SlideShare a Scribd company logo

Vincent O. Mwando - Encryption

V
Vincent Mwando

The document discusses the importance of encryption in safeguarding privacy in the digital realm amidst the challenges posed by technological advancements. It highlights how encryption works to protect data from unauthorized access, while also noting the threats it faces, including hacking, calls for exceptional access by law enforcement, and governmental actions that undermine encryption standards. Furthermore, it underscores the necessity for cooperation among various stakeholders to ensure the protection of human rights and privacy online.

Internet
1 of 8
Download to read offline
1
2
3
4
5
6
7
8
Page 1 of 8 ENCRYPTION: THE LOCK AND KEY WHICH SAFEGUARDS PRIVACY IN THE DIGITAL SPACE By: Vincent Mwando Figure 1: Physical rendition of encryption1 1.1 Background Advancements in information and communications technology have presented challenges and opportunities that are unique. They have disrupted the way human beings conduct their life. In the brick and mortar world, for example, people would safeguard their privacy by locking their belongings in their homes. One would then need permission in order to know what was in the houses. People would also keep records in their homes and the information therein would remain known to them and those they decided to tell. The safety of the home and everything inside was protected using traditional means, for example, forbidding and punishing theft. However, with the advancements in information and communication technology all spheres of life were affected. The internet, for example, gave rise to networks through which people can communicate without physically moving to where the recipient of the information is. This has saved time and energy which can be used to do other things and build other sectors. If you need to speak with someone, you don’t need to travel to where they are; you could send them a message and wait for a response as you attend to other things in your life. However, there are challenges that accompany this opportunity. For example, there is a possibility that the message can be intercepted as it moves from the sender to the recipient, even without any of them knowing. In the brick and mortar world, the person delivering the message would physically move until they met with the recipient. It has therefore become necessary to devise a way in which the message being sent through the network can be kept from being intercepted. One of these ways is encryption. It ‘is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state.’2 Encryption “scrambles” the plaintext to ciphertext aiding in safe and trustworthy data transfer protocol. This is applied in all levels; cloud computing, applications and at software levels to avoid unintended or unauthorized person from accessing the data. 1 Isuru Jayathilake, ‘Introduction to encryption’ Medium, 2 August 2018 <https://medium.com/@isuruj/introduction-to-encryption-4b810996a871>. 2 Internet Society, Protect encryption, protect yourself <https://www.internetsociety.org/issues/encryption/>.
Page 2 of 8 1.2 Introduction As discussed above, advancements in information and communication technology have presented various challenges and opportunities. The internet, for example, has led to the creation of a ‘new world’ – the ‘digital world’. Today, there is a form of life that exists in the digital space. With the internet infrastructure, people can communicate and conduct various transactions without having to physically change their location. With this ‘new world’, it has become necessary to protect the rights that people have in the physical world. The challenge has been to find ways to protect the rights in the digital space as they had been protected in the physical world.3 Various stakeholders have been involved in this initiative. For example, in 2016, the United Nations Human Rights Council, while dealing with the promotion, protection and enjoyment of human rights on the internet in its thirty-second session, observed that the ‘same rights that people have offline must also be protected online.’ It noted that ‘the exercise of human rights, in particular the right to freedom of expression, on the Internet is an issue of increasing interest and importance as the rapid pace of technological development enables individuals all over the world to use new information and communication technologies’. These things can only be achieved through the involvement of all stakeholders. This is why the Council noted that confidence and trust in the internet as ‘an enabler for development and innovation can be realized, with full cooperation between governments, civil society, the private sector, the technical community and academia’.4 One of the rights that the Council highlighted was the right to privacy. It stated that ‘privacy online is important for the realization of the right to freedom of expression and to hold opinions without interference, and the right to freedom of peaceful assembly and association’.5 This is what the paper focuses on. It examines the significance of encryption in protection of privacy in the digital space and the threats to encryption. It also offers recommendations on the way forward. 1.3 Application of Encryption in Protection of Privacy Encryption ‘is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state.’6 This protects the privacy of the data since if a person were to intercept the communication, they would not be able to comprehend it since it is scrambled; only the recipient on the other end would know how to arrange the data back to the original state as set by the sender. There are keys that are required in order for the encryption process to be complete. They are demonstrated in figure 1.2 below. The sender of the information composes the message in plaintext. They then use an encryption key which converts the plaintext into ciphertext. This scrambles the data. When the recipient gets the message, they first have to use the decryption key to arrange the data to the 3 Lena Nitsche and Kate Hairsine, ‘What are digital rights?’ Deutsche Welle, 9 December 2016 <https://www.dw.com/en/what-are-digital-rights/a-36703292>. 4 United Nations Human Rights Council, Agenda Item 3: The promotion, protection and enjoyment of human rights on the Internet, A/HRC/32/L.20, 27 June 2016. 5 United Nations Human Rights Council, Agenda Item 3: The promotion, protection and enjoyment of human rights on the Internet. 6 Internet Society, Protect encryption, protect yourself <https://www.internetsociety.org/issues/encryption/>.
