---

 

---

 

 

Prof. Serge Vaudenay

 

 

Professor Vaudenay, what makes you think that encryption as a human right is at threat ?

Privacy is a human right (Art.12 of UDHR). Everybody has the right to the legal protection for their privacy. I take it as it means that if someone looks at private information of someone else without consent is subject to legal prosecution. It does not explicitly mean that encryption is a human right, but it is clear that privacy is hard to maintain without encryption. Over the last decades, there has always been tensions between privacy and security (security against terrorism, child abuse, etc) and between privacy and business (need to profile people for better services or just more profit). Where exactly to set limits to privacy is a political problem and follows the ebb and flow of the majority.

and do you anticipate serious consequences on businesses if the right encryption is limited tomorrow ?

I don’t think business would suffer much from the limitation of encryption. Business adapts to anything. The harm would mostly be on individuals and on minorities.

 

 

M. Stössel, what makes you think that encryption as a human right is at threat ?

The threat to encryption as a human right is an ongoing and recurring issue in the world of digital security. The persistent debate around introducing encryption backdoors and potentially weakening encryption standards has surfaced again and again. History has shown that these approaches can lead to big risks. Numerous examples where encryption backdoors were introduced or encryption standards were compromised have demonstrated how such measures can be exploited, leading to privacy infringements and data breaches. This shows the importance of standing together in communities like Encryption Europe to amplify our collective voice. Together, we can make a more substantial impact, raise awareness, and advocate for the preservation of strong encryption standards.

---

 

Roman Korkikian

Roman Korkikian is an independent Security Expert with 10+ years of practical side-channel and fault attacks. He completed a PhD at Ecole Normale Superieur in Paris. Offensive techniques are his main research focus. Testing smart-cards, set-top-boxes, mobile phones, and other physically accessible systems is the main fun he has in daily work.

 

 

M. Korkikian, what makes you think that encryption as a human right is at threat ?

As a shadow, encryption follows us in various life aspects: Internet, mobile communication, wireless gadgets, personal devices and many others. We use the perks of encryption without noticing as we breathe air. What happens if air disappears or becomes state-controlled? A similar question can be raised for encryption.As we speak about encryption in the prism of human rights, we most commonly speak about communication encryption, such as messengers, emails, voice, and special data, i.e., any digital information of a person transferred in global networks. We have a right to securely surf Internet (do you remember incognito mode in browsers – trust me this is useless), exchange personal messages, and store and reuse information, such as private photos. However, some players are interested in extracting this information.The ecosystem linked to communication encryption includes state services (police, special services), corporations offering secure services, end users, and malicious actors (hackers). This list is not exhaustive. Every actor has his view and needs to extract information from our communication.State services, such as police or special forces, claim that communication encryption prevents fighting terrorism and the distribution of abusive photos and videos. Some states went so far that they are thinking of prohibiting end-to-end encryption. I believe that a state cannot use a need to fight criminality or terrorism as an excuse to weaken or prohibit encryption. Nowadays, any malicious actor can buy or create his customized cypher, which would not be easy to break. By prohibiting end-to-end encryption malicious actors will be forced to switch to other secure solutions, and many people might suffer from insufficiently strong data protection in daily applications. State and corporate actors are interested in collecting information about people. This can be made to profile a person, extract special information, or bias users’ views and opinions. When there are two diametrically opposite opinions A and B, people supporting A will target people supporting B with direct advertising and potentially misinformation. This targeted advertising can be based on gender, political views, historical data, and other information collected from personal communication. And this information can be publicly bought. Corporations collect this sort of information even if they claim that the communication is fully trusted and encrypted. The data is not encrypted on the server side. This is why we are losing control of our digital footprint. Cyber criminals exploit vulnerabilities or insufficiently strong encryption to get useful assets. How often did you share important information via a messenger, such as a bank card photo or a password? Encryption usually helps protect user data, but our security is not guaranteed. State or corporate initiatives to weaken or prohibit end-to-end encryption will significantly degrade the security of our daily applications. What happens if messengers’ encryption fully disappears?Encryption assisted the digitalisation of our lives. Encryption cannot disappear because this would imply a decline in global digitalisation. However, the usage of encryption can be limited or misinterpreted by different players. Unfortunately, as humans, we don’t have control over this process as we don’t have control over global warming. Even if those processes impact our daily lives, we cannot significantly influence them.

And do you anticipate serious consequences on businesses if the right encryption is limited tomorrow ? 

If encryption is completely banned then a lot of digital processes will simply disappear, that is why we cannot prohibit encryption in VPNs, PGPs, or confidential data exchange. Many businesses will go bankrupt if encryption is prohibited.

Limiting the encryption usage or means for businesses will also have a dramatic effect, as end users will be forced to move from cloud services to locally installed solutions.

Lastly, what do you expect from the 1st edition of the Global Encryption Forum on 16th November ?

Global Encryption forum is a place to share opinions and views. While encryption serves many important applications, it is being reviewed by state services, misused by corporations, and attacked by hackers. I believe that the Global Encryption initiative will bring everyone together in order to find suitable solutions for everyone.

 

---

 

 

Carl Gahnberg

I am Director of Policy Development and Research at the Internet Society, where I focus on issues related to Internet governance. In this role, I contribute to the organization’s global policy development, research, and its partnerships with international and regional organizations, engaging with global policy makers and non-governmental stakeholders on key Internet issues. I hold a Master’s Degree in International Relations from the Graduate Institute of International and Development Studies, Geneva, as well as Bachelor Degrees in Political Science and Economics from Lund University.

 

 

M. Gahnberg, what makes you think that encryption as a human right is at threat ?

Any move to compromise encryption threatens the very fabric of a secure and trusted internet, which is key to exercising and safeguarding human rights. We are now witnessing a troubling trend where governments across the globe seek to undermine encryption – even for noble causes – without regard to its broader impact on privacy, freedom of expression, and the security of countless individuals.

And do you anticipate serious consequences on businesses if the right encryption is limited tomorrow ? 

Confidentiality and integrity of communications is key for any business. Restricting the right to use encryption would undermine the Internet’s fundamental security architecture, affecting businesses, economies, and importantly, trust in online transactions and interactions. It would have detrimental effects in an interconnected and global economy.

Lastly, what do you expect from the 1st edition of the Global Encryption Forum on 16th November ?

I expect a comprehensive dialogue that emphasizes the foundational role of encryption in maintaining a secure and trusted Internet, and to learn from the perspectives of different stakeholders.