IGF 2022 Day 4 Open Forum #85 Security for whom?: Manifestations of weakened encryption

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



(no audio) ‑‑ so we can debug that problem if it's a two‑way problem.  Okay.  So ‑‑

>> Hello. 


>> Hello. 

>> MALLORY KNODEL: Great.  We can hear you.  All right.  So we just have one panelist who's not yet online, but I think, because we only have a short hour, that we should go ahead and get started and hopefully Luiza joins us a bit later.  All right.  So welcome, everyone.  This is an Open Forum with the Global Encryption Coalition.  So we have members of that coalition here with us today to talk about the fight for strong encryption everywhere and also the policy threats to that from all corners of the world.  Thank you so much for joining in person and online on the last day of the IGF.  I will get into the panel and frame that panel very soon, because that will be the meat of our discussion, but because this is Open Forum and we're here to talk about this coalition as an ongoing process that people can learn about and get involved with, I want to first turn it over to Sheetal Kumar who also joins me as a steering committee member.  I should have introduced myself.  I'm at the Center for Democracy & Technology who is one of the steering committee members, ISOC also.  And so Sheetal is just going to give everyone an overview of the Global Encryption Coalition and then we will frame the panel and get into respondents.  Okay. 

>> SHEETAL KUMAR: Okay.  Thanks, Mallory.  I hope you can all hear me.  So as Mallory mentioned, the global partnership is one of three steering committee members of the Global Encryption Coalition.  Why do we exist?  Why were we set up?  Well, we are seeing all around the world, and we have for a number of years, threats, legislative and policy threats, to encryption.  Despite the fact that strong encryption is essential to protecting and preserving privacy online but also the security of our communications.  And so we've set up the Global Encryption Coalition in May 2020 to address those threats, to work together, wherever they may arise, to essentially fight back.  And the way that we do that is by providing support to members.  I forget how many members we have now, but it's well over 100 in different countries around the world.  And we provide that support in connecting to a network that can raise awareness about these threats.  We, for example, submit input into consultations where they are on any legislative policy proposals that would undermine encryption.  And we've had some successes, which I think we can speak about. 

     And, of course, as a network, we share information.  We, for example, organize information‑sharing calls so that our members are aware of the threats to encryption that exist, and we can work together to address those.  We also have launched a Global Encryption Day which takes place every October.  I mean, we've had two now.  So I think we can say it does take place every October, at least we have recently celebrated it to advance understanding of how encryption is under threat, to commit to protecting, preserving strong encryption and to call on everyone to do that and to join us in this effort. 

     So the Global Encryption Coalition is open to membership.  You can just go online and select ‑‑ I think there's a tab at the top of the website to find out more.  Of course, we are willing to discuss that with you in more detail.  But I think with this Open Forum, we wanted to share with you some of the work that members have been doing, some of the threats that we're seeing, and discuss with you what the Global Encryption Coalition can and is doing.  Thanks, Mallory. 

>> MALLORY KNODEL: Thanks for that overview, Sheetal.  So now that we've brought all ‑‑ we've brought a really great cross‑section of our membership to this Open Forum.  So I want to spend as much time having you listen to them as possible.  But I did just want to frame a little bit what we'll be talking about.  We want really to make this as accessible as possible.  Sheetal mentioned that we have Global Encryption Day.  It's because we want to be able to talk about what is typically seen as a very technical issue but in a way that is responsive and relevant to communities all over the world. 

     So don't be afraid of the discussion here.  It's not going to be very technical.  In fact, we're going to, as much as possible, bring in social debates and trends in the policy space.  We're trying to actually bring nuance with those views into the policy debate.  So we do ‑‑ we don't shy away from inviting technical experts.  That's one of the categories of membership that we have, so that we make sure that our policy interventions are grounded in, you know, technical constraints and realities, and that we aren't just echoing the same old two‑sided debates that's been raging for decades now.  We're really seeing more nuance, and that's a good thing.  So we want to continue to engage in that space. 

     To that end, I will now sort of invite everyone to comment on the first round of questions.  And because we have a big panel, we're going to run through each panel list is going to respond to my two questions, and then we'll have time for questions and answers at the end.  I wanted to also just give folks a list, a roster, of who will go first since we're not all in a line in one place where we can just go down the row.  I'll read your name out.  But I do encourage you and remind you to introduce yourself for the first time when you speak. 

     So we have Radhika.  We have Luiza, Olaf, Sheetal, Raphael, and Elina.  I hope I didn't run through that too fast and you remember who you speak after.  My first question to you, in addition to who you are, where you work and your expertise and affiliation is what is one common myth about encryption that you hear of in your region?  So we'll start with Radhika. 