Page 3 of 8 original form so that they can be able to read. Anyone who intercepts the communication cannot comprehend the message without the decryption key. Figure 2: Encryption and decryption process7 This technology has been used in the various layers of the internet (internet, application and the physical layer) to protect privacy. In the application layer, for example, the messaging service WhatsApp uses end-to-end encryption to protect the privacy and security of its users. WhatsApp states as follows on their website in regard to security: WhatsApp’s end-to-end encryption is available when you and the people you message use our app. Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.8 In doing this, WhatsApp is ensuring that the privacy of the users is maintained. This also fosters security and integrity of the communication. The calls and messages are not tampered with, and therefore reach the recipient in the manner in which the sender intended. The sender and the recipient are also able to maintain their security, for example, where they are journalists, human rights activists or political dissidents or even communication with your loved ones. The end-to- end encryption allows them to communicate in a secure manner free of the interference of oppressive governments or other prying eyes intending to “syphon” the data. It also assists the private sector, for example, companies which are developing patents and trade secrets. Their information does not fall onto the hands of their competitors in the process of communication. In the hardware level, encryption helps to safeguard the security and privacy of information. Apple Inc., the technology company, has designed a feature called ‘FileVault’ which enables the users of its laptops to encrypt the data stored in the laptops: If you store sensitive information on your Mac, you can use FileVault encryption to protect the files from being seen or copied. For example, if you carry all your company’s financial data on your portable computer, losing it could allow someone to access sensitive data 7 Lina Gong, Li Zhang, Wei Zhang, Xuhong Li, Xia Wang and Wenwen Pan, ‘The application of data encryption technology in computer network communication security’ 2017, 5th International Conference on Computer-Aided Design, Manufacturing, Modeling and Simulation (CDMMS 2017). 8 WhatsApp Inc., WhatsApp security <https://www.whatsapp.com/security/>. Ciphertext Plaintext ENCRYPTION DECRYPTION Key
Page 4 of 8 that might hurt your business. FileVault encodes the information stored on your Mac so that it can’t be read unless the login password is entered.9 This enhances privacy in the digital space since hackers and other unauthorized persons cannot access the information stored on the devices. It therefore ensures the integrity of the communications between the user of the device and other users in the internet. This is a win for privacy but those seeking to intercept communication are not resting. They have made attempts to weaken encryption through ways including those discussed below. 1.4 Current Threats to Encryption Owing to the fact that encryption has offered a way to maintain privacy online, various attacks have been launched against it. As noted above, those seeking to intercept communication are not resting. This paper discusses three kinds of attacks on encryption and their implications on the internet and the protection of human rights in the digital space. The challenges are: hacking software; calls for ‘exceptional access’ by law enforcement; and blocking Transport Layer Security (TLS) version 1.3 and Encrypted Server Name Indication (ESNI). 1.4.1 Hacking Software The players interested in accessing personal data and intercepting communication have come up with various ways to try and breach the encryption measures. Most of them have developed hacking software which are used to target the devices and communications of certain members of the society. They exploit vulnerabilities and design features in the encryption systems and devices in order to gain access to the information. Figure 3: Picture of a hacked phone10 A current example in this case is the situation involving WhatsApp and NSO Group Technologies, the Israeli surveillance company. WhatsApp has stated that NSO Group was ‘deeply involved’ in the hacking of mobile phones of 1,400 WhatsApp users, including senior government officials, journalists, lawyers, academics, diplomatic officials and human rights activists. NSO Group is said to be involved in human rights violations including hacking of Pakistani intelligence officials, Indian journalists and exiled Rwandan political activists. The software used in these situations is 9 Apple Inc., macOS User Guide: How does FileVault encryption work on a Mac? <https://support.apple.com/en- gb/guide/mac-help/flvlt001/10.15/mac/10.15>. 10 Deutsche Welle, ‘WhatsApp sues Israeli company over spyware scandal’ 30 October 2019 <https://www.dw.com/en/whatsapp-sues-israeli-company-over-spyware-scandal/a-51042952>.
