IGF 2019 – Day 3 – Convention Hall I-D – OF #38 Exceptional Access and the Future of the Internet Security

The following are the outputs of the real-time captioning taken during the Fourteenth Annual Meeting of the Internet Governance Forum (IGF) in Berlin, Germany, from 25 to 29 November 2019. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

>> Hello, everybody.  Please have a seat.  We are about to start the session.  Hopefully in time.  Exactly.  I'm about to fix this in a second, but I want people to please sit, if you can.  So I will officially open that session.  Thank you for coming in.  Ladies and gentlemen, please ask for this Open Forum.  Number 38.  It is rightly written on the door it's about exception and access of Internet security what it will be in encryption and we will discuss consolidation that was previous little to look at.  Although, consolidation is a very important for society, but we won't discuss this today.  My name is Frederick.  I am the director and I am very happy on behalf of the Internet Society to welcome you today, to welcome our community.  We have to organize this session where we talk about our work, about ISOC doing.  So the conversation of today will be behind this complex title.  It will be much about encryption and you will understand why it is so important for us.

Before we get there, I will have the pleasure to introduce our Senior Vice President for structure implementation.  And I would like you, if you can, just see if you will support our plan.  Thank you.

>> Thank you very much, Frederick.  Good morning, everyone.  Have you all had your morning coffee?  I hope so.  Okay.  I see smiles and nods.  That's good.

I'd like to set a bit of content for this session that you're going to have today in terms of what the Internet Society thinks is important.  Some of you may have noticed that on Monday, the internet society released it's action plan for the year 2020.  And in this action plan, there are eight projects.  It's unheard you for the Internet Society to have projects that are less than 30 in a year.  So it's the first time that we're actually focusing and the reason that we're focusing is because we want to be able to demonstrate our impact.  By focusing, it helps us to be able to concentrate our resources and to show the impact we have on the internet around the world.

In the next 6 years between 2020 and 2025, we will be focused on building a stronger Internet and a bigger internet.  And in the action plan from the 8 projects, you will have a sense of what that means.  For example, on a bigger Internet section, you will see efforts of projects like community networks, building the capacity of the Technical Community where it doesn't exist to help deploy infrastructure and expanding infrastructure for the Internet through establishing internet exchange points.  Between last year and this year, we have established 40 Internet exchange points around the world.  And about 15 of those are in the region of Africa.  So that's just an example of what we're doing on building a bigger Internet.  The session today is part of the focus on building a stronger Internet.  And the key projects under this area include stronger routing security under the managed project or deploying network time security, which doesn't yet exist.  And this should concern everyone.  When network time is not secure, your transactions on the Internet are not secure including your financial transactions.  So it's not in place yet in the internet society is starting to work on it.  Encryption is one of our flagship objects.  And end to end encryption is something that is essential for a stronger Internet.  And this session would help you understand why.  So I wish you all the best and I ask that you take a look at our action plan because what we would like to do is work with everyone to create an Internet that is for everyone, that is bigger enough to cover everyone on the planet,bi also stronger to make it secure for everyone as well.  Thank you.  Over to you, Fred.

>> Fred:  Thank you.  And thank you for this introduction so we all have the context which leads me to then go into the session in question.  You know the format already.  We will talk about encryptions, but we will like to hear from you so expect in 20 minutes when we'll have shut down the doors so nobody can escape expect us to ask you to break out in different session and feedback us on how see those issues from different perspectives.

So I'm very pleased and honored to have three experts on encryption and I'm telling you.  Those guys know a lot.  I will introduce them all and I will ask the first questions.  I will ask them and I know they can talk about encryption about ours and I will ask them to be very short that would be five, 6 minutes so that we have time for the reflection starting to introduce Luke just sitting next to Renalia.  And echo the German association of the industry and networks.  Thanks for being there.

We have Peter the President of the Internet Society German chapter.  Thank you much, Peter.  And last but not least Olaf.  I would like to start with you.  We'll talk about encryption, but what is encryption, please.