>> RADHIKA JHALANI: Hi, everyone.  I come from a country in the Global South called India, and I work with an organization called Software Freedom Law Centre, and all these organizations to work in the field of digital trades.  We were founded in 2010, right.  And we, as part of our public education mandate, we also conduct a lot of the digital security trainings where we equip people how to use encryption.  Like, very basic encryption, email encryption, using ‑‑ when you're using encrypted email, and we work a lot with human rights defenders.  The first thing that I get about encryption whenever I'm doing those trainings is we need privacy, right?  Like, I have had people who have come to me and, like, why do you put a lock on your phone and your computer?  It's okay because our society is like that.  So basically if you're a private person, it means that you're hiding something.  And that is implied very strongly. 

     Then there's also this thing that, you know, encryption is too hard.  Oh, my God, it's so hard.  Well, it's cryptography.  We can learn it.  But that roadblock to just thinking about how hard encryption is, it creates that feeling that we can never learn it.  We can't even deploy it, little parts of it, but start with something that's out of the world, that's too far, and one thing that we have learned to do it is to simplify it, you know, using examples of WhatsApp, using examples of banks, and the way that we bring privacy to people is just tell them that you get scammed, did you get a scam call last week?  And that's what gets them to notice.  Yeah.  Thank you. 

>> MALLORY KNODEL: Thanks.  Good ones.  Luiza, on to you. 

>> LUIZA BRANDAO: Thank you.  So my name is Luiza Brandao.  I'm currently fellow from the foundation in Germany, but I am from Brazil where I started now for decades advocating for rights, like safety and privacy on a global Internet.  And as Radhika, I also come from a Global South country where we also face some myths about encryption.  One of them being, like, encryption is just useful for the bad guys, for people who want to not show something or for people who hide something and to do some harm or to do something wrong.  And I think to tackle this myth, we should have basically two things in mind.  First of all, all of us, as a society, we need encryption to keep us safe and to gain trust in many aspects of our lives, from safety communication to online banking or making sure that that airplane that takes you to whatever destination won't have the route messed up by some bad‑intentioned actor.  We need encryption for our society. 

     And the second point I would like to make is that privacy and safety are not opposites.  We very often talk about that.  They work hand in hand, and they need to be seen as a joint coalition to keep us safe.  Thank you. 

>> MALLORY KNODEL: Thanks, Luiza.  And so far just thanks so much to everybody who's taking, you know, taking the right amount of time.  We're doing great.  With a big panel, I get nervous.  Olaf, please jump in.  We're excited to hear from you. 

>> OLAF KOLKMAN: Yeah.  My name is Olaf Kolkman.  I work for the Internet Society.  I am Principal of Technology Policy and Advocacy there.  And I'm not going to talk for my region but for my community.  I self‑affiliate sort of as a Technical Community.  And I've been working on Internet protocols and protocol development and I'm very interested in security and privacy.  And the myth that I would like to sort of, you know, the common myth that I hear a lot is nerd harder, that we can just create solutions to the real problems that we have in society around privacy, making sure that everybody is safe and secure, that we have the mechanisms to provide that safety and security across, you know, society. 

     And what we hear a lot is that, well, if policymakers just set the requirements, then the engineers can sort out solutions to these problems.  And I think ‑‑ and there is an expectation that that can be done on a clock.  And I think that's the wrong idea.  I think that is the myth.  I do not think that some of these problems that need engineering are inherently impossible to solve.  Well, some of them might.  I think there might be solutions on the far horizon, but the fact is that any solution in the engineering space is inherently difficult.  You need to deploy solutions in what we call zero‑trust environment.  There are hostile actors on a global scale.  And if you develop something that might work in what we call the like‑minded countries, so to speak, it might not work in a country where human rights are violated. 

     And in encryption, that is particularly difficult because it's an encryption where usually time is a proof of merit.  This is a reason ‑‑ an example, there is ‑‑ people are trying to create solutions for post‑quantum crypto.  So you have all these quantum computers that can break current encryption methodologies, that is expected.  And people are working on encryption technology that will work when that new quantum technology is introduced. 

     So there are people designing ‑‑ people that really think deep about this ‑‑ are designing protocols and solutions.  And what we see is that some of them don't basically pass the test of academic scrutiny.  Recently London University broke a late‑stage candidate in a test for these algorithms in four to five minutes.  So it's hard.  And that's ‑‑ it's not easy.  You cannot not just easily nerd your way out of these problems. 

>> MALLORY KNODEL: Great.  Thanks so much, Olaf.  I'll turn it to Sheetal now. 

