IGF 2017 WS #201 State-led interference in encrypted systems: a public debate on different policy approaches

Short Title: 
State-led interference in encrypted systems

Proposer's Name: Mr. Carlos Alberto Afonso
Proposer's Organization: Instituto Nupef
Co-Proposer's Name: Mr. Hartmut Glaser
Co-Proposer's Organization: CGI.br
Mr., Carlos, AFONSO,Civil Society, Instituto Nupef
Mr. Hartmut, GLASER, Technical Community, CGI.br
Ms. Jamila, VENTURINI,Technical Community, NIC.br
Mr. Diego, CANABARRO, Technical Community, NIC.br


Moderators – 5 min to welcome participants and explain rules

Two presentations on the topic discussed in the workshop – 10 min each

Multistakeholder roundtable of invited specialists ([8] selected participants) + audience raise questions based on the speakers’ presentations:

- 3 10 min rounds of Q&A invited specialists: 3 questions per round (2min each) + answers from each speaker (2 min each).

- 3 10 min rounds of Q&A general audience: 3 questions per round (2min each) + answers from each speaker (2 min each)

Moderators – 5 min to summarize discussions and close the session.

Session Format: Other - 90 Min
Format description: The session is designed to host a dialectic debate segment followed by a traditional round-table segment structured around a Q&A format.

Country: Brazil
Stakeholder Group: Civil Society

Country: Brazil
Stakeholder Group: Technical Community

Speaker: Christoph Steck
Speaker: Pranesh Prakash
Speaker: Riana Pfefferkorn
Speaker: Neide Oliveira
Speaker: Diego Freitas Aranha
Speaker: Cristine Hoepers
Speaker: Carlos Alberto Afonso
Speaker: Alexander Fiona

Content of the Session:
The workshop is built around a policy question that approaches some historical controversies inherent to the widespread use and availability of encryption in the Internet, with a special focus on the tension between the increasing use of cryptography after Snowden and the supposed challenges it poses to public and national security in a digital era. The session promotes a space for multistakeholder debate on: the state of the art in the development and employment of cryptography; different attitudes towards the freedom to use encryption in different jurisdictions; modes of state-led interference in/with encrypted systems; and the limits posed by national and international law to such interference, as well as the impacts it might have to the protection and promotion fundamental human rights and shared values, to permission-less innovation on the Internet and the open architecture of the network. The session will host two segments: one will consist of two presentations made by government officials from the UK and the Netherlands that will detail different policy approaches for dealing with the use of encryption. The second comprises a multistakeholder round-table that gathers comments and questions about the previous presentations. In the end, moderators will summarize discussions and an overarching and documented report of the session will be made available for the session. The unorthodox format chosen for this session allows public scrutiny over some very practical policy-oriented approaches. The bulk of discussions registered during the workshop can provide dialogued feedback into policy development processes elsewhere.

Relevance of the Session:
The development and use of encryption to protect information and communication dates back to ancient times. Encryption has been mainly employed over the centuries to protect personal data, business information, governmental classified information, etc. Attempts to break encryption in general as well as the notion of inserting vulnerabilities (such as backdoors) in systems that rely on encryption have been a parallel phenomenon to (and also an integral part of) the longstanding efforts of cryptography. One might even say that those two processes function as the two different sides of the same coin.
The advent and the great pace of development of computing and networking technologies boosted the science behind cryptography to unprecedented levels of relevance for society in general. More recently, after the Snowden affairs, cryptography has been perceived as a necessary condition (not a sufficient one though) for Internet users to curb the abuses entailed by massive digital surveillance and espionage by an ever growing number of countries. In parallel, together with other measures, the deployment of encryption to commercial applications seems to have become a, somehow, sine qua non condition for some Internet companies to regain consumer trust and retain competitive advantages in relation to other players in the market.
The widespread use and availability of encryption tools however refueled tensions and entailed policy responses in a myriad of countries (e.g.: the Apple vs FBI case in the context of the San Bernadino Shooting; the announcement made by some European countries of their willingness to outlaw some uses of encryption as well as the public commitment of the Netherlands government to support encryption and oppose the development of backdoors; and the successive orders by Brazilian courts that aimed at blocking Whatsapp in the country due to the company’s denial to delivery communication records from some of its users). Those tensions generally revolve around the fact that as general-purpose technology, encryption can be also employed to conceal irregular and/or illicit activities, which would justify the creation of some narrow but allegedly needed exceptions to the constitutional limits built over the last century in several countries to impose limits to criminal investigation in order to uphold privacy and personal data protection. The cases mentioned above gave rise to fierce discussions on whether or not the use of encryption increases by itself the likelihood of and facilitate the occurrence of crime and other illicit activities (most notably organized crime of all sorts and terrorism). Some law enforcement agencies and security forces have argued that encryption impairs crime investigation and the prosecution of criminals, and therefore the development of technology with embedded backdoors might be needed. Other actors, including representatives from the technical community, however, argue that such interference might disrupt regularly protected flows of information and communication as well as compromise privacy and the protection of other fundamental human rights. At this point, we are in a stage in which the trade-off between those two perspectives have to be settled through democratic means and public participation and that is why this workshop was submitted for the IGF 2017.
Besides dealing with several different topics that comprise the overarching agenda of Internet governance (human rights, cybersecurity, openness and permission-less innovation, economic development, infrastructure governance, etc), the topic of this workshop is directly connected to two different goals comprised in the UN SDGs: sound institutions and innovation. Discussions on the contours of sound political institutions and on challenges and incentives for innovation are integral components of any sort of political agenda that aims at reflecting upon the “digital future”, which is the case of the 2017 IGF and highlight the importance of adding this proposal to the overall agenda of the event.

