The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> OLAF KOLKMAN: We'll allow people to digest their lunches
for another three minutes. And then we start.
Good afternoon, ladies and gentlemen. Both online as well as
here in the audience. On the panel which is about encryption and
the impact of encryption policies happening in the Global North and
the impact they have on the Global South. We have a room with
approximately I would say 15 to 20 people. Physically here.
And we have a number of people online. I would say about
five, six, excluding the speakers.
Thank you for all being here. My name is Olaf Kolkman, I'm
with the Internet Society and I will be your moderator today.
As I said, this is about inscription policies in the Global
North, impacting the ability to communicate throughout the world.
Since 2022 there have been a number of legislative proposals
introduced that threaten end to end inscription. End to end
inscription is the ability to communicate with confidentiality and
integrity from one user to the other.
In the United States we saw the earned act being reintroduced
even. There is also the STOP CSAM Act, and the Kids Online Safety
Act all bills that are circulating as proposals and being looked
at, I would say. In the European Union there's a proposal of
ChatControl. The online safety act has been an act, the online
safety act, contains a threat to strong encryption, and it has to
come up with a solution while harmful content, a security
researchers and practitioners have brought that solution doesn't
quite exist.
During the development of the bill, that's the online harms
bill, various providers of encrypted services announced already
that if that bill would come in effect and actions would be taken,
that the bill enables, that they would take their business
elsewhere.
And these are all laws that focus on specific regions of the
world. As I said, Europe, the UK, the U.S. Those are very
specific areas of the globe. But their effects are felt all over
the place.
Because of course we know the Internet is global. Is this
panel we put together that is a number of us to assess how these
measures, when introduced, impact other regions of the world. And
in particular the Global South.
Now, we have an excellent panel, expert panel to discuss this.
Consisting of five people, two of them here, three of them online.
Again, showing the global nature of this discussion.
We have with us Yule la from pel lyse, a consultant for
special report on freedom of expression of the interAmerican
commission on human rights. She's also researcher at Modera labs,
and a collaborator at the best four -- best practice forum on
gender and digital rights in the IGF. She has been a researcher at
interlabs and a project assistant at the Brazilian association of
investigative journalism. Welcome.
We also have Masayuki Hatta. Currently an associate professor
of economics and management, at pseudo Gidi University of Japan,
sorry if I butcher that name. And you were originally trained as
an economist and organizational theorist and you write and speak
extensively on intellectual property issues. But you also have --
I think that is a whole -- which is very much related to
inscription and that says a contributor to the tour project and
other privacy enhancing technologies.
Online we have a number of speakers, contributors. We have
Mariana Canto Sobral, a chancellor fellow at the Berlin social
science center in Germany. Director of the institute for research
and technology, IP right in Brazil, Ph.D. candidate in law at the
University of certificate link in U.K. part of the
interdisciplinary includeser on human rights, communication and
advocacy in the digital age.
Further, we have Pablo bell -- Pablo Bello, at WhatsApp in
Latin America. Graduated from economics in the University of
Chile, in addition to having an MBA in about a sad dah in Barcelona
in Spain. Worked at the interAmerican association of
telecommunication companies. Where he held the position of
executive director.
He was also Chili's assistant secretary of telecommunication
between 2003 and 2006. Welcome.
Prateek Waghre, I hope I'm not butchering your name. Pra
tooek is a policy director at IFF. He's a technologist and public
policy professional. Prateek has spent nearly a decade in the CDM
as a consultant and product manager. His research work is focussed
on a number of areas, Internet shut down, information disorder and
the governance of networks and social media in India.
Prateek is also an alumnus of the U.S. state department's
international visitor leadership program on disinformation in the
court.
So those are the speakers today. And you are the audience.
And I expect a little bit of engagement.
If all is well, we are about to share Marcos is about to
share, Marcos Cesar Martins Pereira is about to share a QR code to
a Mentimeter board. That will appear there. We have a bunch of
questions just to hit you up, participate with us, grab your phone
and if you cannot scan the QR code type in mentee .com and enter
the code 68312810.
And we are offering you a bunch of questions that we hope you
can add. And we hope we get some insights from those questions.
What is the risk of fragmentation in encrypted services
offered?
Half, and half not.
Or talk to, or talk not to.
We see responses coming in.
And I'm going to wait a while so that people also online can
participate. This was a thing at the IGF. How do we make things
interactive. So this is our experiment here. I haven't seen it in
other rooms yet.
Well, thank you. I think we leave it at that.
High would be 10 of course and low would be zero. And I think
that what we see here as a question, or as a result, is that people
think that it is indeed a risk of fragmentation in encryption
services offered. May -- make an example of what is fragmentation.
That's what I mean with have and haves not. People who are able to
use encryption services and people who are not able to use those
services.
Or services that only exist in a particular region. So there
is an encrypted application that is only available in Latin America
and you cannot talk to me in Europe. That would be fragmentation
for me.
So people are still entering their numbers.
I find it interesting that there is some low votes. Perhaps
we come back to that in the Q&A, and I will ask you to raise your
hand if you are one of the low voters, like you don't think there's
fragmentation at all or barely. And explain why you think that.
I'm actually interested in that answer and will pick that on
the question and answer section if I don't forget to return to
that.
I believe we also have a second question on the sheet. We
have three, I believe.
How can the Internet ecosystem and human rights be affected by
the extraterritorial effects of antiencryption policies from other
countries? Is it.
So for instance the online safety act, how can that impact
other jurisdictions.
And I believe that is country has a number of words that you
can fill in.
It's always interesting to see what comes out. I'll wait a
few seconds.
Okay. Let's see what the result is.
Ah, see now we see the word cloud building. That is what is
happening.
I don't know what is surfdom feature is. I think I know what
it is. Yes. A life in servitude, perhaps.
(Off mic).
>> OLAF KOLKMAN: Ah. Okay. What does it mean? I'm going to
ask you then what you mean by that sentence.