Page 5 of 8 called ‘Pegasus’.11 WhatsApp and NSO Group are currently parties to a case in a California court. NSO Group has responded to the claims by stating that it merely provides its software to governments for use in security operations and that NSO Group is not responsible for what governments do when they get the software. In July this year, the US District Court in California ruled that the case could proceed against NSO Group. The judge said it appeared that NSO Group had retained some role in the targeting of individuals. The case is now at the discovery stage where both sides will request documents and records from each other.12 The outcome of this case will have crucial implications on the protections of privacy in encrypted services. It will offer a way forward on legality of the use of hacking software to target the privacy of users of internet services. 1.4.2 “Exceptional Access”: The Back Door That Essentially Unlocks the Front Door Figure 4: Physical depiction of safecracking13 Another threat to encryption is the call by government and law enforcement agencies for an ‘exceptional access’ to encrypted data. Law enforcement agencies have long sought to gain access to encrypted locked phones and other devices in claiming that they are seeking to protect citizens from criminal and terrorist attacks. They have tried all means possible to persuade the technology companies to facilitate the unlocking of the encrypted devices. A good example is the situation between Apple Inc., the technology company, and the Federal Bureau of Investigations (FBI), the United States of America law enforcement agency. The FBI has attempted to compel Apple to open locked encrypted phones several times. Between 2015 and 2016, Apple received and objected to at least 11 such orders. The FBI has wanted Apple to provide a ‘back door’ to the security of iPhones on the grounds that it would enable FBI to move fast in emergency situations and prevent future attacks on the country. Apple has always objected to the orders for reasons that a ‘back door’ would put the privacy and security of all its users and not just those under investigation.14 If a ‘back door’ is created for law enforcement, there is a 11 Nick Hopkins and Stephanie Kirchgaessner, “WhatsApp sues Israeli firm, accusing it of hacking activists’ phones” The Guardian, 29 October 2019 <https://www.theguardian.com/technology/2019/oct/29/whatsapp-sues-israeli-firm- accusing-it-of-hacking-activists-phones>. 12 Stephanie Kirchgaessner, ‘US judge: WhatsApp lawsuit against Israeli spyware firm NSO can proceed’ The Guardian, 17 July 2020 <https://www.theguardian.com/technology/2020/jul/17/us-judge-whatsapp-lawsuit-against- israeli-spyware-firm-nso-can-proceed>. 13 Robert Valdes, ‘How safecracking works’ HowStuffWorks <https://home.howstuffworks.com/home- improvement/household-safety/safecracking4.htm> 14 Leander Kahney, ‘The FBI wanted a back door to the iPhone. Time Cook said no’ Wired Magazine 16 April 2019 <https://www.wired.com/story/the-time-tim-cook-stood-his-ground-against-fbi/>.
Page 6 of 8 possibility that they might share or might get leaked and then fall into the hands of criminals. In the end, it would be as if there were no encryption at all; the front door would be essentially open. Despite Apple’s refusal, the FBI continues to make seek for search warrants for locked encrypted devices. Early this year, the FBI served Apple with a search warrant for two iPhones in an incident involving a gunman in a shooting at a naval base in Pensacola in Florida in December 2019. The search warrant sought Apple’s assistance in gaining access to the devices. The owner of the phones had died in the shooting incident and the law enforcement agencies believed that the deceased had been the shooter. Apple responded that it had no access to the material stored on the locked encrypted phones.15 However, this has not deterred law enforcement from exploring other avenues. For example, the United States Congress is currently looking at Bill called The Lawful Access to Encrypted Data Act. If passed, the law would force companies to provide ‘technical assistance’ to law enforcement in accessing encrypted data. This would pose a great threat to encryption and privacy since ‘the only way for companies to comply would be to build backdoors into their products and services, or not use encryption at all’.16 This would result in companies making less safer products and services. Various stakeholders have advocated against the Bill. The Internet Society, for example, strongly opposed the Bill through an open letter signed by civil society organizations, technology companies and trade associations, and security and policy experts.17 The world is waiting to see what Congress will do and the implications of such on digital privacy. 1.4.3 Blocking TLS 1.3 in China Makes the Internet Less Secure Figure 5: Transport Layer Security (TLS) 1.3 In July 2020 when the Chinese government decided to block encrypted Hypertext Transfer Protocol Secure (HTTPS) connection from the previous versions which are less secure. This encompasses interception-proof protocols, modern and more advance technologies of the TLS 1.3 and ESNI. The government through this will monitor and control the content its citizens have access to18 . This is an attack on the Internet Society’s vision “The Internet is for everyone”. 15 Jack Nicas and Katie Benner, ‘FBI asks Apple to help unlock two iPhones’ New York Times, 7 January 2020 <https://www.nytimes.com/2020/01/07/technology/apple-fbi-iphone-encryption.html>. 16 Kenneth Olmstead and Ryan Polk, “Latest US ‘Anti-encryption’ Bill threatens security of millions” Internet Society, 7 July 2020 <https://www.internetsociety.org/blog/2020/07/latest-u-s-anti-encryption-bill-threatens-security-of- millions/>. 17 Internet Society Open Letter Against Lawful Access to Encrypted Data Act, Global Encryption Project, 7 July 2020 <https://www.globalencryption.org/open-letter-against-laed-act/>. 18 Catalin Cimpanu, “China is now blocking all encrypted HTTPS traffic that uses TLS 1.3”, ZDNet, August 8, 2020 < https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/>