>> Olaf:  I didn't see that coming.  Yeah.  Encryption is in essence a very, very technical topic when you get down to the details of it.  But on a high level, it is a methodology to keep our communications when we communicate to each other or our data when we store it anywhere confidential, protect its integrity.  So making sure it is not being changed and making sure and often days that we can authenticate where our communication comes from.  Those three things are very, very important.  Confidentiality is something that we depend on when going about our daily business in the life of the Internet because there are so many other parties that can look at what we're doing when we're on the Internet.  The Internet is a global system and our data goes about the Internet in many, many different ways.  When I start your day and you look at your diary, your diary is stored somewhere in the Cloud.  Would you want someone to look at your diary?  Maybe you have nothing to hide, but maybe you have a different appointment that says you are dating or meeting with a bank or you're going to go to a hospital.  When data is stored, data is stored in the Cloud or with a service.  It is very important that data is encrypted.  It is not always the case.  And if those data are then stolen, what happens then?  Well, then you have the big data breaches because everybody can read what your social security number is, your bank account number, your credit card number, your home address, your birthday, all the type of things that you don't want to see stolen.  Finally, you know, we have these things.  These things are filled with our personal information.  What happens if they're stolen?  Not only can people make endless calls on your bill, but there's so much valuable information.  I don't want to lose this because my credit card is in here physically, but on the device itself too.  There's a lot of information that you really don't want to see exposed.  The problem in the internet is that the tech service on the Internet is a global one.  That means that anybody from any place in the world can in essence attack our conversations or listen to our conversations if carefully planned, so to speak.  That is why we protect our systems with encryption.  And the way those systems are designed are such that you cannot trust anybody.  That is, um, the design of the system is built such that any party in the system cannot be trusted except the user at the end points, except the user who is entrusted with a password or key or something.  The encryption mechanisms are all open and public so that everyone can validate and you don't necessarily have to trust the inventor of this algorithm.  Everybody, every scientist that has a little bit of clue about this can actually assess whether that encryption mechanism is valid.S implementation is usually open source.  So that you don't have to trust a specific entity that says yeah.  You can trust me.  You can trust me.  Okay.  Nothing to see here.  Now you don't have to trust me.  You can look yourself.  That's come we call a zero trust architecture.  Exceptional access is the wish of government entities for access to encrypted communication.  Often for very valid policy reasons for public safety and so on and so forth.  The issue on the Internet is that we have not found a way in a zero trust architecture where we do not have to trust on the implementation and the policies around that type of exceptional access.  Introducing somebody else in your conversation without you knowing it.

On a global scale, that is very hard to acquire.  We don't know technically how to do that, how we trust the German government to get into our communication under lawful, you know, lawful protection of individuals.  And at the same time, not allow any other government to get into our communication because we may not trust the procedures in that place.  So there is a both a very real technical question.  There is no consensus how you can build this type of architecture in a zero trust architecture so to speak, how you can build exceptional access whether it's back doors or front doors, those are all words that fall into this context.  It's not possible.  People don't know this yet.  There are valid policies and concerns.  Not going to argue that.  So that is encryption and exceptional access in a nut shell.  And with that, back to ‑‑ I'm good.  I said what I said.

>> Fred:  Excellent.  Thank you.  We're presenting equal.  What is your take on encryption?  What is the situation from your perspective?

>> Yes.  Obviously from an industry perspective, encryption has become very important, especially since 2013, people are interested that the data is secure, data and transfer is secure, but also store data is secure.  It leads to this interesting quest that you have adversary here which states law enforcement, which is typically not the adversary.  Someone helping to bring about security and safety at least that goes for most countries, I believe.  So the discussions we're having right now I actually not so much about encryption.  That is a bit strange maybe, but about the question of how can ‑‑ it's not the question of how can access to data and transfer be arranged because the data and transfer in the encryption mechanisms are supposedly secure and they're typically as secure which leads to the question:  How can I access data before encryption or after decryption of the data?  So access to devices which leads us to the question about how secure operating systems is there an exceptional access to operating systems can companies be compelled to weaken their encryption mechanisms or give access to devices which are typically encrypted that we have seen in the case of FBI and Apple, for example.  But in a lot of countries, there's also discussion about how is stored data being arranged?  Is it allow the data which is stored with Cloud service providers?  Can that be encrypted by the company?  Always have to differentiate between end to end security.  This is what we've been introduced to.  Should user arrange security for themselves or will a company do that for them?  Do you rely on a service provider to encrypt data for you and store data for you.  That is very difficult for industry because typically when we encrypt and store data for you, we can be compelled by government to release that data or decrypt that data only when encryption is arranged by the users themselves, will it be really secure because it can do what is most important with the public mechanisms and algorithms being used.  The actual strong points of encryption is in the keys is in the C cribs and you have to do that yourself.  Store them locally and only you yourself have to arrange for these keys to be held with you, which is incompatible with the know how of most users.  Most users do not have the technical means, the know how to do that.  So they will rely on companies doing it for them.  That's a problem which we as industry try to solve and most security mechanisms on the market right now by itself are secure and will either give you in transet and storage on your local device.  It will be very safe, but we might be compelled to release that data.  And that is really the discussion we're having and which I would like to discuss here as well and what are the positions, what can individuals do to further that discussion locally that the real security is about ‑‑ is in arranging it and not having the exceptional access by governments because that is really the problem we're having right now.  Thank you.

>> Fred:  Thank you.  I was looking forward to ask these questions to the Group of people here.  Is that clear?  Do you have any questions to Olaf or (inaudible)?  Because that is a key issue from our perspective.  Don't hesitate to just laze your hands if you don't see that clearly.  Yes, that's close and we would like to discuss that with you.  Okay.  It's clear.  Let's go then to you, Peter.  I know you have a meeting here in Germany a couple of days ago about this with a lot of different Germans.  Can you report back on what happened then?

>> Peter:  Yeah.  Thank you, Frederick.  Indeed, the German chapter had an annual event just on Sunday the day minus 1 of the IGF here in Berlin where we invited our members in the public to a panel session to discuss a topic of encryption and regulation of encryption and breaking encryption.  I build on what Clouse said.  We say maybe one word in the German language, we don't distinguish between safety and security.  We use the same words so as some other languages do which makes some discussions a bit more complicated about the German part, of course.  And so I'm probably missing the punch line and I will translate what the topic of the session was.  More safety by less cryptography.  That's the theme of the session was.  This goes back to what Olaf said.  What are we talking about today when we talk about breaking encryption?  Let me go back a bit in history maybe.

So Olaf already explained this is very technical and without going into details.  We do have encryption algorithms and screams and some are weaker than others and some are better.  We usually use keys of a different strength.  And back in the day when this encryption was invented, there were perceptions of danger of having encrypted communication because yes.  Governments or military or other interested parties couldn't listen in.  They could listen in on cable, but they would get garbled information.  What happened is there were airport restrictions on this.  You can only export software and keys of a length that is hopefully the criminal around the corner would not be able to break, but the state anter would be able to break.  That went away because, of course, in international trade and communications, it is important to protect the end to end again communication between parties against a variety of actors and actually using weak keys would also give access to unintended parties.bi maybe the criminal organization that is a bit more equipped or that has the haven't of another state actor.  So way beyond that.

And then when people talk about breaking encryption, sometimes the idea that the scheme itself could be broken.  And there is an arms race, of course, between people who developed the encryption and people who tried to break them.  The people who tried to break those, they are very, very important because they delivers peer review or the public scrutiny on the strength of the algorithms.  Most of them are considered secure because researches and transparent processes all over the world weren't able to break them over a long period of time.  And that's some mathematical and computer science why we think they are strong, but this is something that is very much founded in scientific evidence or practice I should say.  Which means the idea that we could break the scheme that is in theory still possible and then once in a while you find news articles where people say they broke something, that might be the case when it comes to all the algorithms, but not the ones today.  So again, people talk about breaking encryption is not so much about attacking the mathematics behind it.  It is about finding other doors into the encrypted channel that is either like if you're in a secure tunnel, you are fine.  You need to get into the tunnel on one end and you might want to get out of the tunnel on the other.  They can, of course, whatever you are doing in that secure tunnel, at the end, they will catch you.  This is what happens with encryption.  You can dig holes into tunnels.  This is like getting in and that is one idea that the encryption could be intercepted ‑‑ you could mimic somebody.  You could mimic the real end of the tunnel and still be a party that shouldn't be a part of the conversation.  That's one part that is thought about and Olaf mentioned that already.  How could we forge the recipient?  This whole security thing is not only about the encryption the confidentiality of the communication, but what's important is that you are very, very certain you are talking to the right partner on the other side and only to that partner and not some other party that's in that encryption, unless, of course, you intent to communicate with a number of partners at the same time.  So the undetected addition, undetected addition of able recipients is when people talk about breaking the encryption which is a misnomer, but we need to live with that.  And that's what much of the ideas are.  So we had a member of parliament from the opposition parties, I should say.  We had Clouse on the panel.  We unfortunately and really that person had to bail out on the very last minute.  We would love to have a person from the ministry of the interior who is in charge of the cyber capabilities.  So we had a bit of round up and we had somebody from data protection and really a scientific in criminal research.

