IGF 2021 WS #278 Networked trust: encryption choices to a reliable Internet

Time
Wednesday, 8th December, 2021 (15:50 UTC) - Wednesday, 8th December, 2021 (17:20 UTC)
Room
Ballroom A

Organizer 1: André Ramiro, Law and Technology Research Institute of Recife (IP.rec)
Organizer 2: Luiza Brandão, Instituto de Referência em Internet e Sociedade (IRIS)
Organizer 3: Flavio Wagner, CGI.br
Organizer 4: Mallory Knodel, Center for Democracy & Technology
Organizer 5: Eilin Geraghty, ECO - Association of the Internet Industry
Organizer 6: Prasanth Sugathan, Software Freedom Law Centre, India
Organizer 7: Polk Ryan, Internet Society
Organizer 8: Jeremy Malcolm, Prostasia Foundation
Organizer 9: Paloma Carmo, Instituto de Referência em Internet e Sociedade (IRIS)

Speaker 1: Mallory Knodel, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Prasanth Sugathan, Civil Society, Asia-Pacific Group
Speaker 3: Vittorio Bertola, Private Sector, Western European and Others Group (WEOG)
Speaker 4: Lidia Stepinska-Ustasiak, Government, Western European and Others Group (WEOG)
Speaker 5: Susan Landau, Technical Community, Western European and Others Group (WEOG)
Speaker 6: Pablo Bello, Private Sector, Latin American and Caribbean Group (GRULAC)
Speaker 7: Patrick Breyer, Government, Western European and Others Group (WEOG)
Speaker 8: Jeremy Malcolm, Civil Society, Western European and Others Group (WEOG)

Moderator

Nathalia Sautchuk , Technical Community, Latin American and Caribbean Group (GRULAC)

Online Moderator

André Ramiro, Civil Society, Latin American and Caribbean Group (GRULAC)

Rapporteur

Luiza Brandão, Civil Society, Latin American and Caribbean Group (GRULAC)

Format

Debate - Classroom - 90 Min

Policy Question(s)

Ensuring a safe digital space: How should governments, Internet businesses and other stakeholders protect citizens, including vulnerable citizens, against online exploitation and abuse?
International standards: How should international standards address the different requirements and preferences of governments and citizens in different countries?

Ensuring a safe digital space: In many regions, there are historical frictions about the understanding of how to make the online ecosystem safe regarding the implementation of encryption. The considerable lack of agreements are challenges and comes from agendas regarding different stakeholders that built distinct senses of "trust" for citizens. That means that beyond practical agendas (combating crime, enforce human rights or ensure cybersecurity for commerce and industry, for instance), stakeholders carry more or less explicit understandings considering what means the Internet to be reliable for citizens – and the use of encryption is embed into this shared sense. By tackling encryption policies with an "what is to trust on the online ecosystem" approach, we promote the opportunity for stakeholders to give a step forward in terms of cooperations and sharing interests by elaborating about the collective sense of trust regarding cybersecurity, specially with focus on encryption.

International standards: Far from being a regional particularity, policies that aims to make viable encryption workarounds are continually present. Sometimes coming as a result of international state coalitions, those proposals share interests of combating specific crimes, but assume different forms: India's legislation tackle the issue by raising liability risks to intermediaries that don't comply with its rules of tracing encrypted messages; United States have been addressing the theme by proposing the scan of messages, otherwise platforms lose legal protections that allow them to operate; and so on. Different regulatory approaches results in different risks in terms of rights, economy and security, which offer multiple challenges regarding how to equalize, internationally, the best regulatory practices for a transborder Internet. As the panel aims to frame the encryption debate by relating it to the collective sense of trust and reliability on the Internet with a multistakeholder approach, it would be possible to draw, taking into account distinct regional previous and present experiences, possible encryption policy standards that should be observed by States, civil society and platforms.