>> AUDIENCE MEMBER: I mean if we are allowing civilians back
to encryption at this moment in time, it's a slippery slope. And I
think everyone knows that. And the whole discussion on child
pornography is just used. It's one good reason why you would want
that. But it's used to weaponize antiinscription policies around
the world.
>> OLAF KOLKMAN: Thanks.
I think we have one more. Just have a look at this. I think
this is not very positive image, if I may summarize it as that.
>> MARCOS CESAR MARTINS PEREIRA: The third one is the one we
finish the workshop. So it's the same one.
>> OLAF KOLKMAN: Yep. See if we had some change in the
opinion. So let's -- let's ask our panel a couple of questions.
So Masayukiyou, starting with you. The ipt net has become
essential for public and private services, everybody is essentially
using the Internet. And in countries such as Brazil and India,
inscription services such as WhatsApp and Signal, telegram, all
those types of services and not only in Brazil and India are being
used by big and small companies to run their businesses. And of
course we are using Brazil and India because they are very, very
big countries.
In your point of view, how do encryption policies from the
Global North impact Global South economies?
>> MASAYUIK HATTA: It's very, very difficult question for
answer. Because I live in Japan, and I think -- I'm not sure about
Global South. I have been to India or Brazil. And I think in
Japan many people don't know about encryption or more specifically
many people don't know they are actually using encryption. You
know, usually.
Which means for example in Japan, so many people, almost every
people using application smart phone application called Ryan. Ryan
is something like WhatsApp? So I'm pretty sure in India or Brazil,
Global South, what's up is widely used. And in Japan, Ryan is
widely used. And Ryan has protocol called right up ceiling, end to
end encryption protocol. So I think one big issue chk did have we
think about the foreign inference or something to Global South, is
actually I'm not sure how many Global South people know they are
using encryption already.
I'm not sure if this is the answer to your question.
>> OLAF KOLKMAN: But suppose that people are using -- they
are using encryption without knowing it.
>> MASAYUIK HATTA: Yeah, yeah.
>> OLAF KOLKMAN: If they're still not able to use encryption
and the confidentiality that is now offered is taken away from
them, what do you think would be the impact?
>> MASAYUIK HATTA: So, we -- I mean, they don't know they are
using encryption already. So they might not be aware that when
encryption is prohibited or a goal. I think that's one of the
problems I guess we face. Because we or they don't know through
valuable encryption without knowing it. And I think that situation
in my country, or Global South.
>> OLAF KOLKMAN: Thank you. I think we might return back to
that.
Mariana, Mariana Canto Sobral, where are you? You are online.
The current geo politics shape by the history of colonization and
new forms of dominance reflect the perspective of the Global North.
At least that's something that bee hear often.
Not to dismiss that in the way that I said that a minute
going.
In your evaluation, how do the power dynamics of the Global
North impact the construction and development of cyber security
policies in the Global South? Is the tech dominance, the colonial
nature, colonial history, does that play a role in all of this?
Over to Mariana.
>> MARIANA CANTO SOBRAL: Thank you so much for the invitation
first. A pleasure to be here. Always a pleasure to be at the IGF.
And I thank you for the invite.
In relation to the question, I think Global South countries
they tend to follow general trends that happen in the Global North.
Sometimes due to necessity, for example trans national regulations
such as the GPR. And because if you don't adhere to this kind of
regulation you're excluded from the global market. Other times due
to what is perceived as a global trend, for example the import
of -- produced in the Global North. For example in the case of
encryption, by law enforcement actors.
However, those import of narrative especially in that case,
are when you have open discussions happening in the judiciary, for
example as the case in Brazil, for those who don't know I'm from
Brazil. And we have been following the recent discussions in the
judiciary since the shut-down of WhatsApp, in 2015 and '16. When
you import those narratives and during those kind of discussions
happening at the same time, those delays can be tricky and harm
encryption many times.
So I think it's also important that those measures such as the
work of encryption can have extra territory, in fact in application
to the law in other countries such as the U.K. now Act, but also in
relation to the import of those narratives, so the extra
territorial reality is not only in relation to the application of
the law, but also found the narratives work around the globe.
So for example even if the country does not choose to adhere
to that certain regulation, precedence can make a risk for
encryption to exist in a certain country.
I talk about the online safety bill, but I -- now Act but
we've been following all the kinds of regulations such as European,
ones that are being developed and are very much influenced our
bills, and fake news, for example. And our AI strategy too, that's
over the AI, and in Europe. It's impossible to talk about
encryption in Latin America I would say without talking about power
symmetries and the regulation of imkripgs and regulation itself is
impossible to talk about law without connecting to the real world.
Because regulation does not operate in isolation, we know
that. It needs the real world to function otherwise it's just use
less text. And in relation to privacy, I question sometimes the
private concept that we use according to some experts like PIOAR,
we're going to have a lunch based on privacy concepts, for
example -- related to attitudes of western based, white, middle
classed groups.
So in this case privacy is a privilege of many.
And we can see it is not only now, but during over the years
and centuries and centuries. Such as when Simon Brown talked about
the lantern laws in the U.S., you would have people being
obligated, people of color being obligated to carry a lantern with
them in order to be surveilled. Privacy is a privilege and I
believe still nowadays it's a privilege of very few people in the
world. And the working of encryption tends to even ak kren 2008
this kind of power cemetery. Today we have a very -- agenda being
discussed, which is child sexual abuse material online and it's a
very difficult matter to address. And even more when you see that
survivors and victims are not being heard in most discussions.
When we talk about encryption, and we talk about regulation, we
still consider children as unable or lacking in agency. And that
creates a very relevant matter in order to include those voices in
the debate. And not only the victims and the survivors, but also
the people that work with those subjects and those people.
So I think it's very important to understand the power
symmetry, not only relation to the Global South and north, but also
in relation to the people who are connected to the issue in this
case, children versus law enforcement authorities.
