Encryption plays a vital role in increasing the overall trust in the Internet – and it should be the norm for Internet traffic and data at rest.
The Internet Society, its chapters, and other organizations are standing up for encryption, taking steps to make the Internet more secure and trusted for all users.
To promote the use and deployment of encryption across the Internet, the Internet Society supports and engages in projects that aid in the development or deployment of encryption. Some of these include:
The Online Trust Alliance (OTA) Cyber Incident and Breach Readiness Guide and the OTA Trust Audit and Honor Roll both highlight encryption as critical data security practices for enterprises.
The Internet Society is promoting the implementation of Domain Name System Security Extensions (DNSSEC) protocol, the DNS Based Authentication of Named Entities (DANE) protocol, and the use of TLS in applications through its Deploy360 program. Deploy360 offers introductions, long with in depth training resources, to facilitate the deployment of key Internet technologies.
The Internet Society supports the Cryptech Project , which “is developing an open-source hardware cryptographic engine design that meets the needs of high assurance Internet infrastructure systems that use cryptography.”
The Internet Society supports the Let’s Encrypt Initiative, which provides free certificates to websites for Transport Layer Security (TLS) and automates the process, making it easier and cheaper for websites to use TLS.
The Internet Society has made it a goal to ensure policymakers, legislators and the general public understand the importance of encryption and the risks associated with weakening it or limiting its use. Policies that support rather than weaken encryption are critical to creating an Internet that is secure and trusted.
The Internet Society is a signatory to Secure the Internet, which urges governments to support the development and use of secure communications tools and technologies and reject policies that would prevent or undermine the use of strong encryption.
In April 2019, the Internet Society signed a Joint Call to World Leaders for a Healthy Digital Society, calling G7 Ministers of the Interior to keep in mind that promises that encryption would not be affected by ‘lawful access’ simply cannot be kept. In August 2019, the Internet Society and more than 30 organizations have signed an open letter calling on the G7 leaders to protect and promote strong encryption which is the foundation for our digital economies, digital societies, and interdependent lives.
The Encryption Policy Brief includes the key considerations, challenges, and guiding principles a government should follow when addressing encryption.
An explanation of encryption, alongside how exceptional access proposals work and impact the Internet.
A factsheet for policymakers explaining how “lawful access” measures weaken the security of the Internet.
Criminals can also use encryption. So, some law enforcement agencies are concerned that encryption will stop them from getting the evidence or information they need. To address these concerns, some governments want companies to create ways for them to access the content encrypted by the companies’ systems (a practice known as “exceptional access”).
The Internet Society recognizes the concerns of law enforcement and remains firm in its conviction that encryption is an important technical solution that all Internet users should use. To move the debate around encryption and exceptional access closer to a successful solution, the Internet Society is working to deconstruct the challenges facing law enforcement and exploring how the perceived conflict between encryption and law enforcement can be addressed.
In October 2017, the Internet Society, in partnership with Chatham House, held a roundtable discussion on encryption and lawful access. During the roundtable, experts identified key nuances around the use of encryption, along with specific areas where progress can be made. They also divided the problem into manageable pieces, providing a clear set of issues that will require focused future efforts from stakeholders to address.
After the revelations of 2013, where the extent of nation-state pervasive monitoring was uncovered, the many members of the Internet Community took action to make the Internet and its users more secure.
In May 2014, the Internet Engineering Task Force (IETF) released IETF’s RFC 7258 stating that pervasive monitoring represents an attack against the Internet. In response, the Internet Architecture Board (IAB) released their own IAB Statement on Internet Confidentiality, which also recognizes that implementing this aspiration of pervasive encryption raises some practical issues and technical challenges.
Since 2014, the IETF Community has developed several new protocols and continue to work on others which aim to strengthen and make encryption the default for the Internet. One of these protocols is TLS 1.3, also known as Transport Layer Security version 1.3, which provides greater security for internet traffic as it passes over networks.
In September 2019, the Internet Architecture Board (IAB) released the statement on Avoiding Unintended Harm to Internet Infrastructure that “discusses possible unintended effects policy and regulatory proposals may have on the Internet”.
World Wide Web Consortium (W3C) shared the findings Securing the Web and End-to-End Encryption and the Web, which highlight the importance of end-to-end encryption and trust for the success of the web.
In 2015, a group of cryptographers and security experts released the report Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications. Keys under Doormats is an influential document within the debate around encryption and law enforcement access, and its authors have continued to be strong advocates for encryption.
InternetNZ, has published two papers on encryption: a discussion starter, Encryption: what it is and why it’s important, and a position paper, ways forward that protect the Internet’s potential.
World Information Technology And Services Alliance (WITSA), which represents IT industry associations in over 80 countries, made it clear in both a statement and a speech by their Chairman that they strongly oppose encryption backdoors.
From developing papers and videos, to holding events and leading national advocacy campaigns, Internet Society chapters are standing up for encryption at the national and international level. Below are just a few of the activities Internet Society chapters are taking: