This workshop placed the participants in the hypothetical scenario of living in a world of pervasive encryption and explored the potentially resulting tension between law enforcement objectives and encoded information.
Firstly, all the panellists were asked by the moderator, Nicolas Seidler from the Internet Society talked about the likelihood of this scenario arising.
Generally, the panellists agreed that pervasive encryption could become a reality within the coming decade, and many of them thought that this development could be triggered by a scandal that made people realise the importance of protecting information.
Michael Nelson, from the Internet startup CloudFlare, emphasised the need for user trust in encryption and compared it to antibiotics: you don’t know if they work and you have to trust them that they work.
Ted Hardie, Executive Director of the Internet Architecture Board, expressed his hope that encryption will become the default, and underlined the importance of confidentiality in online communications.
Carly Nyst, an international privacy expert, saw pressure for encryption being generated from three angles: upward pressure from users and companies, sideway pressure from governments to governments, and downward pressure from human rights courts and institutions.
Xianhong Hu, Head of the Division for Freedom of Expression and Media Development at UNESCO, expressed the need for an international regulatory framework on encryption and set out the progress that was being made at UNESCO during its General Conference.
Sanja Kelly, Project Director of the Freedom on the Net Report, reminded everyone that the pervasiveness of encryption often depends on whether countries are willing to enable that environment. She stated that currently many countries are trying to crack down on the use of encryption or introduce backdoors where encryption exists.
Finally, Frank Pace, sergeant at the Digital Forensics Investigative Unit in the U.S. – and the only representative of a law enforcement agency – expressed the difficulties encryption poses in relation to criminal investigations.
This gave rise to a debate over the tension existing between law enforcement and encryption. On the one hand, extensive surveillance and violations of privacy rights, and on the other hand public safety.
A useful distinction was made between extensive and targeted surveillance, in which privacy is compromised to different extents and for different purposes.
Ted Hardie argued that encryption only returned law enforcement to the status quo before the Internet came into existence, while Frank Pace maintained that criminal activities have evolved with the introduction of the Internet.
Finally, all panellists were asked about the possibility of a relationship of trust developing between law enforcement and other stakeholders, in which privacy would be protected while law enforcement agencies continue to do their jobs. Most panellists agreed that this was a possible scenario, considering that encryption can actually enhance security, especially when security is being conceptualised in terms of individual security and human rights.
There was consensus that ultimately, encryption has not been designed to stand in the way of law enforcement agencies, but has been required to maintain user’s trust.
By Barbara Rosen Jacobson