But as the discussion's also connected to Global North and
south, we can see the Global South countries are still being highly
affected by policies that are not made by them. And they are still
perceived as unable to enforce rights between -- quotes, and many
times open air laboratories for highly intrusive technology. We've
seen we've been following lately after the Pegasus case and the
investigation of the Pega community of highly intrusive
technologies being used and exported to countries in the Global
South, with the permission of the Global North. In countries that
defend human rights.
So even this kind of -- is this regulation enough to protect
the Global South? That's my question. That sometimes I Wonder if
our notion of privacy is enough to protect all of global groups in
the world.
And unfortunately I don't have many answers. I have more
questions than answers. But I would love to debate these
questioning of the status quo, let's say. And how we can bring our
region to the center of the debate. And to be heard. And it's a
very important debate for all of us.
I think that's it. Thank you so much.
>> OLAF KOLKMAN: Thank you, Mariana. If I may, so I'm
looking up because the screen is there. If I may ask a clarifying
question.
In the context of -- you were just talking about questions
around the status quo. And I was trying to understand how would I
summarize that status quo. And I -- I call it like -- obviously I
couldn't.
Could you summarize the status quo as you have it in your mind
just in a line or two?
>> MARIANA CANTO SOBRAL: I think the status quo in relation
to encryption, we still see encryption as a threat to vulnerable
groups. And I don't think this is how we should perceive
encryption. I think encryption can be a huge ally to those who are
underprivileged. And those who are in situation of power
symmetries.
So I think we have to question this narrative or maybe the
status quo that encryption is still perceived by some actors as a
barrier to protection. Security doesn't mean that the lack of
privacy doesn't mean that we are more secure. That's what I meant.
>> OLAF KOLKMAN: Thank you. I think that was at least very
clarifying for me. And I appreciate also for others.
Patrick -- Prateek, over to you.
Digital services from the Global North.
They have the things that are developed in the Global North,
the services that are deployed in the Global North have a large
influence in shaping the Internet.
If only historically.
And of course that is creating dependencies on the technology
for everybody including people from the Global South.
India however has tried to face some of those challenges. And
I think it would be useful for you to explain what those challenges
were and what insights we can draw from India's digital policies
that are relevant to the ongoing encryption disputes. Prateek,
over to you.
>> PRATEEK WAGHRE: Thank you very much for having me. I was
told I have about ten minutes. So I have just started my timer to
make sure I don't go over.
I've got three things that I broadly want to cover. To the
question. And I want to contribute without actually -- for lack of
hypothetically talking more inscription. So I start an example
from India that highlights in that how action is taken by Global
North or western institutions, not just government, not just
services can have an impact in other parts of the world. I want to
make a general comment on the idea of regulating contingent, where
an instrument in one part of the world, or import it into other
countries even if they have different underlying objectives. And
finally I will come back to specifically about India and what --
some of the current or recent regulatory interventions that are
happening here and why they're concerning, especially from the
encryption perspective and more broadly from the individual economy
perspective. So as you have asked, the services certainly have an
influence, but I want to talk about a very specific instance. On
August 5, this year, New York Times reported on alleged links
between quote-unquote tech mobile in America and prop began at that
networks from China. A lot of details are not directly relevant to
the present conversation. Except for one point where they included
a reference to a new report in India that happens to be very
critical of the unit union government and for a number of years now
has been at the receiving end of harassment, obstruction by the
country's financial investigators. Who themselves over a period of
time have become increasingly participant in terms of the people
they pursue. Right? As we said last week, citing some of the
allegations in that very story, law enforcement officers conducted
quote-unquote raids or seized electronic devices of around 50
current former reporters, contributors of the investigation.
Including arresting two people, the founder and the -- and the law
meant for terrorism charges and this law currently has a history of
people being detained for months and years without a trial. You
could argue that the people are not aware of the consequences of
it. Reporting. But people who decline being quoted in the story
have come out publicly saying that they did inform them about some
of the implications of running with the story in its current form.
And one of the organizations quoted has also come out and said that
the ultimate report didn't include it. Categorically denied.
Right?
So this goes to show that actions by institutions, you know,
in the Global North sometimes are out of ignorance, sometimes
knowing fully well can have outside effects on people in the Global
South and other countries. And I wanted to across the Atlantic
ocean and go to Germany. Of course everyone is -- you know, the
idea, likely aware of the network enforcement act on next G-D. Not
going to specifics of the problem itself and none of this is a
comment on the effectiveness in the German context. I don't have
expertise there. But multiple similars and researchers over the
year have alluded to provisions being imported by other countries.
Especially with more authority in leanings. Quote, to run through
some of them quickly and apologies if I mispronounce some of their
names, Heidi tore ent in one paper, in Malaysia, Vietnam,
Venezuela, walk similar language about broad and elastic
categories, that's the quote. That Russia and Singapore made
references to it in some form, either directly or through
statements, Isabelle Cannon refers again to Russia, Singapore, and
Turkey and notes how some of them have incorporated provisions,
providing -- requiring local presence and has a context, we've seen
in certain instances as, you know, as reported in Google, in some
cases, recent Washington Post reporting about India, suggests that
these local requirements have been used to tech companies and
employees as well. And a foreign policy essay. Jacob Sunama,
2019, freedom of support which said that since next EG, was enacted
in about 20 other countries. Similar using -- using a similar
frame. Making these points not directly from encryption but to
make -- these enforce -- these of course are the factors at play
when you have regulation or when you have, you know, regulatory
design in some of these countries. They tend to get exported. And
we've already made references to the online safety act, which is
something that we are working very closely with a lot of concern to
see how some of that language then gets imported to other countries
as well.
Right?
Now I want to come more specifically to India. And I'm going
to side step the finishing of the -- I know that's much contested,
much debated. But I think -- as things stand India is currently in
the midst of rewriting many of its laws that govern digital spaces.
Unfortunately there are several bad things in there that us as
civil society -- are concerned about. And it matters also
globally. Because look at the sheer number of people in India has
a precedent-setting capability and as Kilah ara, describe in their
book, it's a -- for future of a lot of regulatory practices.