SDGs

3. Good Health and Well-Being
8. Decent Work and Economic Growth
9. Industry, Innovation and Infrastructure
16. Peace, Justice and Strong Institutions
17. Partnerships for the Goals

Targets: 3. Ensure healthy lives and promote well-being for all at all ages: The horizon of enhancing techniques to promote better medical care, diagnosis, and remote medicine are deeply interrelated with new connected technologies in order to reach a broader population and to offer qualified services. Information security policies and protocols for connected public and private health programs are some of the first steps to the development of such systems and to the safety of users. Encryption offers the necessary levels of secrecy for sensitive health data of big populations, as well as the integrity of information and data flows that permits doctors to establish a secure channel of communication with their patients. During times of pandemic, the reliability of health applications and telemedicine became a more noticeable issue as citizens have been able to remain socially isolated while receiving remote medical care. Overmore, the well-being of children, for example, are at the center of recent encryption debates. If some government and civil society entities argue that encrypted platforms are offering a free environment to the dissemination of sexual child's abuse material, other civil society organizations, service providers, and academics advocate that encryption makes the online environment safer for children as it ensures privacy and security. These challenges are appearing in legislation and public debates regarding, for example, the EARN IT Act, in the United States, in recent leaked documents from the European Commission, and in the recent modifications in the Intermediary Liability Rules in India. From the perspective of health and well-being, encryption is centrally located in Internet Governance discussions. 8. Promote sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all: E-commerce, digitalization of traditional services and the technology industry are, each day more, representing a larger part of global economic growth. According to Statista's 2020 publication, retail e-commerce is expected to exceed US$ 3.6 billions worldwide by 2024. The digitalization of traditional services, as seen in internet banking, creates a socioeconomic scenario that permits – and sometimes imposes – users to move daily activities to the Internet and, specifically, mobile applications. Also the big tech industry - including Facebook, Apple, Google, and Amazon – are placed between the most valuable companies of the world, showing larger margins of profit each year. Since 1997, the Organization for Economic Cooperation and Development (OECD) has continually reaffirmed that encryption is one of the technological means to provide security for data on information and communications systems regarding economic goals. It is safe to say that encryption is a security technology that promotes crucial prerequisites of integrity to these services, without which the reliability of purchases and transactions wouldn't be trustworthy. On the other hand, law enforcement advocacy towards encryption workarounds impacts, fundamentally, the business models of hardware and software industry with the intent of solving crimes. Those perspectives must be confronted. As a result, sustainability of economic growth is an intrinsic issue that should be addressed by the speakers of the panel.

9. Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation: The promotion of a resilient Internet infrastructure, such in terms of "over the top" application as well as the chain of connectivity infrastructure, is a distributed responsibility regarding the multistakeholder model of the Internet Governance and the transborder spectrum of the multiple networks. It is possible to say that establishing secure protocols to collect, process, transmit, and store users' data taking into account encryption technologies must be a consensual and shared obligation. On the other hand, a single vulnerability in security systems – such as lawful ways of exceptionally access to encrypted data or unforeseen code flaws in encryption algorithms - might jeopardize multiple industries as well as the end-user of the Internet. The "reliability" value of infrastructures that count on encryption for maintaining resilience has been fostering innovation for decades. Therefore, the question is fundamental to the proposed panel.

16. Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels The crucial role of encryption regarding the promotion of privacy and freedom of expression has been broadly documented by U.N's special rapporteurs such as David Kaye, Frank La Rue and Joe Connataci, as well as by state-sponsored research and publications by civil society and academic entities. By assuring the secrecy of communications, political dissidents have the possibility to report crimes perpetrated by government and private agents; journalists has been connecting with sources in secure ways to promote access to information; and less politically represented groups such as the LGBTQIA+ community, the black and gender equality movements and ethnical minorities have the potential to gather engagement and contributions to disrupt political inequalities. Encryption embeds in connected platforms the capacity for society to communicate with freedom and without fear of repression or other chilling effects. The exercise of political rights related to privacy, freedom of expression, and security of digital communication channels are key elements of democracy. Therefore, in order to achieve social and institutional justice, the security of communications, specially encrypted platforms, must be prioritized. The proposed panel has these topics at its center and will develop them in relation to the collective sense of trust regarding encryption.

