Encryption: A Building Block of a Trustworthy Internet Thumbnail
Encryption 15 July 2021

Encryption: A Building Block of a Trustworthy Internet

By David FrautschySenior Director, European Government and Regulatory Affairs

At the Internet Society, we’re committed to building a bigger and stronger Internet. To make sure it remains open, globally connected, secure, and trustworthy, we connect the right people to discuss different aspects of key legislative proposals. It’s a healthy way to create debate, setting up the right conditions for different parties to find common ground on policies that affect how the global Internet works.

However, there are risks to the health of the Internet in how the European Commission and some European Union Member States see encryption. Last November, the European Council published the resolution “Security through encryption and security despite encryption.” It stated that law enforcement “must be able to access data in a lawful and targeted manner,” and called on stakeholders to find “technical solutions” to provide law enforcement access to end-to-end encrypted communications. The European Commission’s proposals are so worrisome that more than thirty Internet experts added their signature to the Global Encryption Coalition’s evaluation, Breaking Encryption Myths: What the European Commission’s Leaked Report Got Wrong about Online Security.

Stakeholder Perspectives

On 16 June, 2021, we convened a group of experts representing a wide range of stakeholder perspectives to explore the European Council’s position on encryption. The roundtable took place virtually, under the Chatham House Rules, so no attributions can be disclosed.

All participants agreed that encryption is a vital element of digital life and the digital economy, but some distinguished between the need for encryption to secure infrastructure and services, and end-to-end encryption that secures communication for all citizens. But does this mean that citizens’ privacy and our ability to communicate safely and confidentially is dispensable? Fundamental rights and the rule of law are also a key element in this discussion. Economic trade-offs cannot be neglected either.

Ensuring Trust

There was discussion that, if encryption should only be circumvented under certain conditions, as is sometimes proposed by law enforcement, who can ensure trust in the model? How can we make sure that all legal proceedings are in place, and that the process will always be preserved from corruption, or that orders are never triggered for political reasons? The risk is scrutinizing—even criminalizing—all citizens’ online activity. Let’s not forget that all of the solutions typically suggested for circumventing encryption, such as backdoors, access to private keys, and upload filters, weaken overall security, not just the security and privacy of those targeted for access. Another issue to consider is the effect that such legislation would have on autocratic states that are eager to increase powers to control their citizens.

Finally, there was also the argument that, because there is simply so much data available out there, law enforcement agencies do not need to break encryption for their investigations.

Continuing the Discussion

This is a complex debate. Although the roundtable didn’t reach consensus and we weren’t able to find a solution, we are committed to keep on trying. We will continue fostering discussion on encryption: each debate clears away a little more of the conceptual clutter, and helps stakeholders achieve mutual understanding. Possible issues to discuss at future gatherings are the definition of protocols and governance models that would reinforce citizens’ trust, and the possible alternatives to breaking encryption, like metadata analysis and improvements to law enforcement agencies’ capacity to undertake technical forensics.

The European Parliament has just passed an emergency law to allow tech companies to, voluntarily, screen messages to search for child sex abuse content for a limited time for up to three years. In this context, there are new proposals for legislation that would weaken encryption. Member of the European Parliament Birgit Sippel has already said, “We now urgently need the Commission to propose a long-term solution that draws inspiration from the data protection safeguards found in the temporary rules, and which, in addition, makes scanning of private communications more targeted.” It seems, overall, that policymakers fail to take into account a simple fact: criminals will quickly and easily move to different cyphering solutions if commercial services scan content or undermine encryption, leaving law-abiding citizens with compromised service for their day-to-day communications.

Encryption is critical for digital societies and economies. It is the key to securing online communication for everything, from financial transactions to healthcare to the power grid. Encryption is also critical for specific communities, such as LGBTQ+, and professions, including journalists, to ensure they can communicate safely. And it helps to protect intellectual property and the integrity of research documents.

Encryption is a building block of a trustworthy Internet. The Internet Society will continue to foster discussions to make sure everyone understands the consequences of weakened encryption.

Read the roundtable report: Security Through Encryption and Despite Encryption: An (un)Achievable Outcome?


Image by ANIRUDH via Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption 21 September 2023

Techxit: The UK Declares Its Exit from the High-Tech Startup World

No one in their right mind would now want to start up a high-tech company in the UK. With...

Encryption 11 August 2023

Encryption, Bad Bills, and Ripple Effects: How Riana Pfefferkorn Protects the Internet

We spoke with Riana Pfefferkorn, research scholar at the Stanford Internet Observatory, about encryption and protecting the Internet.

Strengthening the Internet 14 June 2023

Speak Out Against Bills That Threaten End-to-End Encryption

The EARN IT Act, STOP CSAM Act, and KOSA in the United States threaten to weaken end-to-end encryption which...