Right? But there are three or four specific items of regulation
that I talk about. Right? Which is the direction of 2022, the
current draft telecommunications bill, the digital personal
protection act, of 2023. And the current efforts to rework the
intermediate liability framework through updates to current rules
and potentially a new and pending -- impending bill. And a common
thread before I get into specifics, a common thread that we see is
that a lot of them amass tremendous amount of control and
discretion for the union executive. With limited oversight over
their actions. And on leaving us, you know, very little to rely on
other than just global assurances which are not really enforceable
in a lot of cases. Right?
So the certain directions which are are notified in April
2022, these impose a six month law in the clie met, in all
Internet services in India. Specifically also have a five year
retention period for various types of data. For information
retained of customers and -- what this means for zero knowledge
services I think is a huge open question. Right?
Then the intermediary framework, the IT rules 2021 and
subsequent amendments to it. These introduced you know, what GNI
has called hostage-taking laws. They introduced requirements, in
the context of entering into encryption. Essentially the idea that
you can trace messages on and into an encrypted form. You can
trace them to the point of encryption, without compromising
encryption itself. You have provisions for grievance committee
that is appointed by the executive that has a direct moderation
that digital services may take. And more recently, you know, a
fact check unit being envisioned that will be used to flag content
about the government itself as take off parts.
Then the telecommunication bill which expands the definition
of telecommunications so broadly or defines them so broadly that
they can impose licensing requirements on pretty much any service
on the Internet. And it's a development because the licensing
requirements then can potentially include obligation to intercept
messages, again a direct implications for encryption, or identity
verification requirements. Again forced services that people rely
on, and huge implication for. One population that tend to use
these services.
Right? Then there's the data protection act which is recently
notified, which imposes incidentally duty and potential for
penalties on people if they withhold any information from the
State.
And in a very interesting inversion, it grants the State the
ability to process large amounts of personal data under a clause
for certain legislative uses, but pretty much exempts the state
from the right to -- right? If I were to come back and -- if --
it's not a happy picture that I'm painting. But to me that's some
of the trends that we're seeing currently in India. Some of them
have very significant implications. Right? For the ability of
people to be able to use encryption services, not only in India but
globally as well because there is a precedence that it has that.
I'll pause there. I think I'm done with my ten minutes.
>> OLAF KOLKMAN: Thank you. That was a very comprehensive
overview of the issues and also clearly the sense of
precedent-setting of all of this came out clearly.
Pablo. Pablo is also online.
Recently WhatsApp declared that if the online safety bill were
to be approved and in fact it has by now, the company would exit
the United Kingdom. I believe there was a nuance with that if it
would be approved and implemented in the way that it is approved so
to speak.
In the company's assessment, is there potential risk of
Internet fragmentation of encrypted services providing stemming
from the antiencryption policies like the one that is put forward
in the U.K.? Pablo, please.
>> PABLO BELLO: Thank you so much for the invitation. I'm
very glad to be with you. Sadly, from Brazil, so it's 2:00 a.m. in
the morning. But it's all good.
Yes, I think this is a very important question and in
particular of course I'm stating in this panel, in representation
of WhatsApp, but I am also Global South person, living in Latin
America and I've been working for the Chilean government on this
kind of issues in the past.
So my perspective is both the company perspective but also my
perspective from the Global South.
And yes, the company strongly believes that the threats on
encryption, the reason that we are facing in U.K. in the European
Union, and other parts of the world creates a huge risk of
fragmentation in terms of imposing in some sense lower standards of
security and privacy for global communications.
Of course Internet, it's a global network. Interconnected
network.
If one part of the network has lower standards, that has
implications to everyone. And I think it's very important to
consider the perspective of the Global South in that debate. And
in that regard. Because the ethics of decisions made in the Global
North, in few countries, could have implications everywhere.
And in particular I will want to stress this idea that we can
have encryption in one place affects the entire world.
One data that I think is important to introduce in that
discussion is not the technical data, it's a political data. The
economists presented this survey year by year regarding the
quantity of the democracies in the world. No? And only 8% of the
world population lives in full democracies. Only 8 percent. And
it's not by coincidence that these countries are in the north, in
the Global North mostly. And in particular in Europe, U.K. of
course. And 55 percent of the world population lives under
authoritarian regimes or hybrid regimes, 27 percent of the regimes
where human rights are not respected. So the problem we have here
is that if we from the Global North perspective introduce pieces of
regulation that weaken encryption, because they believe that
institutions are strong enough, the rule of law is strong enough,
and that will be fine from their perspective. I strongly agree
that that approach is wrong. But if that think that, they should
consider as well the implications of their decisions globally. And
this is very important, because most of the people in the world
lives under flawed democracies or not democracies at all, without
rule of law, without proper institutions, without balance of power.
So when a country in particular, the U.K. or European Union made a
decision in terms to weaken encryption, it's affecting the lives of
people everywhere.
This is active in nick war ga, in Venezuela, in Saudi Arabia.
So I think these are -- this is why it's so important to have the
discussion here in the IGF. Because the implications are not
really needed to the border of every country. So yes, the
introduction of country-level regulations that weaken encryption
has global ethics, and it's super important for the technical
community, and Civil Society and private sector to continue to
working together, trying to make the case that these decisions will
be profoundly wrong. And that will create a huge impact.
Besides this idea that weakening encryption in one place
affects the entire world, two other concepts that I want to
mention. The first one of course is the face of good of the safety
and privacy. Of course this idea that you can get more security,
you can get more safety, reducing privacy is completely wrong. And
we know that.
But it's important to repeat this idea because it's in the
core of this discussion.
And second, weakening encryption hurts everyone. This idea
that it's still in the center, in the core of some of these
attempts at regulation, you can create -- or you can create some
way to reduce features of security for certain people it's not
true. We know that it's not true.
