Beyond North: Effects of weakening encryption policies | IGF 2023 WS #516

11 Oct 2023 05:00h - 06:30h UTC

Table of contents

Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.

Full session report

Audience

The analysis of the speakers’ arguments regarding encryption reveals a variety of key points and perspectives. Overall, there is a prevailing negative sentiment towards anti-encryption policies due to the potential risks they pose.

One notable concern is the risk of fragmentation in encrypted services. The mention of various policies that could threaten end-to-end encryption in Europe, the UK, and the USA raises alarms. Additionally, the gathered public views indicate a potential fragmentation in the encrypted services offered. This fragmentation could disrupt the seamless communication and interoperability that users currently enjoy.

The extraterritorial effects of anti-encryption policies are another significant concern. The internet ecosystem and human rights can be affected if encrypted applications become region-specific, leading to a fragmented online environment. There is also anxiety surrounding the possibility of surveillance or the implementation of backdoors to encryption. These concerns highlight the potential infringement on privacy and human rights.

Furthermore, there is strong opposition to anti-encryption policies and the possibilities of surveillance and backdoors, with some participants expressing the belief that the issue of child pornography is being weaponised to strengthen these policies.

Contrary to the compliance or denial dichotomy that is often presented, there are alternative solutions to consider. Technological literacy can empower individuals to access platforms in different ways within a given jurisdiction. This undermines the notion that compliance or denial are the only options. The false dichotomy of compliance or denial is seen as limiting, and there is optimism that technological literacy can pave the way for innovative approaches.

Blockchain technology is suggested as a positive solution that could provide a global, interoperable network without relying on encryption. The launch of a standardised blockchain platform by the MLS from the ETF is cited as a successful example. By preventing the monopoly of a single entity on a billion people, blockchain could offer a decentralised solution that empowers users while ensuring security and functionality.

The potential consequences of removing encryption services, such as WhatsApp, are also highlighted. Many migrants and citizens with families in other parts of the world rely on services like WhatsApp to communicate. The removal of these services could potentially oppress diasporic populations and the global South, as they were among the earliest users and audiences. This raises concerns about reduced connectivity and the potential disruption of social bonds.

Additionally, the dominance of Facebook and Google in the technology sector is seen as an issue that limits competition. The disproportionate influence and control exerted by these companies are believed to hinder opportunities for other players in the industry. The audience perceives this dominance as detrimental to fair competition and the exploration of alternative technological solutions.

In conclusion, the analysis reveals a negative sentiment towards anti-encryption policies. Concerns about the fragmentation of encrypted services, the potential infringement on privacy and human rights, and the dominance of certain tech giants echo throughout the discussions. However, there is a strong belief in the possibility of alternative solutions, such as technological literacy and blockchain technology, to address these issues. The potential impact on diasporic populations and the global South is also a significant factor that adds to the urgency of preserving encryption services.

Pablo Bello

This analysis explores the various arguments and stances surrounding encryption and its implications for online safety. It specifically focuses on WhatsApp, a widely used encrypted messaging platform, which strongly opposes anti-encryption policies and regulations. WhatsApp argues that weakening encryption would pose a significant threat to the security and privacy of its users on a global scale.

One of the main concerns raised by WhatsApp is the risk of internet fragmentation that could arise from policies undermining encryption. The platform has even stated that it would consider leaving the UK if the proposed online safety bill is implemented in a way that compromises encryption. This highlights the potential implications of lower security standards for the interconnected global network.

On the other hand, some experts argue against the commonly perceived trade-off between safety and privacy. They assert that the idea that reducing privacy will automatically increase security is false and disproven. They suggest that it is essential to maintain a balance between both aspects rather than compromising one in favour of the other.

Discussions also focus on who should decide encryption standards and whether multiple protocols should be encouraged. Questions have been raised regarding the potential implications of having a single standard and the decision-making process involved. Careful consideration must be given to ensure that the best standards are implemented.

Importantly, WhatsApp collaborates with other companies and civil society groups to resist encryption regulations. This coalition is working together to avoid regulations that would impact encryption. WhatsApp actively advocates for maintaining the highest standard of protection with end-to-end encryption worldwide, emphasising its duty and responsibility to protect its users.

Furthermore, the analysis underscores the critical nature of encryption for society’s safety, with encryption being vital to protect millions of individuals, particularly those in the Global South. The argument against weakening encryption is supported by the belief that it does not make society any safer.

In conclusion, this analysis presents a range of arguments and stances on encryption and its impact on online safety, with WhatsApp taking a strong stance against anti-encryption policies and regulations. The platform highlights the potential risks of internet fragmentation and advocates for the protection of high encryption standards. It actively opposes encryption regulations and emphasizes its duty to protect users worldwide. Encryption plays a crucial role in ensuring online security and privacy, and finding the right balance between safety and privacy is essential.

Juliana Fonteles da Silveira

The analysis explores the impact of anti-encryption policies on human rights in the Americas. It reveals that these policies may infringe upon the rights protected by the American Convention on Human Rights by granting access to personal information and allowing its processing. This argument is presented with a negative sentiment, highlighting concerns about the potential repercussions of anti-encryption policies.

The analysis also highlights that anti-encryption policies extend beyond privacy concerns to broader implications for freedom of expression and human rights. It asserts that encrypted communication is essential for activists, protesters, and journalists to communicate securely. It further points out that in many countries in the Americas, the absence of the rule of law, judicial independence, and democratic stability exacerbates the impact of these policies. This negative sentiment reflects a critical stance towards the rise of anti-encryption policies.

Another viewpoint discussed in the analysis raises concerns that anti-encryption policies in the Americas and Europe may contribute to the introduction of new repressive internet regulations in the region. The argument is made that any restriction on expression must meet the three-part test, which requires it to be provided by law, based on legitimate reasons, and in line with the principles of necessity and proportionality. This underscores the belief that anti-encryption policies should be subject to scrutiny to ensure compliance with human rights principles.

The analysis also mentions the role of the Inter-American Commission on Human Rights, which issues reports and recommendations on the impact of non-encryption policies on human rights to states and private companies. It also facilitates public hearings for civil society and other actors to address violations related to encryption legislation. These observations are presented in a neutral sentiment, highlighting the involvement of international bodies in addressing potential human rights violations resulting from anti-encryption policies.

Additionally, the analysis notes that there is no substantial evidence to support the effectiveness of non-encryption policies in ensuring safety. This negative sentiment raises doubts about the necessity and proportionality of such policies.

On the other hand, there is a positive sentiment expressed in support of encrypted and protected private communications. This viewpoint aligns with the importance of upholding human rights, privacy, and encryption. Although no supporting facts are provided for this support, it reinforces the notion that safeguarding private communication is crucial.

Overall, the analysis emphasizes the significance of protecting human rights while considering encryption policies. It underscores the potential consequences of anti-encryption measures on various facets of human rights, including privacy, freedom of expression, non-discrimination, and human dignity. The analysis calls for a careful examination of these policies to determine their compatibility with international human rights standards.

Prateek Waghre

During the discussion, several issues regarding internet regulations and digital sovereignty were explored. The focus was specifically on the impact of Western institutions on the global South. It was argued that actions taken by Western institutions can have significant consequences for parts of the global South, and this sentiment was expressed in a negative manner.

The discussion highlighted concerns regarding the regulations imposed on digital services in India. These regulations include the retention of customer data for up to five years, the tracing of original messages on end-to-end encryption in accordance with Indian internet laws, and the broadening definition of Telecommunication, which may impose licensing requirements on all internet services. These measures were viewed negatively by the participants and were seen as potentially harmful.

