Donate
‹ Back
Encryption 23 March 2016

Report: IGF 2015 Workshop – Law enforcement in a world of pervasive encryption

REPORT: Workshop 141 – Law enforcement in a world of pervasive encryption

Report by: Nicolas Seidler, with input from Jairus Pryor
IGF 2015 Brazil, Joao Pessoa (November 2015)

Organiser: The Internet Society

Moderator: Nicolas Seidler, Policy advisor, the Internet Society

Speakers:

  • Mr. Frank Pace, Sergeant, Digital Forensics Investigative Unit, Strategic, Information Bureau, Phoenix Police Department
  • Mr. Ted Hardie, Executive Director, Internet Architecture Board
  • Ms. Carly Nyst, civil society, former Privacy International, international privacy expert
  • Mr. Michael Nelson, Internet-related global public policy issues, CloudFlare
  • Ms. Sanja Kelly, Project Director, Freedom on the Net report
  • Ms. Xianhong Hu, intergovernmental, Division for Freedom of Expression and Media Development, Communication and Information Sector, UNESCO

Summary of discussion

The session focused on the broader and growing interest in the use and the availability of encryption solutions, particularly those that provide end-to-end protection.

The question posed to the forum focused on how to reasonably achieve public policy objectives such as law enforcement/national security in the scenario of a world where encrypted Internet traffic is the norm.

Key issues highlighted by the panelists included: How long it will take until encryption is reasonably ubiquitous, the moral and ethical differences between targeted and pervasive surveillance, the role of traditional law enforcement mechanisms in combating criminal activity which uses encrypted communications, and how to build encryption systems that the public can trust.

All panelists agreed that there is both a need to ensure the security of citizens and to protect the confidentiality of online communications. Views diverged however on whether exceptional access for governments to encrypted material, which is generally requested by law enforcement agencies to facilitate their work, would be effective, technically feasible and proportionate.

Many speakers agreed that drivers that could lead to a world of pervasive encryption could include public scandals that could trigger policy change (e.g. broad legislation restricting encryption, CEO or political figure being victime of hack due to weak encryption, similar cases to US Office of Personnel Management data hack). Pull factors could include companies further deploying end-to-end encryption as a competitive advantage to foster customer trust.

An important distinction was made between what law enforcement does in the investigation of specific crimes and what intelligence services might do as a matter of bulk data collection and the interception of signals, whether that be encrypted or not, for the use of objectives that are different. Crime investigation would usually focused on data at rest (mobile device, computer, etc).

The discussion raised the fact that while full access to unencrypted data would likely make LEA’s job easier, there are alternative means that law enforcement can use, and is using, to target criminals. This includes targeting other parties that are involved in crimes, using metadata to track patterns and relationships, and the employment of malware in exceptional cases. However, all these means usually require extensive legal thresholds for their use. Some raised that the increasing number of connected objects will also offer LEA with new means to investigate crimes (while also raising further privacy concerns). It was also raised that technological means may not always replace investment in employing human intelligence. A related point was made that there should be a similar level of barriers that were there before the Internet when it comes to intrusion in people’s privacy to investigate crimes. Social practices should not change as a result of technical aspects.

Several voices raised questions on whether it would be possible for governments to have exceptional access to encrypted material, as there does not seem to be an effective and widely acceptable solution currently. Technical insights indicated that strong encryption with forward secrecy would likely be unbreakable. However, data sitting at rest usually needs some credentials that could be retrieved from a device. Example was given about banks that are required to build their data systems in ways that will support law enforcement when requested.

In addition, it was highlighted that many countries actually use national security arguments as a way to censor information and track political dissent, so it is important to contextualize the debate on the understanding that exceptional access to encrypted material, assuming it was possible and desirable, might sometimes be used in ways that will explicitly restrict fundamental rights, including freedom of expression.

Eventually, with the likelihood that encryption will more widely spread and available in the next 5 to 10 years (with possible different types of encryption at different layers), a key conclusion from the workshop was that the debate should also focus on building new trust frameworks between law enforcement and citizens. A suggestion was made that the vision of a world with encryption by default (that protects users’ confidentiality and trust) could be compatible with systems where citizens could have the opportunity to contribute to community efforts towards crime prevention.

‹ Back

Related resources

Policy Brief: Encryption
Encryption9 June 2016

Policy Brief: Encryption

The Internet Society recognizes the concerns of law enforcement and remains firm in its conviction that encryption is an important technical solution that all Internet users—individuals, governments, businesses, and other communities—should use to protect their communications and data. We believe that legal and technical attempts to limit the use of encryption, well-intentioned or not, will negatively impact the security of law-abiding citizens.

Internet Society Submission to the U.N. Special Rapporteur on the Protection and Promotion of the Right to Freedom of Expression and Opinion Regarding the Use of Encryption and Anonymity in Digital Communications
Internet Society Submission to the U.N. Special Rapporteur on the Protection and Promotion of the Right to Freedom of Expression and Opinion Regarding the Use of Encryption and Anonymity in Digital Communications
Human Rights12 February 2015

Internet Society Submission to the U.N. Special Rapporteur on the Protection and Promotion of the Right to Freedom of Expression and Opinion Regarding the Use of Encryption and Anonymity in Digital Communications

DATE: 10 FEBRUARY 2015 Introduction The Internet Society welcomes the opportunity to contribute to the report that will be prepared...

Policy Brief: Human Rights
Public Policy30 October 2015

Policy Brief: Human Rights

Internet-related government policy, corporate decisions, and technical-development choices influence the extent to which the Internet supports or challenges fundamental human rights. Championing trust, open Internet principles, and dialog among stakeholders are critical ways to promote the Internet’s role in supporting human rights.

Join the conversation with Internet Society members around the world