Encryption: A Keystone for Digital Trust
In the rapidly evolving digital age, where data breaches and cyber threats loom large, encryption stands as a guardian of privacy, a support for security, and an enabler of trust. As our lives become increasingly digitized, encryption is not just a technical buzzword; it’s a societal imperative. As our core mission is to promote digital trust and cybersecurity, we, at the Trust Valley, recognizes the critical importance of encryption as a cornerstone of digital trust as it is essential against cyber threats. We also think that encryption is a fundamental human right, empowering individuals to safeguard their personal information and ensures the collective security of our interconnected world. With the Global Encryption Forum event series, we aim to promote encryption not merely as a technical solution but as a societal norm to foster a secure, trustworthy digital environment. Here is a series of interviews with experts that will be speakers during the first edition at the Unlimitrust campus on the 16 November 2023
Prof. Serge Vaudenay
Serge Vaudenay entered at the Ecole Normale Supérieure in 1989 with a major in mathematics. He earned his agrégation (secondary teaching degree) in mathematics in 1992, then a PhD in Computer Science at the University of Paris 7 – Denis Diderot in 1995. He subsequently became a senior research fellow at the CNRS, prior to being granted his habilitation à diriger des recherches (a postdoctoral degree authorizing the recipient to supervise doctoral students). In 1999, he was appointed as a Professor at the EPFL, where he created the Security and Cryptography Laboratory.
Professor Vaudenay, what makes you think that encryption as a human right is at threat ?
Privacy is a human right (Art.12 of UDHR). Everybody has the right to the legal protection for their privacy. I take it as it means that if someone looks at private information of someone else without consent is subject to legal prosecution. It does not explicitly mean that encryption is a human right, but it is clear that privacy is hard to maintain without encryption. Over the last decades, there has always been tensions between privacy and security (security against terrorism, child abuse, etc) and between privacy and business (need to profile people for better services or just more profit). Where exactly to set limits to privacy is a political problem and follows the ebb and flow of the majority.
and do you anticipate serious consequences on businesses if the right encryption is limited tomorrow ?
I don’t think business would suffer much from the limitation of encryption. Business adapts to anything. The harm would mostly be on individuals and on minorities.
M. Peter Stössel
Peter Stössel, the Chief Revenue Officer (CRO) at Tresorit, is a recognized thought leader in the field of encryption and data security. His expertise is instrumental in advancing Tresorit’s revenue growth and shaping its strategic sales direction. With a deep understanding of market dynamics, Peter identifies growth opportunities, fosters strategic partnerships, and ensures a strong sales pipeline. He is passionate about discussing not only the business benefits of encryption but also its profound role in society and the critical need to safeguard it in the face of emerging threats.
M. Stössel, what makes you think that encryption as a human right is at threat ?
The threat to encryption as a human right is an ongoing and recurring issue in the world of digital security. The persistent debate around introducing encryption backdoors and potentially weakening encryption standards has surfaced again and again. History has shown that these approaches can lead to big risks. Numerous examples where encryption backdoors were introduced or encryption standards were compromised have demonstrated how such measures can be exploited, leading to privacy infringements and data breaches. This shows the importance of standing together in communities like Encryption Europe to amplify our collective voice. Together, we can make a more substantial impact, raise awareness, and advocate for the preservation of strong encryption standards.
And do you anticipate serious consequences on businesses if the right encryption is limited tomorrow ?
Without a doubt. If the right encryption is limited, businesses could face a cascade of challenges. Firstly, cyber criminals will exploit weakened encryption to breach systems and access sensitive data. We all know this has happened with weak systems in the past. Secondly, compliance will become very complex – or even impossible. Many industries operate under regulations that mandate strong encryption. Limiting encryption will have repercussions on many different levels.Probably the most important factor is trust and reputation. It’s the foundation of customer relationships, and encryption plays an important role in safeguarding this. Many of our customers that prioritize robust encryption have gained a competitive advantage by assuring data security. If encryption is limited, these businesses could lose this edge. Lastly, when encryption is limited, it could trigger a cat-and-mouse game with cybercriminals. They will anyway adapt and find alternative tools that are beyond government control, making it even more challenging for law enforcement to combat cybercrime effectively.
Lastly, What do you expect from the 1st edition of the Global Encryption Forum on 16th November ?
Our expectation is to foster an environment where we don’t need to preach to the believing but rather, find a collective course of action. In a world where encryption is under threat, it’s our shared responsibility to play a vital role in making the internet a safer place for all. It’s an opportunity to engage in a meaningful dialogue while emphasizing our common goal: the preservation of strong encryption as a fundamental pillar of digital security.
Roman Korkikian
Roman Korkikian is an independent Security Expert with 10+ years of practical side-channel and fault attacks. He completed a PhD at Ecole Normale Superieur in Paris. Offensive techniques are his main research focus. Testing smart-cards, set-top-boxes, mobile phones, and other physically accessible systems is the main fun he has in daily work.
