You are here

IGF 2020 - Day 5 - OF29 Global Encryption Coalition

The following are the outputs of the real-time captioning taken during the virtual Fifteenth Annual Meeting of the Internet Governance Forum (IGF), from 2 to 17 November 2020. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

 

   >> SHEETAL KUMAR: Thanks to everyone who has joined. We begin at 10 past the hour, but thanks for coming already.

    

   >> Hello, everyone. Welcome here. I just wanted to remind participants that the session is recorded and hosted under the IGF Code of Conduct and rules and regulations.

    So the moderators can now take the floor, please.

    Thank you.

   >> SHEETAL KUMAR: Thank you so much to the IGF support team and to everyone who has made this IGF possible.

    Welcome to you all. Thanks for joining us today. It's great to see so many people at this open forum on the Global Encryption Coalition. The Global Encryption Coalition was set up to defend where it is under threat. We'll tell you more about that in a minute.

    I will be your emcee for the event. My name is Sheetal Kumar, and I'm a senior program lead at GPD. GPD is part of the Steering Committee of the Global Encryption Coalition which is also composed of the Internet Society and the CDT. I'm joined by colleagues from both of those organizations as well, as well as many members from the coalition. It's great to see you here as well. Thank you so much.

    We'll be able to hear from them as well during this session. We're looking forward to that.

    To the Global Encryption Coalition has more than (?)75 members, almost 100 from all over the world. It's a broad‑based coalition made up of academics, companies, and civil society groups as well.

    Just so you know what to expect, before I hand over to my colleagues we're going to start with some opening remarks from Greg Nojeim from CDT who is going to provide a background for the coalition.

    We're happy others are here to speak. We'll turn to them for the main part of the session, which Ryan Polk from the Internet Society will be moderating.

    Finally, we'll end with Natalie Campbell from the Internet Society who will share with you about membership. I do hope that you will join us.

    Do feel free to use the chat and Q‑and‑A functions, but the Q‑and‑A functions preferably to ask questions.

    Include your name and organization. In fact, please introduce yourself either way because other attendees can't see you.

    So, with no further ado, I'm going to hand over to Greg.

    Greg, are you able to access your mic?

   >> GREG NOJEIM: Let's see. Can you hear me?

   >> SHEETAL KUMAR: I can.

   >> GREG NOJEIM: I'm sorry to be a disembodied voice. I haven't figured out how to show up as a speaker.

    I'm Greg Nojeim, Senior Counsel and Director, Freedom, Security and Technology Project, Center For Democracy and Technology. As Sheetal mentioned, we're one of the members of the Steering Committee of the Global Encryption Coalition.

      (Captioner has no audio)

   >> SHEETAL KUMAR: I think we lost Greg. Can anyone else hear him? Courtney, that makes me feel that's the case for everyone.

    Greg, are you here?

   >> GREG NOJEIM: I'm starting the video.

    So we formed the coalition because we're seeing threats to encryption around the world. It's popping up in hot spots like India, Brazil, Australia, the UK, the EU, and perennially in the United States where I am in Washington, D.C.

    The threats come in different forms. Sometimes it's traceability requirements. Sometimes it's other requirements, and the goal of governments, which is a worthy one, is to deal with terrorism, child sexual abuse material, and other objectionable information on the Internet.

    We all want to deal with those problems, but the members of this coalition believe that compelling companies to build back doors to facilitate ‑‑ back doors to encryption to facilitate law enforcement access is not the way to deal with those problems because it creates other security problems, and it creates them for everyone.

    So we're looking for solutions that don't have that consequence, and we're looking for members that agree with that approach and want to join the coalition.

    Some of the things that we've done so far ‑‑ I'm going to summarize them real quickly.

    We held a series of launched events ‑‑ virtual launched events in five encryption hotspots ranging from Brazil and India to the EU, Canada, and Australia.

    We brokered a meeting among UK‑based coalition members in the UK home and foreign offices on encryption issues in the UK, and we've got some new ones coming there possibly in an online harm's bill ‑‑ a proposal that's going to come out any day now.