One of the claims that was brought forward is one of the claims of state authorities and yeah.  Everybody is going dark through encryption.  Terrorisms and criminals use encryption.  They drink water and they eat bread.  With the encryption, of course, all the capabilities of this untempered communication is also available to those criminal and other bad actors.  That's true.  The claim is that authorities are going dark.  And the research that made that remark is a very narrow view in this whole scenario because in addition to encryption, law enforcement today has a lot of our opportunities.  I want to show you his Smartphone.  You know what, when it is sees under certain circumstances, information can be gathered that has loss of check logs available that wasn't available to law enforcement 25 years ago.  Not everybody took written notes from the site conversation in some spooky corner of the city.  This is what happens today.  So that's one important point to look at the overall balance.  What additional information does IT deliver that wasn't present before and that needs to be compared to what can be hidden by encryption and encrypted communication?  So that's one take away.  And the other is probably these exceptional circumstances and the regulations are very difficult.  Technology is very, very much neutral.  The scheme doesn't know whether you are communicating your bank details or whether that encrypted scream is your plan to Rob your bank or maybe another bank.  That is not to diver that scheme.  It cannot be decided from the outside because it is all encrypted.  You can't have somebody who is a suspect.  That's the thing where it gets technically interesting.  So what to do.  I'm not talking about mast surveillance, but if we have a sustain or a limited number of suspects, what is available then.  What can this edition of an additional hidden recipient, highway can that work?  The discussion is going to go on a technical level.  I think I'll leave you with that.  Thank you.

>> Fred:  I appreciate that.  So you have a very whole view of encryption issues.

So back to decision ‑‑ actually, back to you.  My colleagues, they know who they are, will help me for the breaking sessions and we have to look also to have each of our experts coming into one of the three Groups.  Let's constitute three Groups.  We're very easy.  We're having three parts in the room.  So one Group, another Group and a different Group.  Please colleagues, if you can stand up and help us to gather all the time herding cats and defining who will be reporting.  The questions that you may ask yourself, of course, are the situation and your respective country.  Do you encryption of the threat?  What are the reasoning that it is being expressed for encryptions to be broken in your country?  Do you have any perspective on this.  This is also to help us better promoting what we just discussed.  So how could we improve the narrative about the importance of encryption, what is your role, how do you see your own row with your own respective community when you get back home.  These are the different issues we would invite you to discuss.  Any other questions that you may have?  All speakers spoke about (inaudible) backwards, but updoors governments may have build.  There is one of the trick that some governance may be willing to find.  We would be happy to answer any questions you may have.  With there in mind, I see Raquel we saw in order.  Please gather people.  I sea Raquel there.  We have Leah over there and we have Duran here behind me.  Could you please have three equal Groups to work on and then I will ask Olaf and you, Peter, and you Clouse to meet those Groups and discuss with them.  Thank you very much.  You can take a mic and speak.

>> I will.  Thank you, Fred.  Please, if you can spread into the Groups and come over, thank you.

(breakout session)

>> Okay.  5 minutes, everybody.  5 minutes.  Okay.  Thank you.  One minute time for conclusion.  Please.  One minute.  Okay.  So I'm sorry.  I'm the party pooper.  I will have to interrupt you.  I schedule each of the Group will receive the microphone and I will ask each of you in each Group to take the lead and report back.  I'm sorry.  It's always the same.  It's very painful to interrupt you.  I apologize for this.  It is now 1 o'clock and we will be expelled from this room.  So stay where you are.  The microphone come to your Group and I will ask each of the Group to report back.  Who will start by way of hands?  Duran, your Group.  Could I have your attention, please?  Stay where you are.  It's okay and listen to each other.  Please, introduce yourself in the report.

>> Hello?  Hi, everyone.  My name is Louis.  I'm from the USOC youth Ambassador.  My Group has had it was a very fruitful discussion.  We spoke about firstly that there must be more conversations on decentralizations on blockchains, et cetera, and not purely focusing on encryption.  Another thing that we discussed is that it is also important to allow and exceptional access would mean to create an opportunity not only for the law, but also space for the bad actors to abuse.  And therefore, when we design an encryption, we must ‑‑ the recommendation is to remove any need of trust of users using that technology in good faith because if you allow an exception of access, it is always open to (inaudible) bad actors to abuse.  We also spoke about the importance of raising awareness and humanizing the dialogue with encryption and allow users to know the importance of this encryption and at the same time, the potential cons are adverse effects of having exception access.  Thank you very much.