So based on these three concepts, I strongly believe that we
should continue fighting against those ideas. And going to the
idea of the status quo that you asked before, I fully agree with
Mariana, nevertheless the power on encryption is very much than the
variable situation that we can be in the future if encryption is
not protected. So I -- part of the status quo is important to
defend as well in order to preserve certain attributes of the
Internet that already we have.
So yeah, I think this is my first interpretation. Thank you
so much.
>> OLAF KOLKMAN: Thank you. Very clear, at least for me.
Mash na -- after you. Brazil, 33 other countries with it
have ratified the American convention on human rights. Among other
rights, the rights to privacy.
In your assessment, how might the extra territorial impact on
antiencryption policies influence the rights safeguarded by this
convention?
>> Thank you. It's a pleasure to be here. I hope people can
hear me well. And I would like to say that in the Americas, when
we talk about privacy rights and data protection, and other
interests and conflict with them, the discussion goes in another
direction. And assumes other interests, other frames differently
from regions like Europe.
The right to privacy is not usually regarded as one of the
most important rights. And protections in our social context.
(Juliana Fonteles Da Silveira) most countries in our region don't
have data protection regulation and far from bringing this
discussion to the table. Which means there are no procedural
safeguards that could lead the state and nonstate power in
accessing and pros seging personal information which the --
encryption policies. And this favors the flourishing of those very
popular narratives that claim access to data for law enforcement
agencies and other dekripgs measures as a solution to protect other
highly valid public interests such as the protection of children,
security, and public safety.
And at the same time we are also talking about the region in
Americas where many countries an absence of rule of law,
independent -- judicial independence and democratic -- prevails,
and because of that state abuses of all sorts are not subjected to
strict control.
Likewise countries in Latin America and Caribbean, even ones
that have a long history of commitment to democracy are guided by
traditions of violent repression, of protests, murder of
journalists, persecution of human rights offenders, arbitrary
arrests related to the expression of opinions, criminalization of
LGBT people and of abortion, for instance. And information about
all this trivial behavior is registered in private communications,
protected by encryption.
So in this regard at the -- commission on human rights we have
increasingly received reports on the persecution and online
monitoring of activists and journalists that report cases of
corruption, or that represent conflicts with the interest of the
political regime in their countries. And the penetration of
surveillance software and others to persecute them. Also in
Central America there are a growing number of legislation that
criminalize and suffocate the work of NGOs being put in place and
these organizations rely to a large extent on the protection of
their private communications and should -- to do their work on
defending human rights and supporting the victims.
So keeping all these in mind we should consider how this never
can be pervasively field and in their minds by weakening encryption
techniques and giving government agencies access to private
communications.
Because we are talking about an unimaginable amount of data
that offers comprehensive information about all thinkable aspects
of individual's life. And in context of abuse, it doesn't matter
whether you have some something to hide or not, being a
government's target is enough to be harassed by surveillance in
cases where one says or what an organization does threatens the
credibility or the legitimacy of the regime or because one behavior
is incompatible with the government's moral agenda. And making the
content of private communications available qualifies the State
capacity to conduct those arbitrary measures to an extent that we
are still unaware. Which ultimately choose expression and
intimidates activities of human rights reports, it's the pressure
of reprisals to LGBTQ people, or people who are pursuing
reproductive rights and in some cases facilitates also the tensions
and killings.
And journalists for example rely deeply on encrypted
communications to communicate with their sources and do their work
of investigation and reporting. And to shed light and issues of
general concern that support the functioning of a democratic and a
contra political regime. Encrypted communication has also been
necessary for activists and protesters and has been threatened by
states that continuously try to intercept communications in times
of protest or civil unrest. And people who may be at risk benefit
from encrypted communications to hold opinions safely and without
unlawful interference on -- and attacks.
That said, I would like to answer the question by stating that
the effect of antiencryption policies in the Americas go beyond the
sole protection of privacy as if it were detached from other
rights. The encryption, the -- needs to be frame as a matter of
human rights in a broader sense and a matter of freedom of
expression given its role as a get away to securing the rights of
opinion and the collective dimension of freedom of expression,
which allows the society as a whole to have access to critical
information and knowledge.
And the problem is too much broader than this because
introducing for instance the so-called back doors or vulnerability
does not provide access only to specific actors as it is usually
claimed by these legislations. Introduction of this vulnerability
results in malicious abilitiers, access to private communications
and can be exploited by the same criminal anteriorist networks by
the limitations tend to deter. The consequences are severe because
we haven't been seeing the reports of -- on state surveillance,
over foreign states around secret and strategic communication. And
this highlights the effects on sovereignty and national security,
produced by the weakening of encrypted communications.
So on top of that, particular attention must be paid to the
fact that undermining encrypted communications means that we are
making even more personal data and data of all aspects of an
individual's life available to private actors from the technology
sector. This capacity of emerging databases is filing already
incredibly high and who use this data to train and feed AI models
and deploy targeting and accommodation strategy for instance.
Which impacts the public debate as well. And in this sense we
should be bear in mind that digital technology developed by these
actors have become more reliant on user data, based on demographics
and behavior. And nonencrypted private communications and
private -- nonencrypted policies offer a vast amount of this type
of data and facilitate corporate surveillance. And when it comes
to these digital technologies, this has not only affect on privacy,
concerns of consent and in the democratic public debate as I said,
but it is also usually reeled to reports on bias and discrimination
on AImodels and which ultimately has effect on human dignity,
quality and also nondiscrimination rights. Chk besides that I
would like to highlight the rise of antiencryption policies in
jurisdictions of the Americas. And in Europe. Could inspire other
new repressive anti -- regulations in the region since we have
already seen an increment and rhetorical -- security as a means to
crack down on Internet freedom across Latin America and put
regulatories to suppress human rights on the online environment.
And if all of this restriction efforts on encryption could
represent these threats to human rights, especially privacy and
freedom of expression, then the implementation must meet the well
known free part test which states that limitation on expression
must be provided for by law. May only be imposed for ability to
make grounds and must conform to the strict text of necessity and
proportionality.