    We helped Edry (phonetic) draft a letter that responded to an expert's report on CSAM (phonetic) in the world of end‑to‑end encryption. We've organized a sign‑on letter and the U.S. Lawful Access to Encrypted Data Act to which technical subscribed. We released a Steering Committee released what was picked up and India and Japan joined statement.

    Now, we're going to continue to do this work in the coming year and years, and the way we like to operate is to rely on our members to flag issues to us and to help us engage on those issues. In other words, this is not a coalition of people who come in and big‑foot local efforts. We get the people who can help us address it best.

    The resources we deliver include technical expertise, experience from other countries, and highlighting issues in our newsletters which goes to our membership and beyond.

    That's what I want to say to introduce the coalition to everyone. I will turn it back to Sheetal.

   >> SHEETAL KUMAR: Thank you, Greg for giving us the overview and examples of the coalition's work so far. I don't know if you mentioned, but we launched officially back in May this year, which seems like a very long time ago because this year has been a particular ‑‑ peculiar one, but it was a virtual, and it was a series of webinars that allowed us to explore the way the issue of encryption is playing out in different regions and some of those hotspots that you mentioned in the world, and all of that is available on our website. We'll share the links for the recordings for that and everything, for those of you who were not able to make it back in May.

    But we now have about 40 minutes for the discussion part of our agenda, which Ryan is moderating. So I will hand it over to you, Ryan.

    And we also have members of the coalition here to be members of the discussion.

    Over to you, Ryan. Thanks.

   >> RYAN POLK: Thanks, Sheetal.

    Hi, everyone. I'm Ryan Polk. I'm with the Internet Society. We're one (?) Members for the Steering Committee.

    I'm excited for this panel because it points to the broad base of our coalition and how diverse the coalition is in its membership, which I think is really one of the strengths. Because if we're going win in the encryption debate and get more people using encryption, we're going to need help from all across the world and from every single sector, which it's civil society academia or business.

    So I'm joined here on this panel by three members of the Global Encryption Coalition. The first person I'm going to introduce is Mishi Choudry.

    What I really want to do with this conversation is to get a sense of what are the encryption threats that you see around the world? What is the importance of encryption to your constituencies, businesses, or people in your regions, and then why you joined the Global Encryption Coalition and what you see as really needed for encryption advocates to make a difference and to win the global encryption debate.

    I think I will begins by asking the question to Mishi.

    Why does encryption matter to SFLC India?

   >> MISHI CHOUDRY: Thank you. Can you all hear me fine? That's the norm to ask for any video conference these days. Thank you for having me here. If I had started to approach and address all of you in a language from my country, which has 18 recognized languages, it would have been a sign of my cultural self‑determination but also a way to address only the people who do understand that language.

    This is how we understand speaking encryption or pretty good privacy or whichever method you're using, which is we can all use encryption to communicate freely and also express ourselves.

    Why encryption is important to better my work in the United States where I, as a lawyer, have Represented several of the free and open‑source projects that are making the building blocks of encryption possible, like open SSL or other layers or (?) Loss India, which works to protect digital freedoms for a very, very simple reason.

    One of the most important learnings is that encryption works. That, from a country where WhatsApp is our biggest market in India, and WhatsApp Pay continues to be on a growth path in order to acquire a major portion of India's 520 million Internet users.

    In November of 2019, we learned that around 114 activists, lawyers, et cetera, were targeted with spyware delivered to missed video calls in WhatsApp, a messaging service that is also used (?) That obviously told us (?) At its best in freedom, the net can abolish ignorance and free the power of human creativity, but data used at its worst under forms of this control, that publish officials are calling for around the world to eradicate the possibility of that human freedom. What happens will depend entirely on what the citizens of the democracies like India and several of the members of this coalition will demand is what our future looks like.

    Whether it's the draft (?) Or petition in India that requires WhatsApp messages should be traceable to the originator. All of these try to tell us that it can work differently for the good guys and bad guys.

    The way we secure privacy in the Internet, at least for now and a tool that's available to all users is encryption, which is to employ a mathematical transformations to data that constitute our emails, voice conversations, video streams, and monetary transfers so they can be understood only by our intended recipients.

