Encryption technology, and associated questions around freedom of speech, national security and privacy, have been at the forefront of discussions at the 2015 Internet Governance Forum.
Encryption is used to secure online communications and works by scrambling data sent across the network so that only intended recipients can access it. It is a fundamental technology for establishing trust on the Internet, as it prevents unlawful or unauthorized access by a third party, making it essential for upholding and protecting freedom of speech, privacy and security online.
However, encryption has become a politically charged topic. In light of the Snowden revelations, there have been calls by the Internet’s technical community to make encryption ubiquitous to inhibit mass surveillance, protect users against human rights violations and restore trust in the Internet. A series of governments and law enforcement agencies pushed back against this notion, arguing that a move towards ubiquitous encryption will limit their investigative capabilities and hinder prosecution and, therefore, their ability to provide citizens with security.
Law enforcement agencies often access online communications to identify and prosecute criminals and terrorists who use the Internet as a platform to communicate or carry out illegal activities. Viewing the content of information sent and stored online is essential for filtering spam and stopping the proliferation of revenge or child pornography online, and for stopping hate speech and online harassment.
Resolving the seeming paradox between upholding privacy and protecting security is no easy task. But a number of experts from the technical community, government, law enforcement and civil society at the IGF engaged in a series of productive conversations around the politics of encryption. Here are some of the key lessons that can help move the debate forward:
- Stop viewing encryption and security as competing forces. Encryption and security are not always in opposition. Encryption is a vital tool for protecting the security of our financial transactions online, and for protecting real lives in environments where it is not safe to express fundamental human rights.
- Backdoors are bad for security. Any efforts to weaken encryption standards by building backdoors into the technology can cause serious harm to those who rely on this technology for freedom of speech, e-commerce, and privacy, and will ultimately weaken the security and integrity of the Internet. It is not reasonable to suggest a backdoor built for good-faith government access will not be exploited by a criminal.
- Take a more nuanced approach to understanding the relationship between encryption and national security. When we think of the issues surrounding national security and encryption, most of the debate has centred around protecting citizens from bulk-data collection. It is important that we differentiate these actions from legally targeted collection by law enforcement agencies, so that society can have a healthy debate around encryption technology and national security.