Encryption Day; Freedom Online Coalition
Monday, 21 October, is Global Encryption Day!
Dozens of in-person and online events are planned around the world, including the five panel events of The Encryption Summit:
Tell me: How will you celebrate privacy's high holiday?
Subscribe to this newsletter, The Internet Exchange.
What you should know
- The rejection by the Mauritius court of Afrinic's appeal against receivership is the latest in a years-long battle. https://afrinic.net/20241015
- Relatedly, public comments are open until 25 November on a proposed policy document on the criteria for new Regional Internet Registries. ICANN's Address Supporting Organization (ASO) will be reviewing the proposal during ICANN81 in November. https://www.icann.org/resources/pages/new-rirs-criteria-2012-02-25-en
- W3C has finally announced the official chartering of the Privacy Working Group, which is now open to participation from W3C member organizations. https://www.w3.org/2024/10/wg-privacy-charter.html
- Matrix reports back on how it’s going to get E2EE messaging interoperable with WhatsApp. https://matrix.org/blog/2024/09/whatsapp-dma/?ref=privacy.thenexus.today
- US Senator Ron Wyden responds to the China Salt Typhoon Hack catastrophe with a strong letter decrying the Department of Justice, FBI and the Communications Assistance for Law Enforcement Act (CALEA) program, "DOJ must stop pushing for policies that harm Americans’ privacy and security by championing surveillance backdoors." https://www.wyden.senate.gov/imo/media/doc/wyden_letter_to_fcc__doj_on_wiretapping_systems_hackpdf.pdf
- Citizen Lab analyzes the WeChat encryption protocol. https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/
- Truepic uploaded the first video to YouTube that includes end-to-end content credentials verifying its authenticity. https://www.axios.com/2024/10/15/video-ai-tools-public-wide-use
- The next edition of Splintercon is coming to Berlin on December 9-11. You can register now: https://splintercon.net/berlin/
- The annual Freedom on the Net report for 2024 is out, "The Struggle for Trust Online." https://freedomhouse.org/report/freedom-net/2024/struggle-trust-online
- Put the new publication Compiler.news in your timelines, starting with this piece about adequately funding nonprofit cybersecurity. https://www.compiler.news/lets-adequately-fund-cybersecurity-nonprofits-the-internet-depends-on-it/
Freedom Online Coalition: Joint Statement on Technical Standards and Human Rights in the Context of Digital Technologies
The Freedom Online Coalition (FOC) is a group of 41 countries strongly committed to the promotion and protection of human rights and fundamental freedoms as proclaimed in the Universal Declaration of Human Rights (UDHR). We strongly emphasize that the human rights that individuals enjoy offline must also be protected online, including the right to freedom of opinion and expression, the right not to be subject to arbitrary or unlawful interference with privacy, and other human rights and fundamental freedoms. We recognize that human rights need to be promoted, respected, protected and fulfilled through the entirety of digital technologies’ lifecycle, including through their conception, design, development, deployment, use, evaluation and regulation[1]. We also recall the importance of integrating a human rights perspective into regulatory and norm-setting processes for new and emerging technologies and call on the private sector to respect human rights in the development and use of new and emerging technologies[2]. The FOC promotes the respect for and the protection of universal human rights in the context of digital and Internet technical standards[3] that are developed and maintained by international, regional and national Standards Developing Organisations (SDOs), and implemented by their participants and others.
We recognize that multi-stakeholder-based collaboration in a number of SDOs with an open, voluntary standards model[4] based on pluralistic, inclusive, bottom-up participation by all stakeholders and an industry-led, consensus-based approach has been instrumental in defining the open, global, decentralized, resilient, reliable, secure, accessible and interoperable nature of the Internet. More broadly, a diverse set of multi-stakeholder SDOs follow the characteristics of an open and transparent model for standard-development for a vast range of digital technologies and applications. We further recall the World Trade Organization principles[5] for the development of international standards, to ensure transparency, openness, impartiality and consensus, effectiveness and relevance, coherence and to address the concerns of developing countries.
The Internet’s decentralized multi-stakeholder governance model has facilitated its growth and expansion, rendering it more than able to cope with threats to the integrity and resilience of its core network throughout its history. As such, the standardization of interoperable protocols, based on consensus, is integral to the continuing development and use of the Internet as a global communication network that enables access to information and helps realize economic, social, cultural, political and civil rights that underpin the 2030 Agenda for Sustainable Development. These constitute tangible examples of multistakeholder governance, collaboration and engagement in the digital and Internet sector, demonstrating that the multistakeholder model is flexible and comes in different shapes and sizes where communities come together to discuss, deliberate, and find solutions together.