Page 7 of 8 HTTPS performance with the TLS version 1.3 will offer secure and unprecedented privacy. The modern technology algorithm and the Authenticated Encryption and Additional Data applies the three cipher suites which is fast enabling the system to have negligible set of cleartext protocol bits thereafter preventing progressive reduction in the flexibility of network protocol design19 . Encrypting client’s certificate which is part of data integrity and hardened and advanced security secures the communication channel giving rich to end-to-end encryption. Businesses and other sectors are integrating and encouraging the latest version TLS 1.3 with companies such as Microsoft highly recommending interested parties such as developers to start incorporating the version in their operating systems, services and more so applications20 . This is pegged on the reason that a variety of web browsers have the advanced security installed in them and enhances trust of the data through; privacy, security, and guaranteed the performance of various websites. Such moves by the Chinese government makes the internet less secure with the citizens open to, scrutiny, security and privacy issues within or outside its borders. The internet and physical layer encryption is very key to achieving end-to-end encryption, this starts from enterprise and operating system security and the information being transferred through the fiber and copper cables. 1.5 Recommendations for the Way Forward The paper recommends the following in order to contribute to internet governance initiatives. 1.5.1 Wider Adoption of Encryption There is need to encourage wider adoption of encryption across the internet and other information and communication technology-based services. It has been common in messaging services and device manufacturing. It is important that it is widely adopted in other sectors, for example, online banking, Internet of Things, healthcare, e-commerce, and social media. This is important especially given that due to the COVID-19 pandemic, many people have been forced to adopt internet models of operation and carry whatever they are doing to the internet space not forgetting to work or study from home. The internet services are now being used more than ever. Protecting the privacy and security of all the activities going on is crucial, and encryption is at the center of this. This will be in line with Internet Society’s goals of improving end-to-end encryption against various threats (exceptional access) and then that of engaging with the global network community by the end of 2020 and to wipe out the idea of exceptional access by governments while urging them to adopt, promote and support end-to-end encryption to protect data, online communications and networks involved by 2025 through seeing the need of a strengthen digital space.21 19 Microsoft Corporation, “Taking Transport Layer Security (TLS) to the next level with TLS 1.3”, August 20 2020 <https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls- 1-3/> 20 Microsoft Corporation, “Taking Transport Layer Security (TLS) to the next level with TLS 1.3”, August 20 2020 <https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls- 1-3/> 21 Internet Society, Protect encryption, protect yourself <https://www.internetsociety.org/issues/encryption/>.
Page 8 of 8 1.5.2 Use of White Hat Hackers to Strengthen Encryption Protocols There is need for the technology community and experts to engage in the encryption process as white hat hackers. This will aid the process by looking for and identifying loopholes within the encryption process which could be used by black hat hackers as discussed above in the case of WhatsApp and NSO Group. The loopholes identified by white hat hackers will help the internet community to generate solutions and enhance security in the internet. 1.5.3 Legal Action Against Hackers It is also important that all the stakeholders in internet governance take legal action in the event of hacking. Taking legal action serves to deter some of the persons who would engage in hacking and other criminal acts against encryption and privacy in the digital space. The example of the lawsuit by WhatsApp, as discussed above, is a good step. The outcome is yet to be known but the internet governance stakeholders should not be discouraged if the outcome is not favorable. It is important to keep approaching the courts as the law may evolve in favor of protection of privacy in the digital space. 1.5.4 Cooperation and Convergence of Efforts to Enhance Encryption It is crucial for internet governance in general and encryption in specific, that all the stakeholders and actors from the government, civil society and the private sector-who largely own the Internet's infrastructure and services, continue to engage in discussions around protection of privacy. Every stakeholder has a part to play, and development of inclusive and open policies requires everyone to get on board. In some cases, for example that in China, diplomacy can be applied in dealing with divergent views on encryption by different stakeholders such as governments and internet governance community. 1.6 Conclusion The discussion above has highlighted the manner in which encryption is essential for privacy in the digital world. It also important, as pointed out above, that discussions and solutions are found for the threats facing encryption. The threats are formidable and have the potential of eroding privacy protections in the digital space, and consequently the trust and confidence in the internet as an enabler of development and human rights protection. Strong encryption is also key to the realization of Sustainable Development Goals (SDGs)for example, SDG number 9 on industry, innovation and infrastructure notes that the importance of Technological progress in finding lasting solutions to economic and environmental challenges. Encryption is at the center of technological progress in that it ensures development of safe and secure infrastructure and builds trust in the use of information and technological resources. There is need to incorporate multistakeholder engagement and multilateralism approach to foster coordination both at local and international level. The various actors need to cooperate and find a way forward in the use of strong encryption for everyone.22 22 Global Encryption Coalition to Promote Internet Security http://www.circleid.com/posts/20200818-afilias-joins- global-encryption-coalition-for-internet-security/.