>> SHEETAL KUMAR: Hi, everyone.  Sheetal Kumar, Global Partners Digital.  So I agree with what everyone said and just kind of speaking from a position of having monitored and engaged on these issues for a number of years, absolutely that point that I think Luiza made about encryption just being used by the bad guys is something we see a lot across in different countries, and that's the reason we see the sort of policy and legislative proposals that we do.  Also, this ‑‑ exactly what Olaf just said.  A solution is out there.  You're just not trying hard a lot is something we are hearing a lot as well.  So I'd add to that that we often also, I feel, hear, as a result of an assumption, that is incorrect and it is this, that people who care about privacy and security don't care about people who are harmed by those who use the Internet in a way that is harmful.  That's not true.  We do care.  In fact, we care so much that we don't want it to become weaker and more people to be harmed.  So I think that that, you know, that's an unfortunate dichotomy to Luiza's point as well that we need to disrupt.  And we continue to try and do that by having a more evidence‑based discussion that's more nuanced.  As you said, Mallory, it is becoming more so, which is hopeful, I think, in some ways.  Thanks. 

>> MALLORY KNODEL: Yeah.  Thanks, Sheetal.  It happens a lot.

Raphael?  Come on in. 

>> RAPHAEL ROBERT: Hi.  My name is Raphael Robert.  I've been working in the secure and private messaging space for the past ten years.  I've been involved with designing a protocol for end‑to‑end encryption.  I've also been the Head of Security of a secure messenger.  I've been exposed quite a bit to various debates and myths.  And I think I absolutely want to second what Olaf said earlier.  There's this myth that you can just nerd harder and that vendors of messengers are being a bit unreasonable, you know, for not trying harder.  Yeah.  In a short period of time, we should actually be able to solve all of these problems.  And I want, actually, to make the scope a little bit bigger because oftentimes you see governments demand access to messages, access to the content in order to fight crime.  But the same government also are very concerned about their own communication within the government, first and foremost.  Within the military, of course, but also extend that concern to key industries because industry espionage is a reality, and so there is no debate about whether encryption is good or not in that particular sector.  Everybody agrees that that is important.  But the myth is that you can weaken encryption for users, for consumers, and that it will have no effect on the protection of data in the business space.  Because the realities of these days, things are very interconnected.  People use WhatsApp for business communication, for example.  So if you want to weaken that sector, that will have an impact as well on something that governments actually try to protect. 

>> MALLORY KNODEL: Thanks so much.  And ‑‑ okay, good.  For some reason your video disappeared from our purview.  But I think now I'm turning it over to our final panelist, Elina. 

>> ELINA EICKSTADT: Yeah.  Hi.  I'm Elina.  I am a Computer Scientist, and I have been a member with the Chaos Computer Club for whom might not know the Chaos Computer Club, we are the bigger hacker community in Europe, mostly failures for analyzing stale malware in Germany and also fighting for privacy.  And there has been a lot being said about encryption, and I'd like to point to two things.  Firstly, it really fits well with the narrative of nerd harder is using technology as an answer to really complex social problems without dealing with the root cause of those problems.  And the strict belief that there is a way to scan content in encrypted communication without weakening or breaking encryption, which we see a lot.  And if you don't know a lot of encryption, about encryption, then you might come to the conclusion that solutions that are developed at the moment like, for example, client‑side scanning, our privacy‑preserving solution, and I always like to point out to people that encryption is a rather binary thing.  Either you have it or you won't have it.  And even though we have technologies that might not directly break encryption, they will break the whole idea of end‑to‑end‑encrypted communication. 

>> MALLORY KNODEL: Thank you so much for bringing in all of these myths points.  I wanted to share mine, too, really briefly, which is I hear a lot ‑‑ and none of you said it so far ‑‑ which is that the Internet is going dark.  That's a myth.  It's, like, a phrase we hear a lot.  And I think it's a myth because if we think about our previous lives before we were all doing every single thing online, we did have a great amount of confidentiality.  You could take a walk down the street and have a conversation with your friend, and we're pretty confident that nobody was really listening in.  And when we take all of our social interactions and all of our personal business and actual professional lives on the Internet, there is always this chance that someone's listening to you.  And I think that trying to prevent that listening is not going dark.  It's just, you know, trying to mitigate the risk of being connected in every single way all the time. 

     We have a second question for every panelist.  So we'll go in the same order if you don't mind.  So now that we've sort of established your region, where you work, what's brought you to this debate, I think folks in the room that have come to this Open Forum would really benefit from your take on the value that the Global Encryption Coalition has brought to you in this political moment.  Within that you could talk about, you know, your relationship to the Global Encryption Coalition, if you're a member, if you're a technical adviser, and maybe an example, if you have any wins or losses or current raging debates in your region that the Global Encryption Coalition is helping to you lift up.  So we'll start again from the top, but you all know your order now.  So Radhika, go ahead. 

