The Encryption Summit: all the news and updates as they happen

Caroline Sinders, founder of  Convocation Research and Design Labs (CoRD Labs), talked about the danger when vulnerable users think they have security/privacy, but their communication is actually open to surveillance.

She described her work with vulnerable users, including US citizens living under reproductive data surveillance, and how digital literacy training was needed to help them understand which platforms should use (such as Signal) or avoid (like Facebook Messenger) as encryption is not necessarily turned on.

Also Diana Gheorghiu, Legal and Policy Officer at Child Rights International Network, stressed this sense of false security. She especially focused on how undermining encryption will ultimately making children more vulnerable online. 

“Policymakers should identify the goal first of the policy and then consider the range of option which could be of technological nature or not that could be implemented in order to achieve the policy goal,” she said. “Encryption poses only benefits for privacy and only risks for the protection of children.”

The last session of today’s Encryption Summit organized by Global Partners Digital is taking a broader look at the importance of encryption in the communications in various communities across the globe.

We can expect examples of how encrypted communications have helped empower marginalized communities and users living under strict surveillance, with discussions on how researchers and activists can help promote online security in the future.

So, how can social platforms monitor and halt the sharing of illegal material on encrypted platforms?

Iria Puyosa from DFRLab explains how Meta-owned WhatsApp still widely relies on users reporting spam, abusive or dangerous content directly to the platform.

That’s why, according to Riana Pfefferkorn from Stanford Internet Observatory a “robust report flaw” is needed across all platforms to empower users. “Another part of the technique would be metadata analysis,” she added. 

Speakers also share some interesting findings from their researches investigating how users, especially the youngest, use social media platforms and actively shield themselves from online dangers. 

“The underlying problem with a lot of the policy responses  is that it fuels people as passive participants that need 24/7 supervision online,” said research director at CDT Dhanaraj Thakur. “What we would like to see is in terms of what can be done to improve the agency of young people online to deal with unwanted content.” 

Panel hosted by the Center for Democracy and Technology (CDT) on the challenges for digital services to comply with content moderation regulations on illegal and dangerous content is now live. 

Many of these services providers need to juggle new requirements, without compromising encryption and users’ security.

Talking about regulations around encryption outside messaging, researcher on network security, censorship, surveillance Gurshabad Grover said: ” We need to reevaluate how to reconcile our control of our devices. We do want full control, and we want our devices to do whatever we want.”

Speakers went on talking about the importance of digital trust. 

Open-source systems can help on this front as they enable anyone to verify and check the code for vulnerabilities. Yet, they warn, regulatory tensions on encryption could also impact this side of software development as developers in some countries could be prevented from sharing their encryption algorithm. 

According to Alexis Hancock from the Electronic Frontier Foundation, what’s most worrying is that encryption is being framed as a tool used for nefarious means.

She said: “We have to be careful how we are framing security, how we are protecting people. It’s about the impact and harms that can happen from legislation. Not every government is acting in the best interest of the people.”

In the next panel hosted by Mozilla, firm behind secure web browser Firefox, explain how encryption is also used outside personal messaging services and which are the policy challenges and opportunities in these areas.

E2E is, in fact, employed to protect computer systems, secures financial payments, and shields medical records and browsing behavior from prying eyes.

“We are not in the 90s anymore,” says Signal CEO Meredith Whittaker. “What we are up against now as a technical expert community is an emerging industry of AI scanning and biometric companies that are incentivized to claim that in fact it is possible to do scanning of end-to-end encrypted data safely and privately.”

According to Whittaker, the tech community needs to stand unite and call out “not just the government lies, but also the industry commercializing and marketing tech in ways that are so dishonest and could be so dangerous for fundamental human rights.”

Talking about the EU Chat Control proposal, Dr. Sabine Witting said: “The proposal gets it wrong completely because it creates the impression that privacy is a threat to children’s safety rather than a precondition of safety.”  

She lamented how the fight against CSAM has been portrayed as either pro-privacy or pro regulation on behalf of children, without asking for their opinions and views.

Ella Jakubowaska from European Digital Rights (EDRi) said: “We are invested in this work because for years people have been saying we want Big Tech out of our lives and logging our data on everything we do. We don’t want them in our perosnal intimate moments, our private chats. And now, this proposed EU law is saying they should be mandates to be inside these conversation, to act as kind of interent police.

“Encryption is something that empowers all of us, even when people don’t realize it.”  

Robin Wilton from the Internet Society started by explaining what client side-scanning is. He says: “Client-side scanning is the process of inspecting what you write or send, either before you encrypt it for transmission or after it is decrypted. 

Encrypted communications have for a long time been a block box that governments want to access,” said Paula Bernardi from Internet Society. In the past, authorities were looking to use backdoors to bypass encryption similarly to opening a confidential letter before the receiver. Now, side-scanning will work as someone standing over your shoulder and reading what you’re writing, explains Bernardi.

Why are governments trying to enforce such a dangerous tech, then?

Similarly to anti-terrorism invasive legislation after 9/11, now preventing the spread of Child Sexual Abuse Messages (CSAM) is the main reason behind regulations like the UK Online Safety Bill, EU Chat Control, and more. 

The next session is going to take a deeper look at what client side-scanning technologies are, the issues that come with these solutions, and how some experts are fighting those back.

The speakers started by giving a glimpse of the political context of three South Asian countries (Pakistan, India and Sri Lanka) where new digital regulations are feared to cripple digital public space. Different countries, similar issues and a common sentiment: “It will always get worse.”

The Sri Lanka Online Safety Bill is especially putting encryption at risk. On this point, human rights lawyer and activist Ambika Satkunanathan said: “The all purpose of the Bill is to create fear among the average citizens, but also human rights advocates, political dissidents and journalists.”

Despite protecting encryption being important, according to Seema Chisti (Editor of Indian news outlet The Wire), it is even more so calling for the same protection for physical devices which get regularly confiscated by authorities.

Secure VPN services and encrypted messaging apps like Signal are fundamental tools for journalists, lawyers and any other citizens. Yet, as Farieha Aziz, co-founder of digital rights advocacy group Bolo Bhi, said: “In a lot of circumstances these protections don’t hold.”

The first panel hosted by India-based advocate group Internet Freedom Foundation is about to kick off. 

Speakers will delve into the importance of encrypted communication for journalists in South Asia and how regulatory efforts to undermine encryption in the region could threaten freedom of expression and a free press.