We also recognize that Internet technical standards and technical standards relating to digital technologies, such as artificial intelligence, developed in SDOs can carry implications for human rights, societies, economies, the environment and the integrity of the information ecosystem. While technical standards can lead to the adoption of digital technologies that enhance and enable the exercise and enjoyment of human rights, privacy, safety, and security, they can also facilitate human rights violations and abuses through their application[6]. Such facilitation may include risks related to mass surveillance, communication interception, online and offline censorship, intentionally weakened encryption and anonymity standards, manipulation of online traffic and requirements for permanent device identifiers. Such measures can infringe upon the foundations of an open and interoperable Internet. They can also have a direct impact on the safeguarding of the integrity of the information ecosystem, where the free, reliable, and accurate flow of information is available to all in an open, inclusive, safe and secure environment[7].
We are deeply concerned about standardization proposals that seek to undermine human rights or increase risks of human rights violations and abuses, whether intentionally or unintentionally, including by aiding state actors and their proxies to gain stronger control over individuals and societies. This includes, for instance, arbitrary or unlawful interference with one’s privacy and security, restrictions on the free flow of information and ideas, interference with the freedom of expression and freedom of association and peaceful assembly, and discrimination in the promotion and protection of all human rights, as set out in inter alia the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights (ICCPR), the International Covenant on Economic, Social and Cultural Rights (ICESCR) as well as applicable International Labour Organization (ILO) Conventions. Special consideration should be given to gender equality, the rights of the child, and persons with disabilities, Indigenous Peoples, LGBTQIA+ persons and persons in vulnerable situations. It is important that all processes for the development and implementation of technical standards follow best practices for gender mainstreaming to produce gender-responsive standards that support intersectional gender equality.
We encourage all stakeholders to consider promoting and adhering to the “NETMundial+10 Multistakeholder Statement on strengthening Internet governance and other policy processes of developing digital resources necessary to reach the SDGs” and to consider the Report of the Office of the United Nations High Commissioner for Human Rights on “Human rights and technical standard-setting processes for new and emerging technologies,” and encourage all stakeholders to establish procedures to implement effective multistakeholder processes. We also call on all stakeholders to apply a human rights-based approach and uphold accountability and transparency for the outcomes of multistakeholder standard-development processes[8]. We remind States of their obligations under international human rights law and urge them to remain committed to increasing awareness of the potential impact of technical standards on the protection and promotion of human rights. This includes the responsibility to do so in all forums where States engage, including in SDOs[9]. The collaborative engagement by States with other stakeholders in the context of developing standards does not absolve States of their obligations under international human rights law. In line with the UN Guiding Principles on Business and Human Rights, we also urge the private sector to meet their responsibility to fully respect human rights while engaging in standard-development processes, from the development of a standard to its adoption, implementation and review. This means concretely that they should avoid infringing on human rights and address adverse human rights impacts stemming from or linked to their business activities[10]. In addition, in line with the UN Secretary General’s Human Rights Due Diligence for Digital Technology Use[11], we encourage UN entities, agencies, funds and programmes, including those involved in standard-development processes, to continue taking measures to identify, prevent, mitigate, and address adverse human rights risks and impacts connected to digital technology use across the technology lifecycle, including conception, development, and design activities, as they relate to standard-development processes.
We are convinced that stakeholders should have the necessary information, resources and skills in order to be empowered to participate effectively, meaningfully and sustainably in standard-development processes[12]. Enabling such participation requires moving beyond the usual instruments and established networks of stakeholders to adopting a proactive stance that effectively lowers barriers to participation for all, financially, culturally, as well as substantively. Hence, recognizing the efforts that some SDOs have already undertaken and taking into account their diversity, we call on SDOs that develop Internet technical standards and technical standards relating to digital technologies to maintain and strengthen the open, inclusive and transparent nature of their processes, and, within their respective mandates and in consultation with all affected stakeholders, to commit to initiating adequate human rights due diligence processes, in line with the UN Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect, Remedy” Framework. To that end, we urge all participants in standard-development processes, including SDOs and the private sector, to collaborate proactively in taking a human rights-based approach throughout all stages of the standard-development process, taking into account that the diversity of SDOs may require targeted approaches[13]. Consideration should be given to Safety by Design principles and requirements for digital services to embed proactive risk mitigation throughout the entire lifecycle. The standard-development process is and should remain stakeholder-driven, and States have a quintessential role to play in supporting these efforts by having an enabling policy framework in place, including by actively soliciting feedback and input from other stakeholder groups.