The exportation of regulatory designs to other countries was also a key topic of discussion. It was noted that countries such as Malaysia, Vietnam, Kenya, and Venezuela have adopted similar regulations to those enacted in Germany, including intermediary liability regulations. This observation was made without expressing a particular sentiment, indicating a neutral standpoint.

The control exerted by the Indian government over digital spaces raised concerns among the participants. The Data Protection Act, which grants the state the power to process large amounts of personal data while exempting the state from the right to privilege, was mentioned. Additionally, potential obligations to intercept messages and the involvement of a state-appointed grievance committee in content moderation decisions were seen as alarming. These points were discussed in a negative light and raised concerns about potential reductions in digital inequalities.

The importance of protecting encryption and end-to-end encryption was positively emphasized. The need for solidarity in safeguarding encryption in the coming years was underscored, highlighting its significance in preserving privacy and security.

The discussion also touched on the traceability issue in India, particularly in relation to a high court traceability order that WhatsApp managed to obtain a stay for. The impact and implications of this order were presented in a neutral manner, suggesting the need to cautiously monitor developments in this area.

Overall, the participants advocated for the protection of encryption and stressed the importance of vigilance in monitoring traceability developments. They highlighted concerns over the regulations imposed on digital services in India and the potential exportation of similar regulatory designs to other countries. The need for solidarity in protecting encryption and the significance of observing the traceability issue were recurring themes throughout the discussion.

Masayuki Hatta

The discussion focuses on the impact of encryption on the economies of the Global North and Global South. It acknowledges that many individuals are using encryption without being aware of it, highlighting the need for greater awareness and education about these services. The lack of understanding could lead to problems if encryption is prohibited or removed.

Regarding Japan’s role in encryption regulation, it is noted that the country generally follows the policies of the Global North. This raises questions about whether Japan should be categorized as part of the Global North or Global South. The discussion is further complicated by Japan’s technical and socio-political characteristics, causing confusion about its position. Additionally, Japan’s inclination towards authoritarian tendencies may have implications for privacy and internet freedom.

The Global South is increasingly implementing regulations on encryption. However, it is important to recognize that technology is not constrained by geographical boundaries or regulations. Services like WhatsApp, Apple, and Signal remain accessible to users regardless of regulatory measures. This demonstrates that technology is universal and not limited by individual countries’ decisions.

The main point of the discussion appears to be uncertain and confused. There is a lack of clarity regarding the focus and objectives of the conversation. Additionally, the issue at hand is seen as multifaceted and political, contributing to the uncertainty surrounding the discussion.

In conclusion, the analysis underscores the importance of raising awareness and understanding among users about encryption. It highlights the potential problems that could arise if encryption is prohibited or removed. The discussion also raises intriguing questions about Japan’s role and position in encryption regulation. Moreover, the differing approaches taken by the Global North and Global South in regulating encryption reflect the evolving landscape of technological governance. Overall, the discussion necessitates further exploration and clarification of the main points and objectives.

Mariana Canto Sobral

The analysis examines various aspects related to encryption, privacy, and global trends. One key argument posits that global south countries often feel compelled to conform to trends set by the global north out of necessity or a perception of trendsetting. However, the analysis cautions that transnational regulations like the General Data Protection Regulation (GDPR) can impose compliance requirements on global south countries, risking exclusion from the market. This highlights the challenge these nations face in balancing global norms with their own interests.

Regarding privacy, the analysis emphasises that its definition and understanding are primarily shaped by Western, white, middle-class perspectives. As a result, privacy is seen as a privilege, disregarding the experiences and needs of marginalized groups. The historical example of people of color being obligated to carry lanterns for surveillance further illustrates how such perspectives perpetuate inequality and social injustices.

Encryption evokes mixed sentiments. While it is viewed as a threat to vulnerable groups, it is also recognised as a powerful tool that can benefit the underprivileged and address power asymmetries. Challenging the prevailing notion that encryption hinders protection calls for a reevaluation of the narrative surrounding its role.

The analysis also disputes the notion that the absence of privacy automatically leads to increased security. It suggests that alternative approaches should be explored to achieve a balance between privacy and security.

Moreover, the analysis asserts encryption as a matter of human rights, emphasising the importance of protecting it as a fundamental right that contributes to peace, justice, and strong institutions. It calls for the Global South to embrace and safeguard encryption instead of perceiving it as a threat.

Additionally, the analysis recommends implementing regulations and policies to strengthen encryption in Latin America. It cites the example of Brazil, where revelations by Edward Snowden led to the establishment of a comprehensive civil rights internet framework. This demonstrates the potential positive impact of proactive measures in addressing encryption.

In conclusion, the analysis underscores the complex dynamics surrounding encryption, privacy, and global trends. It highlights the need to challenge prevailing narratives, redefine privacy, and recognise encryption as both a potential threat and a valuable asset. The analysis stresses the importance of safeguarding encryption as a human right and implementing appropriate regulations to promote security and reduce inequalities.

Moderator

Multiple legislative proposals introduced in the Global North, specifically in the USA and EU, are causing concerns about the potential negative impact on end-to-end encryption. These proposals, including the Online Safety Act and the Kids Online Safety Act in the USA, as well as the Chat Control proposal in the EU, pose a threat to the privacy and security provided by encrypted services.

There are fears that these proposals could lead to a fragmentation in the availability of encrypted services worldwide. If certain encryption services are only accessible in specific regions, it could create a situation where some users have access to secure communication while others do not.

Adding to the complexity is the lack of awareness among users about their reliance on encryption in everyday tech usage. Many people are unaware that they are using encryption when using applications like WhatsApp or LINE. This lack of awareness makes it difficult for users to understand the value and implications of restricting encryption.

The potential consequences of these legislative measures extend beyond privacy concerns. There are significant worries that these policies could curtail human rights and freedom of expression. Weakening encryption poses a risk of reducing global standards of security and privacy, especially impacting vulnerable populations who already live under non-democratic regimes.

It is crucial to defend against regulations that weaken encryption as encrypted communication plays a vital role in protecting freedom of speech, privacy, and security globally. The absence of data protection laws in many countries in the Americas contributes to state abuses and enhances state capacity for arbitrary measures on private communications.

Furthermore, there is no evidence to suggest that mass surveillance enabled by non-encryption policies has been effective in ensuring safety in proportionate ways. The potential for abuse in surveillance policies and the infringement on privacy rights is a major concern.

In conclusion, the legislative proposals threatening end-to-end encryption in the Global North have sparked concern for the global internet ecosystem and human rights. Defending encryption is crucial as weakening it not only compromises privacy but also threatens human rights and freedom of expression. The lack of awareness about the role of encryption among users further complicates the understanding of its value and implications. Protecting encryption is essential for maintaining higher standards of security and privacy globally, especially for vulnerable populations.

