RightsCon: Encryption vs. Surveillance and How Do You Govern the Web, Anyway?



Yesterday, the third annual RightsCon kicked off in San Francisco. The conference brings together tech executives, diplomats, policy advocates, and self-described cypherpunks who sometimes double as security experts, to name a few. The goal is to find ways in which the digital realm, which is ever more encompassing and impacting daily life, can be used to protect and expand the rights of people worldwide. Here are two highlights from the first day of the conference:

1. Encryption won't save us from surveillance, but it's better than regulation

Where do we stand in the battle against digital surveillance? "If you imagine being a cypherpunk in the '90s, and waking up right now, you might actually think we won," speculated Morgan Marquis-Boire, a Senior Security and Technical Adviser at the Citizen Lab (Marquis-Boire is also a Senior Security Engineer at Google, but explicitly said he was not speaking in that capacity). He pointed to the proliferation of the Tor Project, the encryption of major operating systems, and the interpretation of HTTPS into most browsers. But, the surveillance game has changed too.

While governments used to rely on their in-house capabilities, the demand for surveillance has given rise to third party cybersecurity companies like Narus, Amesys, and Blue Coat Unfortunately, their technology ends up in the hands of repressive regimes, who use it to find dissidents, infect them with malware, and extract information about them and their allies. Last year, Reports Without Borders declared Blue Coat an "enemy of the Internet" for helping China, Russia, Venezuela and others free speech-squelching capabilities.

Marquis-Boire was hesitant about regulatory efforts to do away with these problems, noting that secret court systems, such as the U.S. Foreign Intelligence Surveillance Court, could easily make exceptions for themselves. Instead, he suggested engineering solutions. Encryption "won't save you," but that "we need to start engineering in a commercially resistant manner." Marquis-Boire explained that security engineers can develop encoding that's so complex and hard to crack, decrypting would be financially unfeasible. He also pointed to opportunistic encryption, which can secure communications between clouds.

2. Who governs the web? And more importantly how?

Who governs the Internet? "This is a very important question," said Fadi Chehade, the CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), which plays a major role in internet governance.

Speakers on a panel listed an alphabet soup of organizations like ICANN, the Internet Architecture Board (IAB), the Internet Engineering Task Force (IETF), the Internet Governance Forum (IGF), which all play different roles, such overseeing domain space and IP addresses, managing the engineering of the internet, and conducting policy discussions.

A more important issue, though, is how they are held accountable. After all, as Professor J.D. Ross of Syracuse University writes, ongoing is a "15-year controversy over the U.S. government's special relationship to [ICANN]."

Betrand de La Chapelle of ICANN contended that the "accountability mechanism of the representative-democratic system is relatively weak for international issues," and presented a hypothetical crime in which an "Australian traveling in Peru, using Yandex, to say something about a Chinese. What's the jurisdiction for that?" De La Chapelle suggested that this leaves the world in "in a framework where you have to pile up accountability mechanisms," and that the best way to do so is through transparent multistakeholder meetings, in which (ideally) anybody can participate.

Particularly, next month the international community hopes to address some of the issues around this next month at the Global Multistakeholder Meeting on the Future of Internet Governance in Brazil. The panel acknowledged that currently, those outside the tech community–and even many within it–are unaware of Internet governance and the ability to participate in it. One panelist suggested a simple solution: making information public on GoogleDocs and allowing anybody to comment on it as it is being discussed.

NEXT: Former British Ambassador in Moscow Gives Historical Perspective On Ukraine Crisis

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. making information public on GoogleDocs and allowing anybody to comment on it as it is being discussed.

    That is not going to end well.

  2. 2. Who governs the web? And more importantly how?

    Constantly evolving technology makes this the trickiest question of all.

    You could make a ‘last mile of copper/fibre/cable’ argument and say the nation that sits on top of that cable governs that portion of the web.

    Of course there are boatloads of holes in that…

  3. “Australian traveling in Peru, using Yandex, to say something about a Chinese. What’s the jurisdiction for that?”

    Jurisdiction for what, the crime? Did he commit the crime in Peru while there? WTF are we talking about here?

    1. That statement was really vague to me too. I didn’t know what he meant by that.

      If I want to get on line and say something “about a Chinese(?!)” I have a right to say it because I’m within the jurisdiction of the first amendment.

      1. Betrand de La Chapelle

        Sounds French. Saying something about a Chinese is undoubtedly a crime.

    2. Libel?

      One must assume from context that the “saying something” was something that might plausibly be criminal in at least one possible jurisdiction.

      Even under the very liberal US libel laws, there are things one can say about someone else that are criminal.

      (Whether or not any form of libel might be criminal under one of the many notional libertarian justice schemes is irrelevant to his question, which is set in the real world, which has libel laws, whether horrid like Britain’s, or mostly harmless like America’s, and that thus the Real Internet Has To Deal With.)

  4. 2. Who governs the web? And more importantly how?

    Shouldn’t the question be “Why does the web need governing?”

    Theft is theft. If it occurs in a supermarket do we need a governing body for supermarkets? What happens when an Australian traveling in Peru gets ripped off by a French mail order company whose owner lives in Macedonia?

    1. There’s an argument to be made that the government has some role in the governing of infrastructure– how intense that regulation is a deep discussion.

      There’s also a very strong argument that the web needs zero content governing which is where the current FCC and federal governments are going.

      Unfortunately, in other countries, the idea of NOT governing content is beyond understanding.

  5. You should tell your tech geeks to make the Reason site work with HTTPS.

Please to post comments

Comments are closed.