    So when governments demand that schemes be deliberately compromised to facilitate government listening, it means weaknesses are created that can be exploited by hostile governments as well as terrorists. Government controls designed to fight these things which we all believe in, which is terrorism, crime, and international aggression, it would change nothing other than that (?) Will be extent.

    We believe in of law makes tyranny difficult to achieve. Even a state ruled by an unaccountable military can be forced to acknowledge the power of people as well as judiciary. That's why we believe in encryption. And that's why we think it's the very act of self‑preservation, free speech, and expression and all democratic governments as well as societies stand for must learn. So citizens of every free society must just clearly learn the opposite lesson, that even if we approve of the present government, we must not give it control of the net because somewhere in the future, a bad government will use the net to destroy the freedom in our society.

   >> RYAN POLK: Thanks, Mishi. I couldn't agree more. I think the point you make by both if you can trust the government you have now, if you create a method that could be used by the government in the future that you don't trust, I find that very powerful and similar to just an encryption back door in general. Because if you make an encryption back door, for one, it's a back door for all.

    I think I'm going to ask the same question to Courtney. I think you have many of the same points about freedom of expression, given your role, but, Courtney, for the Committee to protect journalists, what does encryption mean for your constituency and the people you represent.

   >> Courtney Radsch: Thanks for letting me follow Mishi.

    Maybe what I will do is talk about a couple of stories that illustrate the point that not only are there abstract values at play here display there's a case in Syria where a reporter had a laptop with unencrypted communications on it, and Syrian authorities got ahold of it and were able to track down his sources, who he had talked to, videos that he had, and several of those sources had to flee the country or they were arrested.

    In another case, ISIS, at a checkpoint, got ahold of a citizen journalist and found a logo of (?) Being slaughtered silently, a citizen journalist outfit there, and beheaded him two weeks later.

    We're talking about bad governments here. We know in Ethiopia, there have been serious issues with arresting journalists, using surveillance on journalists there.

    A journalist was held because he had encrypted files on his computer.

    This is happening all over the world.

    Here in the United States, under the Trump Administration, for example, there was a state of leaks that was unparalleled from previous eras.

    We have seen that President Trump has demanded access to those information and sought to crack down on those would‑be leakers and highlight the journalists and their sources and take away their right to communicate about issues of public interest.

    In the UK, we know that the intelligence service, GCHQ, has intercepted and saved communications between reporters and editors at some of the largest news outlets in the world.

    The need journalists have for encryption is equal opportunity whether you live in a so‑called democracy or not.

    The efforts to weaken encryption around the world provides a normative justification, of course, when they're done by the so‑called democracies or whatever.

    I think we're in a situation where we need to get away from the idea that ‑‑ it's been suggested that there are some reasonable ways to get around encryption. The need for journalists to have access to secure communications is actually about the public interest. Journalists are not out there reporting on things themselves. They're enabling functioning democracies, they're enabling people to hold people accountable.

    Whenever a journalist communicates with a source, their privacy depends on encryption. The strong encryption, by default, protects journalists, bloggers, et cetera because a journalist's smartphone or laptop holds a work in progress, their Rolodex of contacts, all manner of in‑progress messages, this gives detail into a reporter's work in which they would do jail time to protect. There have been many cases of journalists trying to protect that.

    Encryption mitigates the threat of ease dropping. It can be a defense against sophisticated agencies.

    It's not a panacea. There's still the issue of metadata and very sophisticated surveillance that, in some cases, appears to render encryption relatively useless.

    I think the key take away is that, you know, as you pointed out earlier, you cannot create a back door that is only used for one type of actor and not others.

    So if we agree that journalism is very important to society, to politics, to holding those in power account, if we value press freedom, both of the press and of those who speak with the press, then we have to value encryption. We have to value that as fundamentally as we value privacy and freedom of expression because they go hand in hand.

    And, you know, we really are getting into an era where it's increasingly difficult for journalists to even guarantee or say their sources that they can guarantee their anonymity because that's becoming so hard. We shouldn't take away some of the few tools that still exist for doing so.

    If you think about all the stories ‑‑ even over the past couple of years that we know about ‑‑ because someone dared to go around their boss to talk to a journalist or break the silence of sexual assault abusers, for example, to talk to journalists, to reveal, you know, corruption, embezzlement of funds.

