On 17 June 2021, EIF organised the virtual debate ‘Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?’.
The event, co-hosted by European Parliament Vice-President and EIF member Marcel Kolaja and MEP and EIF member Patrick Breyer, was moderated by EIF Director General Maria Rosa Gibellini. The following speakers shared their perspectives on the ongoing encryption debate:
- Guillaume Poupard, Director General, The French National Cybersecurity Agency (ANSSI)
- Bruce Schneier, American cryptographer, computer security professional, privacy specialist, writer
- Alexander Hanff, Co-founder and CEO, Think Privacy
- Neeti Biyani, Policy and Advocacy Manager, Internet Society
Marcel Kolaja MEP underlined that privacy is indispensable for any democratic system: it is a key enabler for individuals to practice and enjoy other fundamental rights and to enable a free exchange of ideas. The IMCO Committee is working on ways to make critical infrastructure secure and important services stronger, trying to incentivise Member States to promote strong encryption and cryptography and to encourage all players to develop cybersecurity skills.
Unfortunately, warned the Vice-President, in parallel to this initiative, other legislation that would have an adverse effect on consumer protection, innovation and the functioning of the Internal Market is moving forward. We need to promote a coherent approach, strengthening the privacy and security of users.
According to Patrick Breyer MEP, a long-time civil liberties and privacy activist, surveillance, distrust and fear are gradually transforming our society into one of “uncritical consumers who think they have nothing to hide and, in a vain attempt to achieve total security, are prepared to give up their freedoms.”
The supporters of breaking encryption use an emotional frame to legitimise what will become the EU’s first legislation on mass surveillance: email, messaging and chat services providers will be able to screen the content of every private message for alleged child pornography. This legislation will be voted in July and the European Commission will follow up with legislation to make this screening mandatory. So much awareness and understanding are needed for lawmakers to get it right, asserted the MEP.
Guillaume Poupard, former cryptographer and now head of the French national authority for cybersecurity, underlined the importance of cryptography technology to protect ourselves. We need to talk about real solutions because global security, including privacy, is the most important thing to achieve.
We know that simple solutions like weakening crypto don’t work because it’s impossible to have systems with a level of security low enough to be decrypted by investigators and not by criminals. In order to find ideas on a possible solution, we need (1) a clear analysis from a cybersecurity point of view and (2) openness and transparency. We need to change the minds of people working on these domains.
Bruce Schneier seconded the opinion that we must not talk about security vs. privacy, but about security vs. security. Today we all use the same systems and the same protocols and we can either design this for security or for surveillance: what is important for security is that defence has to dominate – as long as a smartphone is in the pocket of every single person, it is essential that this be secure.
“If I am going to build a smartphone with some kind of access mechanism, that mechanism technically is there and is available for others who want to use it. We are incredibly vulnerable in cyberspace, and in that world, defence has to win over offence.”
Alexander Hanff focused on how, if we give up privacy, we give up all other freedoms which rely on it: freedom of speech, movement, opinion, thought – which make us innovative and our societies democratic.
According to Mr. Hanff, there is a need to prevent people from commiting abuse rather than dealing with the consequences and more money should be spent on research.
Even if we don’t manage to find a solution, said Mr. Hanff, there are other ways that can help dealing with the consequences of an abuse such as modern technologies and modern techniques – for example, homomorphic encryption – which would allow for the inspection of communications without undermining encryption and confidentiality.
Neeti Biyani prompted the audience on the economic importance of encryption as the strongest tool to protect us. Cryptographic technology plays a crucial role in maintaining the trustworthiness of the internet by protecting the integrity and the confidentiality of data: according to the Internet Society, represented by Ms. Biyani, encryption is the strongest and most widely available form of privacy and security.
Nevertheless, Ms. Biyani warned against a dangerous trend of policymakers using the excuse of addressing illegal and harmful content in order to pass legislation to break encryption, undermining, in this way: privacy, individual and national security, economic growth and innovation. It is crucial to keep people’s data safe not only for the sake of privacy and security, but also for the sake of the economy.