Session transcript

Moderator:
I’m going to start with a brief introduction. I’m going to start with a brief introduction. We have a panel which is about encryption and the impact of encryption policies happening in the global north and the impact they have on the global south. We have a room with approximately, I would say, about five, six, excluding the speakers. Thank you for all being here. My name is Olaf Kollekman, I’m with the Internet Society and I will be your moderator today. As I said, this is about encryption policies in the global north, impacting the ability to communicate throughout the world. We have a room with about five, six, excluding the speakers, thank you for all being here. Since 2022, there have been a number of legislative proposals introduced that threaten end-to-end encryption. End-to-end encryption is the ability to communicate with confidentiality and integrity from one user to the other. This is a very important issue. We have a number of bills that are circulating in the European Union, the online safety act and the kids online safety act, all bills that are circulating as proposals and being looked at, I would say. In the European Union, there’s a proposal of chat control. The online safety bill has become an act. to come up with a solution to find harmful content, while a community of security researchers and practitioners have brought consensus that such a solution doesn’t quite exist. During the development of the bill, that’s the online harms bill, various providers of encrypted services announced already that if that bill would come in effect and actions would be taken that the bill enables, that they would take their business elsewhere. And these are all laws that focus on specific regions of the world. As I said, Europe, the UK, the US, those are very specific areas of the globe, but their effects are felt all over the place. Because of course, we know the Internet is global. This panel, we put together, that is a number of us, to assess how these measures, when introduced, impact other regions of the world, and in particular, the global South. Now, we have an excellent panel, expert panel to discuss this, consisting of five people, two of them here, three of them online, again, showing the global nature of this discussion. We have with us Juliana Fontelles, who is sitting next to me. Juliana is a consultant for a special report on freedom of expression of the Internet. She is also a researcher at Interlabs and a project assistant at the Brazilian Association of Investigative Journalism. Welcome. We also have Masayuki Hata. Masayuki Hata is a researcher at the Interlabs and a project assistant at the Brazilian Association of Investigative Journalism. Welcome. We also have Masayuki Hata. We also have Masayuki Hata. Masayuki Hata is currently an Associate Professor of Economics and Management at the Tsurugaidai University of Japan. Sorry if I butchered that name. And you were originally trained as an economist and organizational theorist, and you write and speak extensively on intellectual property issues. But you also have, I think that is a hobby, which is very much related to encryption, and that’s as a contributor to the Tor product project and other privacy-enhancing technologies. Online, we have a number of speakers, contributors. We have Mariana Canto, and she is a visiting researcher and Chancellor Fellow at the Berlin Social Science Center in Germany, Director of the Institute for Research and Law and Technology of RECIF, IPREC, in Brazil, PhD candidate in law at the University of Stirling in the UK, where she is part of the Interdisciplinary Cluster on Democracy, Human Rights, and Communication Advocacy in the Digital Age. Further, we have Pablo Bello. He is also online. Pablo is the Director of Public Policies at WhatsApp for Latin America. He graduated in Economics from the University of Chile. an MBA in business from Esada in Barcelona, in Spain. He worked at the Inter-American Association of Telecommunication Companies, where he held a position of Executive Director. He was also Chile’s Assistant Secretary of Telecommunication between 2002 and 2006. Welcome. Pratik Waghre, I actually, I hope I’m not butchering your name, Pratik is a Policy Director at IFF, he’s a technologist turned public policy professional. And Pratik has spent nearly a decade in the CDN industry as a consultant and product manager. Since moving to public policy, his research work has focused on a number of areas such as internet shutdowns, information disorder in the information ecosystem and governance of digital communication networks and social media in India. Pratik is also an alumnus of the U.S. State Department’s International Visitor Leadership Program on disinformation in the Quad. So those are the speakers today, and you are the audience, and I expect a little bit of engagement. If all is well, we are about to share, Marcos is about to share, Marcos Pereira, who is online, is about to share a QR code to a Mentimeter board. And if all is good, that will appear there. So we have a bunch of questions, just to heat you up, participate with us, grab your phone, and if you cannot scan the QR code, type in menti.com and enter the code 6831 2810. I repeat, 6831 2810. 2810. And we are offering you a bunch of questions that we hope you can add and we hope we get some insights from those questions. What is the risk of fragmentation in encrypted services offered? Have and have nots. Or talk to or talk not to. We see responses coming in and I’m going to wait a while so that people also online can participate. This was a thing at the IGF. How do we make things interactive? So this is our experiment here. I haven’t seen it in other rooms yet. Well, thank you. I think we leave it at that. High would be 10 of course and low would be zero. And I think that what we see here as a question or as a result is that people think that there is indeed a risk of fragmentation in encrypted services offered. Make an example of what is fragmentation. That’s what I mean with have and have not people who are able to use encryption services and people who are not able to use those services or services that only exist in a particular region. So there is an encrypted application that is only available in Latin America and you cannot talk to me in Europe. That would be fragmentation for me. So people are still entering their numbers. I find it interesting that there is some low votes. Perhaps we come back to that in the Q&A and I will ask you to raise your hand if you were one of the low voters, like you don’t think there is fragmentation at all, or barely, and explain why you think that. I’m actually interested in that answer and we’ll pick that on the question and answer section if I don’t forget to return to that. I believe we also have a second question on the sheet, we have three I believe. How can the internet ecosystem and human rights be affected by the extraterritorial effects of anti-encryption policies from other countries? So for instance, the Online Safety Act, how can that impact other jurisdictions? And I believe that this country has a number of words that you can fill in. It’s always interesting to see what comes out, I’ll wait a few seconds. Okay let’s see what the result is. Now we see the word cloud building, that is what is happening. I don’t know what a surveyed surf dom future is. Ah, I think I know what it is, yes. A life in servitude, perhaps. The program doesn’t allow you to write about the normal circumstance. Ah, okay. And what does it mean? I’m going to ask you then what you mean by that sentence.

Audience:
I mean, if we are allowing surveillance or back-to-server encryption at this moment in time, it’s a slippery slope. And I think everyone knows that. And the whole discussion on child pornography is just used. I mean, it’s one good reason why you would want that, but it’s used to weaponize anti-encryption policies around the world.

Moderator:
Thanks. I think we have one more. Just have a look at this. I think this is not a very positive image, if I may summarize it as that. Do we have yet another question? No, the third one is the one that we finished the workshop, so it’s the same question as the previous one.

Masayuki Hatta:
See if we had some change in the opinion. So let’s ask our panel a couple of questions. So Masayuki, starting with you, the Internet has become essential for public and private services. Everybody is essentially using the Internet. And in countries such as Brazil and India, encrypted services such as WhatsApp and Signal, Telegram, all those type of services, and not only in Brazil and India, are being used by big and small companies to run their businesses. And, of course, we’re using Brazil and India because they are very, very big countries. you. How do encryption policies from the Global North impact Global South economies? It’s a very, very difficult question for answer because I live in Japan and I think, I’m not sure about Global South. I have been to India or Brazil and I think in Japan, many people don’t know about encryption or more specifically, many people don’t know they are actually using encryption usually, which means, for example, in Japan, so many people, almost every people are using application, smart phone application called LINE. LINE is something like WhatsApp. So I’m pretty sure in India or Brazil, Global South, WhatsApp is widely used and in Japan, LINE is very widely used and LINE has a protocol called letter sealing. It’s end-to-end encryption protocol. So I think one big issue before we think about the foreign influence or something to Global South is actually, I’m not sure how many Global South people know they are using encryption already. I’m not sure, is this the answer to your question?

Moderator:
But suppose that people are using, they are using encryption without knowing it, but still if they are not able to use encryption and And the confidentiality that is now offered is taken away from them. What do you think would be the impact?

Masayuki Hatta:
So I mean they don’t know they are using encryption already, so they might not be aware that when encryption is prohibited or gone, I think that’s one of the problem I guess we face, because we or they don’t know the true value of encryption without knowing it. And I think that’s a situation in my country or global south.

Moderator:
Thank you. I think we might return back to that. Mariana Kanto, let’s see, where are you? You are online. The current geopolitics shaped by the history of colonization and new forms of dominance reflect the perspective of the global north, at least that’s something that we hear often. Not to dismiss that in the way that I said that a minute ago. In your evaluation, how do the power dynamics of the global north impact the construction and development of cybersecurity policies in the global south? Is the tech dominance, the colonial nature, the colonial history, does that play a role in all of this? Over to Mariana.