    The Panama Papers, the Paradise Papers, the global collaborative efforts at journalism that have been unparalleled in the history of the world and revealed massive malfeasance and helped restore billions of dollars, we have to recognize that encryption was fundamental to enabling this to take part. That is why we see encryption as critical to furthering journalism, and that is why we have joined the coalition, because it really is fundamental to the practice of journalism.

   >> RYAN POLK: Thank you, Courtney. You make points about the practicalities for journalists and the fact that it's really a matter of personal safety for both journalists and their sources around the world, for them to have access to strong encryption.

    I'm going ask Michele for a different aspect on this. As the owner and CEO of a tech company, how do you see encryption as being integral for your business and your business sector?

   >> MICHELE NEYLON: I think the perspective I bring is quite different. The way we would use encryption is much more fundamental. We use it from the network up. So we validate roots. What that means is in order for Internet traffic to go from one point to another, in order for my users to be able to go to a website to send an email, you know, traffic has to go from point A to point B. In order for all of that to happen, you have switchers or routers, or as you Americans call them, routers. You have all that technical infrastructure. Encryption is used in that. Once you get above the network, it's ultimately how people do business. It's how people live their daily lives.

    For every time that you log into your bank, every time you buy a stupid widget, you know, you buy that silly postcard ‑‑ I just spent a fortune on Christmas cards. The only way I could do that was online.

    For some of us, this is something that we've all been doing for years. Now even more so. We're living online. The only way we can do that safely is with encryption. We have to have a safe connection. You have to be able to be confident that when you're going to a website that, you're able to give over your details safely, that you're able to do that bit of transaction that, business, be it buying a bunch of flowers or buying a tractor for your business, for your farm, whatever it is. It's all online.

    And for us, it's for ourselves, for our staff, for our clients, for our users. You know, encryption is throughout all of that. In some cases, people done want to use encryption, but they need to have the ability to turn it on when they want it. And I think that's why the threats we've seen to encryption, they're not new. We've seen them growing, and there's ebbs and flows around this for years. Every time those arguments they struck out are about these edge cases.

    Now, don't get me wrong. We don't want to facilitate crime. We don't want to facilitate child abuse. We do not want to facilitate terrorism on our platform, but if I've got 100,000 clients, why should 99,999 of them be forced to have an insecure, unsafe experience because one of them could be a criminal of some kind?

    That doesn't work.

    I mean, if you were buying insurance for your house ‑‑ I don't know how it works in other countries, but here, if you want to get insurance for your house, you have to tell the insurance company what kind of locks you have on your doors and your windows. If you don't have proper doors and locks on your windows, you cannot get insurance coverage.

    It wouldn't be surprising for me to see insurance companies asking these kind of questions about if you're using ‑‑ if you want to get coverage for device X, make sure it has a proper password, that encryption is in use.

    My day‑to‑day life is this these days. It's this. It's this disembodied reality in a Zoom call. In order to be able to do that, I need encryption. The problem with a back door or a hole or anything like that, it will be exploited. It might not ‑‑ it could be exploited by government. It could be exploited by law enforcement. It could be exploited by a criminal, but it will be exploited by somebody. It will weaken us.

    The strength of the armor is always going to be as strong as the weakest link in that armor. As soon as you start weakening the armor, it becomes absolutely useless.

    So I think, from our perspective, the thing about encryption is it's fundamental and crucial for us and our clients to be able to do business. Without it, game over. There's nothing left. ECommerce ceases to work, and when we're back to using faxes and printouts ‑‑ I've got nothing against faxes, apart from the fact that I can't work them, but we would be pushing ourselves backwards, essentially.

   >> RYAN POLK: Thank you. And just the thought about having to buy a fax machine for all of the home offices out there in the world frightens me.

    Although, if there's someone out there at a fax machine company, you're really excited.

   >> Courtney Radsch: And then we would all have to get landlines installed. That's a big barrier.

   >> MICHELE NEYLON: I would sell it to you happily. Remember, I'm the capitalist on this call.

   >> RYAN POLK: I'm happy the capitalist is supportive of encryption.

    One of the things you've touched on but I wanted to get more comments on is talk about the trends and the threats you've seen popping up around the world or specific to your consistencies or regions when it comes to encryption, and, really, what are those threats you see as the most dangerous, or the trends you see as the most dangerous, that we need to push back against.

   >> GREG NOJEIM: You mean besides (?)?

   >> Courtney Radsch: I can talk about a couple of things we're seeing with respect to ‑‑ I talked about journalists on their personal devices and communications. That's an ongoing threat. We're seeing surveillance capabilities get more and more sophisticated and challenging. But we're also seeing it's not just about your personal device, right? It's also about your Internet connection, wanting to use what sort of browser you're using, what sort of connection. So, for example, https, using that by default to get what you want ‑‑

      (Dog whining)

   >> Courtney Radsch: I have a dog here. I hope you can't hear the whining.

    But child sexual abuse material as well as child trafficking, terrorism, this is all very important, but what is missing is the fact that so much of what we know about terrorism and child trafficking and so many of these issues comes from journalists who have dug into them, who have gotten sources, who have built up the connections in those networks to reveal them.

    Like Lydia Cacho (phonetic) in Mexico.

    So they need to have access to those secure communications so if they're communicating with someone who is revealing sensitive information about, say, a sex trafficking ring, a child pedophilia ring, again like Lydia Cacho in Mexico, they need to do that securely.

    I think this is a more complicated issue. Between the increasing sophistication of the surveillance and malware being used we tend to think about encryption only being needed in these kind of debates around communication and personal devices. A lot of us are at home and doing sensitive work these days. We need to have secure and encrypted communication traffic so whether it's a neighbor or law enforcement sitting out there sniffing our traffic.

    I think we're seeing a wider range of potential threats and recognition by journalists of all stripes that there's a fundamental need for secure communications, and the encryption is fundamental to that.

   >> RYAN POLK: Thanks, Courtney. That's a really good point about the case in Mexico as well.

    Sorry, Mishi?

   >> MISHI CHOUDRY: So one trend, which is apparent, everybody likes to make the debates still binary, and it's amazing that for such a long time we've been discussing this, and it's always these scenarios of security versus private when it is only a security‑security question and whether it is looking at ‑‑ as Michele was earlier saying ‑‑ for example, the core initiative that was started. All the major companies came together and said because open‑source software is so important and we have to ensure there aren't any vulnerabilities, we're all going to work together. They're secured about security because that's the underlying way anything on the networks.

    However, when we see the entire trend in the government, it's always presented like, Oh my god! If you have encryption, you're going to have entire brackets of terrorists.

    This continues to be privacy versus security. You can have one or the other. We've had this for a long time, whether it is export control questions or how security works, we're already on the security‑security part.

    The other thing, the great thing about the coalition is several of the governments have different kinds of concerns. Like I can see that, at least in India, one of the things which had happened was because there is WhatsApp resistance about some of the lynchings ‑‑ actual lynchings being caused because of some misinformation which was passing through their channels and in failing to make the arrests and ensure public order, the Indian government chose to ascribe blame to WhatsApp's end‑to‑end encryption. That seems like an easy copout to say if your policing doesn't work on the ground, to say it's because, We couldn't get enough data.

    That's not entirely true, but that's (?).

    The also thing we're seeing is data localization, which is coming from financial institutions and even the Federal Reserve or the Reserve Bank of India, which is the equivalent. There's insistence that the data should be stored in the nation itself and somehow that also plays out in how they view encryption.

    Now, the other thing I would say is the nations are also talking about how significant amount of control over information systems is concentrated in the United States with little accountability to other governments.

    Why am I mentioning all of these? All of this is so closely intertwined, a tendency governments love to try to put them all on our door front instead of saying one issue needs to be handled at one time.

    The issue about how crimes are resolved, that question is slowly being addressed by cloud form. But as soon as you talk about security, they clump together and say, This is the problem.

    The traceability part of the originator, this has been litigated. This has been tried out in legislations, et cetera, in various parts of the world. Of the courts were not specialists about it. Love to say, Oh, there has to be some way out. You can't have a technology and not find a solution to only get us to catch the criminals.