>> RADHIKA JHALANI: Hi again.  So I believe that free speech is married to encryption.  Like, you can't think of one without the other in this Internet age.  What GEC has done for us is a 15‑member small civil society in India in a sector of 200 people.  Every country in the world is hell bent on breaking encryption.  And so is the Indian government.  And we believe that research and investigation helps a lot in doing that.  So what GEC has done for us is we recently did a report on encryption.  And GEC helped us with interviews, with understanding.  It simplified a lot of understandings for us.  It spread the wore about the report.  We also worked with Global Partners Digital.  We did some trainings.  And overall it's just a beautiful network to be a part of with great, great people who will answer your stupid questions with, you know, great kindness.  And make you understand why, you know, encryption is so important. 

>> MALLORY KNODEL: Okay.  Great.  I said I wasn't going to do this every time now again.  Sorry.  I'm back on the mic.  So Luiza, go ahead. 

>> LUIZA BRANDAO: Okay.  So I ‑‑ first of all, I also think what Radhika said is very important.  I mean, the power of networking and cooperation, I think we need cooperation more than ever in our current moment.  And the Global Encryption Coalition gives it to us.  So the opportunity to dialogue like we are doing right now and think about the challenges we face in different countries, in different fields of knowledge, this is very important.  Hearing everybody talking about the nerd harder, something that we very often say is that, okay.  Maybe we can work on a technology solution to a problem, but should we have the solution?  They are different things, and we have to address complex problems in a complex way. 

     And, for instance, in Brazil, the Global Encryption Coalition has helped us, for example, pushing back a traceability initiative that was going on.  I mean, this going dark narrative, as Mallory pointed out, is very present in the country.  But specifically traceability rule that was going on in the past years was successful down in new proposal.  Also with the support of the international network that the Global Encryption Coalition helps us to have. 

     I'm right now a member ‑‑ a friend of the Coalition, and I keep being part of it as an individual because as Sheetal said, pointed out, I care very much for privacy and safety. 

>> OLAF KOLKMAN: Yeah.  So, Mallory, you don't have to hand the mic.  I know the order now.  (Laughing).  So, yeah.  The Global Coalition, we were at the forming moments of the Global Coalition, as a steering partner member.  Personally, what I find so interesting about the Coalition is that it allows us to sing in harmony.  There are multiple organizations around the world that care about encryption, and we don't have to all sing the same song in unison, but our voice, our collective voice, becomes stronger when we sing in harmony. 

     This is a metaphor that I borrowed from my boss, actually.  I like it very much.  And why is that important?  I think it is important that we collectively know of each other's efforts because also on the side where people are pushing for the breaking of encryption and the entering of the material, there is a lot of collaboration, international collaboration.  And so in that sense the Global Coalition fills a void, a void in collaboration and bringing together parties that actually care about encryption, human rights, and the safety and security of everybody who uses the Internet. 

>> SHEETAL KUMAR: Thanks.  As a member, a Steering Committee member, I think what I've seen the Global Encryption Coalition provide value in has already been spoken to, which is great.  But also I think it's very helpful to learn from each other.  I think as someone mentioned, some of the issues that we're facing, although they're very complex problems that require complex solutions, we keep seeing attempts to apply simple solutions.  And it's those solutions which break encryption.  Whether it's traceability requirements or client‑side scanning, whatever it is, there are common trends.  And so what's really helpful, I think, about the Coalition is that it builds trust and understanding between members who can then share information and expertise and knowledge with each other to help strengthen responses to these common proposals that we're seeing everywhere around the world, which are, of course, a little bit different in each context, but which ultimately are often trying to do the same thing.  So that learning, I think, is really important. 

>> RAPHAEL ROBERT: Yeah.  I can really second what's been said already.  Sharing information is crucially important here.  And it appears that debates are very different in different geographies.  But then as you start comparing notes, you realize that there is actually a common ground, and it's just a different facet of the same problem that is being discussed. 

     Yeah, what I like about the Coalition is that it also helps navigate subjects that are increasingly more difficult to talk about.  So five to ten years ago attempts to weaken encryption were sort of justified by a threat of terrorism, at least in western countries.  And that's a tough subject for companies to talk about.  Nobody wants to be associated with that.  It's complicated PR‑wise, you know, to talk to the press, for example if you're not trained particularly in that field.  So for technologists, it's very complicated to, yeah, say anything if confronted with essentially accusations of doing the wrong thing and enabling terrorism or whatever. 

     These days it's ‑‑ sorry ‑‑ it's even more complicated.  The debate has shifted a bit from terrorism to child abuse, which as a subject is even harder to position yourself.  Really nobody wants to be associated with that.  So this is also why the Global Encryption Coalition is a good thing to have, simply to have it as a resource for, you know, for language that you can use in that context to address these really gnarly questions and situations. 

