However well-intentioned most of these policies might be, when you look at them as a whole, they reveal an incomplete understanding of the field of information security. In particular, they are not built around the dynamic of making and breaking, which is inherent to information security.
In this book, it is argued that, in order for policies in this domain to be compatible with human rights, those policies must be developed around this continual cycle of discovery and mitigation, using the arms race between encryption technologies and quantum computing as an important case study. In the first part of the thesis, the question is answered how governments are, and could be shaping the domains of information security, encryption and quantum computing. In the next part, the rules by which these governance measures need to be assessed is discussed: this is the human rights framework which imposes limits on what governments may do, and provides obligations on what governments should do. And then in the last part, this human rights framework is applied to each of the domains of information security, encryption technologies and quantum computing.
The conclusion is that a radical overhaul of governance in these domains is necessary. When it comes to information security, it is concluded that governance measures should be aimed at facilitating the breaking of information security measures, as long as the results are used to strengthen security. When it comes to encryption technologies, it is concluded that we need more encryption, not less. And when it comes to quantum computing, the conclusion is that the development of these powerful machines cannot be stopped, but that governments have an obligation to mitigate their risk – science must be done with conscience.