Encryption debate crackles as Crypto Summit draws to a close


Access’ Crypto Summit finished after a long day of spirited debate about one of the most pressing issues confronting technology today — encryption and the future of the internet.

The summit came at a critical time in which two separate scandals underscored encryption’s role in our everyday lives. The first involved the breach of the U.S. government’s Office of Personnel Management, in which 21.5 million personal records of government employees were stolen by hackers. The second event had direct implications for the human rights community with the security breach of the Italy-based technology firm Hacking Team. Leaks from that breach revealed the extent to which Hacking Team was selling intrusion software to repressive governments, software that was in turn used to jail dissidents and journalists. The stakes at the Crypto Summit were, in other words, very real.

The conference kicked off with a retelling of the so-called Crypto Wars of the 1990s, a period in which the U.S. government banned the export of strong encryption technology. Ultimately, the ban was lifted after pressure from technologists, civil society activists, and government officials such as U.S. Representative Zoe Lofgren. The panel discussion also prompted an important statement by an Obama administration official. Alan Davidson, Director for Digital Economy at the Commerce Department, boldly declared that “we still need encryption and with the challenges we face on cybersecurity, encryption remains even more essential to protecting safety and commerce online.” [1]

The next panel focused on the technical aspects of encryption, while pointing out difficulties in implementing cryptography in complex systems for many users. The Internet of Things raises significant security concerns, for example — health devices could improperly administer doses of medicine to patients, and even simple devices such as baby cams could leak highly personal information about families. These are highly intimate spheres of privacy that affect all people.

The Summit debate raised to a fever pitch when Sarah McKune, Nate Cardozo, Jamil Jaffer, and Carrie Cordero discussed how the law should properly treat cryptography and “backdoors” for law enforcement to gain access to data. Cardozo and McKune highlighted the drastic effects that weak encryption can have on marginalized communities and dissidents around the world. Jaffer warned that civil society must address the challenge encryption poses for law enforcement in a meaningful way, or the U.S. Congress will simply make bad laws that no one likes as soon as the next terrorist attack occurs. McKune, in turn, countered that law enforcement has a burden to identify the other tools it has to conduct its work before demanding a new one that could ultimately undermine the entire internet.

After a separate panel that invited audience participation to identify challenges and opportunities for cryptography, the conference closed with two high profile video presentations. The United Nations Special Rapporteur for freedom of expression and opinion, David Kaye, shared the findings of his new report on encryption and anonymity. Recently released at the UN, the report garnered input from numerous stakeholders. Kaye encouraged participants to recognize the value of using human rights language when discussing encryption, and how the key concepts of necessity and proportionality should underpin our consideration of new technologies. Representative Zoe Lofgren, pulled into Congress for a last-minute vote, urged participants to remember the lessons of the Crypto Wars of the 1990s when seeking solutions.

All of these sessions were captured on video and by a talented graphic recorder, who creatively visualized the various discussions with charts and diagrams. We’ll be sharing his drawings soon over social media — follow us on Twitter or on Facebook to have a look. We also launched our new report on digital rights and business [PDF],which we encourage you to read.

The Crypto Summit was envisioned as the first of two short conferences. The second installment will occur at RightsCon 2016 in Silicon Valley, where we hope to build on the concrete lessons we learned and answer the difficult questions posed by this inaugural event. We hope you’ll join us.

[1] Quote courtesy of David Perrera, Politico

photo by John Conroy