Incorporating diverse voices and multiple perspectives can enhance standard-development processes, both by achieving better decisions and delivering better outcomes[14]. As such, diverse participation by all stakeholders through all stages of standard-development processes will lead to a better understanding of the impacts on the exercise of human rights. We strongly support the participation of civil society in the work of SDOs and it is essential for all participants in standard-development processes to incorporate independent human rights expertise in their preparations or delegations, and to meaningfully engage with a diverse range of stakeholders with multi-disciplinary expertise, including civil society. Such efforts should be collaborative and not duplicate, conflict with, or undermine other existing expert fora and longstanding discussions on digital issues and human rights. We stress the need for voluntary assistance and support to civil society, with attention to those representing historically excluded and marginalized groups who are affected by digitalization, to meaningfully and independently participate in standard-development processes[15][16]. Furthermore, we call on SDOs to be proactive in overcoming barriers to entry and facilitating participation by women, experts and stakeholders from underrepresented backgrounds, including from lower- and middle-income countries.
We aim to strengthen coordination on and support for the implementation and development of international standards to help ensure that digital technologies, throughout their lifecycle, reflect our shared commitment to an open, free and secure cyberspace in which human rights and fundamental freedoms are fully respected, promoted and protected[17].
The Freedom Online Coalition calls on States to:
- Actively encourage the promotion, respect for, protection and fulfilment of human rights through the entire lifecycle of digital technologies;
- Take necessary steps to ensure that regulatory measures and protocol proposals do not compromise an open and interoperable Internet;
- Continue their strong support for an open and transparent model for standard-development based on pluralistic, voluntary, inclusive, bottom-up participation by all stakeholders;
- Promote greater and more diverse stakeholder participation in Standards Developing Organisations.
We urge all Standards Developing Organisations to:
- Maintain and strengthen open, transparent and inclusive processes and overcome barriers to entry to support meaningful diverse multistakeholder engagement;
- Take proactive steps to facilitate and increase participation by women, experts and stakeholders from underrepresented backgrounds, including from lower- and middle-income countries, including the need to proactively create and maintain cultures free from misogyny and discrimination by developing and enforcing codes of conduct;
- Support civil society and, where applicable, other stakeholders, to independently participate in standard-development processes, such as through voluntary assistance and capacity-building;
- Maintain and initiate processes , where applicable and within their respective mandates, to consider the integration of human rights in their operational policies and procedures, taking into account that the diversity of SDOs may require targeted approaches to each SDO’s standard-development process.
We urge all stakeholders engaged in standard-development processes, including the private sector, to:
- Respect human rights while engaging in the full lifecycle of technical standards, including through proactively collaborating on the initiation or maintenance of adequate human rights due diligence processes of SDOs, taking into account the diversity of SDOs;
- Engage in or support research to better understand the relationship between technology and human rights;
- Gender-mainstream standard-development processes to create gender-responsive standards;
- Conduct due diligence to identify, mitigate and remedy adverse human rights impacts;
- Refrain from proposing or supporting the development and adoption of standards that have adverse impacts on human rights;
- Uphold accountability and transparency for their outcomes.
Footnotes:
[1] UNGA A/RES/78/213; Promotion and protection of human rights in the context of digital technologies
[2] Pact for the Future chapter 3
[3] ITU TSB Activities about human rights and standards (TSAG-TD441R1)
[4] See also “Technical Standards and Human Rights: the case of New IP”, book chapter by Chatham House, October 2022
[5] WTO | Principles for the Development of International Standards, Guides and Recommendations
[6] OHCHR report on Human Rights and technical standard-setting processes A/HRC/53/42.
[7] See also: Global Declaration on Information Integrity Online
[8] NetMundial+10 statement 2024
[9] Freedom Online Coalition Statement on ITU Plenipot 2018
[10] UN Guiding Principles on Business and Human Rights
[11] UN Secretary General’s Guidance on Human Rights Due Diligence for Digital Technology Use
[12] NetMundial+10 statement 2024
[13] OHCHR Report on human rights and technical standard-setting processes A/HRC/53/42
[14] NetMundial+10 statement 2024
[15] OHCHR report on Human Rights and technical standard-setting processes A/HRC/53/42
[16] G7 Framework for collaboration on digital technical standards 2021
[17] Cardiff Bay G7 Summit Communique 2021
Please forward and share this edition of The Internet Exchange.