M. Korkikian, what makes you think that encryption as a human right is at threat ?
As a shadow, encryption follows us in various life aspects: Internet, mobile communication, wireless gadgets, personal devices and many others. We use the perks of encryption without noticing as we breathe air. What happens if air disappears or becomes state-controlled? A similar question can be raised for encryption.As we speak about encryption in the prism of human rights, we most commonly speak about communication encryption, such as messengers, emails, voice, and special data, i.e., any digital information of a person transferred in global networks. We have a right to securely surf Internet (do you remember incognito mode in browsers – trust me this is useless), exchange personal messages, and store and reuse information, such as private photos. However, some players are interested in extracting this information.The ecosystem linked to communication encryption includes state services (police, special services), corporations offering secure services, end users, and malicious actors (hackers). This list is not exhaustive. Every actor has his view and needs to extract information from our communication.State services, such as police or special forces, claim that communication encryption prevents fighting terrorism and the distribution of abusive photos and videos. Some states went so far that they are thinking of prohibiting end-to-end encryption. I believe that a state cannot use a need to fight criminality or terrorism as an excuse to weaken or prohibit encryption. Nowadays, any malicious actor can buy or create his customized cypher, which would not be easy to break. By prohibiting end-to-end encryption malicious actors will be forced to switch to other secure solutions, and many people might suffer from insufficiently strong data protection in daily applications. State and corporate actors are interested in collecting information about people. This can be made to profile a person, extract special information, or bias users’ views and opinions. When there are two diametrically opposite opinions A and B, people supporting A will target people supporting B with direct advertising and potentially misinformation. This targeted advertising can be based on gender, political views, historical data, and other information collected from personal communication. And this information can be publicly bought. Corporations collect this sort of information even if they claim that the communication is fully trusted and encrypted. The data is not encrypted on the server side. This is why we are losing control of our digital footprint. Cyber criminals exploit vulnerabilities or insufficiently strong encryption to get useful assets. How often did you share important information via a messenger, such as a bank card photo or a password? Encryption usually helps protect user data, but our security is not guaranteed. State or corporate initiatives to weaken or prohibit end-to-end encryption will significantly degrade the security of our daily applications. What happens if messengers’ encryption fully disappears?Encryption assisted the digitalisation of our lives. Encryption cannot disappear because this would imply a decline in global digitalisation. However, the usage of encryption can be limited or misinterpreted by different players. Unfortunately, as humans, we don’t have control over this process as we don’t have control over global warming. Even if those processes impact our daily lives, we cannot significantly influence them.
And do you anticipate serious consequences on businesses if the right encryption is limited tomorrow ?
If encryption is completely banned then a lot of digital processes will simply disappear, that is why we cannot prohibit encryption in VPNs, PGPs, or confidential data exchange. Many businesses will go bankrupt if encryption is prohibited.
Limiting the encryption usage or means for businesses will also have a dramatic effect, as end users will be forced to move from cloud services to locally installed solutions.
Lastly, what do you expect from the 1st edition of the Global Encryption Forum on 16th November ?
Global Encryption forum is a place to share opinions and views. While encryption serves many important applications, it is being reviewed by state services, misused by corporations, and attacked by hackers. I believe that the Global Encryption initiative will bring everyone together in order to find suitable solutions for everyone.
Carl Gahnberg
I am Director of Policy Development and Research at the Internet Society, where I focus on issues related to Internet governance. In this role, I contribute to the organization’s global policy development, research, and its partnerships with international and regional organizations, engaging with global policy makers and non-governmental stakeholders on key Internet issues. I hold a Master’s Degree in International Relations from the Graduate Institute of International and Development Studies, Geneva, as well as Bachelor Degrees in Political Science and Economics from Lund University.
M. Gahnberg, what makes you think that encryption as a human right is at threat ?
Any move to compromise encryption threatens the very fabric of a secure and trusted internet, which is key to exercising and safeguarding human rights. We are now witnessing a troubling trend where governments across the globe seek to undermine encryption – even for noble causes – without regard to its broader impact on privacy, freedom of expression, and the security of countless individuals.
And do you anticipate serious consequences on businesses if the right encryption is limited tomorrow ?
Confidentiality and integrity of communications is key for any business. Restricting the right to use encryption would undermine the Internet’s fundamental security architecture, affecting businesses, economies, and importantly, trust in online transactions and interactions. It would have detrimental effects in an interconnected and global economy.
Lastly, what do you expect from the 1st edition of the Global Encryption Forum on 16th November ?
I expect a comprehensive dialogue that emphasizes the foundational role of encryption in maintaining a secure and trusted Internet, and to learn from the perspectives of different stakeholders.
About Trust Valley
Trust Valley is the Swiss centre of excellence in digital trust and cybersecurity, created to bring together a unique ecosystem of over 400 organisations and 500 experts in the region. Its mission is to promote, connect and network public, academic, and private players in the sector, with the aim of enabling the development of innovations and talents in the fields, and start collaborative projects, such as the Tech4Trust startup acceleration programme and Trust4SMEs support programme in cybersecurity and digital trust for SMEs. The Trust Valley founders are the State of Vaud, the Republic and State of Geneva, EPFL, HEIG-VD, HES-SO Genève, IHEID, UNIGE, UNIL, ELCA, GCSP, Kudelski, SGS, SICPA and WiseKey. More information on trustvalley.swiss