Since the 2013 Snowden revelations of mass surveillance, the level of trust in Internet services has plunged. While discussions around privacy protection have advanced considerably, little progress has been achieved in designing operational tools that can be used on a daily basis by citizens around the world without a need to reconfigure their digital communications or change their behavior online. At the Internet Society, we believe such solutions need to be developed in a collaborative and multistakeholder fashion to be effective.
In July 2017, the Internet Society Switzerland Chapter (ISOC-CH) and the Swiss p≡p foundation teamed up to provide a practical solution, namely to implement privacy-enhancing standards at the basic level of Internet protocols and document them in the work of the Internet Engineering Task Force (IETF), the main organization creating voluntary standards to maintain and improve the usability and interoperability of the Internet.
In the framework of a two-year Beyond the Net project with funding from Internet Society (‘Implementing Privacy via Mass Encryption’), we will formalize and help in standardizing the pretty Easy privacy (p≡p) protocols, which can be deployed automatically via encrypted means in order to provide the user with a secure and trustworthy experience. So far, two drafts have been submitted: the first one outlines the general principles of pretty Easy privacy’s approach to automatize encryption for messaging; the second one explains the Trustwords concept to mitigate for Man-in-the-Middle (MITM) attacks ensuring authentic and trusted communications between any two peers. In course of the two-year funding period, we will attend IETF meetings, formally review further drafts and have them submitted to the Internet-Draft repository of the IETF, in order to foster discussions and hopefully achieve Request For Comments (RFCs) for easy to use end-to-end encryption via p≡p’s interoperable approaches.
Until June 2019, we will also organize six events throughout Switzerland to raise awareness on the very important topic of defending our human right to privacy – not just though political actions, but also via technical means. The first in this series of workshops – entitled Values of Internet Technologies – took place in Bienne on 25 January. This day-long workshop discussed challenges to privacy, trust and human rights with experts from civil society and academia, followed by a hands-on training in the afternoon on secure communications technologies. The emphasis was on decentralization, a core design principle in the early days of the internet, that has now come under increased pressure in a digital era tightly controlled by big Internet companies. This series of workshops is open to policy-makers, technologists, researchers, programmers, activists, students and interested users and will continue in different cities in Switzerland. The agenda for the workshops is prepared in close alignment with the demand-side, meaning that it is driven by identified needs and conducted in cooperation with different stakeholder groups. The next workshop, dedicated to p≡p’s Internet-Drafts and its implementation for digital communication technologies, will take place on 27 April in Bern.
‘Implementing Privacy via Mass Encryption: Standardizing pretty Easy privacy’s protocols‘ project has the goal to radically ease the use of already existing open standards and their corresponding tools for end-to-end encryption, such us to allow for a hassle-free, zero-touch experience to everyone. The project focuses primarily on written digital communications, with the goal of making end-to-end encryption of messages (starting with email) the norm instead of the exception. This is achieved by automating all steps necessary for regular Internet users; instead of hoping that people start to follow step-by-step guides to have their privacy protected, we engage in writing protocols and through that to foster the creation of tools, so as to have the Privacy by Default. None of this can be achieved without a collaborative, multistakeholder approach.