    I am at least observing those kinds of trends which are about Safe Harbor and reliability issues when you require traceability and make the platforms responsible to get us traceability of the originator, that also requires you to (?) The entire issue about actual crime solution and data localization efforts and this desire the control data after those nations people there.

    All of these get together to present this really ‑‑ from the authority's point of view, a very complicated problem, which is not working in the benefit of the country but only for some outside.

    That's the kind of spectrum we what.

    That's why the earlier question of why it matters and why a global coalition matters, there are certain axioms. There are signs. You need to get a lot of people together to say, Well, your claims really don't work because here are all the people around the world who are facing the same problems and are trying to find solutions which are not the solutions which you are recommending, which is to say, Oh, because of some cases, we should make everybody insecure and vulnerable.

    That's why we've all come together to tell you that this kind of binary that you present to us or it can only be one way, that's not the right solution. If you're really serious about addressing issues, whether it's about terrorism or crimes against children, then you need to find a different solution. You can't just wish it all away.

   >> Courtney Radsch: Can I also add something. I think you point out something a critical point, Mishi, which is there's this assumption that if, somehow, there was better data, there would be better law enforcement. I don't think we see that. If you think about the Snowden revelations and all the data that has been covered up by the United States government, I don't think we've seen any proof that that has translated into decline in global terrorism. We saw the rise of ISIS in the wake of that. There's false logic behind the rationalization of breaking encryption and the necessity of gaining access to that data.

   >> RYAN POLK: Those are really good points. I like the point you make, Mishi, of governments and people who are trying to ‑‑ some are trying to weaken encryption, tying in so many different angles into one package to try and weaken encryption.

    That especially makes it hard for encryption advocates who may actually disagree on other aspects of policy, for instance, on data lake (?) But, at the end of the day, if it still weakens encryption, it weakens encryption, and it's a bad policy to come out of whatever country it's being introduced.

    Michele, is there anything from your side in Europe that you would like to highlight?

   >> MICHELE NEYLON: I think, first off, when we're talking about any of this, I don't think we can take an overly simplistic geographical stance because the reality is that from a kind of policy legal perspective, governments talk to each other, and they watch what they're doing.

    So if a government in one part of the world succeeds in passing a range of laws, either good or bad, other governments will look to that and follow their example. So if you look at, say, privacy, we have GDPR in Europe. Now you're seeing other parts of the world and countries following aspects of that. That's a very simple example.

    With some of the nastier nets, ones with nefarious laws that encroach on people's freedoms and rights, if they get away with it in one place, they will try to get away with it illness where.

    Open technology that we rely on such as open SSL or RTKI or any of these different things. There's not a version of open SSL for Europe. There's not a version of open SSL for the Americas.

    If it's weakened in one place, it's going to be weakened everywhere. If you look at what happens with Apple or Microsoft or Google, any of them, it's going to have ramifications across the globe.

    I think that's just something trying to look at ‑‑ trying to look at it in terms of slicing it up regionally, while that makes a lot of sense in other aspects of it, I think you have to be careful because if Apple or another hardware provider leaves a back door physically in a device, then it's going to be in all the devices everywhere. Even if it's not, we're not going to know which ones have the problem and which ones don't.

    I think in Europe, there's been a lot of discussions over the last few years around, you know, reviewing various things. I mean, we've got ‑‑ we've had a lot of different issues. Certain countries within the European Union are more concerned around threats around terrorism than others. I think every single one of them will come up to that thing where they're saying, Can we do ‑‑ insert crazy thing here.

    I remember not so long ago, a very large telco was approached by Irish law enforcement and being asked, Hey, do you mind if we just siphon off a bit of data there from the mainstream, you know, just to see what happens? There might be something interesting in there.

    I think it goes to the data collection, the access to larger amounts of data doesn't necessarily lead to anything. It just means you have larger amounts of data. I think the only people who win when it's related to data is those making hard drives.

    Shares in hard drive manufacturers, maybe that's the way to win in all of this. Buying shares ‑‑

    Trying to get through the hyperbole, we often speak geek. They're speaking law enforcement. Some of us are speaking privacy. They're speaking child abuse. We need to communicate better.

