Internet Society tells G20 nations: The web must be fully encrypted
Not happy about online security being equated with restricting access to law enforcement
The Internet Society has called for the full encryption of the internet, decrying the fact that securing the digital world has increasingly become associated with restricting access to law enforcement.
In a blog post aimed at the leaders of the G20 economies, ISOC CEO Kathryn Brown argues that the digital economy "will only continue to thrive and generate opportunities for citizens if the Internet is strong, secure, and trusted," adding: "Without this foundation, the global digital economy is at risk."
The G20 will meet in Hamburg in July and one of the main agenda topics is the "spread of digital technology" and its impact on economic growth. Notably, there will be a "digital affairs ministers conference" for the first time at the summit, and the importance of the topic was highlighted with a special two-day preparatory meeting last week attended by "ministers in charge of digitalization."
"Germany wants them to agree to a concrete plan – one that includes affordable Internet access across the world by 2025, common technical standards and a focus on digital learning," wrote Brown at the conclusion of that prep meeting, presumably having been briefed on discussions.
The post gives some figures on the digital economy – 360 million people; 28 per cent of output is digital; the internet contributes $6.6tn a year – before getting to the point: interconnection and security.
"The truth is that economies can only function within a secure and trusted environment," Brown notes, "which brings us to encryption."
Internet engineers have long been strong advocates of increased online security (something that has been difficult since the internet's earliest building blocks largely ignored the idea of malicious activity), and the Internet Society reflects that belief back: "Strong encryption is an essential piece to the future of the world's economy and the Internet Society believes it should be the norm for all online transactions. It allows us to do our banking, conduct local and global business, run our power grids, operate communications networks, and do almost everything else."
Brown goes on: "Encryption is a technical building block for securing infrastructure, communications and information. It should be made stronger and universal, not weaker."
But then she also notes that in the past year, the issue of encryption has become intricately tied up with the issue of law enforcement trying to gain access to people's communications and being unable to do so.
In the lead-up to the US presidential election, the fight between the FBI and Apple over the phone of San Bernardino shooter Syed Farook became a hot topic. Politicians and law enforcement called for a backdoor (or even a frontdoor) to the latest encryption efforts, and tech companies, security bods, civil society and some federal agencies called that notion "magical thinking" because any hole introduced into encryption software is an exploitable hole that anyone can use – and abuse.
Last month, the issue re-emerged following an attack in London, when the UK home secretary Amber Rudd specifically criticized Facebook-owned WhatsApp for not providing access to the app-based conversations of attacker Khalid Masood.
Just days later, EU Justice Commissioner Věra Jourová said she would introduce legislation to make it easier for law enforcement to gain access to encrypted apps' data. That followed calls from French and German ministers for ways to access encrypted comms.
However, following a now-familiar backlash to such calls from cybersecurity experts, Rudd then downplayed her call for access to encrypted communications. Jourová's department insisted she did not mean to imply the legislation would cover encryption – only access to data stored in the cloud by encrypted apps (which presumably she expects to be unencrypted).
ISOC CEO Brown is not happy about how this conversation is defining the debate around encryption. "Rather than being recognized as the way to secure our online transactions or our conversations, all too often the debate focuses on the use of encryption as a way to thwart law enforcement," she complains, arguing: "To undermine the positive role of encryption in the name of security could have devastating consequences."
The Internet Society is usually diplomatic to the point of saying nothing, so when its CEO says, "we should recognize that encryption is key to the future digital economy and stop treating it as simply an obstacle to law enforcement," it is clear that the level of frustration among internet engineers is high.
Hammering the point home, she adds: "We need to deconstruct the issues faced by law enforcement and policy makers and agree together how we can achieve a trusted digital economy underpinned by encryption."
ISOC clearly sees July's G20 Summit as the best opportunity to address that concern, with Brown calling it a "turning point that should not be missed." And its position is stated simply: "The Internet Society calls for ubiquitous encryption for the Internet. We strongly believe that this is the best foundation for trust in the digital economy, and we urge the G20 nations to stand behind encryption."
Whether that technical message makes it past the politics of terrorism is going to be hard to discern, but there is little doubt that a more secure online environment is going to be a healthier one financially and ISOC and others will be hoping that money talks louder than fear. ®