>> ELINA EICKSTADT: Yeah.  I can only second to that.  And as the CCC is not a member of the Global Encryption Coalition, I can only report on what we are dealing now with and a lot of the Global Encryption Coalition members are also signing the letter.  As Raphael mentioned before, we are now dealing with the whole topic around child sexual abuse and child sexual abuse material, in particular, and we have this new draft regulation coming out in Europe to fight child sexual abuse, in general.  But it's highly focused on the technical aspect of that, not only dealing with scanning of encrypted communication but also blocking content on a Euro‑L level, which we all know is tricky, and for most of the cases it leads to overblocking.  So what we really have seen that strong coalition building is really, really important, especially in those issues and having also different areas of expertise and different views of the problem from both big companies as well as from civil societies but also people that work with survivors of sexual violence, there's also part of that, so raising awareness in other bubbles for the topic of encryption and getting them to join.  This whole Coalition is a really important part because to solve these complex problems we are dealing with, as they are so complex in so many fields, that also takes a lot of experts from different fields of expertise to do that.  And this is, I think, the most important part of coalition building, to fight those regulations trying to undermine encrypted communication in several areas. 

>> MALLORY KNODEL: Yeah.  Thanks, everyone.  I think one thing I wanted to pick up on, because what I really value about this Coalition is as Radhika said, countries are hell bent on breaking encryption, but I would take, actually, a kinder ‑‑ maybe I'm being too kind here ‑‑ but I do think that it's just a function of pervasive tech solutionism.  Encryption is considered both a problem, and it is now also the solution.  And I think policymakers and other public advocates sometimes, if it's child protection groups or so on, just feel that there should be a solution, and so they want tech to help solve it.  And I don't think that that sentiment is going away any time soon.  I mean, we've obviously been talking about this for some time.  I don't expect that we're going to stop talking about it any time soon.  And so one of the values of the Global Encryption Coalition to me is that it gives us a bit of stamina because we're working together.  So this can be a little exhausting to continue talking about year after year to different companies ‑‑ sorry, companies ‑‑ countries ‑‑ sometimes companies ‑‑ in groups about the same thing over and over again.  But as we're doing it collectively and globally, it infuses a bit more energy, and we can help each other out with that. 

     We have now time for questions and answers.  And if you don't all have questions and answers, I have a whole list of things that I would love to ask all of these really smart people we've brought together.  But I suspect that you do.  So you've got tons of experts in the room.  Ask anything you'd like.  And I think we'd be happy to respond.  So I'll leave it open to the floor.  And also monitor you online as well.  Not monitor you online.  I will look in the chat to see.  Go ahead, yeah. 

>> OLAF KOLKMAN: Mallory.  Yeah.  Just something that I realized.  Often in the circle of the IGF, we are talking about multistakeholder model of governance.  And I think that one of the ways that we could consider the global coalition is to actually make this discussion about encryption more stakeholder driven.  It is an entity, a coalition, where stakeholders that have a stake in this debate can come together and be part of the debate.  Just in the spirit of the IGF, I thought that was a good addition. 

>> MALLORY KNODEL: Thank you for that.  Anyone else?  Please, step up to the mic.  Yeah.  Welcome. 

>> Hello.  My name is Jose.  I'm from Tunisia.  I'm currently working within Tunisia on the matter of cybersecurity.  But as well I'm a member of the Steering Committee of ISOC Tunisia.  So for my part, encryption, we were enthusiastic at first when we were joining crypto parties' initiatives, and it was really interesting back then.  But what I'm observing also something that you already, all of you tend to admit, it's like we are in awakening area of encryption.  Or let's say encryption is for the VIP.  So my question here for all of you, what kind of future, from your perspective, are we looking at from this perspective, and if you have sustainable or let's say scalable ‑‑ maybe scalable idea to maybe democratize again encryption.  So the floor is yours. 

>> MALLORY KNODEL: Does anyone want to come in on that and respond? 

>> SHEETAL KUMAR: Yeah.  Well, thank you for that question and those reflections.  So I think we are looking at, you know, there's ‑‑ a lot is actually out of the hands of policymakers when it comes to this issue, and that's probably why we're seeing the legislation that we're seeing.  It's partly a lack of understanding, but it's also, you know, an attempt to force something on those who actually provide the products and services that are encrypted where they can, you know, companies and others who build and design what we use can just keep encrypting and providing strong security.  And I'm sure that they will continue to do so. 

