Crypto Wars 3.0 – can privacy, security and encryption co-exist? – WS 05 2021: Difference between revisions

From EuroDIG Wiki
Jump to navigation Jump to search
Line 8: Line 8:


== Session teaser ==
== Session teaser ==
In general, lawmakers, civil society and the tech industry agree that the use of encryption is a necessary means of protecting fundamental rights and the digital security of citizens, governments, industry and society. However, the debate on the relationships between encryption, privacy, online harms and the needs of law enforcement agencies has become more topical once again.
Providing law enforcement with a possibility to break encryption will always weaken the privacy of the communications for everyone. However, law enforcement can still lawfully access encrypted information for example via intercepting devices when the information is decrypted or via other many solutions put forward by technical experts that respect the rule of law and fundamental rights; technical proposals to this effect have been circulated in Brussels [https://edri.org/files/encryption/workarounds_edriposition_20170912.pdf in the past].
 
Broadly speaking, civil society and tech companies have been in agreement that further encryption is necessary to protect the privacy of individuals, albeit with some differences of view in how this should be implemented, noting for example the current public skirmishing between Facebook and Apple.  On the other hand, many law enforcement agencies and legislators have been advocating the need for access to data to fulfil their obligations to protect society from crime, terrorism and other harms.
 
Representatives from some of the key groups are being assembled to take part in the workshop and also to identify relevant background materials so that the discussion can be focused on the key points without spending time on context setting.  
 
Some of the questions to be addressed during the workshop:
 
- Should privacy of the individual take primacy over all other considerations? is encryption erroneously being conflated with privacy?
- Are tech companies hoping to use encryption to avoid having to comply with potentially arduous regulatory requirements that relate to content?
 
- Are law enforcement agencies and others using unjustified scare tactics in an attempt to push lawmakers to break encryption?
 
- Will methods that allow law enforcement agencies to break or circumvent encryption always weaken that encryption and ultimately help bad actors?
 
- Is the argument moot anyway because a combination of AI and quantum computing will render most encryption ineffective?
 
- If some kind of backdoor were to be built in, which countries should have access to them?


== Session description ==  
== Session description ==  

Revision as of 12:55, 25 May 2021

29 June 2021 | 14:45-15:45 CEST | Studio C
Consolidated programme 2021 overview / Day 1

To follow the current discussion on this topic, see the discussion tab on the upper left side of this page


Final title of the session: Please send the final title as early as possible, latest until to wiki@eurodig.org. Do not edit the title of the page at the wiki on your own. The link to your session may otherwise disappear.

Working title: Encryption debate revisited – Is a principle of security through encryption and security despite encryption an oxymoron?
Proposals: #11 #22 #47 #59

You are invited to become a member of the session Org Team! By joining an Org Team, you agree to your name and affiliation being published on the respective wiki page of the session for transparency. Please subscribe to the mailing list to join the Org Team and answer the email that will be sent to you requesting your subscription confirmation.

Session teaser

Providing law enforcement with a possibility to break encryption will always weaken the privacy of the communications for everyone. However, law enforcement can still lawfully access encrypted information for example via intercepting devices when the information is decrypted or via other many solutions put forward by technical experts that respect the rule of law and fundamental rights; technical proposals to this effect have been circulated in Brussels in the past.

Session description

In general, lawmakers, civil society and the tech industry agree that the use of encryption is a necessary means of protecting fundamental rights and the digital security of citizens, governments, industry and society. However, the debate on the relationships between encryption, privacy, online harms and the needs of law enforcement agencies has become more topical once again.

Broadly speaking, civil society and tech companies have been in agreement that further encryption is necessary to protect the privacy of individuals, albeit with some differences of view in how this should be implemented, noting for example the current public skirmishing between Facebook and Apple. On the other hand, many law enforcement agencies and legislators have been advocating the need for access to data to fulfil their obligations to protect society from crime, terrorism and other harms.

Representatives from some of the key groups are being assembled to take part in the workshop and also to identify relevant background materials so that the discussion can be focused on the key points without spending time on context setting.

Some of the questions to be addressed during the workshop:

- Should privacy of the individual take primacy over all other considerations? is encryption erroneously being conflated with privacy?

- Are tech companies hoping to use encryption to avoid having to comply with potentially arduous regulatory requirements that relate to content?

- Are law enforcement agencies and others using unjustified scare tactics in an attempt to push lawmakers to break encryption?

- Will methods that allow law enforcement agencies to break or circumvent encryption always weaken that encryption and ultimately help bad actors?

- Is the argument moot anyway because a combination of AI and quantum computing will render most encryption ineffective?

- If some kind of backdoor were to be built in, which countries should have access to them?

Format

Until .

Please try out new interactive formats. EuroDIG is about dialogue not about statements, presentations and speeches. Workshops should not be organised as a small plenary.

Further reading

Links to relevant websites, declarations, books, documents. Please note we cannot offer web space, so only links to external resources are possible. Example for an external link: Main page of EuroDIG

People

Until .

Please provide name and institution for all people you list here.

Focal Point

Focal Points take over the responsibility and lead of the session organisation. They work in close cooperation with the respective Subject Matter Expert (SME) and the EuroDIG Secretariat and are kindly requested to follow EuroDIG’s session principles

  • Andrew Campling
  • Diego Naranjo

Organising Team (Org Team) List Org Team members here as they sign up.

Subject Matter Experts (SMEs)

  • Tatiana Tropina
  • Polina Malaja
  • Jörn Erbguth

The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.

  • André Melancia
  • Vittorio Bertola
  • Diego Naranjo
  • Andrew Campling
  • José Legatheaux

Key Participants

  • Dan Sexton, CTO, The Internet Watch Foundation
  • Iverna McGowan, Director Europe Office, Centre for Democracy and Technology
  • Jan Ellermann, Senior Data Protection Specialist, Europol
  • Robin Wilton, Director Internet Trust, Internet Society
  • Dr Stephen Farrell, Trinity College Dublin (an active IETF participant, former IAB member)
  • Professor Ulrich Kelber, the German Federal Commissioner for Data Protection and Freedom of Information

Moderator

The moderator is the facilitator of the session at the event. Moderators are responsible for including the audience and encouraging a lively interaction among all session attendants. Please make sure the moderator takes a neutral role and can balance between all speakers. Please provide short CV of the moderator of your session at the Wiki or link to another source.

Remote Moderator

Trained remote moderators will be assigned on the spot by the EuroDIG secretariat to each session.

Reporter

Reporters will be assigned by the EuroDIG secretariat in cooperation with the Geneva Internet Platform. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.

Messages

A short summary of the session will be provided by the Reporter.

Video record

Will be provided here after the event.

Transcript

Will be provided here after the event.