And under international human rights law states are obliged to
protect privacy and freedom of expression against unlawful and
arbitrary interference and attacks.
And just to wrap up, because I don't know maybe I'm running
out of time, but I would like to state that we should move the
conversation on digital communication the direction of advancing
people's protection online and not people's control and increasing
surveillance. And we should be strengthening policies and enhance
human rights-centered approach to digital communications.
Thank you.
>> OLAF KOLKMAN: Thank you. I do want to return to professor
Hatta. I believe my question caught you a little bit off guard
earlier. And I think you prepared some opening statements. So I
want to make sure that I give you the opportunity to share your
prepared thoughts.
>> MASAYUIK HATTA: Yeah. Not really, because I'm kind of
confused as to whether Japan -- I'm supposed to talk about Japan
and the way that Japan is a Global North, or the Global South in
this context.
I mean, yeah, so Japan is a developed countries, and we enjoy
freedom or Internet -- basically Internet freedom and working
democracy. But Japan is not really trendsetter on this encryption
regulation or something. Because we don't have any big tech. So
how can I say?
So I understand that the Global South is increasingly
degrading encryption and maybe pressing democracy or something.
And still...so then you -- so how can I say?
So in Japan, many people actually, you know, do not -- many
people do not support privacy or freedom or something. We have a
bit of authoritarian tendency. And so we -- we actually use the
ways the Global North influence.
Making our policy or something. So we -- every country could
go either way, antiencryption, or encryption. And the -- many
country is not originally -- I'm not sure, many country are
naturally pursuing freedom or something. And we counter the
tendency with the Global North or West philosophy or...policy. But
still I think I heard that the Global South people think the Global
North influence is not always good for Global South policy or
something.
I might be misunderstand. So I'm still being caught offguard.
But I -- so yeah, my main concern, or my question is what am I
supposed to talk as a member of Global North or Global South.
>> OLAF KOLKMAN: Well, I -- thank you for your thoughts. One
of the things that I -- I thought about when discussing this, maybe
there is also a West-East I mentioned to this -- the way that
people approach this issue.
But I want to turn around -- I do have questions. But the
audience, either online -- and I trust that somebody will take care
of the online questions if they're there, or in the room.
Are people who want to add comments or say something or ask
something of our panelists?
Well, in that case I'm going to ask a question. And of course
panelists, feel free to discuss among you. Question I have around
WhatsApp. So the threat or -- threat -- yeah, I think it's a
threat -- that WhatsApp made was at some point, if this law is
going to be enforced in the U.K. if companies developing
technologies that will be able to scan content on the machines, and
we're pretty sure that's not safe, then we will draw from the
market.
But if you do that, you provide that market no encrypted
service any longer. And that means that the people who live there
don't have any means to communicate with confidentiality.
Of course that also fits in the playbook of nondemocratic
nations. That would like to see encrypted technologies leave
rather than come.
What's your thought on that?
Is the threat of leaving actually the threat that you want to
make?
>> PABLO BELLO: If I may, I can start with this one.
>> OLAF KOLKMAN: Yes, please.
>> PABLO BELLO: I would not say that this is a threat for
WhatsApp and encryption is in our DNA. WhatsApp is an encrypted
platform and is part of our definition. This is what we are. And
it's critical for WhatsApp to preserve that. And the issue with
the regulation that is being discussed in U.K. and maybe in the
European Union as well, is that we strongly believe that this kind
of regulation will break encryption.
We strongly believe that inside the -- it's against the
principles and the characteristic of encryption.
So if that regulation is enforced and we have to implement
clear insight scanning in order to create -- that will create a
huge risk not just for the U.K. people but also for the rest of the
world as well.
So it's not a threat, it's the idea that in order to keep
operating as an encrypted platform, it's not feasible for us to
comply with that approach if the deal is implemented in the worst
way that we are considered. So it's important to clarify that.
It's not that we are pressing regulators in order to change the
democratic decision of certain countries. It's that we are saying
that we will defend encryption in the same way that we went to the
Supreme Court in India to try to avoid ability prohibition that was
decide in the IT rules. In the same way that we are debating in
Brazil against trustability as well. We are defending encryption.
And the idea that to brave encryption, certain -- in one country
for a global platform, global communication platform as WhatsApp is
just not feasible.
>> OLAF KOLKMAN: But I think even if it's not a threat, but
really the result of not being able to operate the service on the
quality in a specific nation, the result is that you're out of that
nation after the regulation has been put into effect.
And that might actually be also a way for countries to impose
a regulation and see Signal and WhatsApp all leaving the country
and leaving the population of that country without any encryption.
Perhaps any of the other panelists would like to -- there's
a -- somebody from the audience.
>> AUDIENCE MEMBER: Thank you. I love this panel. And I
just wanted to comment on your question, the last question. I
think there's no compromise possible for these platforms once you
compromise on encryption, then I mean there's no going back. And
then there's just no more encryption possible.
I think that the question you asked and -- forgive me for
this -- but is a false dichotomy because it's not that either you
comply and then you offer your services to all these people, or you
don't and they don't have access to it. Like there is another
alternative to all of this. And this relates a lot to technology
called literacy of the people within that jurisdiction and I think
that we can work more on this and the same way in authoritarian
places where some of these apps are forbidden. People still have
access to them. Then like the same can be applied in other form of
nonauthoritarian per se jurisdictions too.
So I think that there are third, fourth, fifth alternative
ways to do this.
>> OLAF KOLKMAN: Thank you.
My name is Claude Austin, I'm part of Hermes center and I
follow a bit the discussion on global graphic -- this year has been
a stand affidavitized the MLS, messaging layer security. From the
ETF. And it's a protocol that allow European encryption,
interoperable, and interpreted here is the key. Because imagine
that in fact some of the countries want to hinder encryption. And
the first question was about how much this can create
fragmentation. But if you have an interact -- depending on the
client you have, you can plug in and that I hope the person who is
in the state can still get access to clients that are securing
their interest without doing scanning and without weakened
inscription. But these provision, this infrastructure can
guarantee that the world is safer as possible. And do not exist,
let's say, a monopoly to influence billions of people.
