Categories
Encryption Strengthening the Internet

Truth Matters: Why Journalists Need Encryption Now More Than Ever

As COVID-19 spreads around the globe, so has misinformation about the virus. Log into any social media account and it’s easy to get confused by friends and family sharing contradictory messages on anything from infection rates, to local preventative measures, and what to do if we feel a dreaded cough coming on.

Truth matters – especially when public health is involved – and we often rely on journalists and news sources around the world to help us separate fact from fiction. And, whether we realize it or not, there’s a digital security tool that is a critical factor in the trust equation: encryption.

In a period that has seen various governments and law enforcement representatives propose laws that would weaken it, the pandemic is an important reminder of the role encryption plays to protect both journalists, their sources, and general news integrity.

End-to-end (E2E) encryption is a tool that keeps digital communications private by scrambling content so that only the sender and receiver have the keys to unscramble and read it.

This is crucial for journalists.

Journalists often rely on secure communication services like E2E messaging apps to connect with sources in a trustworthy way. With COVID-19 spreading, many organizations are asking employees to work from home and health organizations are advising the public to practice social distancing. This makes it significantly harder – if not impossible – for journalists to meet with sources in person. Instead, journalists and sources must communicate over digital services. By using messaging services equipped with end-to-end encryption, journalists can trust the integrity of information being shared, especially when this is the only option to hold confidential conversations.

E2E encrypted messaging apps are especially important for the safety of investigative journalists and their sources. Whistleblowers often only feel safe coming forward with information if they know that their communications are completely private and secure. These individuals are often at risk of compromising their jobs and reputations by tipping off news organizations. Secure communications between journalists and whistleblowers can help protect both parties when revealing the truth and holding institutions and individuals accountable.

Encryption also promotes a more trusting relationship between news organizations and their readership. When you go to a news organization’s website, you shouldn’t have to question whether the information you see matches what the staff intended to publish. Encryption makes this possible.

With the public health implications of COVID-19, the health and lives of people around the world depend on getting reliable information about the outbreak. We rely on these facts to inform our response to the pandemic. We use our news organizations for situational monitoring, keeping us informed on infection rates, quarantine measures, and how “shelter-in-place” orders may impact our situation. In good faith, many news organizations have removed paywalls on COVID-19 content to make sure that the public can more easily access essential health information.

With so many of us relying on the Internet to navigate the worst pandemic of our generation, it is critical that our news organizations’ websites are protected and secure. It could be disastrous if a bad actor were to intercept and alter data between the original publisher and the reader. Imagine if a website published an article with the number of cases in your area and shelter-in-place guidelines, but someone intercepted the data and changed it to say that infections have decreased and that it’s safe to no longer self-quarantine. In this hypothetical scenario, COVID-19 could spread even more quickly, overwhelm your local medical centers, and put lives at risk.

Without encryption, our most reliable sources of information are in jeopardy. Without encryption, our free press cannot do their jobs to dig for the truth, keep us informed, and hold institutions and individuals accountable. Without encryption, we could be fooled into thinking that a spoof site is genuine.

To learn more about the ways encryption impacts journalism, check out our co-authored factsheet with the Committee to Protect Journalists. For more information on protecting journalists, check out our partner at www.cpj.org and @pressfreedom on Twitter.

Categories
Building Trust Encryption

Owning Your Keys: The Technical and Human Side of Encryption

Ever wonder if your next doctor’s appointment will result in jail time? Luckily most of us never have to think about that. But LGBT Tech Executive Director Chris Wood says for people in countries where their truth is outlawed, the prospect of finding a trusted healthcare provider without encrypted messaging apps is worse than grim. It could be deadly.

Efforts to weaken encryption threaten our ability to keep our most vulnerable communities safe online. As the best tool available to protect our digital security, encryption helps ensure that data and messages are kept private and make it much more difficult for outside parties to get access to sensitive information. Encryption helps ensure that your digital bank transactions are secure, your passwords are kept safe, and your stored data can’t be accessed by any unintended parties.

This security tool protects all Internet users, but it is critical for vulnerable communities. For example, there is an alarming and growing threat of abusive partners using Internet-connected devices and other online tools to surveil and control their partners. This can make it even more difficult for victims to seek help. However, by using devices and services that encrypt web traffic, communications, and location info, victims can protect their privacy and seek help without fear of a partner reading or accessing documents and chats at a later time.

We’ve already seen what can happen when security is weakened. Take the TSA luggage lock, which has become a favorite example of why “exceptional access” for law enforcement doesn’t always pan out as planned. These locks were supposed to only allow verified TSA agents to access the contents of your suitcase, but after an agent posted a picture of a key online, people copied it and made it readily available for purchase or to 3D print. The agent made an understandable mistake that probably seemed harmless at first. But that’s the problem. We’re human, and we make mistakes. When it comes to security, those mistakes can have huge impacts on all of us – particularly those in vulnerable communities.

