Christine Runnegar

Author Archives: Christine Runnegar

Making Intermediaries Liable for Encrypted Content Breaks Trust and Security

In December 2018, the Indian Ministry of Electronics & Information Technology (MeitY) proposed a significant change to its intermediary rules. The draft Information Technology  [Intermediaries Guidelines (Amendment) Rules] 2018 seeks to tie tech platforms’ (e.g., social media) protections from liability to an obligation to monitor and filter their users’ content. One of the proposed obligations is to ensure the traceability of messages, even if a service is end-to-end encrypted.

India is just one of many countries around the world experimenting with the idea that Internet intermediaries – specifically social media companies, like Facebook and Twitter – should no longer have immunity from liability for the content shared by their users. Other examples include the U.S. Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (the EARN IT Act), and the recent U.S. Executive Order on Preventing Online Censorship.

The motivation for changing the status quo varies, from wanting traceability of messages to counter the spread of disinformation or CSEM, to stopping objectionable content from being spread on social media, to preventing political messages from being labeled (e.g., as “misleading information”). Similarly, the approaches being considered to achieve this vary, ranging from Continue reading

Leaders of the G7: A Safer World Means Strong, Secure Communication

In the recent G7 outcome document “Combating the use of the Internet for Terrorism and Violent Extremist Purposes“, Ministers of the Interior made commitments on content filtering and “lawful access solutions” for encrypted content, which, if implemented, would greatly weaken the security of the Internet, G7 economies and their citizens.

While there is an urgent need to prevent terrorists and violent extremists from exploiting Internet platforms, facing down terrorist threats and cybercrime requires strong, secure communications. Not the opposite.

We find the commitments in the document cause for alarm.

Rather than encouraging Internet companies to weaken their security, global leaders should be discussing how to increase the use of encryption, make it easier to use, and harder to thwart.

Here’s why:

Encryption: What it is and why it is key to your security

As online threats of cybercrime, mass surveillance, data breaches have grown so has the use of encryption – to protect the confidentiality and the integrity of data that we all depend on.

Every responsible citizen wants to stop terrorism, and “lawful access” sounds like a reasonable way to access potentially crucial intel. The idea is that, under the appropriate legal authorization, legitimate law enforcement agencies Continue reading

Encryption Is Critical for the Australian Economy

On 17 July 2018, the Internet Society and its locally based chapter, Internet Australia, joined 75 organizations in signing a letter urging Australia not to pursue legislation that could undermine the security of encrypted services and devices used by Australians.

As Internet Society CEO Kathy Brown wrote last year, “strong encryption is an essential piece to the future of the world’s economy … it allows us to do our banking, conduct local and global business, run our power grids, operate communications networks, and do almost everything else”.

Encryption should be the norm for all Internet traffic and stored data.

The Internet Society recognizes the concerns of law enforcement and remains firm in its conviction that encryption is an important technical solution that all Internet users should use to protect their communications and data. Legal or technical measures that weaken encryption or other digital security tools will place the well-being of law-abiding Australians, and the Internet at large, at risk.

We urge you to stand with us in support of encryption.

Voice your support via #aussiesencrypt.

The post Encryption Is Critical for the Australian Economy appeared first on Internet Society.

Encryption and law enforcement can work together

The Internet Society and Chatham House will be hosting a roundtable of experts to deconstruct the debate on encryption and law enforcement access this week. I am not under any illusion that we will walk away with the solution. This is a complex problem: one that many have tried to solve, often with limited success. However, I am optimistic that the people in the room have the potential to look beyond their own positions, to consider the impact of decisions they may make concerning encryption, and to work together to unite two important societal objectives: the security of infrastructure, devices, data and communications; and the needs of law enforcement.

Perhaps the biggest dilemma facing both law enforcement and companies that provide digital services is – how much encryption is “enough” and who gets to decide?

There is an “encryption dichotomy” in the market: some services are more “law enforcement access friendly” than others. This dichotomy is not new. But, in the last four years, a number of leading tech companies with substantial customers bases have added more encryption and removed their ability to decrypt their customers’ content, to increase the privacy and security of their services. A side-effect of these Continue reading