And as far as I know this was endorsed by Wire, by Google, and
not by Meta, meta actually withdraw their participation from the
working group.
So my question from our speaker, from WhatsApp is if he has
some comment, and if some how do you think that interviability will
also ensure more safety for all your users, or you want to avoid it
because it is the best way to keep the monopoly?
Thank you.
Look.
>>
>> PABLO BELLO: Look I'm not the technical expert on this
encryption at all. My background is economics. The
interoperability, it's regard the -- how to implement that without
reduce, or introduce -- without introduce original risk. And there
is a huge discussion with different perspective, a lot of experts
has -- states that the interoperability is proposed or decided by
the European Union in DMA, create some interpolatabilities in terms
of how it is -- who decides the standard. Why one standard? How
could that create implications in terms of the develop -- the
development of the different standards.
There are different approaches on encryption. End to end
inkwipgs, similar protocol is one. There are other approach, other
technologies. It's not an easy question.
It's important to have more solutions or more protocols
that -- in the pipeline. It's an ongoing discussion of course.
It's not an automatic approach on that. The critical aspect from
our perspective is to assure, ensure that the high standards that
we are introduced using the sigma protocol on WhatsApp is
protected. And at the same time -- and these are also -- the other
side of the discussion is that the integrity measures are also
available. In order to avoid some kind of the misuse of the
technology that is already a risk, that we already know that.
So it's ongoing discussion and I would refer to other people
from the company explaining the technicalities of our approach.
>> OLAF KOLKMAN: We have the chair of the IEB, who knows
everything about the ITF standards process.
>> Not everything.
>> OLAF KOLKMAN: Almost everything.
>> Being my name is Mikula, a chair of the architecture board.
I want to comment on your idea. What happens if you know, we don't
have encrypted communication platform anymore. And that's one
thing which is like a lot of circumvention we can still access
services in other countries because the Internet is a global
platform. So it's really hard to block access from just one
country. I think that's a very important point. The other point
is also encryption is not a layer. Encryption is a function that
you can implement on every layer of the stack. And the stack, the
way we design the Internet, the way we design Internet architecture
is that you can kind of stack things on each other. So you can
also always kind of add another layer with encryption.
Somewhere else. Right? So this might then be a cat and mouse
game, whatever. So that's also I wanted something to say. If you
try to break encryption here, chk this is not a silver bullet
because encryption is -- and security is a function, and not like
something that you're only deploying one place and then to comment
on the ITF, I cannot speak for Meta of course but I think you
cannot say somebody has withdrawn participation or whatever because
we design standards that a couple of companies are involved in the
designing process. Hopefully enough companies so we can design a
good protocol at the end where we have agreement between a lot of
groups. We design for all participants so everybody can adopt
that. For this specific case the reason why we're standardizing
something is not necessarily interoperability. Hopefully we come
there as well, different platforms maybe can talk to each other but
the reason why people came to the ITF, to standardize that is to
actually get this engagement from other companies and then get a
really good and secure and well designed protocol. But it doesn't
mean that like other people who don't deploy this protocol doesn't
deploy encryption because as the person from Meta just said there
are many approaches to that and it's not about interoperability if
you talk about encryption with one platform. I wouldn't read too
much into who is actually actively driving work in the ITF, it's
more important who is actually adopting and deploying these
technologies.
>> OLAF KOLKMAN: And that work really came out of a DMA
requirement, digital market act requirement or digital services
requirement. The -- I was asking a leading question, actually. So
I want to clarify that a little bit.
Suppose that we lose signal from the market, woo he lose
WhatsApp from the market and I think you also touched upon that.
Then one would hope that people are looking for different
alternatives. And of course the issue with companies like Meta,
like Signal, like telegram, they have an office. They have a
corporate presence. And I -- my prediction would be if something
like that happens, the users that -- the internet always routes
around its problems. That's a famous quote. I don't know who said
it. But the Internet always routes around the problems. Or the
only -- the Internet only just works. But also just delivers what
you need.
What I think what will happen is that people will start to
move to decentralized services. Just like the torii network,
professor Hatta, you have been working on that. The tour network
provides central means to encryption. During the -- the security
conference in last Vegas, deaf come, the quote of the deaf cow,
released valid a new protocol that's highly distributed and as
privacy and confidentiality guarantees.
Not to say that that has stand the test of time yet, but at
least those type of things I think the world will move to. That
was -- sorry for my -- for my intervention here. But that was a
leading question in some way.
>> AUDIENCE MEMBER: Hi, I just have a quick question I think
for the WhatsApp representative and it is on this topic as well.
The question for me, my focus on round encryption is
oftentimes one party, two-party conversation is one that's
requiring an encryption. On times it's the way that diasporic
populations communicate with each other. When we talk about
legislation that removes WhatsApp from U.K. a country that has tons
of migrants from all over the world, is some citizens who have
families in other parts of the world, is this a frame of like -- is
this a form of oppressing the Global South who are the -- your
earliest users and your earliest audiences and they find the most
use out of this, to this day?
Do we see the parallels between the Global North shutting down
communication lines that the Global South uses and then we've spent
decades condemning folks who shut down access to Google and do we
see there there might be a similarity where the North cares about
encryption and shutting it down and I'm sure the south does as well
but isn't seen how that is an oppressive concept and does what's
Happ p app have thoughts around this?
>> OLAF KOLKMAN: I'm going to wait for you to comment.
There's a question online and I want to take in and a question in
the hall that I want to take in and then I'll go back to the panel.
>> AUDIENCE MEMBER: Thank you. From Finland. Your comment
about going around it, I guess the quote we are looking for,
Internet interprets censorship as damage and routes around it.
That breaks with clients that are scanning. If they go all the way
down to the operating system. They make groog l put android, when
you speak, it goes to an application, then you're an Apple. That's
two companies and then you're out of luck.