Mariana Canto Sobral:
Thank you so much for the invitation first, it’s a pleasure to be here, it’s always an honor to be at the IGF, and I thank to ISOC and I also thank to IPEREC for the invite. In relation to the question, I think global south countries, they tend to follow general trends that happen in the global north. Sometimes due to necessity, for example, transnational regulations such as the GDPR, and because if you don’t adhere to this kind of regulation, you’re excluded from the global market. Other times due to what is perceived as a global trend, for example, the import of narratives produced in the global north. For example, in the case of encryption by law enforcement actors. However, those import of narratives, especially this letter case, are very dangerous when you have open discussions happening in the judiciary, for example, as the case in Brazil. For those who don’t know, I’m from Brazil, and we’ve been following the recent discussions in the judiciary since the shutdown of WhatsApp in 2015 and 16. So when you import those narratives and during those kind of discussions happening at the same time, those dilemmas can be tricky and can harm encryption many times. So I think it’s also important that those measures such as the weakening of encryption can have extraterritorial effects in relation to the application of the law in other countries such as the UK now act, but also in relation to the import of those narratives. So the extraterritoriality is not only in relation to the application of the law, but also how the narratives work around the globe. So, for example, even if the country does not choose to adhere to that certain regulation, presidents can make a risk for encryption to exist in a certain country. I talked about the online safety bill, but I also now act, but we’ve been following on the kinds of regulations such as European ones that are being developed and that are very much influenced our bills on fake news, for example, and our AI strategy, too, that’s following the AI act in Europe. It’s impossible to talk about encryption. Latin American, I would say, without talking about power symmetries and the regulation of encryption, regulation itself. It’s impossible to talk about law without connecting to the real world because regulation does not operate in isolation. We know that. It needs the real world to function. Otherwise it’s just useless text. And in relation to privacy, I question sometimes the privacy concept that we use. According to some experts like Paya Aurora, we’re gonna have a legislation that’s based on privacy concepts, that, for example, still consider privacy, related to attitudes of Western-based, white, middle-class groups. So in this case, privacy is a privilege of many. And we can see this not only now, but during over the years and centuries and centuries, such as when Simone Brown talked about the lantern laws in the US, that you would have people being obligated, people of color being obligated to carry a lantern with them in order to be surveilled. So privacy is a privilege, and I believe that still nowadays it’s a privilege of the very few people in the world. And the awakening of encryption tends to even accentuate this kind of power symmetry. Today, we have a very, very serious agenda that’s being discussed, which is child sexual abuse material online. And it’s a very, very difficult matter to address. And even more, when you see that survivors and victims are not being heard in most discussions, that’s because when we talk about encryption, when we talk about regulation, we still consider children as unable or lacking in agency. And that for me, it’s a very relevant matter in order to include those voices in the debate. And not only the victims and the survivors, but also the people that work with those subjects and those people. So, I think it’s very important to understand the power symmetry not only in relation to the Global South and North, but also in relation to the people who are connected to the issue, in this case, children versus law enforcement authorities. But as the discussion is also connected to Global North and South, we can see that the Global South countries are still being highly affected by policies that are not made by them, and they are still perceived as unable to enforce rights, between quotes, I would say, and as many times open-air laboratories for highly intrusive technology. We’ve been following lately after the Pegasus case, and the investigation of the Pega committee, that highly intrusive technology is being used and exported to countries in the Global South with the permission of the Global North in countries that defend human rights. So, even this kind of, is this regulation enough to protect the Global South? That’s my question, like sometimes I wonder if our notion of privacy is enough to protect all of vulnerable groups in the world. And unfortunately, I don’t have many answers, I have more questions than answers, but I would love to debate this questioning of the status quo, let’s say, and how we can bring our region to the center of the debate and to be heard. And it’s such a very important debate for all of us. I think that’s it, thank you so much.

Moderator:
Thank you, Mariana. If I may, so I’m looking up because the screen is there. If I may ask a clarifying question. In the context of, you were just talking about questions around the status quo and I was trying to understand how would I summarize that status quo and I call it lack of sleep, I couldn’t. Could you summarize the status quo as you have it in your mind, just in a line or two?

Mariana Canto Sobral:
I think the current status quo in relation to encryption, we still see encryption as a threat to vulnerable groups and I don’t think this is how we should perceive encryption. I think encryption can be a huge ally to those who are underprivileged and those who are in a situation of power symmetries. So I think we have to question this narrative or maybe the status quo that encryption is still perceived by some actors as a barrier to protection. Security doesn’t mean that the lack of privacy doesn’t mean that we’re more secure. That’s what I meant.

Moderator:
Thank you. I think that was at least very clarifying for me and I presume also for others. Patrick, Pratik, over to you. Digital services from the Global North, they have the things that are developed in the Global North, the services that are deployed in the Global North have a large influence in shaping the internet, if only historically. Of course, that is creating dependencies on that technology for everybody, including people from the global south. India, however, has tried to face some of those challenges, and I think it would be useful for you to explain what those challenges were and what insights we can draw from India’s digital sovereignty policies that are relevant to the ongoing encryption disputes. Prateek, over to you. All right.

