Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Where next for encryption regulation?

994 vues

Publié le

Short presentation at Annenberg-Oxford summer school on media policy, 9 July 2015.

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Where next for encryption regulation?

  1. 1. WHERE NEXT FOR ENCRYPTION REGULATION? PROF. IAN BROWN OXFORD INTERNET INSTITUTE @IANBROWNOII
  2. 2. TECHNOLOGY DEVELOPMENTS End-to-end encryption (WhatsApp, Signal, OTR, Yahoo/Google mail), peer-to-peer (Tor) systems Storage encryption using client-held keys is relatively straightforward – on devices (Android, iOS) and Cloud (e.g. SpiderOak) Homomorphic encryption in the cloud? Verifiable?
  3. 3. SECURITY FRAMING FBI Director James Comey: “It makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact. And with sophisticated encryption, there might be no solution, leaving the government at a dead end — all in the name of privacy and network security.” (2014) UK Prime Minister David Cameron: “In our country, do we want to allow a means of communication between people which, even in extremis, with a signed warrant from the home secretary personally, that we cannot read?” (2015)
  4. 4. NATIONAL POLICIES US: successful industry and civil society advocacy, European country reaction (France), availability of foreign and open source unrestricted software, and 1st amendment cases resulted in relaxation of export controls Sept 1999. India: RIM agreed early 2012 to set up Mumbai server allowing lawful access to BlackBerry individual accounts. Enterprise System accounts not “high concern”. China: indigenous innovation policies; various govt attempts to mandate Chinese non-public encryption algorithms and protocols, esp. in (broadly-defined) CNI. Most have faded, but ZuC algorithms accepted by ETSI as optional for 4G – mandated in China? Russia: GOST block cipher (other ciphers restricted import), TPM import restrictions P Swire and K Ahmad, Encryption and Globalisation, Columbia Science and Technology Law Review, Spring 2012, Vol. 13, pp.416—481
  5. 5. COUNCIL OF EUROPE PARLIAMENTARY ASSEMBLY “17…Assembly strongly endorses…the European Parliament’s call to promote the wide use of encryption and resist any attempts to weaken encryption and other Internet safety standards, not only in the interest of privacy, but also in the interest of threats against national security posed by rogue States.” “19.5 [urges States to] promote the further development of user-friendly (automatic) data protection techniques capable of countering mass surveillance and any other threats to Internet security”
  6. 6. UN SPECIAL RAPPORTEUR REPORT “Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief. For instance, they enable private communications and can shield an opinion from outside scrutiny, particularly important in hostile political, social, religious and legal environments. Where States impose unlawful censorship through filtering and other technologies, the use of encryption and anonymity may empower individuals to circumvent barriers and access information and ideas without the intrusion of authorities. Journalists, researchers, lawyers and civil society rely on encryption and anonymity to shield themselves (and their sources, clients and partners) from surveillance and harassment. The ability to search the web, develop ideas and communicate securely may be the only way in which many can explore basic aspects of identity, such as one’s gender, religion, ethnicity, national origin or sexuality.”
  7. 7. ISSUES What are the similarities/differences in political economy from the late 1990s (which resulted in crypto liberalisation in the OECD member states) and today? 1. Interests of actors – industry (OTT providers, access and core networks, OS and application vendors, smartphone manufacturers, mobile operators), civil society (rights advocates, safety/security campaigners…), states, INGOs 2. Which forums are key for decision-making? Governance of rights, regulatory oversight and accountability, and technical infrastructures. Multi-stakeholder processes, multi-actor governance, and the roles of civil society, advocates and technical developers.

×