    I think that's why people like yourselves who are more in the policy‑legal side of things, you can help of those us just trying to run a business.

   >> RYAN POLK: Thank you. I think you also make a really interesting point about how governments are talking to each other. There was a point that, if you look at the Q&A, Greg makes as well that we're seeing powerful and well‑funded governments coordinating with each other on policy now. There's a big threat that has emerged in the last few years and emerged stronger than it has before.

    So to finish off this section of the call, I wanted to ask the panelists to make a quick minute or two‑minute intervention on what they see the community needing to do to help make the biggest difference on encryption. What can we do to protect encryption going forward? And what can the attendees on this call do to make a difference?

   >> GREG NOJEIM: I will go first. May I? I think the most important thing is to probably work together and learn from each other. As was pointed out in the chat, sometimes challenges to encryption are similar across different countries.

   >> Courtney Radsch: I would like to see more conversations that include people from different communities where we're all ‑‑ everyone who is working to protect children, to, you know, legitimately fight terrorism, you know, against criminal activity to support the function of businesses online, to protect human rights of (?) And journalists, we're all coming from a good perspective. We need to come together across thematic areas and figure out how we address very real concerns while ensuring that all of those communities have, as we see, very rightly put it, the security that they need to have. It's not this either/or private or security, encryption or terrorism and child abuse, that we get away from this binary and work across the communities to figure out a common solution. And I think that's the promising nature of this coalition.

   >> MISHI CHOUDRY: I've been involving a lot of government authorities, whether it's the spies or actual law enforcement, in these conversations. It really does move the needle towards having a more constructive conversation, which may not always be public. There is a reason that these statements that come from whether it's the five eyes or India or Japan, these statements, they say one thing, but we see the conversation get a little bit more sophisticated, even from the U.S. intelligence agencies, regarding what is possible and what is not.

    And something very simple, also, it's not that they're all right here to say, We don't care about terrorism or we don't care about crime.

    It's the breaking everything to enable enforcement of laws. So involving them more in those conversations, even though they may be one‑on‑one conversations and they may take more time and get more confrontational, that is an effort we're seeing, at least, at the local level, bearing some kind of fruit.

    Having said that, but the messaging about how important it is for the underlying infrastructure of the net, and you can't just get the benefits and also only have whatever you desire. That statement needs to be pushed again and again.

    It's like when the lie has been repeated so many times, it looks like the truth. This truth needs to be repeated over and over again no matter how much we think we've already said it so many times. If that were true, we wouldn't be relitigating these things starting with the Clinton Administration or other (?) Matters in history.

    I think getting them involved and spreading out who our allies are, and those allies may not be digital defense ‑‑ they may be parents looking after children or who do work on grass roots organizations. How are they communicating? People that stand for the right to protest and other constitutional or fundamental human rights, I think the larger (?) And the bigger our tent is important.

    It's also important to explain in everyday usage why this matters. Everybody may not be encrypting their emails like you and I may be doing or using signal, but that doesn't mean we look down on people who don't understand this. It's incumbent. We need to be learning from each other and explaining what we know from what their requirements are.

   >> RYAN POLK: Michele?

   >> MICHELE NEYLON: I think the fundamental thing is we need to move away from those binary view where it's like you get certain people who are privacy advocates. I love them to death. They're lovely people, but they take this extreme view. And that's the same with the child protection people who take this extreme view. The reality is encryption is what powers a lot of everyday, normal, day‑to‑day stuff, day‑to‑day stuff like banking, online transactions, all of that. Yes, when you move it up a layer, it's covering a whole load of other things. It's just this binary thing. Encryption needs to be ‑‑ we need to break that it's a bad thing. It's not. It's a good thing. In many respects, we need more of those. We need more security. We need better security. We need, I think, also, more accessible security. I think that's another aspect as well.

    I think part of it is just improving that dialogue and that conversation and just trying ‑‑ I think the point about having to repeat the same thing over and over and over again ‑‑ I will take it further. Maybe you don't need to repeat it. Maybe rephrase it. It's not just repeating it.