Prateek Waghre:
Thank you very much for having me. I was told I have about 10 minutes, so I’ve just started my timer to make sure I don’t go over. I’ve got three things that I broadly want to cover through the question, and I want to talk about encryption, but without actually, for large part, directly talking about encryption. So I’ll start with an example from India that highlights how actions taken by global north or western institutions, not just government, not just services, can have an impact in other parts of the world. I want to make a general comment on the idea of regulatory contagion, where an instrument in one part of the world or one country can be imported into other countries, even if they have different underlying objectives. And then finally, I’ll just come back to specifics about India and some of the current or recent regulatory interventions that are happening here and why some of them are concerning, especially from the encryption perspective and more broadly from the individual autonomy perspective. So as you aptly asked, digital services certainly have an influence, but I want to talk about a very specific instance. So on August 5 this year, the New York Times reported on alleged links between a quote unquote tech mogul in America and propaganda networks from China. A lot of the details are not directly relevant to the present conversation, except for one point where they included a reference to a news portal in India that also happens to be very critical of the current union government and for a number of years now has been at the forefront. the receiving end of harassment obstructions by the country’s financial investigators, who themselves, over a period of time, have become increasingly partisan in terms of the people they pursue, right? Now, as recently as last week, citing some of the allegations in that very story, law enforcement offices conducted quote-unquote raids or seized electronic devices of around 50 current, former reporters, contributors, staff of the organization called Newsclick, including arresting two people, the founder and the HR head, under a law meant for terrorism charges, right? And this law currently has a history of people being detained for months and years without a trial, right? Now, you could argue that the paper was not aware of the consequences of its reporting, but people who declined being quoted in the story have come out publicly saying that they didn’t want to deal with the story in its current form. And one of the organizations quoted has also come out and said that the ultimate report didn’t include its categorical denial, right? So this just goes to show that actions by institutions, you know, in the global North, sometimes out of ignorance, sometimes, you know, knowing fully well, can have outside effects on people in the global South and in other countries, right? And I want to quickly cross the Atlantic Ocean, right? From a US specific example and go to Germany. And of course, everyone is, you know, at IGF is likely aware of the Network Enforcement Act or on NETCG, right? Now, I’m not going to go to specifics of the provision itself, and none of this is either a comment on its effectiveness in the German context, because I do not have expertise there, but multiple scholars and researchers over the years have alluded to some of its provisions being imported by other countries, right? Especially with more authoritarian leanings and, you know, apologies in advance, I’ll just quote. through some of them very quickly and apologies if I mispronounce some of their names. But Heidi Torek in a 2021 paper stated that bills at the time in Malaysia, Vietnam, Kenya, Venezuela invoked similar language about broad and elastic categories. And that’s the quote that Russia and Singapore made references to it in some form either directly or through statements. Isabel Cannon refers again to Russia, Singapore, and Turkey and notes how some of them have incorporated provisions requiring local presence. And this has a context as we’ve seen in certain instances as reported with Apple and Google. In some cases, recent Washington Post reporting about India suggests that these local presence requirements have been used to threaten companies and their employees as well. And in a foreign policy essay, Jacob Changama and Joel Fisk cited a 2019 Freedom House report which said that since NetPG or the Network Enforcement Act was enacted, about 13 other countries have enacted similar intermediary liability regulations using a similar framework. Again, I’m making these points not directly from encryption, but just to make that these are the forces of factors at play. When you have regulation or when you have regulated designs in some of these countries, they tend to get exported. And we’ve already made references to the Online Safety Act, which is something that we are working very closely and with a lot of concern to see how some of that language then gets imported to other countries as well. Now, I want to come now specifically to India. And I’m going to sidestep the definition of digital sovereignty, because I know that that’s much contested, much debated. But as things stand, India is currently in the midst of rewriting a lot of its laws that govern digital spaces. And And unfortunately, there are several bad things in there that us as civil society organizations are concerned about. And it matters also globally, because of the sheer number of people in India, it has a precedent-setting capability. And as Kiran Ohara and Wendy Hall describe in their book, it’s a swing state for the future of a lot of regulatory practices. Now, there are three or four specific items of regulation that I’ll talk about, which is the certain directions of 2022, the current draft telecommunications bill, the Digital Personal Data Protection Act of 2023, and the current efforts to rework the intermediate liability framework through updates to current rules and potentially a new impending bill. And a common thread, before I get into specifics, a common thread that we’ll see is that a lot of them amass a tremendous amount of control and discretion for the union executive with limited oversight over their actions, and often leaving us very little to rely on other than just verbal assurances, which are not really enforceable in a lot of cases. So the certain directions, which were notified in April 2022, these impose the six-month log retention requirement on pretty much all internet services that operate in India. Specifically, also had a five-year retention period for various types of data. And there’s some nuance here, but various types of data for information about customers retained by VPNs and by cloud service providers. What this means for zero knowledge services, I think, is a huge open question. Then the intermediate liability framework, which is the IT Rules 2021 and subsequent amendments to it, these introduce what GNI has called hostage-taking laws, right. They introduced traceability requirements directly relevant in the context of end-to-end encryption, which is essentially the idea that you can trace messages on end-to-end encrypted platforms and you can trace them to the point of origin without compromising end-to-end encryption itself, right. You have provisions for a grievance committee that is appointed by the executive that has a direct say in content moderation decisions that digital services may take and more recently, you know, a fact-check unit being envisioned that will be used to flag content about the government itself as fake or false, right. Then the telecommunication bill, which expands the definition of telecommunications so broadly or define them so broadly that they can impose licensing requirements on pretty much any service on the internet and this is relevant because the licensing requirements then can potentially include obligations to intercept messages, again, a direct implication for end-to-end encryption or identity verification requirements, right. Again, for a lot of services that people rely on and, you know, have a huge implication for vulnerable populations that tend to use these services, right. Then there’s the Data Protection Act which was recently notified which imposes incidentally duties and potential for penalties on people if they withhold any information from the state and in a very interesting inversion, it grants the state the ability to process large amounts of personal data under a clause for certain legitimate uses but pretty much exempts the state from the right to privilege, right. So, you know, if I were to come back and, you know, it’s not a happy picture that I’m painting but these are some of the trends that we’re seeing currently in India. Some of them have very significant, I think, implications, right? For the ability of people to be able to use end-to-end encryption services, not only in India, but globally as well, because there is a precedent-setting ability that, you know, that it has got. I’ll pause there. I realize I think I’m done with my 10 minutes.

Moderator:
Thank you. That was a very comprehensive overview of the issues, and also clearly the sense of precedent-setting of all of this came out clearly. Pablo. Pablo is also online. Recently, WhatsApp declared that if the online safety bill were to be approved, and in fact, it has by now, the company would exit the United Kingdom. I believe there was a nuance with that, if it would be approved and implemented in the way that it is approved, so to speak. In the company’s assessment, is there a potential risk of internet fragmentation of encrypted services providing stemming from the anti-encryption policies like the one that is put forward in the UK? Pablo, please.

Pablo Bello:
Yeah, thank you so much for the invitation. I’m very glad to be with you. Sadly, from Brazil, so it’s 2 a.m. in the morning, but it’s all good. Yes, I think this is a very important question, and in particular, of course, I’m seated in this panel in representation of WhatsApp, but I am also a Global South person living in Latin America, and I have been working for the Chilean government on this kind of issues in the past. So my perspective is both the company perspective, but also mine perspective from the Global South. And yes, the company strongly believes that the threats on encryption, the risk that we are facing in- UK, in the European Union, and in other parts of the world, creates a huge risk of fragmentation in terms of imposing, in some sense, lower standards of security and privacy for global communications. Of course, internet, it’s a global network, interconnected network. If one part of the network has lower standards, that has implications to everyone. And I think it’s super important to consider the perspective of the Global South in that debate and in that regard, because the effects of decisions made in the Global North, in few countries, could have implications everywhere. And in particular, I would want to stress this idea that weakening encryption in one place affects the entire world. One data that I think is important to introduce in that discussion is not a technical data, it’s a political data. The economists presented this survey year by year regarding the quality of the democracies in the world. And only 8% of the world population lives in full democracies, only 8%. And it’s not by casualty that these countries are in the North, in the Global North mostly. And in particular, in Europe, UK, of course. And 55% of the world population lives under authoritarian regimes or hybrid regimes. 37% under authoritarian regimes where human rights are not respected. So the problem we have here is that if we, from the Global North perspective, introduce pieces of regulation that weaken encryption because they believe that their institutions are strong enough, the rule of law is strong enough, and that would be fine from their perspective. I strongly believe that that approach is wrong, but if they believe that, they should consider as well the implications of that decisions globally. And this is very important because… Because most of the people in the world lives under flower democracies or not democracies at all, without rule of law, without proper institutions, without balance of power. So when a country in particular, the UK or the European Union, make a decision in terms to weaken an encryption, it’s affecting the lives of people everywhere. The activists in Nicaragua, the activists in Venezuela, the activists in Saudi Arabia. So I think this is why it’s so important to have this discussion here at the IGF, because the implications are not limited to the borders of every country. So yes, the introduction of country level regulations that weaken an encryption has global effects. And it’s super important for the technical community, the civil society and the private sector to continue working together, trying to make the case that these decisions will be profoundly wrong. And that will create a huge, huge impact. Besides this idea that weakening encryption in one place affects the entire world, two other concepts that I want to mention. The first one, of course, is the falsehood of the trade-off between safety and privacy. Of course, this idea that you can get more security, you can get more safety, reducing privacy is completely wrong. And we know that. But it’s important to repeat this idea, because it’s in the core of this discussion. And second, weakening encryption hurts everyone. This idea that is still in the center, in the core of some of these attempts of regulation, that you can create a backdoor or you can create some way to reduce features of security for certain people is not true. We know that it’s not true. So based on these three concepts, I strongly believe that we should continue fighting against those ideas. And going to the idea of the status quo that you asked it before, I fully agree with Mariana. Nevertheless, the status quo on encryption is better than the… a terrible situation that we can be in the future if encryption is not protected. So part of the status quo is important to defend as well in order to preserve certain attributes of the internet that already we have. So yeah, I think this is my first intervention. Thank you so much.