17. Strengthen the means of implementation and revitalize the global partnership for sustainable development: As Internet services and connectivity infrastructure have a transborder amplitude, public and private policies regarding encryption must observe ripple effects that transcend a single domestic jurisdiction or specific stakeholder's agendas. Private companies, for instance, carry the necessity of foreseeing how privacy policies that address encryption might affect users and domestic legislation of other regions; law enforcement agencies also need to partner with diverse state agencies, such those responsible for technological and economic development and national security in order to promote resilient solutions for their agendas; as well as civil society organizations must align advocacy work internationally as a means to reach different regions and promote international parameters of social engagement and human rights. The establishment and the debate around encryption policies - considering their relation with an international and multistakeholder sense of trust on the Internet – must be, inherently, a collaborative work and it has the potential to valorize the role of partnership in the Internet Governance ecosystem.

Description:

Understanding that encryption’s main qualities offer a set of basic technical apparatus to build a collective sense of security and resilience on the online ecosystem, the workshop will tackle contemporary conflicts towards encryption policies in order to address if and how they possibly affect a broader sense of trust on the Internet. The debate primarily considers that the variety of "encryption workarounds" - such as traditional backdoors, client-side scanning solutions, or the government hacking of encrypted systems – come from different national investigative needs and sociopolitical backgrounds, but they are all related to possible transborder side effects on underlying social and technical chains of trust that depend on the reliability of cybersecurity. With two rounds of questions regarding how to ensure a safe digital space and policies concerning international standards, the workshop aims to draw international co-relations between encryption policies that are being proposed in different regions, their reasons, and if and how they have the potential of impacting a collective sense of trust (considering end-users, civil society, platforms, and states) in communication platforms and personal data flows. By gathering a cross-continental and multistakeholder composition, the panel seeks a necessary discussion about the governance of cybersecurity with a focus on the challenging encryption trade-offs.

Expected Outcomes

The proposed panel will result in two different outcome materials. In the early days after the panel, a policy paper with the aggregation of the panel’s discussions and points of conflicts and convergence will be published. Elaborated by the workshop's organization team, the policy paper aims to rapidly offer a ground to stimulate the continuity of the theoretical and policy discussions and practical actions. To achieve that goal, the policy paper will contain a synthesis of the discussion and the main recommendations suggested on the session directed to specific sectors or to the general public. The document will also aggregate images of the clouds formed prior and during the session.

In parallel, a second outcome is an audiovisual material with comments from the panelists about the highlights from the discussion developed during the session. This outcome pretends to engage a public that isn't necessarily expert in the theme, but is interested mostly in the direct dangers and possibilities that comes up from the debate. In that way, people that are affected by decisions about the encryption and Internet Governance ecosystem can be empowered in a creative and palatable way.

I) It will be possible for the public to fill a “word cloud” that will appear during the session. At the same time, the rapporteur fills a second world cloud, and the public can compare both during the session. By doing so, we can register what concepts come to our minds while talking or hearing about encryption and create a visual resource about the debate. The final versions will be included in the final policy paper. Furthermore, the moderator along with the rapporteur will run online polls for the public regarding policy and security choices that will be posed by the questions and developed by the panelists. By doing so, the public will actively interact and contribute with the outcomes.

II) The public is able to submit answers/comments to the policy questions in two moments, using a link that will be available at the beginning of the session. Considering the time limit, the mediator selects some to be read in the session and the speakers can choose to react to them.

III) Questions submitted to the panel are answered by the speakers, who will also provide their final remarks considering them.

Online Participation

Usage of IGF Official Tool.