>> OLAF KOLKMAN: I think that's a correct observation.
The question that we had online was from Monica.
From Germany, hi, could one conceive a legal case against a
government that with its encryption legislation is in violation of
international human rights by which it has signed up?
So it was a typo in that sentence. But I think that's a good
question to you.
Is that a case one can make?
>> Well, yes, we do a lot of that in the commission on human
rights. In the Americas a lot of proposals, regulation proposals
and other efforts of (Juliana Fonteles Da Silveira) of
nonencryption policies including Brazil. And what we do in the
international commission on human rights basically we have reports
and we issue recommendations to states. And to private companies
on those violations on human rights and how this affects human
rights besides only privacy. As I said, like freedom of expression
rights and discrimination, nondiscrimination rights and dignity.
And we also have other mechanisms such as public hearings,
where we also receive Civil Society and other actors to make a case
and discuss with states. Around those violations. So would be
something in this -- in this line.
>> OLAF KOLKMAN: Thank you, Juliana.
And there was the question --
>> AUDIENCE MEMBER: Over here.
>> OLAF KOLKMAN: But in the meantime I would like to offer
Pablo the opportunity to answer the other question in the room, if
you can.
>> PABLO BELLO: Yeah. Sure, so very quickly. Look, WhatsApp
of course don't want to stop working on U.K. at all. Quite the
opposite. WhatsApp wants to keep operating with the highest
standard of protection, with end to end encryption wold wide.
WhatsApp is mostly a global platform. By far most of our users are
in the Global South, India, Indonesia, Latin America, Brazil in
particular. This is where most of our users are.
And we have the duty and the responsibility to protect those
users all the time. So of course we want to continue working and
operating in the United Kingdom. And we want -- and this is why we
are pushing Harvard and is why we have this competition with other
countries and the Civil Society. That we have a regulation that
will affect -- that will affect encryption. Because we strongly
believe that this kind of regulation puts people's lives in
jeopardy. Not just in the U.K. but worldwide. So this is the
point.
And this is what we want. And this is what we will continue
doing. It's not a threat. And of course we want to protect the
diaspora. We are trying to protect people. Everywhere by
defending encryption. And we will continue doing that.
>> OLAF KOLKMAN: Thank you very much.
In the last five minutes of our panel I want to give the
panelists an opportunity to give final remarks. Each one minute.
Starting with Juliana.
>> JULIANA FONTELES DA SILVEIRA: Thank you. I'll just like
to say that we either have -- when we are talking about encryption
and human rights and I don't know line communications we don't have
an in-between situation. We either have encrypted and protected
private communications or we have readable message and
communication. We don't have evidence that shows that mass
surveillance allowed by no encryption policies have ever been
effective to safety as policy efforts claims. So I guess is that.
>> OLAF KOLKMAN: Will always be abused, is what you say.
Yeah. Professor Hatta.
>> MASAYUIK HATTA: Okay. Yeah, sorry, I'm kind of confused,
and I couldn't reply properly this time.
I think the basic attitude is that technology doesn't choose
the country or users. So you know, even if the country regulated
it, we can use it or -- you know, like WhatsApp or Signal, so like
Signal. Just walk away and just exit.
So I still don't understand the -- this discussion's main
point. Sorry.
>> OLAF KOLKMAN: Would users -- if those services would not
be available, since you've been contributed to the torii network,
do you think that is a way out?
>> MASAYUIK HATTA: I'm not -- I'm not sure what way out
means. But users can use it if -- even if it's banned or
prohibited. So I don't -- so the Global South problem about the
regulation or something, is basically a political program. In
Global South countries.
So...I'm sorry, I --
>> OLAF KOLKMAN: No, it's okay.
>> MASAYUIK HATTA: I still get the main point of this
discussion. But maybe I'm the only one. So thank you very much.
>> OLAF KOLKMAN: Thank you. Thank you.
Going online, Mariana, please. Final thoughts.
>> MARIANA CANTO SOBRAL: Just want to thank the debate, it
was a -- enjoyed very much the debate. And I leave here my voice
to echo with Juliana and say that encryption is a human rights
matter. And I think it's essential that we preserve encryption,
and the Global South take position of protecting it and not
threatening it. And I hope in the future -- the near future we can
adopt this position of relevance as we did in revelations in which
we built a very strong Civil Rights Internet framework in Brazil.
And I hope that we can also take this position in relation to
encryption to -- in getting regulation or even viewing policies
that are going to strengthen the encryption in Latin America.
>> OLAF KOLKMAN: Thank you.
Pablo.
>> PABLO BELLO: Thank you so much for the invitation once
again. My final message I think it's -- it's really leaving to
civil society, the technical community and the private sector, you
noted at the IGF to continue working together to convince some of
the governments of the Global North that weakening encryption will
make their own societies safer but will put millions of people at
risk. And most of them, most of the people affected are in the
Global South.
>> OLAF KOLKMAN: Thanks so much. Thank you. And last but
not least -- last but not least, Prateek.
>> PRATEEK WAGHRE: Thank you once again. I think this was a
very interesting discussion and conversation. Two quick point I
will echo what have been called across the room about the need for
solidarity to protect encryption. Because I think we are headed
for a slightly period in that sense. And that is the -- for a lot
of us to work together to ensure that it will be defended,
protected and advanced in the years to come.
Second, not so much of a remark, just to lead, I mention
disability. Some of you will be interested to know that over the
last couple of weeks there is a case in India where a high court
has handed out first disability order. Which I believe WhatsApp
has been able to get a stay for. I would say watch that space and
we'll have to see how that really works.
>> OLAF KOLKMAN: Thank you for that. And with that I would
like to thank the panelists and the -- engaging audience in the
room for input and comment.
I hope and think there is hope for this dossier, for keeping
encryption available for everybody. Because we also heard that if
we start eating away at it, not only at the legal side, but also
the -- side that will cause a race to the bottom. And would not
dare to see that happen. Thank you very much.
(Applause)