Moderator:
Thank you, very clear, at least for me. Juliana, up to you. Brazil, 33 other countries with it have ratified the American Convention on Human Rights. It ensures, among other rights, the rights to privacy. In your assessment, how might the extraterritorial impact on anti-encryption policies influence the rights safeguarded by this convention?

Juliana Fonteles da Silveira:
Thank you. Well, it’s a pleasure to be here. I hope people online can hear me well. And I would like to say that in the Americas, when we talk about privacy rights and data protection and other interests in conflict with them, the discussion goes in another direction and assumes other interests, other frames differently from regions like Europe. The right to privacy is not usually regarded as one of the most important rights and protections in our social context. And most countries in our region don’t even have data protection legislations and are far from bringing this discussion to the table, which means that there are no procedural safeguards that could limit the state and non-state power in accessing and processing personal information, which is the central issue of anti-encryption policies. And this favors the flourishing of those very popular narratives that claim access to data for law enforcement agencies and other decryption measures. as a solution to protect other highly valid public interests such as the protection of children, security and public safety. And at the same time we are also talking about the region in Americas where in many countries an absence of rule of law, judicial independence and democratic stability prevails and because of that state abuses of all sorts are not subjected to street control. And likewise countries in Latin America and Caribbean, even the ones that have a long history of commitment to democracy, are guided by traditions of violent repression of protests, murder of journalists, persecution of human rights offenders, arbitrary arrests related to the expression of opinions, criminalization of LGBT people and of abortion for instance. And the information about all this trivial behavior is registered in private communications protected by encryption. So in this regard at the Inter-American Commission on Human Rights we have increasingly received reports on the persecution and online monitoring of activists and journalists that report cases of corruption or that represent conflicts with the interest of the political regime in their countries and the penetration of surveillance softwares and other methods of surveillance to persecute them. Also in Central America there are a growing number of legislations that criminalize and suffocate the work of NGOs being put in place and these organizations rely to a large extent on the protection of their private communications and to do their work on defending human rights and supporting the victims. So keeping all this in mind we should consider how this scenario can be pervasively viewed and these rights undermined by weakening end-to-end. encryption techniques and giving government agencies access to private communications. Because we are talking about an imagining amount of data that that offers comprehensive information about all thinkable aspects of individuals life. In context of abuse it doesn’t matter whether you have something to hide or not, being a government’s target is enough to be harassed by by digital surveillance in case where what one says says or what an organization does threatens the credibility or the legitimacy of the regime or because one’s behavior is incompatible with the government’s moral agenda. And making the content of private communications available qualifies the state capacity to conduct those arbitrary measures to an extent that we are still unaware, which ultimately choose expression and intimidates activists, activities of human rights reports, adds the pressure of reprises to to LGBTQ people or people who are pursuing reproductive rights and in some case facilitates also the tensions and killings. And journalists for example rely deeply on encrypted communications to communicate with their their sources and do their work of investigation and reporting and to shed light on issues of general concern that support the functioning of a democratic and accountable political regime. Encrypted communication has also been necessary for activists and protesters and has been threatened by states that continuously try to intercept communications in times of protest or civil unrest and people who may be at risk benefit from encrypted communications to hold opinions safely and without unlawful interference and attacks. That said, I would like to answer the question by stating that the effects of anti-encryption policies in the American go beyond the sole protection of privacy, as if you were detached from other rights. The encryption debate needs to be framed as a matter of human rights in a broader sense, and as a matter of freedom of expression, given its role as a gateway to securing the right to opinion and the collective dimension of freedom of expression, which allows the society as a whole to have access to critical information and knowledge. And the problem is still much broader than this, because introducing, for instance, the so-called backdoors or any vulnerability does not provide access only to specific actors, as it is usually claimed by these legislations. The introduction of these vulnerabilities gives all malicious actors access to private communications, and can be exploited by the same criminal and terrorist networks that the limitations aim to deter. And the consequences are severe, because we haven’t been seeing the reports of Snowden on state surveillance over foreign states around secret and strategic communication. And this highlights the effects on sovereignty and national security produced by the weakening of encrypted communications. And on top of that, particular attention must be paid to the fact that undermining encrypted communications means that we are making even more personal data and data of all aspects of an individual’s life available to private actors from the technology sector, whose capacities of merging databases and profiling are already incredibly high, and who use this data to train and feed AI models and deploy micro-targeting and recommendation strategies, for instance, which impacts the digital public debate as well. And in this sense, we We should bear in mind that digital technologies developed by these actors have become more reliant on user data based on demographics and behavior and non-encrypted private communications and private non-encrypted policies offer a vast amount of this type of data and facilitate corporate surveillance. And when it comes to these digital technologies, this has not only effects on privacy, concerns of consent and in the democratic public debate, as I said, but it is also usually related to reports on bias and discrimination on AI models and which ultimately has effects on human dignity, equality and also non-discrimination rights. Well, besides that, I would like to highlight that the rise of anti-encryption policies in jurisdictions of the Americas and in Europe could inspire other new repressive internet regulations in the region, since we have already seen an increment in rhetoric using online safety and security as a means to crack down on internet freedom across Latin America and to put forward regulatory proposals to suppress human rights in the online environment. And if all of these restriction efforts on encryption could represent these threats to human rights, especially privacy and freedom of expression, then their implementation must meet the well-known three-part test, which states that any limitation on expression must be provided for by law, may only be imposed for legitimate grounds and must conform to the strict text of necessity and proportionality. And well, under international human rights law, states are obliged to protect privacy and freedom of expression against unlawful and arbitrary interference and attacks. And just to I would like to say that we should move the conversation on digital communication in the direction of advancing people’s protection online and not people’s control and increasing surveillance, and we should be strengthening policies and enhance human rights centre approach to digital communications. Thank you.

Moderator:
Thank you. I do want to return to Professor Hata. I believe my question caught you a little bit off guard earlier, and I think you prepared some opening statements, so I want to make sure that I give you the opportunity to share your prepared thoughts.

Masayuki Hatta:
Yeah, not really, because I’m kind of confused as to whether Japan, I’m supposed to talk about Japan, but whether Japan is a global north or a global south in this context. I mean, yeah, so Japan is one of the developed countries, and we enjoy freedom, basically internet freedom and working democracy, but Japan is not really a trendsetter on this encryption regulation or something, because, you know, we don’t even have a big tech, any big tech, and so how can I say ? So I understand that the global south is increasingly regulating encryption and maybe oppressing democracy or something, and still, you know, I don’t know whether Japan is a trendsetter or not. So then, so how can I say, so even in Japan, many people actually do not support, many people do not support privacy or freedom or something. We have a bit of authoritarian tendency, and so we actually used the West or global north influence on making our policy or something, so every country could go either way, anti-encryption or pro-encryption, and many country is not originally, I guess, I’m not sure, many country naturally pursuing freedom or something, and we counter the tendency with the global north or west philosophy or policy, but still I think I heard that the global south people think the global north influence is not always good for global south policy or something, I might be misunderstanding, sorry I’m still open. being caught off guard, but I, so yeah, my main concern or my main question is, what am I supposed to talk as a member of Global North or Global South?