Over the last several years, there has been a debate in the United States and around the world about the use of encrypted technologies. Many technologists, academics, manufacturers, civil society, and others have long fought to ensure devices and software are as secure as possible through encryption. However, some individuals, particularly those in government or law enforcement, have argued that there are times when actors – such as themselves – may need to bypass this critical security measure.

But there’s a problem with that. Encryption is not a technology that can be bypassed sometimes. It either works or it doesn’t. Saying that there should be a way to weaken it for only specific people in specific situations is a lot like saying, “you should leave a key under the mat to your front door, just in case there’s an emergency and the police need to come in.” That sounds great in theory, but what bad guy wouldn’t think to look under the mat, take the key, and create the bad situation in the first place?

It’s important to have conversations about encryption and protect it against attempts to create exceptional access measures and any other type of backdoor. Whether you realize it or not, we use and rely on encrypted services to keep ourselves and our data safe every single day. This is especially true for people from marginalized and vulnerable communities, several of which we heard from at a briefing event on October 25.

The Internet Society partnered with the Center for Democracy and Technology, the Internet Society Greater Washington DC Chapter, LGBT Tech, and New America’s Open Technology Institute to host Encryption Briefing: Understanding It’s Technical and Human Elements. This event consisted of two sessions: one on the technical elements that make encryption work and one on the ways it protects vulnerable populations, including the LGBTQ+ community, retirees, journalists, and many others.

Panelists from our partner organizations – along with Hispanic Technology & Telecommunications Partnership, the Committee to Protect Journalists, AARP, Apple, and Columbia University – discussed the different uses of encryption in their communities, how the technology works, and who holds the keys.

This last point is particularly important because whomever holds the key to unlock a user’s encrypted information has the ability to view and use it. Panelists during both sessions noted that security professionals today aim to create and deploy security by designing products and services that bring that key closer to the end user. With that key, end users have full control over their data, communications, and documents.

For example, Apple devices give users the key, but Apple does not have a copy of that key themselves. As Jeff Ratner, Senior Policy Counsel at Apple, noted during the panel, “if we don’t have the key, no one can take it from us.” That principle keeps users more secure because it limits the risk of the key being stolen in a breach or a rogue employee accessing their devices or information.

Consumers want to protect their data and their privacy, and companies are beginning to respond to that demand. Users know that using the Internet has inherent risks, and the more steps a company can take to minimize those risks – from malicious actors, untrustworthy individuals, or even governments – the better.

As LGBT Tech’s Chris Wood noted on the first panel, if manufacturers and developers don’t have trust and accountability, consumers won’t use their systems. It often only takes a couple of high-profile breaches or mismanagements of data and information for users to turn away from a particular product or service, especially for new or developing enterprises.

Participants also emphasized many times that we already face significant security challenges and encryption is our best tool to mitigate that risk. Susan Bradford Franklin, Policy Director for New America’s Open Technology Institute and Co-Director of New America’s Cybersecurity Initiative, noted that one of the largest security threats we face comes from vulnerabilities accidentally built into devices and services. Developers have to dedicate significant time and resources to address these issues, and they are unlikely to be able to fully protect users if they must also address the problems that will arise as a result of intentionally-mandated vulnerabilities in encryption technologies.

We must work together to ensure that the technologies we use every day are able to protect user security the best way they can – through strong encryption. Policymakers should defend the ability of technologists to continue building services and devices that rely on encryption, including end-to-end encryption. Users should make an effort to use these secure technologies, and we should all push back against attempts to weaken encryption.

Want to learn more about encryption, and what steps you can take to stay secure online? We’ve created the following resources with our partners:

Take these six actions to protect encryption and protect yourself.

Categories
Internet Governance Shaping the Internet's Future

Day Zero 2019: Bringing Together Young People to Talk about Internet Governance

As we work to foster the multistakeholder model in Internet governance, we must include the voices of youth. They’ve grown up in the age of the Internet, where using connected devices is second nature and we’re beginning to have conversations around issues like encryption and privacy. Young people deserve not just a seat at the table, but to have a say.

Which is why the Internet Society supported the Internet Governance Forum (IGF) USA Youth Day Zero. It’s an event for young people to come together, discuss the Internet policy issues they care most about, and brainstorm potential solutions ahead of the IGF USA. Held at the Center for Democracy & Technology, Day Zero brought together youth from across civil society and academia to ask questions of professionals and talk with one another. It also provided an opportunity for young people to create and foster connections with one another.