     But at the same time, as they do, policymakers will continue to try and push for that to be broken, I think, as a result of that lack of understanding.  But also a lack of inclusive and evidence‑based discussions about what the issues are.  And other alternative solutions that are actually proportionate or, as I said, evidence‑based that do not undermine the security of every user.  So I think we're going to kind of continue to see that, unfortunately.  I think in terms of democratizing encryption, and perhaps, Mallory, you can speak a bit more to this.  One thing that we have been trying to do at the Global Encryption Coalition a bit more is tell the stories of, like, the real stories of those people ‑‑ I mean, it's pretty much everyone ‑‑ but some people are more vulnerable or impacted differentially as a result of, you know, of weakened encryption and tell the stories of those who benefit use and even require it to maintain their most basic security.  And so we've been collecting stories, basically, so story‑led change, I think, can be very powerful.  And so we've been trying to do that more and encouraging that so that this is not so much an abstract issue but one where we are telling that side of the discussion in terms of how it impacts people.  So I don't know whether you want to touch on that. 

>> MALLORY KNODEL: Well, no.  I was just going to say also, ISOC has done a great job.  For the last Global Encryption Day ‑‑ so I'm invoking you again, Olaf, to maybe bring in some story that have been told, again, because part of the point is to reach out to, you know, end users, real people, and to make the case that, yeah, this is something that everybody uses, actually, something everybody should be using, something that more and more services should be providing.  That is some advocacy that we do, actually, to companies is asking them to, you know, do strong encryption as much as possible.  So, yeah. 

>> OLAF KOLKMAN: Yeah, yeah, you're invoking me.  So what we did during the last Encryption Day is actually create a couple of those stories, small movies of people in vulnerable communities telling them ‑‑ allowing to having tell them their story about what encryption means to me.  And I think those are all very touching illustrations of why something which is inherently very technical is actually making lives better. 

     I will dig up a few of those movies and post them in the chat. 

>> MALLORY KNODEL: That's awesome.  Great.  Thank you.  Other questions from the floor?  Yeah.  Please, go ahead. 

>> Hi.  I'm from Japan.  My day job is professor, but I am personally developing some censorship (?) Called I2P related softwares.  And related to the past commentators, I think we really need some strong narrative or propaganda, I should say, because I think there is a really strong negative image on encryption, especially in the arena of popular culture.  I saw lots of U.S. TV drama, and I saw several times that the dark web was mentioned very negatively or even our I2P is mentioned in the Netflix drama called "House of Cards."   I don't know how to do it, but maybe we can provide information or something to create comics or dramas or movies, and they can use possible image of encryption in popular culture.  Thank you. 

>> MALLORY KNODEL: I think that was a great suggestion.  I see a lot of people nodding.  And also laughing that you have this great badge of honor that House of Cards invoked your protocol.  That's cool.  Anyone else?  Yeah, please. 

>> Hello.  This is (?) I'm the chair of the Internet architecture board on the IGF.  And I would like to comment on what you brought up about the Internet goes dark.  And if you face it another way, it's kind of ‑‑ you're taking away information from us.  And I actually feel that we are doing the opposite.  We are giving information back to the people who own the information, right?  The user is owning the information and encryption gives them control what to do with this information and who to share it with or not to share it with.  And that's really important. 

     And also, like, this idea about taking away information is also kind of ill‑informed because there was always a way to take away information.  It was always easy to use the VPN or to use kind of encryption on a higher layer or whatever.  So those people who know how to hide the information, they could always hide it.  It's just, like, now protecting everybody to have control about the information. 

>> MALLORY KNODEL: Yeah, absolutely ‑‑ such an important point about raising the bar, right, with some of these tools.  It will always sort of still be the case that folks who want to stay hidden will be so.  But it is the rest of us, the rest of the normal population ‑‑ normal population ‑‑ the rest of the population that will then not have access to this by default.  So that's really great. 

     Others want to come in?  If not, I can go through my list of other questions.  Okay.  I shall do.  So I wondered if we could talk more about some of the ‑‑ maybe folks would be interested to know about some of the other debates that have happened in the recent past that we haven't yet invoked.  So this would probably require those of us that have been really following the issues closely and try to distribute that amongst the panelists as much as possible.  But, for example, there have been changes at the policy level in Turkiye recently in the last month or so, Australia a few years back, actually, they have a pretty radical anti‑encryption law.  Bangladesh, in the same way as India and Brazil have a traceability law.  We've seen policy threats that were unsuccessful in the last couple of years from Germany and Belgium.  And so I wondered if anybody wanted to speak to those and give folks in the audience, like, a little bit more context for what exactly happened and how either those laws are in effect and their negative effects or how we were able to sort of overcome those unfortunate proposals. 