Moderator:
Well, thank you for your thoughts. One of the things that I thought about when discussing this, maybe there is also a West-East dimension to this, to the way that people approach this issue. But I want to turn around. I do have questions, but for the audience, either online, and I trust that somebody will take care of the online questions if they’re there, or in the room. Are people who want to add comments or say something or ask something of our panellists? Well, in that case, I’m going to ask a question, and of course, panellists, feel free to discuss among you. A question that I have around WhatsApp. So, the threat, or threat, yeah, I think it’s a threat, that WhatsApp made was at some point, if this law is going to be enforced in the UK, if Ofcom is developing technologies that will be able to scan content on the machines, and we’re pretty sure that’s not safe, then we will draw from the market. But if you do that, you provide that market no encrypted service any longer, and that means that the people who live there don’t have any means to communicate with confidentiality. Of course, that also fits in the playbook of non-democratic nations that would like to see encrypted technologies leave rather than come. What’s your thought on that? Is the threat of leaving actually the threat that you want to make?

Pablo Bello:
If I may, I’m going to start with this one.

Moderator:
Yes, please.

Pablo Bello:
I would not say that this is a threat. For WhatsApp, encryption is in our DNA. WhatsApp is an encrypted platform, and this is part of our definition. This is what we are. And it’s critical for WhatsApp to preserve that. The issue with the regulation that is being discussed in the UK and maybe in the European Union as well, is that we strongly believe that this kind of regulation will break encryption. We strongly believe that client-side scanning is against the principles and the characteristics of encryption. If that regulation is enforced and we have to implement client-side scanning in order to continue operating, that will create a huge risk, not just for the UK people, but also for the rest of the world as well. It’s not a threat. It’s the idea that in order to keep operating as an encrypted platform, it’s not feasible for us to comply with that approach if the deal is implemented in the worst way that we have considered. It’s important to clarify that. It’s not that we are pressing regulators in order to change the democratic decision of a certain country. It’s that we are saying that we will… defend encryption in the same way that we went to the Supreme Court in India to try to avoid the trustability prohibition that was decided in the IT rules, in the same way that we are debating in Brazil against trustability as well. We are defending encryption. And the idea that to break encryption in one country for a global platform, global communication platform as WhatsApp is just not feasible.

Moderator:
No, but I think even if it’s not a threat, but really the result of not being able to operate the service under your quality in a specific nation, the result is that you’re out of that nation after the regulation has been put into effect. And that might actually be also a way for countries to impose a regulation and see a signal on WhatsApp or leaving that country and leaving the population of that country without any encryption. Perhaps any of the other panelists would like to respond? Ah, there’s somebody from the audience. Thank you.

Audience:
I love this panel. And I just wanted to comment on your question, the last question. I think there is no compromise possible for these platforms. Once you compromise on encryption, then there is no going back. And then there’s just no more encryption possible. I think that the question you asked, and forgive me for this, but it’s a false dichotomy because it’s not that either you comply and then you offer your services to all these people, or you don’t and they don’t have access to it. There is another alternative to all of this. And this relates a lot to technological literacy of the people within that jurisdiction. And I think that we can work more on this. if we can do it in the same way in authoritarian places where some of these apps are forbidden, people still have access to them, then, like, the same can be applied in other form of non-authoritarian, per se, jurisdictions, too. So, I think that there are third, fourth, fifth alternative ways to do this. There’s a very good example. We just launched market blockchain, and I follow a bit the discussion on this. This has been standardized by the MLS from the ETF. This is a very good example, and it’s a very good example of how we can use blockchain to do this. In fact, some of the countries want to hinder encryption, and the first question was about how much this can create fragmentation, but in theory, if we have a network that is interoperable, the network becomes global. Depending on the client you have, you can plug in, and I hope the person in this state can still get access to the blockchain, and this is a very good example of how we can use blockchain to do this. This is a very good example of how we can use blockchain to do this, but this provision, this infrastructure can guarantee that the world is as safe as possible, and do not exist, let’s say, a monopolist that can, in fact, influence a billion of people. As far as I know, this was endorsed by other SUDs. Let’s talk about blockchain. to keep the monopoly. So, if you want to keep the monopoly, you have to have a good security for all your users, or you want to avoid it because it’s the best way to keep the monopoly.

Moderator:
Thank you.

Pablo Bello:
Hi, I’m not a technical expert on encryption at all. And it’s regarding the technicalities, how to implement that without reducing or introducing additional risk. And there is a huge discussion with different perspectives, and a lot of experts have stated that the interoperability as is proposed or decided by the European Union in DMA, could create some vulnerabilities in terms of how the information is protected. And which standard? Who will decide the standard? Why one standard? How that could create implications in terms of the development of the different standards? There are different approaches on encryption, on end-to-end encryption. Signal protocol is one. There are other approaches or other technologies. So, it’s not an easy question. It’s important to have more solutions or more protocols in the pipeline. It’s an ongoing discussion, of course. It’s not a dogmatic approach on that. The critical aspect from our perspective is to ensure that the high standards that we are introduced using the signal protocol on WhatsApp is protected. And at the same time, and this is also the other side of the discussion, is that the integrity measures are also available in order to avoid some kind of the misuse of the technology that is already a risk, that we already know that. So it’s an ongoing discussion, and I would prefer to have other people from the company explaining the technicalities of our approach.

Moderator:
We have the chair of the IAB, who knows everything about the ITF standards process.

Audience:
Not everything. Oh, almost everything. Hello, my name is Mirko Levin. I’m the chair of the Internet Architecture Board. I wanted to comment a little bit, and I would also like to comment on your part, but I also want to comment on your idea. What happens if we don’t have an encrypted communication platform anymore? And there’s one thing, which is there are a lot of circumvention techniques, so you can still access services in other countries, because the internet is a global platform. So it’s really hard to block access from just one country. I think that’s a very important point. The other point is also, encryption is not a layer. Encryption is a function that you can implement on every layer of the stack, and the stack, the way we design the internet, the way we design the internet architecture, is that you can kind of stack things on each other. So you can also always kind of add another layer with encryption somewhere else, right? So this might then be a cat and mouse game or whatever. So that’s also, I wanted something to say. It’s like, if you try to break encryption here, this is not the silver bullet, because encryption is, and security is a function, and not like something that you only deploy in one place. And then to comment on the IETF, I cannot speak for Matter, of course, but I think you cannot generally say somebody has withdrawn participation or whatever, because we design standards that are, a couple of companies are involved in the designing process, hopefully enough companies, so we can design a good protocol at the end where we have agreement. between a large enough group, but we design our protocols for like all internet participants, right? So everybody can adopt that. And for this specific case, the reason why we’re standardizing something is not necessarily interoperability. It’s not that, like hopefully we come there as well, that like different platforms maybe can talk to each other. But the reason why people came to the IETF to standardize that is to actually get this engagement from other companies and then get a really good and secure and well-designed protocol. But it doesn’t mean that like other people who don’t deploy this protocol doesn’t deploy encryption because as the person from it I just said, there are many approaches to that. And it’s not about interoperability if you talk about encryption within one platform. So I wouldn’t read too much into like who is actually actively driving work in the IETF. It’s more important who is actually adopting and deploying these technologies.

Moderator:
Yeah, and that work really came out of a DMA requirement, Digital Market Act requirement, or Digital Services Act requirement. I wanna…

Audience:
No, it’s not DMA, it’s a digital work requirement.

Moderator:
I was asking a leading question actually. So I wanna clarify that a little bit. Suppose that we lose a signal from the market, we lose WhatsApp from the market, and I think you also touched upon that. Then one would hope that people are looking for different alternatives. And of course, the issue with companies like Meta, like Signal, like Telegram, they have an office, they have a corporate presence. And my prediction would be if something like that happens, that the users that… The internet always routes around its problems. That’s a famous quote. I don’t know who said it, but the internet always routes around the problems. Or the internet only just works, always just delivers what you need. And what I think what will happen is that people will start to move. to decentralize services. Just like the Tor network, Professor Hatta, you’ve been working on that, the Tor network provides decentralized means to provide encryption. During the security conference in Las Vegas, caught DEF CON, yeah, the cult of the dead cow released valid, a new protocol that’s highly distributed and has privacy and confidentiality guarantees. Not to say that that has stand the test of time yet, but at least those type of things I think the world will move to. That was, sorry for my intervention here, but that was a leading question in some way.