The first panel featured professionals who shared how youth could get involved in Internet governance – and the importance of their participation. The panelists were Dustin Phillips (co-chair of the Internet Governance Forum USA and executive director of the Internet Society’s DC chapter), Katie Jordan (Senior Policy Advisor at the Internet Society’s North America Regional Bureau), Marilyn Cade (CEO of mCade LLC), Emma Llansó (Director of the Free Expression Project at the Center for Democracy & Technology), Rob Winterton (Director of Communications at NetChoice), and Melinda Clem (co-chair of the Internet Governance Forum USA and Vice President of Strategy at Afilias).

They shared advice, especially that youth should try to have a little bit of expertise in many different areas rather than focusing all of their attention onto one specific topic so early on in their careers. Similarly, they encouraged youth to focus on building up skills rather than pigeon-holing themselves into a single area.

The panel also stressed the importance of simply being young in the technology sector. Winterton said young people were inherently valuable by virtue of growing up with technology. The panelists empowered and encouraged the participants to use their ingrained skills to their advantage and not to shy away from sharing their perspectives.

The bulk of the event was a policy “hackathon” in which participants chose an issue they cared about, divided into breakout groups, and devised potential policy solutions for the issues at hand. Many participants discussed content moderation on online platforms and how online radicalization could move into the physical world. Certain ideologies can find spaces to convene online but they can also bring the violence they discuss to the outside world.

Another breakout group discussed encryption and arguments for why youth want stronger encryption. Young people – particularly women – may be worried for their safety and how hackers could use their data to compromise their security. At the same time, young women would want to be able to control their data, including who has access to it data.

In a hypothetical scenario, a young woman in a city could go missing during a run. If she has her running data uploaded to Strava (an app where friends can follow each other’s runs), the followers – whom she approves – would know her normal routes and could provide information as to where she might have been when she went missing. In this case, it would be useful and potentially life-saving to share sensitive, location-based data.

The encryption group’s potential solutions proposed avoiding the “backdoor” approach and instead relying on stronger encryption and privacy standards that allows user choice in data-sharing habits. Many young people have been online for most of their lives, and encryption would better protect their current and past data.

The group also floated the idea of an “emergency contact” system in which a user could allow a trusted family member or friend to access their digital life in case of emergency. However, that system could exacerbate potential harm if a user is pressured to make their proxy an abusive partner, parent, or friend. This system also does not allow a user to choose who gets to access which aspects of their digital life; a user may feel comfortable letting a family member know their location, but not their banking and health information.

Because they grew up with technology, young people inherently have a different perspective on platforms, devices, and security than seasoned professionals do. This different perspective is reason enough to include them in Internet governance conversations. They are used to the pace of technological change and are accustomed to having so much of their lives online.

While youth can be difficult to reach, they could engage through channels such as listservs, academia and professors, and social media. Moving forward, we should value the insights that youth can bring to Internet governance conversations. We can do that by providing more spaces for young people to come together, learn from each other, and prepare for discussions with others.

Youth can get involved at the Internet Society by becoming a member and joining our Youth Special Interest Group or by applying for our Youth IGF Ambassadors Program.

Categories
Growing the Internet

Preserving Native Cultures: Vote Now for the Internet Society’s Panel for SXSW 2020

What benefits can Internet connectivity bring to Tribal and Indigenous communities – especially when it comes to language and culture preservation? That’s the topic of our panel proposal for South by Southwest (SXSW) 2020: “How Internet Access Can Preserve Native Cultures.”

And we’re excited to announce that you can now vote for it!

SXSW, is an annual conference held in Austin, Texas, USA. The conference’s many events include a music festival, networking opportunities, and panels that focus on technology, governance, film, culture, and music. The panels featured at SXSW live within tracks that range from health and medtech to innovative applications of new technologies. All panels at SXSW are chosen through a public vote so that participants can decide what they want to discuss at the event.

That’s where we need your help!

SXSW is a platform for bringing important policy issues and initiatives to light, which is why we’ve applied. It’s an ideal forum for exposing the impact that technology can have on culture.

If accepted, our panel would discuss specific issues that Tribal and Indigenous areas face when it comes to broadband deployment, the lessons that communities can learn from one another, and how they can use connectivity as a way to preserve their local languages. We recruited two of our partners — Matt Rantanen from the Southern California Tribal Chairmen’s Association and Madeleine Redfern from Nuvujaq — to serve as panelists. They’ll offer perspectives of Native communities’ issues from two distinct and harsh terrains: the deserts of California and the tundra of the Arctic Circle.

The Internet Society works with Tribal and Indigenous communities in the U.S. and Canada to ensure they have the opportunity to access education, create local content, and preserve their languages. After centuries of U.S. and Canadian policies and programming that suppressed natives and their cultures, we’re partnering with them to champion their right to connectivity.

Tribal and Indigenous communities can form partnerships despite their different geographies. This idea echoes the spirit of our Indigenous Connectivity Summit, where local leaders come together to share their challenges, opportunities, and lessons learned from advocating for access.

Vote for the panel here! (Voting closes Friday, August 23 at 11:59pm PT.)