Refresh
And that concludes my coverage of the Encryption Summit!
It was a very interesting few hours as speakers shared their knowledge and research findings, giving us a glimpse of what is at stake for a world without encryption. Stay tuned for more content on TechRadar on new policies and tech solutions on this front.
So what should digital rights advocates and experts focus on as they fight for better online safety for all?
“Applications that have encryption should be enabled by default. One of the things we’re concerned about is the risk of feature creep,” Sinders said.
Also for Robert Fabricant, co-founder of Dalberg’s Design Impact Group (DIG), “this is not a technical problem, it’s a design problem.”
He said: “We need to go beyond a dialogue about the technical elements such as encryption, and instead think more broadly about trust and how encryption can help us pave the way for a more productive dialogue.”
Caroline Sinders, founder of Convocation Research and Design Labs (CoRD Labs), spoke about the danger when vulnerable users think they have security/privacy, but their communications are effectively open to surveillance.
She described her work with vulnerable users, including US citizens living under reproductive data surveillance, and how digital literacy training was needed to help them understand which platforms to use (such as Signal) or avoid (such as Facebook Messenger) because encryption is not necessarily needs to be turned off. on.
Diana Gheorghiu, legal and policy officer at Child Rights International Network, also emphasized this sense of false security. She focused mainly on how undermining encryption will ultimately make children more vulnerable online.
“Policymakers should first identify the goal of the policy and then consider the range of options that may or may not be technological in nature and that can be implemented to achieve the policy goal,” she said. “Encryption only brings privacy benefits and only risks for child protection.”
Today’s final session of the Encryption Summit, hosted by Global Partners Digital, takes a broader look at the importance of encryption in communications in various communities around the world.
We can expect examples of how encrypted communications have helped empower marginalized communities and users living under strict surveillance, with discussions on how researchers and activists can help promote online safety in the future.
So how can social platforms monitor and stop the sharing of illegal material on encrypted platforms?
DFRLab’s Iria Puyosa explains how Meta-owned WhatsApp is still largely dependent on users reporting spam, offensive or dangerous content directly to the platform.
That’s why, according to Riana Pfefferkorn of Stanford Internet Observatory, a “robust reporting bug” is needed across all platforms to empower users. “Another part of the technique would be the analysis of metadata,” she added.
Speakers also share some interesting findings from their research into how users, especially the youngest, use social media platforms and actively protect themselves from online dangers.
“The underlying problem with many of the policy responses is that it sets people up as passive participants who require 24/7 online surveillance,” says director of research at CDT Dhanaraj Thakur. “What we would like to see is what can be done to improve young people’s freedom of choice online to interact with unwanted content.”
The panel, organized by the Center for Democracy and Technology (CDT), on the challenges for digital services to comply with content moderation rules on illegal and dangerous content, is now live.
Many of these service providers must deal with new demands without compromising encryption and user security.
On regulations surrounding encryption outside of messaging, network security, censorship and surveillance researcher Gurshabad Grover said: “We need to reevaluate how we reconcile our control over our devices. We want complete control, and we want our devices to do what we want . . .”
Speakers continued about the importance of digital trust.
Open source systems can help with this because they allow anyone to verify the code and check for vulnerabilities. Still, they warn that regulatory tensions around encryption could also impact this side of software development, as developers in some countries could be prevented from sharing their encryption algorithm.
According to Alexis Hancock of the Electronic Frontier Foundation, the most worrying thing is that encryption is being presented as a tool used for nefarious purposes.
She said: “We have to be careful about how we design safety, how we protect people. It is about the impact and damage that can result from legislation. Not every government acts in the best interests of the people.”
The following panel, hosted by Mozilla, the company behind the secure web browser Firefox, explains how encryption is being used outside of personal messaging services and the policy challenges and opportunities in these areas.
In fact, E2E is used to protect computer systems, secure financial payments, and protect medical records and browsing habits from prying eyes.
“We’re not living in the 1990s anymore,” said Signal CEO Meredith Whittaker. “What we now face as a community of technical experts is an emerging industry of AI scanning and biometric companies that are incentivized to claim that it is in fact possible to send end-to-end encrypted data securely and privately. scan.”
According to Whittaker, the technology community must unite and “call out not only the lies of the government, but also the industry that commercializes and markets technology in ways that are so unfair and can be so dangerous to basic human rights.”
Speaking about the EU Chat Control proposal, Dr. Sabine Witting: “The proposal is completely wrong because it gives the impression that privacy is a threat to the safety of children instead of a condition for safety.”
She regretted that the fight against CSAM is being portrayed as pro-privacy or pro-regulation for the benefit of children, without seeking their opinions and views.
Ella Jakubowaska from European Digital Rights (EDRi) said: “We invested in this work because people have been saying for years that we want Big Tech out of our lives and that we record our data in everything we do. We don’t want them in our lives. personal intimate moments, our private chats. And now this proposed EU law says that this should be a mandate to participate in these conversations, to act as a kind of interpolice.
“Encryption is something that makes us all stronger, even if people don’t realize it.”
Robin Wilton of the Internet Society started by explaining what client-side scanning is. He says: “Client-side scanning is the process of inspecting what you write or transmit before encrypting it for transmission or after it is decrypted.
Encrypted communications have long been a block box that governments want access to,” said Paula Bernardi of Internet Society. In the past, authorities tried to use backdoors to bypass encryption, in the same way as opening a confidential letter to the recipient. Side scanning works when someone stands over your shoulder and reads what you write, Bernardi explains.
So why are governments trying to enforce such a dangerous technology?
Like the invasive anti-terrorism legislation after September 11, preventing the spread of child sexual abuse messages (CSAM) is now the main reason behind regulations such as the UK Online Safety Bill, EU Chat Control and more.
The next session will take a closer look at what client-side scanning technologies are, what problems these solutions pose, and how some experts are opposing them.
Scanning devices is not a reasonable alternative to “breaking the encryption”. Join our panel on October 19 at 12:30 UTC to learn the issues surrounding client-side scanning in law with Dr. SK Witting, @mer__edith, @neetibiyani, @pgbernardi, Roberta Battisti & Ella Jukabowska 1/2 pic.twitter.com/xGrDwkqKQnOctober 17, 2023
The speakers started by providing a glimpse into the political context of three South Asian countries (Pakistan, India and Sri Lanka) where new digital regulations are feared to cripple the digital public space. Different countries, similar problems and a common sentiment: “It will always get worse.”
The Sri Lanka Online Safety Bill in particular endangers encryption. On this point, human rights lawyer and activist Ambika Satkunanathan said, “The sole purpose of the bill is to create fear among the average citizen, as well as human rights activists, political dissidents and journalists.”
Despite the importance of protecting encryption, Seema Chisti (editor of Indian news channel The Wire) calls for the same protection for physical devices regularly seized by authorities .
Secure VPN services and encrypted messaging apps like Signal are fundamental tools for journalists, lawyers, and other citizens. But as Farieha Aziz, co-founder of digital rights advocacy group Bolo Bhi, said, “In many circumstances, these protections do not hold up.”
The first panel, organized by India-based advocacy group Internet Freedom Foundation, is about to get underway.
Power to the people! #GED2023 Join us today at The Encryption Summit as we celebrate our right to privacy and fight back to ensure everyone, everywhere has access to encryption. https://t.co/aOfYgFsUoeOctober 19, 2023
Speakers will discuss the importance of encrypted communications for journalists in South Asia and how regulatory efforts to undermine encryption in the region could threaten freedom of expression and a free press.