Audience:
Hi, I just have a quick question, I think, for the WhatsApp representative, and it’s on this topic as well. The question for me, my focus around encryption is that it’s oftentimes one party of the two-party conversation is the one that’s requiring encryption. Oftentimes it’s the way that diasporic populations communicate with each other. And so when we talk about legislation that removes WhatsApp from UK, a country that has tons of migrants from all over the world, tons of citizens who have families in other parts of the world, is this a frame of, is this a form of oppressing the global South who are your earliest users and your earliest audiences, and they find the most use out of this to this day? Do we see the parallels between the global North shutting down communication lines that the global South uses, and then we’ve spent decades condemning folks who shut down access to Google, and do we see there might be a similarity where the North cares about encryption and shutting it down, I’m sure the South does as well, but isn’t seeing how that is an oppression? And then I go back into a question.

Moderator:
What is the question? So I’m going to come to a time later and Tia Windrup wants to put in to a discussion if I can wrap up.

Audience:
But I will take turn and build it up again. And Tom is from Facebook and that’s a really close . If they go all the way down the operating system, they go google, put android sensor, everything. When it goes to any application. It’s two companies and you are out of luck.

Moderator:
I think that’s a correct observation. The question we had online was, from

Audience:
Monika from Germany. If you can make a legal case against a government that with its encryption legislation is in violation of international human rights by which it has signed up. So, there was a typo in that sentence. But I think that’s a good question to you. Is that a case one can make? I think that’s a good question to you.

Juliana Fonteles da Silveira:
question. Well, yes, we do a lot of that in the Inter-American Commission Human Rights. We have in the Americas a lot of proposals, regulation proposals, and other efforts of non-encryption policies, including Brazil. And what we do in the Inter-American Commission Human Rights, it’s basically, we have reports, and we issue recommendations to states and to private companies on the issue. I think we have a lot of recommendations on those violations on human rights, and how this affects human rights. besides only privacy, as I said, like freedom of expression rights and discrimination, non-discrimination rights and human dignity. And we also have other mechanisms, such as public hearings, where we also receive civil society and other actors to make a case and discuss with states around those violations, so it would be something in this line.

Moderator:
Thank you, Juliana. And there was the question… Right over here. Yeah, but in the meantime, I would like to offer Paolo the opportunity to answer the other question in the room, if you can.

Pablo Bello:
Yeah, sure. Super quickly. Look, WhatsApp, of course, don’t want to stop working on UK at all. Quite the opposite. WhatsApp wants to keep operating with the highest standard of protection with end-to-end encryption worldwide. WhatsApp is mostly a Global South platform. By far, most of our users are in the Global South, India, Indonesia, Latin America, Brazil in particular. This is where most of our users are. And we have the duty and the responsibility to protect those users all the time. So, of course, we want to continue working and operating in the United Kingdom. This is what we want and this is why we are pushing hard and this is why we have this coalition with other companies and with the civil society in order to avoid having a regulation that will affect encryption. Because we strongly believe that this kind of regulation puts people’s lives in jeopardy, not just in the UK, but worldwide. So this is the point and this is what we want and this is what we will continue doing. It’s not a threat. And, of course, we want to protect the diaspora. We are trying to protect people everywhere by defending encryption and we will continue doing that.

Moderator:
Thank you very much. In the last five minutes of our panel, I want to give the panelists an opportunity to give final remarks of each one minute. Starting with Juliana.

Juliana Fonteles da Silveira:
Thank you. I would just like to say that we either have, when we are talking about encryption and human rights and online and digital communications, we don’t have an in-between situation. We either have encrypted and protected private communications or we have readable messages and communications. So we don’t have evidence that shows that mass surveillance allowed by non-encryption policies have ever been effective to proportionate safety as these policy efforts claim. So I guess it’s that.

Moderator:
We’ll always be abused, is what you say. Professor Hata.

Masayuki Hatta:
Okay. Sorry, I’m kind of confused and I couldn’t reply properly this time. I think the basic attitude is that technology doesn’t choose the country or users. So even if the country regulated it, we can use it, like WhatsApp or Apple or Signal, just walk away and just exit. So I still don’t understand this discussion’s main point. Sorry.

Moderator:
Would users, if those services would not be available, since you’ve been a contributor Do you think that is a way out?

Masayuki Hatta:
I’m not sure what way out means, but users can use it, even if it’s banned or prohibited. So the Global South program, about the regulation or something, is basically a political program in Global South countries, so I’m sorry, I still get the main point of this discussion, but maybe I’m the only one, so thank you very much.

Moderator:
Thank you, thank you. Going online, Mariana, please, final thoughts.

Mariana Canto Sobral:
I just want to thank for the debate, I think it was a very rich debate, and I leave here my voice to echo with Juliana and say that encryption is a human rights matter, and I think it’s essential that we preserve encryption, and the Global South take the position of protecting it and not threatening it, and I hope that in the near future we can adopt this position of relevance as we did post-Snowden revelations, in which we built a very strong civil rights internet framework in Brazil, and I hope that we can also take this position in relation to encryption too, in building regulation or even building policies that are going to strengthen encryption in Latin America.

Moderator:
Thank you. Pablo.

Pablo Bello:
Yeah, well, thank you so much for the invitation once again. My final message, I think it’s critical to civil society, the technical community, and the private sector reunited at this IGF to continue working together to convince some of the governments of the that we can encryption won’t make their own society safer, but we’ll put millions of people at risk. And most of them, most of the people affected are in the global south. Thanks so much.

Moderator:
Thank you. And then last but not least, Prateek. Thank you once again.

Prateek Waghre:
I think this was a very interesting discussion and conversation. Just two quick points. I think one, I will echo, I think, what have been called across the room about the need for solidarity to protect encryption and end-to-end encryption. Because I think we are headed for a slightly tumultuous period in that sense. And there is need for a lot of us to work together to ensure that it remains defended, protected and advanced in the years to come. Second, not so much of a remark, just a lead. I mentioned traceability. Some of you will be interested to know that over the last couple of weeks, there is a case in India where a high court has handed out first traceability order, which I believe WhatsApp has been able to go and get a stay for. But I would just say, watch that space and we’ll have to see how that one evolves.

Moderator:
Thank you for that. And with that, I would like to thank the panelists and the engaging audience in the room for input and comment. I hope and think there is hope for this dossier for keeping encryption available for everybody. Because we also heard that if we start eating away at it, not only at the legal side, but also technical side, that will cause a race to the bottom. And we’re not there to see that happen. Thank you very much. Thank you for watching.

Audience

Speech speed

199 words per minute

Speech length

1429 words

Speech time

430 secs

Juliana Fonteles da Silveira

Speech speed

150 words per minute

Speech length

1694 words

Speech time

676 secs

Mariana Canto Sobral

Speech speed

152 words per minute

Speech length

1237 words

Speech time

487 secs

Masayuki Hatta

Speech speed

94 words per minute

Speech length

779 words

Speech time

496 secs

Moderator

Speech speed

137 words per minute

Speech length

3145 words

Speech time

1380 secs

Pablo Bello

Speech speed

130 words per minute

Speech length

1759 words

Speech time

811 secs

Prateek Waghre

Speech speed

169 words per minute

Speech length

1842 words

Speech time

654 secs