Tag 1: Encryption
Tag 2: Law Enforcement
Tag 3: Human Rights

The format chosen to this session enables both interventions from selected experts representing the full range of the multistakholder Internet community as well as for the general audience in Geneva.

The list of participants (confirmed and to-be-confirmed)

* CONFIRMED: Cristine Hoepers [Technical Communinty, CERT.br]
* CONFIRMED: Carlos A. Afonso [Civil Society, Instituto Nupef]

* CONFIRMED: Cristoph Steck [Private Sector, Telefónica]
* TBC: Monica Guise Rosina [Private Sector, Facebook]
* CONFIRMED: Rianna Pffeferkorn [Technical Community, Stanford University]
* CONFIRMED: Diego Aranha [Technical Community, University of Campinas]
* CONFIRMED: Fiona Alexander [Government, US Department of Commerce]
* CONFIRMED: Neide Oliveira [Government, Brazilian Federal Public Prosecutor’s Office]
* CONFIRMED: Pranesh Prakash [Civil Society, CIS India]
* TBC: Katitza Rodriguez [Civil Society, EFF]

Policy presentations:
* UK Government representative (contacted; name pending confirmation)
* Netherlands government representative (contacted; name pending confirmation)

The onsite moderators will start the workshop by explaining the flow of the session. They will then grant the floor for the chosen speakers during the first segment of the session, in which two government representatives will present different policy approaches to the use of encryption. After that, onsite and online moderation will entertain a 30-minute Q&A segment, giving the floor in a random fashion to eight selected specialists (two representatives of governments and/or intergovernmental organizations; two representatives of the business community; two representatives of technical communities; and two representatives of civil society), who will be able to pose questions and comments to the speakers of the first segment. Moderators will gather blocks of three questions and comments at a time. Each block of questions will then be approached by the debaters. The final segment repeats the format and the length adopted to the previous one, but gives the floor for any participant in the audience interested in posing comments and questions to be approached by those who spoke in favor and against the assertion that lies the policy question. Those two segments as such favor both a controlled as well as a free style of multistakeholder dialogue and aim at providing an overarching conversation by a very plural group of participants on all of the aspects inherent to the use and availability of cryptographic systems for Internet users of all sorts.

The list of confirmed and prospective speakers comprises people from all stakeholder groups (2 invitees per stakeholder group) and individuals who have convergent and divergent economic, political and social perspectives on the policy question proposed. It also follows a 50/50 gender balance at the time of this submission. Moderators, debaters and speakers come from four different countries and most of them come from the developing World, some of them being newcomers to the IGF space.

Onsite Moderator: Carlos A. Afonso, Cristine Hoepers
Online Moderator: Nathalia Sautchuk
Rapporteur: Jamila Venturini, Diego R. Canabarro

Online Participation:
Online participation and interaction will rely on the WebEx platform. Those joining the session using WebEx (either invited members of the round-table or the general audience) will be granted the floor in the Q&A segment of the workshop. People in charge of the moderation will strive to entertain onsite and remote participation indiscriminately. Social media (twitter and facebook) will also be employed by the online moderators who will be in charge of browsing social media using some hashtags (to be defined).

Discussion facilitation:
The first segment of the session (25 minutes) hosts two speakers that will detail different policy approaches for dealing with the issue of encryption (10 minutes for each speaker). In the second segment (30 minutes), moderators will facilitate a Q&A segment in which experts invited to join the round-table will be able to inquire the content presented during the first segment. After each block of question is gathered by the moderators, the presenters will have an opportunity to comment on the issues raised by the experts. Each block will comprise three questions (two minutes for each) and two slots (two minutes each) for the reaction of the presenters. The third segment will host an open mic/dialogue session enabling the participation of any participant in the audience who wishes to join the Q&A dynamics (30 minutes), following the same rules applicable to the second segment (10-minutes Q&A blocks). Guests invited to the round-table may also wish participate in the third segment, but have to enter the cue line as a regular member of the audience. Moderators will however only allow such a participation in case there is no question from the audience in a specific block of questions. Moderators will strictly enforce time limits during all segments of the workshop and will be in charge of using the remaining time of the session to provide general comments on the overall results achieved by the debate during the session.

Synthesized flow of the session:

* Moderators – 5 min to welcome participants and explain rules

* Two presentations on the topic discussed in the workshop – 10 min each

* Multistakeholder roundtable of invited specialists ([8] selected participants) + audience raise questions based on the speakers’ presentations
** 6 10min rounds of Q&A:
** 3 10 min rounds of Q&A invited specialists: 3 questions per round (2min each) + answers from each speaker (2 min each).
** 3 10 min rounds of Q&A general audience: 3 questions per round (2min each) + answers from each speaker (2 min each)

*Moderators – 5 min to summarize discussions and close the session.

Conducted a Workshop in IGF before?: Yes
Link to Report: http://friendsoftheigf.org/assets/Uploads/Spectrum-allocations-challenges-opportunities-at-the-edge.pdf

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10

igf [at] un [dot] org
+41 (0) 229 173 678