>> Fred:  Thank you very much.  Make sure that you share those conclusions with Duran who has led the Group with you.  Thank you very much.

Second Group, Leah.  Could you please report back from your Group, Leah.  Who is in charge?

>> Hello, everyone.  I am Hughing from the ISOC, IGF Ambassadors.  Our Group we talk about the importance of encryption.  What are the issues around personal countries.  People are more easy to speak.  Companies have to have more secure (inaudible) about the data and also they have to have (inaudible) prediction going into Australia.  This is about encryption that can be different.  So on the other end, we have the personal rights and on the other end, we have the project team rights.  We also talked about the law enforcement about (inaudible) and also there are some RNS and we are still dealing with some issues.  We made a (inaudible) about the privacy and infringement and we need to let the government bring encryption when it needs to be done.

We also talked about (inaudible) and not also to just bring it, but implement it.  So every citizen can understand what is that encryption and what is it imprinted for them.  We also know their rights to speak one to one.  So someone from (inaudible) said that and it was really important.  We talked about open policies and we realize that when it is bigger debates on values, when it comes to encryption, privacy and security, we talked about socializing lows.  We talk also about the (inaudible) where we need to have more human rights about privacy.  What is important to have it and the hand we realize that is not only to have encryption, but also about to be insecure and everyone can understand on a national and then international level.  Thank you.

>> Fred:  Thank you very much.  Leah, make sure we have those conclusions.  Turning to you Raquel.  The floor is ours.

>> We had a very fruitful discussion on encryption and why it matters.  The exception point on which we dwelled upon was why citizens getting about encryptions which think about those that I balanced, but do we know private and security?  One of the suggestions that our Group thought of was maybe a spiral development framework during to enforce the rule of law.  And then insuring encryption is done.  Then we had comments from various participants like regarding the back up services infrastructure or back up of data and what problem and what implications it would have for ability Groups like youth, women and marginalized Groups and how the importance of data act field to awareness of encryption in the future.  Then there was discussion about how not only a (inaudible) is important, but encryption is a very broad spectrum and it needs to be understand from various view points from a multi‑stakeholder policy Group from the points of you for technology or economists or maybe (inaudible)  So we need to have all communities in common to build the future technology and leverage platforms to integrate solutions to make data more informative and more accessible and more encrypted.  How controlled seas of data can yield to end to end point and encryption was also discussed and there were solutions of which were proposed by the Group to foster the encryption in the Internet ecosystem and make sure that proactive approach is taken both guy the government and stakeholders and end users and the companies and make sure that encryption is a viable thing in the future as well.  There was a very good point.  This lady mentioned about the distrust environment in some parts and how to insure that data is licensed between companies, users and governments and access that information.  We touched risk points in the process of the encryption and the solution that we came up with is how Internet education especially encryption in curriculum with go a long way on what encryption is from a technological point of view to a policymaker so that he makes better laws.  And lastly, we had a participant from Kenya.  The mouse security of revolution for access to information is sometimes leads to confusion as to how to make an informed choice about which platform to use.  So we dwell about these ways touch points and it was a very fruitful discussion I have.  It was a very limited time.  I would request participants and all the IGF comedy to give us more time.  Maybe Poland to take this forward discussion and yes.  Some discussions we touched and we look forward to the deliberation.

>> Fred:  Thank you so much.

[APPLAUSE]

Yeah.  Applause to all of you.  You realize what we are able to do in just 20 minutes and I agree with the last speaker.  I would love to continue this conversation.  The good news is that this conversation will continue as ‑‑ please check our 2020 plan that's just been released in which you will see encryption is one of the key projects that ISOC will endeavor hopefully with you in the next comes weeks, months and years.

So thanks a million for your participations.  So sorry that we have to interrupt, but we can continue discussing this around during the lunch or wherever you meet.  I would like to thank our speakers you, Peter and my colleague from ISOC who helped organize decisions and thanks to you.  This meeting has ended.  Thank you very much again.  Bye.