>> LUIZA BRANDAO: Mallory, as you mentioned, Brazil, I think I will jump in just to give some background.  So we could overcome the traceability proposed.  I think it was a big victory for human rights in Brazil.  Especially in a context that we lived in the past years with, for example, the government openly stating, like, they were watching bloggers or activists because they were considered a kind of national danger or something like that. 

     So it was very important to fight back this traceability proposal.  Of course, we still have proposals or these kind of ideas coming and going.  But, in fact, that one that was, like, closer to be a rule was happily pushed back.  But what I wanted to ‑‑ what I also wanted to point out is that in Brazil, we also lack this awareness around encryption that was mentioned.  Like, we should go also for TV shows.  We should also talk about the benefits of it for the general public.  And this is an effort that we try to make to show the general public, and by doing that showing also policymakers or decision takers, that encryption is important. 

     And it is not just important as a baseline of security when we think about the technical field, but it's also for some part of the population or for some people, also the life line.  And I'm not exaggerating when I tell this.  Think about women that suffer domestic violence and are in shelters or people who are, like, witness ‑‑ under witness protection or people who investigate corruption or narco or crimes that are organized in their countries or people who denounce and whistle blow very serious problems.  Those people are not just in need of encryption or privacy or safety.  Their lives depend on encryption, on the safety and trust that encryption enables. 

     So I think one of the things that we have to do is, like, when ‑‑ and it was a famous called Michelle Obama, when they go lower, we go higher, and so I think what we need to know ‑‑ to do, especially in these countries that are flirting with tracking encryption, is you go higher and explain how important encryption is for people's lives. 

>> MALLORY KNODEL: Thank you, Luiza.  Absolutely.  Panelists?  Anybody else want to respond?  Go ahead, Elina, please. 

>> ELINA EICKSTADT: Yeah.  I mean, we have, like, seen a lot of attacks on encrypted communication as well as on German level, on an EU level, and always under one set narrative, security by and through encryption.  And we have been able to fight that off.  We are still fighting the whole complex around state malware, and this is really a big problem.  What we are seeing, that a lot of tools are being created to undermine encryption, and there are also a lot of motivation to do so because state and nation actors still buy those kind of software products. 

     And another point I would like to make, following up to Luiza, is I've been talking a lot to the problems of encryption and also the problems of (?) Encryption with regulation with young people, and there is really a lack of education.  I can primarily talk from a German point of view, and I think this is something that also needs a lot of focus is educating people not only on technical issues, which means, like, teaching kids how to code, but empower them to understand what stands behind that and what data protection and encryption would mean.  And if you tell them, for example, that their chats with their peers will be exposed to their parents potentially or they can be exposed to the police forces.  Then they tend to be really, really shocked because they are so disillusioned that they are being monitored.  And then when they start thinking about what encrypted communication means, that they can't be monitored, then it really empowers them to also take the action in terms of their own privacy and data protection.  And I think this is something which is really important, especially as we are dealing with the ‑‑ I would say generation that only knows the Internet with social media in it.  That they have the power to change that and that they have the power to have privacy, and they have a right to privacy.  But for that, they really need to understand the value of that and that there are ways to use those technologies in their advance. 

>> MALLORY KNODEL: Others want to come in?  Any other questions from the floor?  Maybe things that have been raised?  We have about five minutes left in the session.  So we can also move just to closing remarks or observations from folks.  Sometimes in the past at the IGF talking about these things gets a little bit more of a debate going.  I don't know if people are feeling shy about it.  (Laughing).  That would be fine.  Yeah, go ahead. 

>> Hi.  My name is Ron from Finland.  And I just had a look at your website and saw that you have quite a list of members there and was wondering what do we need to do to become one?  I didn't see ‑‑ like, I just really quickly scanned it but didn't see, like, a statement that we have to stand behind. 

>> SHEETAL KUMAR: There is a statement.  Sorry if it's not clear.  But we can share it with you.  It's essentially that you agree with a short paragraph statement that simply says that you agree with strong encryption and for defending it.  And I think that that's pretty much it.  And then there is a form to fill out.  And then we would get back to you.  But very happy to talk to anyone about that.  It's maybe not the most user‑friendly website, I'm not sure.  But certainly we need to make sure that's clearer.  But there is a very short founding statement, yes. 

>> OLAF KOLKMAN: It's very simple.  Just click on the join button. 

>> (?) So short. 


>> SHEETAL KUMAR: Yeah.  It's not here anymore.  I was just looking at it.  Oh, dear.  Okay.  Well, maybe we changed that.  I don't know.  I think we do have one. 

>> MALLORY KNODEL: And I would just say also, since you asked about membership, for folks who are wondering, we have organizational members.  We also have individual members that are technical experts.  So there are some folks who maybe work for companies or for Universities or in other ways have affiliations that wouldn't join as an organization but rather they come and are with us because they see things.  They see threats from their perspective.  Or they can offer advice and critical debate when there are things to push back on. 

