Encryption and anonymity, rights and risks

12 Nov 2015 11:00h - 12:30h

Event report

Anonymity and encryption are two widely discussed issues in today’s Internet. This session shed some light on the position of government, civil society, and academia on encryption and anonymity on the web.

The session began with a presentation from David Kaye, the UN Special Rapporteur on freedom of expression. Earlier this year, in June 2015, he presented a report to the Human Rights Council which highlighted the need for greater protection of encryption and anonymity online.

Kaye shed some light on the process of making the report, emphasising that the paper would not be created without valuable inputs from civil society. He pointed out that anonymity is in a worse position than encryption and more attacked in a public space, and in some countries is constitutionally banned (like Brazil). He reminded the audience that encryption is most closely related to our security as well as our economic prospects. In his words, many countries see this as an economic issue.

Juan Diego Castañeda, Fundación Karisma in Colombia, shared his concerns about the overall problem of convincing people to start using encryption software or encryption techniques. In many cases people don’t care. He presented the work of his foundation and stressed the importance of working with journalists since the anonymity of sources is a crucial thing for this profession.

Professor Chris Marsden, Oxford Internet Institute, provided an overview of draft proposal for the new Communication Data Bill to be enacted in UK. On a positive side he noted that this draft actually started a healthy discussion on encryption, both within regulatory bodies and the general public. On the bad side, the new law would require metadata retention for ISPs for a 12 month period. This will create enormous expenses and could have dangerous implications for the cloud industry which is strong in the UK.

Elvana Thaci, Council of Europe, presented two jurisdictional cases in which the European court of human rights dealt with anonymity and encryption. The ECHR concluded that anonymity is important for the free flow of ideas, but this value is however not absolute and needs to be balanced.

Pranesh Prakash, from CIS India, presented the case from Indian legislation on encryption. He pointed out that there is a general ban of bulk encryption empowered by telecoms. Adding that Government imposed the regulation that plain text of all encrypted data needs to be saved for 90 days.

Ted Hardie, representing Google, pointed out that Google is working hard on strong encryption by default for all Google services and all data, both stored data and data in transport. He expressed the belief that mass usage of encryption services will make encryption the ‘new normal’. On an anonymity side he apologised for Google’s Real Name policy stating that it was a mistake.

Alexandrine Pirlot de Corbion, Privacy International, added that we only hear about the bad aspects of anonymity and encryption, for example the dark web, but it can actually allow the media to act freely, and also create increased safety. It’s not about whether we should give our governments the key to our houses, as they will not be the only ones who have access to them, and they may possibly leave the doors open.

Kaye added that there is a need to develop guidelines for prosecutors. These guidelines need to be embedded in law. We don’t need special solutions for online problems; we can redesign some tools we already use in the offline world. Other panellists called for developing the technology and constant use of encryption for private data. A balanced approach is clearly needed.

By Arvin Kamberi