Panel hosted by the Center for Democracy and Technology (CDT) on the challenges for digital services to comply with content moderation regulations on illegal and dangerous content is now live.
Many of these services providers need to juggle new requirements, without compromising encryption and users’ security.
Talking about regulations around encryption outside messaging, researcher on network security, censorship, surveillance Gurshabad Grover said: ” We need to reevaluate how to reconcile our control of our devices. We do want full control, and we want our devices to do whatever we want.”
Speakers went on talking about the importance of digital trust.
Open-source systems can help on this front as they enable anyone to verify and check the code for vulnerabilities. Yet, they warn, regulatory tensions on encryption could also impact this side of software development as developers in some countries could be prevented from sharing their encryption algorithm.
According to Alexis Hancock from the Electronic Frontier Foundation, what’s most worrying is that encryption is being framed as a tool used for nefarious means.
She said: “We have to be careful how we are framing security, how we are protecting people. It’s about the impact and harms that can happen from legislation. Not every government is acting in the best interest of the people.”
In the next panel hosted by Mozilla, firm behind secure web browser Firefox, explain how encryption is also used outside personal messaging services and which are the policy challenges and opportunities in these areas.
E2E is, in fact, employed to protect computer systems, secures financial payments, and shields medical records and browsing behavior from prying eyes.
“We are not in the 90s anymore,” says Signal CEO Meredith Whittaker. “What we are up against now as a technical expert community is an emerging industry of AI scanning and biometric companies that are incentivized to claim that in fact it is possible to do scanning of end-to-end encrypted data safely and privately.”
According to Whittaker, the tech community needs to stand unite and call out “not just the government lies, but also the industry commercializing and marketing tech in ways that are so dishonest and could be so dangerous for fundamental human rights.”
Talking about the EU Chat Control proposal, Dr. Sabine Witting said: “The proposal gets it wrong completely because it creates the impression that privacy is a threat to children’s safety rather than a precondition of safety.”
She lamented how the fight against CSAM has been portrayed as either pro-privacy or pro regulation on behalf of children, without asking for their opinions and views.
Ella Jakubowaska from European Digital Rights (EDRi) said: “We are invested in this work because for years people have been saying we want Big Tech out of our lives and logging our data on everything we do. We don’t want them in our perosnal intimate moments, our private chats. And now, this proposed EU law is saying they should be mandates to be inside these conversation, to act as kind of interent police.
“Encryption is something that empowers all of us, even when people don’t realize it.”
Robin Wilton from the Internet Society started by explaining what client side-scanning is. He says: “Client-side scanning is the process of inspecting what you write or send, either before you encrypt it for transmission or after it is decrypted.
Encrypted communications have for a long time been a block box that governments want to access,” said Paula Bernardi from Internet Society. In the past, authorities were looking to use backdoors to bypass encryption similarly to opening a confidential letter before the receiver. Now, side-scanning will work as someone standing over your shoulder and reading what you’re writing, explains Bernardi.
Why are governments trying to enforce such a dangerous tech, then?
Similarly to anti-terrorism invasive legislation after 9/11, now preventing the spread of Child Sexual Abuse Messages (CSAM) is the main reason behind regulations like the UK Online Safety Bill, EU Chat Control, and more.
The next session is going to take a deeper look at what client side-scanning technologies are, the issues that come with these solutions, and how some experts are fighting those back.
Scanning devices is not a reasonable alternative to “breaking encryption”.Join our panel on 19 Oct at 12:30 UTC to learn the problems with client-side scanning in legislation with Dr. S. K. Witting, @mer__edith, @neetibiyani, @pgbernardi, Roberta Battisti & Ella Jukabowska 1/2 pic.twitter.com/xGrDwkqKQnOctober 17, 2023
The speakers started by giving a glimpse of the political context of three South Asian countries (Pakistan, India and Sri Lanka) where new digital regulations are feared to cripple digital public space. Different countries, similar issues and a common sentiment: “It will always get worse.”
The Sri Lanka Online Safety Bill is especially putting encryption at risk. On this point, human rights lawyer and human rights activist Ambika Satkunanathan said: “The all purpose of the Bill is to create fear among the average citizens, but also human rights advocates, political dissidents and journalists.”
Despite protecting encryption being important, according to Seema Chisti (Editor of Indian news outlet The Wire), it is even more so calling for the same protection for physical devices which get regularly confiscated by authorities.
Secure VPN services and encrypted messaging apps like Signal are fundamental tools for journalists, lawyers and any other citizens. Yet, as Farieha Aziz, co-founder of digital rights advocacy group Bolo Bhi, said: “In a lot of circumstances these protections don’t hold.”
The first panel hosted by India-based advocate group Internet Freedom Foundation is about to kick off.
Power to the People! #GED2023Join us today at The Encryption Summit, as we celebrate our right to privacy and fight back to ensure everyone, everywhere has access to encryption. https://t.co/aOfYgFsUoeOctober 19, 2023
Speakers will delve into the importance of encrypted communication for journalists in South Asia and how regulatory efforts to undermine encryption in the region could threaten freedom of expression and a free press.