     For example, like, there are quite a few technical nuances now to some of these policies, right?  There is a lot of work on the back end.  It's not just about writing a letter to a government because they've proposed a bad law.  There's actually a lot of advocacy involved in talking to some policymakers to help them understand why maybe that policy isn't going to work the way they think it's going to work, et cetera, et cetera.  And that does actually require some technical skill but also the ability to explain, like, high technical concepts in a direct way.  So we appreciate those sorts of perspectives as well for folks interested in that.  And then we do also have members that are companies.  We focus specifically on small companies, small and medium‑size companies.  We don't have really large, large tech companies as members.  Although they can sometimes be close partners in this because they also obviously are scanning the landscape for the same things.  But the reason why we focus on small and medium companies is because a lot of these policies are going to negatively affect them.  A lot of the policies about breaking encryption or creating exceptions to it, et cetera, create a very high bar, sometimes technically so.  So that even if the really large companies could, you know, quote, nerd harder and come up with a really complicated solution, smaller companies aren't going to be able to do that.  So it really puts them at a greater disadvantage. 

     Oh, great.  Please. 

>> Yes.  Sorry, my name is Josephat from in Namibia.  I'm particularly interested also on issues of community network and the world has actually been revolving and evolving.  I'll give you an example.  I have a grandmom at home living in a rural area.  And I needed to get her connected.  So I got her a smartphone.  Now she's sending me pictures of goats and cows and everything in the village and all of these things which, of course, is good.  I just wanted to find out and maybe inquire, like, in simple terms or in the simplest way, how do capacitate somebody who is that level of media literacy on the importance of encryption and why it's important to have because now she's sending pictures and videos and everything.  So when we are talking about issues of, you know, security and data and encryption, how do I be able to capacitate people of that landscape or region?  Thank you. 

>> RADHIKA JHALANI: I'll answer that.  A, I would say it's not very easy, right?  It's, you know, when we have little children, you have to ‑‑ you know, it takes a little time for them to get a grasp of something.  But when they do, it happens, right?  So one thing that we did and that's worked well for us is we tried capacitating a lot of marginalized women with tools of encryption.  The first thing is that you teach them the language that they understand.  The second thing is you dumb it down.  Like, you know, you talk to them, not at them, right?  So you have to constantly, like, ask them what they understand, what they don't understand.  And it's also ‑‑ it's also a lot about making them understand that importance.  As I was talking about the scams, right.  If you don't protect your privacy, then you will get, like, a lot of scam calls.  You will get people trying to phishing for you.  And I'm sure even in the case of your grandma or somebody, she must know somebody who's fallen prey to a scam, right?  So you have to relate it back to that, to very lived world examples, which they will be able to relate to.  Because as I said, like, if you use the term encryption, it will go here.  But, you know, if you actually, like, tell them about scams, about privacy, about, you know, WhatsApp, how to use WhatsApp, I think it will go ‑‑ you know, it's very easy to use one messaging app to another.  Signaling is not that hard to use.  So just telling them that, hey, use this better app.  Give them incentives to use it.  Show them features like cool stickers or something which these days all apps have, right?  Just see what works for them and then tell them that this works better here.  Luiza if I can jump in, because I have personal experience on that, Josephat as well, and I also receive many pictures of cows and some things in the village back in Brazil.  I think it's important also to talk about things that they already know.  Like, your grandma, as mine, probably doesn't want people to see whatever happens inside her own house in some moments.  So this is also a notion of privacy.  And then we use this already undermines, and they have already ideas about it, not to talk at them, as Radhika just said, but to talk to them, and I wish you the best of luck because we can be successful on it. 

>> MALLORY KNODEL: Thanks.  Go ahead, Olaf, and then we're going to ‑‑ yes, please. 

>> OLAF KOLKMAN: Yeah, I'm going to keep this very short.  First, I have behind me the founding statement that we were just talking about.  But what ‑‑ on this particular point, I think it is indeed important to talk about privacy with the people that are engaging in communication on the Internet.  However, I also think that by default, the tools that we use on the Internet should be private, and users should not have to think about the fact that they're using private information ‑‑ privacy‑sensitive tools.  That should just be the default, and I think that as an industry and as a community, we have to work on making sure that those tools are offered and are, in fact, the default. 

>> MALLORY KNODEL: Thanks for that, Olaf.  And, yes.  So please go to our website and learn more.  I think that, you know, the overall mission of making sure that strong encryption is ubiquitous everywhere, that more and more people are using it is a really important one for human rights.  And so thanks for joining us at the U.N.'s Internet Governance Forum to talk about that.  Thanks, everyone.  Have a good rest of your event.