   >> RYAN POLK: Thank you.

    And thank you to the panelists for that.

    I completely agree that we need a broader base of allies and especially folks from outside of this space because often those groups are ones that have strong political pull or they have the ability to get lots of people to go out and to actually do things to make a difference, but they don't know yet that encryption is so important.

    I really liked the point about inclusive conversations even with our enemies, quote/unquote. Because we need to make sure those folks in law enforcement understand where we're coming from and what the technical reality is, which is that encryption is an engine for so much in the world and that we really need more of it.

    I think we'll end this section of the panel. Thank you so much to the panelists.

    We'll move on to Natalie for final thoughts about the coalition.

   >> NATALIE CAMPBELL: Thanks for that, Ryan.

    I can't thank everyone enough for joining this session.

    And, you know, as I've been reflecting lately on everything that is 2020, I think there's one thing we can all agree on, and it's just how important the Internet is.

    I mean, 2020 has been daunting at times, but the Internet reminds us of all the amazing things we can accomplish when we decide to work together towards a common good. It's a lifeline enabling so many of us to keep working and learning and socializing and accessing health care and doing business and countless of daily tasks while trying the stay safe during a global pandemic.

    That, to me, is what makes the importance of being able to rely on the secure Internet at an all‑time high. This is what makes a Global Encryption Coalition's mission so crucial. Our members from around the world have come together because we believe encryption is a solution. It is our strongest digital security tool, and it is so critical to the personal security of billions and nations around the world.

    You know, we've heard from a lot of great speakers today about how this is so critical, especially with journalists, women, those of vulnerable populations and so many more where this is an actual lifeline.

    And, you know, this is why we need everyone's help. We need everybody to get on board. There are threats to encryption, but we can all play a role to help keep people safe online.

    You know, we are very much inclusive. Like many of my fellow members have said, we're so inclusive, and the coalition, we welcome organizations, businesses, industry associations who share a mission to consider joining the coalition because we are stronger together, and our coalition is a way to unite our advocacy efforts and promote and protect strong encryption policies and protections around the world.

    And we also work with businesses to know how products can keep everyone safe online.

    There's another unique purpose that we serve. This speaks to the point that some of my fellow members have said about having conversations. Personal and national security are super important matters. We understand there is a lot of noise in the encryption debate, and it can be hard for people to separate fact from fiction.

    Governments have a really important duty to protect their citizens, yet, at the same time, we're concerned about the proposals that could undermine the security, and they might not even know it.

    So, you know, many of my fellow Global Encryption Coalition members agree. A threat to one country is a threat to us all.

    So I put this out there, that not only do we have some of the world's leading tech experts among us, we also have a global membership with a wide range of perspectives with practical (?) On encryption. We can be valuable to governments and businesses worldwide who want to understand the technical and practical impacts of policies regarding encryption. We can help people understand why it's so important to some in our communities and what are the consequences of undermining this protection.

    We've heard many of these today.

    So I will leave everyone with two suggestions.

    So for those that are interested, I highly encourage you to join the coalition. You don't have to go at this alone. We're all in this together. We all want to see people safer online.

    For those that are here just to learn more about encryption and perhaps how governments could make sure their decisions don't compromise the safety and security of people, let's talk.

    We've already sparked relationships with governments in several countries, and we welcome even more of these conversations because, at the end of the day, we can all agree there's one thing that unites us all in this discussion, and it's that we have the safety and security of people at heart.

    By keeping this in mind, we can have more productive conversations about how we can all work to keep ourselves, our businesses, our loved ones, and nations everywhere safer online.

    And if you would like to join the coalition, there's a handy link at www.globalencryption.org.

   >> SHEETAL KUMAR: Thank you to my panelists and the Steering Committee members and the attendees. We have to wrap up. Thank you for joining us for this past hour. We've heard so much. It's very difficult to summarize, but I will say we've heard why the coalition exists, why it's more important than ever, what the coalition has to offer. Please reach out and join us. I will end by staying safe online and off.

    Thanks so much for your time. See you around soon. Have a great IGF.

   >> GREG NOJEIM: Bye, everyone.

 

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 411