I attended the 2024 Encryption Summit - here are my 5 takeaways

A virtual event to shed light on the need for encryption and the challenges this tech faces

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Encryption has never been as mainstream as it is right now. You don’t need to be a tech geek to use an encrypted app anymore – think about how many of us use one of thebest VPNor secure messaging apps every day – or understand the necessity of scrambling your data scrambled into an unreadable form to prevent unwanted access.

Even as we acknowledge this, however, encryptionis under attackeverywhere as governments worldwide increasingly see this technology as an obstacle – especially to fighting crime. Yet, according to experts, lawmakers often underestimate the importance of encryption in preserving people’s online safety and anonymity.

Since 2020, October 21 has marked Global Encryption Day: an annual day of action to promote, protect, and defend strong encryption. I attended the Encryption Summit, a virtual event held by theGlobal Encryption Coalitionto “celebrate how encryption makes us powerful, investigate the regulatory challenges facing encryption, and unite our community.” Below are my five biggest takeaways, one for each panel.

1. From censorship to VPN blocks, shared legal challenges in South Asia

The event kicked off with a panel discussion of the legal battles taking place across South Asia regarding the blockage of encrypted apps, the requirement of encryption backdoors, and the tightening of restrictions onvirtual private networkapps. Speakers included lawyers, digital rights experts, and journalists from India, Sri Lanka, Bangladesh, Pakistan, and Nepal.

The region is infamous for tight control over the internet, with internet policy proposals aiming to gain more control over social media and the use of encrypted apps. Examples include a newSri Lanka Online Safety Billthreatening free speech and privacy abusesand Pakistan’s national firewallslowly breaking the internet alongside aplan to ban VPNs(the software you need to bypass online restrictions).

On this #GlobalEncryptionDay, let’s push for encryption that guarantees both privacy AND open access for all users worldwide. No censorship, just freedom. #encryption #privacy pic.twitter.com/SKXh8OvkyqOctober 22, 2024

What stood out to me the most was hearing how the same legal attempts to undermine encryption and internet freedoms are shaping the whole region.

Encryption and digital rights experts are doing an amazing job of shedding light on the implications of law proposals, but the Supreme Court will ultimately determine the balance between safety and privacy online.

2. Social media and messaging apps aren’t the same

The second panel tried to find an answer to what an encryption-friendly platform regulation should look like by examining three cases from around the world – so distant from each other, yet with so much in common.

TheUK Online Safety Bill(becoming law in September 2023) was a pivotal moment in the conflict between authorities and encryption. A process six years in the making, attempting to make the UK “the safest place to be online,” it has gathered criticism from all fronts along the way.

The main controversy was the required client-side scanning of private and encrypted messages for harmful and illegal content – halted in a last-minute decision until it’s “technically feasible” to do so.

EU lawmakers are trying to push for a similar law – deemed asChat Controlby critics – to scan all your encrypted messages on the lookout for online child sexual abuse material (CSAM). The legislation proposal, however, continues to facestrong resistancein the block.

As Mark Johnson, Advocacy Manager at Big Brother Watch pointed out during the Summit, the Online Safety Act is a “bad example of regulation” as its language still makes it vulnerable to political influence.

The same legal challenges are repeating in Nigeria and Brazil as lawmakers evaluate drafts for the Online Harms Protection Bill and Bill PL/2630, respectively.

I found what Heloisa Massaro, Director at Brazilian think tank InternetLab, said at the end of the discussion especially interesting. She discussed the need to go deep into the distinction between social media and encrypted private messaging apps in order to craft better regulations when it comes to encryption.

“Otherwise, we will have regulations that aim to attack the social media features of the messaging apps, undermining privacy and freedom of speech,” she added.

3. Tech policies should address the issues of tomorrow

The third panel looked at the behind-sceneswork of Mozillaand other encryption experts to enact changes to the proposed eIDAS legislation in Europe.

The so-called eIDAS 2.0 (a revision of the previous EU’s digital identity law) has two functions: launching an identification app (EU ID Wallet) for all Europeans while changing howweb browsersdeal with security and website authentication (Article 45).

Experts are especially worried about the latter point, warning of unintended consequences like greater surveillance, censorship, and false security.

Article 45 would have endangered that safeguard of trust

Technologists and civil societies have been working hard to prevent the EU’s quest to fix the internet – as lawmakers put it – from becoming “aprivacy and security nightmare.” While dismissing concerns, the EU finally agreed to add a “cybersecurity exemption” to allow browser providers to quickly deal with security and privacy flaws within their products.

This is a stark reminder that “you need to create internet policy and tech policy around the issues of tomorrow rather than the issues of just today,” said Alexis Hancock, Director of Engineering at the Electronic Frontier Foundation. “You don’t know who’s going to be in power tomorrow, so you need to develop tech policy able to create safeguards to protect people tomorrow. Article 45 would have endangered that safeguard of trust.”

According to Hancock, the challenge now is implementing the cybersecurity exemption across all different EU members.

4. Encryption prevent crimes

Perhaps the most interesting panel, the fourth discussion delved deeper into the conflict between law enforcement and experts when it comes to encryption: children’s online safety.

On one side, authorities push for weakening encryption as they see it as an obstacle to catching sex predators and monitoring online threats effectively. Privacy experts couldn’t disagree more – encrypted communications and tools like VPNs are a necessity to shield children’s identities and keep them safe as they browse the web.

A big theme within the discussion was the need to educate both parents and children about the importance of this technology. One of the speakers, for instance, was Jessica Dickinson Goodman, who wrote the book “Encryption for Babies” to explain these techy concepts in plain language.

On-field research carried out by Dr Sabine K Witting, co-founder of startup consulting company Tech Legality and Assistant Professor at Leiden University, also found that children’s wants and needs around digital technologies often differ from what adults (especially lawmakers) believe to be important.

This is why, according to Larry Magid, US tech journalist and co-founder and CEO of ConnectSafely, law enforcement needs to find a solution to protect kids that doesn’t involve breaking encryption.

He said: “The lack of encryption might make it easier to prosecute crimes, but encryption helps prevent crimes. And given the choice between prosecuting prevention, I would take prevention every time.”

5. Stakes are higher for encrypted tools' users than their providers

The last panel looked at the wider implications of theTelegram CEO’s arrestin August.

The preliminary charges against Pavel Durov include the alleged use of cryptographic technologies – responsible for implementingencryptionprotections on the messaging app – without proper declaration as well as providing those cryptographic services to criminals.

12 charges against Telegram CEO Pavel Durov include “providing cryptology services aiming to ensure confidentiality without certified declaration” and six counts of “complicity” with alleged criminal activity by Telegram usersFR & EN https://t.co/sDvjUiZJvT pic.twitter.com/j8sCP1uPepAugust 26, 2024

Noémie Levain, Legal and Political Analyst at La Quadrature Du Net, explained that these are based on an old law that “nobody cared about because it doesn’t really fit on how encryption practically works.” Yet, in this instance, she believes the French government is trying to use it as a political weapon against its enemies.

It’s too early to predict how the Durov case will unfold as the Court could still drop the charges related to encryption. For Levain, though, something else is very clear – the stakes are higher for people using encrypted tools rather than the people making them. She said: “I would be more worried about the general context of criminalizing everyone using these tools.”

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Undermining your privacy? Session says no and leaves Australia

Are online dating and data privacy an incompatible match?

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet