You are here: Home / Internet Governance / News & Media / State-led interference in encrypted systems: A public debate on different policy approaches

State-led interference in encrypted systems: A public debate on different policy approaches

by Admin — last modified Dec 05, 2017 02:03 PM
State-led interference in encrypted systems. Sunil Abraham is a speaker for this event.
  • Proposer's Name: Mr. Carlos Alberto Afonso
  • Proposer's Organization: Instituto Nupef
  • Co-Proposer's Name: Mr. Hartmut Glaser
  • Co-Proposer's Organization: CGI.br

Co-Organizers:

  • Mr., Carlos, AFONSO,Civil Society, Instituto Nupef
  • Mr. Hartmut, GLASER, Technical Community, CGI.br
  • Ms. Jamila, VENTURINI,Technical Community, NIC.br
  • Mr. Diego, CANABARRO, Technical Community, NIC.br

Session Format: Other - 90 Min
Format description: The session is designed to host a dialectic debate segment followed by a traditional round-table segment structured around a Q&A format.

Proposer:
Country: Brazil
Stakeholder Group: Civil Society

Co-Proposer:
Country: Brazil
Stakeholder Group: Technical Community

Speakers

  • Christoph Steck (Telefonica, Spain)
  • Riana Pfefferkorn (Stanford CIS, EUA)
  • Cristine Hoepers (CERT.br, Brazil)
  • Carlos A. Afonso (Nupef Institute, Brazil)
  • Neide Oliveira (Federal Prosecution Service, Brazil)
  • Sunil Abraham (CIS India)
  • Monica Guise Rosina (Facebook Brazil)
  • Jonah F. Hill (NTIA, EUA)
  • Nina Leemhuis Janssen (Govt of The Netherlands)

Content of the Session

The workshop is built around a policy question that approaches some historical controversies inherent to the widespread use and availability of encryption in the Internet, with a special focus on the tension between the increasing use of cryptography after Snowden and the supposed challenges it poses to public and national security in a digital era. The session promotes a space for multistakeholder debate on: the state of the art in the development and employment of cryptography; different attitudes towards the freedom to use encryption in different jurisdictions; modes of state-led interference in/with encrypted systems; and the limits posed by national and international law to such interference, as well as the impacts it might have to the protection and promotion fundamental human rights and shared values, to permission-less innovation on the Internet and the open architecture of the network. The session will host two segments: one will consist of two presentations made by government officials from the UK and the Netherlands that will detail different policy approaches for dealing with the use of encryption. The second comprises a multistakeholder round-table that gathers comments and questions about the previous presentations. In the end, moderators will summarize discussions and an overarching and documented report of the session will be made available for the session. The unorthodox format chosen for this session allows public scrutiny over some very practical policy-oriented approaches. The bulk of discussions registered during the workshop can provide dialogued feedback into policy development processes elsewhere.

Relevance of the Session

The development and use of encryption to protect information and communication dates back to ancient times. Encryption has been mainly employed over the centuries to protect personal data, business information, governmental classified information, etc. Attempts to break encryption in general as well as the notion of inserting vulnerabilities (such as backdoors) in systems that rely on encryption have been a parallel phenomenon to (and also an integral part of) the longstanding efforts of cryptography. One might even say that those two processes function as the two different sides of the same coin.

The advent and the great pace of development of computing and networking technologies boosted the science behind cryptography to unprecedented levels of relevance for society in general. More recently, after the Snowden affairs, cryptography has been perceived as a necessary condition (not a sufficient one though) for Internet users to curb the abuses entailed by massive digital surveillance and espionage by an ever growing number of countries. In parallel, together with other measures, the deployment of encryption to commercial applications seems to have become a, somehow, sine qua non condition for some Internet companies to regain consumer trust and retain competitive advantages in relation to other players in the market.

The widespread use and availability of encryption tools however refueled tensions and entailed policy responses in a myriad of countries (e.g.: the Apple vs FBI case in the context of the San Bernadino Shooting; the announcement made by some European countries of their willingness to outlaw some uses of encryption as well as the public commitment of the Netherlands government to support encryption and oppose the development of backdoors; and the successive orders by Brazilian courts that aimed at blocking Whatsapp in the country due to the company’s denial to delivery communication records from some of its users). Those tensions generally revolve around the fact that as general-purpose technology, encryption can be also employed to conceal irregular and/or illicit activities, which would justify the creation of some narrow but allegedly needed exceptions to the constitutional limits built over the last century in several countries to impose limits to criminal investigation in order to uphold privacy and personal data protection.

The cases mentioned above gave rise to fierce discussions on whether or not the use of encryption increases by itself the likelihood of and facilitate the occurrence of crime and other illicit activities (most notably organized crime of all sorts and terrorism). Some law enforcement agencies and security forces have argued that encryption impairs crime investigation and the prosecution of criminals, and therefore the development of technology with embedded backdoors might be needed. Other actors, including representatives from the technical community, however, argue that such interference might disrupt regularly protected flows of information and communication as well as compromise privacy and the protection of other fundamental human rights. At this point, we are in a stage in which the trade-off between those two perspectives have to be settled through democratic means and public participation and that is why this workshop was submitted for the IGF 2017.

Besides dealing with several different topics that comprise the overarching agenda of Internet governance (human rights, cybersecurity, openness and permission-less innovation, economic development, infrastructure governance, etc), the topic of this workshop is directly connected to two different goals comprised in the UN SDGs: sound institutions and innovation. Discussions on the contours of sound political institutions and on challenges and incentives for innovation are integral components of any sort of political agenda that aims at reflecting upon the “digital future”, which is the case of the 2017 IGF and highlight the importance of adding this proposal to the overall agenda of the event.