IGF 2023 WS #516 Beyond North: Effects of weakening encryption policies

Wednesday, 11th October, 2023 (05:00 UTC) - Wednesday, 11th October, 2023 (06:30 UTC)
WS 3 – Annex Hall 2

Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security

Organizer 1: Pedro Amaral, 🔒Law and Techonology Research Institute of Recife
Organizer 2: Marcos Cesar Martins Pereira, Law and Technology Research Institute of Recife (IP.rec)
Organizer 3: Paula Bernardi, Internet Society
Organizer 4: Olaf Kolkman, 🔒

Speaker 1: Masayuki Hatta, Civil Society, Asia-Pacific Group
Speaker 2: Mariana Canto Sobral, Civil Society, Western European and Others Group (WEOG)
Speaker 3: Prateek Waghre, Civil Society, Asia-Pacific Group
Speaker 4: Pablo Bello, Private Sector, Latin American and Caribbean Group (GRULAC)
Speaker 5: JULIANA FONTELES DA SILVEIRA, Intergovernmental Organization, Latin American and Caribbean Group (GRULAC)


Olaf Kolkman, Technical Community, Western European and Others Group (WEOG)

Online Moderator

Pedro Amaral, Civil Society, Latin American and Caribbean Group (GRULAC)


Marcos Cesar Martins Pereira, Civil Society, Latin American and Caribbean Group (GRULAC)


Panel - 90 Min

Policy Question(s)

A. What are the effects of a country/region's Internet policies on other locations? B. How can the Internet ecosystem / critical infrastructure and human rights be affected by the extraterritorial effects of anti-encryption policies from other countries? C. Is there a risk of internet fragmentation or of the encrypted services offered? What are the effects of this on freedom of expression and the right to privacy and confidentiality?

What will participants gain from attending this session? The session aims to offer participants a fresh perspective on addressing the problem of legislation that seeks to weaken the use of encryption. The current debate, primarily focused on the Global North, tends to overlook the potential unintended global effects of such legislation. We strive to provide a new viewpoint by equipping attendees with both theoretical and practical tools to comprehend how policies designed for the Global North may more or less unintentionally impact the Global South. By doing so, we aim to empower the audience to think critically about policies and legislation, considering the implications of these unintended consequences.


Since 2022, several legislative proposals have been threatening end-to-end encryption, especially in the Global North. In the United States, the EARN IT Act has been reintroduced, but there are also the STOP CSAM Act and the Kids Online Safety Act (KOSA) circulating. In the European Union, the proposal of ChatControl, authored by the European Commission, has been advancing despite strong internal and external criticism, including from the German federal government. The Online Safety Bill in the United Kingdom poses a threat to strong encryption, although the government consistently asserts that there is no such threat. In response, various providers of encrypted services have announced that they would have to leave the country or accept being blocked. Despite these laws focusing on a specific region of the globe, their effects are expected to go far beyond, given that the Internet is global. These demands will impact the services offered there but also in various other regions of the world, considering the geopolitical influences of the Global North. The reduction in security through the weakening of encryption is one of the extraterritorial effects that may occur with the aforementioned legislative proposals. Thus, these proposals not only threaten the rights of citizens in their own countries but also citizens of other countries, as well as the Internet ecosystem itself. The proposal here is to gather experts in Internet policy and encryption to analyze the legislative proposals in question and assess how they may impact other regions of the world. Of particular interest is evaluating the impacts on the Global South, given its contexts of institutionalization and democratic consolidation, human rights, as well as the Internet and its available services.

Expected Outcomes

We anticipate that it will help us identify risks and challenges to strong encryption in the Global South, which may arise as an unforeseen outcome resulting from the ripple effect of legislation undermining encryption proposed in the Global North. The anticipated result aims to increase awareness and unite stakeholders engaged in global Internet security and defense, with the objective of devising strategies to safeguard the fundamental rights of privacy, confidentiality and free expression that are crucial for every individual, irrespective of their location. These rights enable individuals to fulfill their responsibilities, voice their opinions, and ensure accountability of those in positions of power, all while being protected from unwarranted intrusion, persecution, or oppression. We expected to produce a policy paper that will be published in the Encryption Observatory, a project from IP.rec, with key takeaways from the discussion, data gathered from the public interaction and policy recommendations.

Hybrid Format: The workshop will be organized in such a way that the on-site and remote moderators engage in dialogue through a video conferencing platform. The moderators will facilitate communication between the two modes, relaying questions from online and on-site participants to the audience and speakers. We will allocate initial time to utilize interactive tools with the audience from both modes, such as Mentimeter or similar tools, aiming to conduct surveys and word clouds on the topic, addressing aspects such as knowledge of cryptography and understanding of 'side effects' in cryptographic policies. The workshop will include guiding questions for all speakers, both remote and on-site, with equal time allocation (12 minutes) managed by the respective moderators. Finally, there will be dedicated time (30 minutes) for comments and discussions on the panel, divided into two segments, with two questions allocated to the on-site mode and two to the remote mode.