More Related Content

PDF
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...
Vincent Mwando
 
PDF
Indonesia National Cyber Security Strategy
ICT Watch
 
PPTX
Final presentation cyber security submit copy
smita mitra
 
DOCX
Chapter 3.docx
Amir Khan
 
PDF
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
sabrangsabrang
 
PDF
Indonesia Internet Sehat on Child Online Protection
ICT Watch
 
PDF
National ID-IGF Dialogue 2016 Summary
ICT Watch
 
PDF
ID IGF 2016 - Infrastruktur 3 - Security Governance Framework
IGF Indonesia
 
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...
Vincent Mwando
 
Indonesia National Cyber Security Strategy
ICT Watch
 
Final presentation cyber security submit copy
smita mitra
 
Chapter 3.docx
Amir Khan
 
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
sabrangsabrang
 
Indonesia Internet Sehat on Child Online Protection
ICT Watch
 
National ID-IGF Dialogue 2016 Summary
ICT Watch
 
ID IGF 2016 - Infrastruktur 3 - Security Governance Framework
IGF Indonesia
 

What's hot (20)

PDF
Indonesia Netizen Facts (July - September 2016)
ICT Watch
 
PDF
Keep in touch for cyber peace_20150212
Kunihiro Maeda
 
PDF
Data mining applied about polygamy using sentiment analysis on Twitters in In...
journalBEEI
 
PDF
OSA - Internet Security in India
Dinesh O Bareja
 
PDF
Indonesia Netizen Facts (October - December 2015)
ICT Watch
 
PDF
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
ijcsit
 
PDF
Nigf report appendix pages
Agidigba
 
PPT
Presentasi ftii intlcyberlaw
ftii
 
PDF
Indonesia Netizen Facts (April - June 2016)
ICT Watch
 
PPTX
Internet Privacy
realpeterz
 
PDF
Security in a Mobile World
Hewlett Packard Enterprise Business Value Exchange
 
DOCX
Hello dr. aguiar and classmates,for this week’s forum we were as
simba35
 
PDF
Indonesia Netizen Facts (April - June 2015)
ICT Watch
 
PPTX
Societal impacts PART2
AVISHITYAGI
 
DOCX
Instructions please write a 5 page paper answering the question con
simba35
 
PDF
ICOCI2013: Keynotes 1
Syamsul Bahrin Zaibon
 
PDF
Internet governance
rmvvr143
 
PDF
Riseptis report 1
vafopoulos
 
PDF
Cybercrime: An Analysis from Positive Law Perspective
Associate Professor in VSB Coimbatore
 
PDF
Final national cyber security strategy november 2014
vikawotar
 
Indonesia Netizen Facts (July - September 2016)
ICT Watch
 
Keep in touch for cyber peace_20150212
Kunihiro Maeda
 
Data mining applied about polygamy using sentiment analysis on Twitters in In...
journalBEEI
 
OSA - Internet Security in India
Dinesh O Bareja
 
Indonesia Netizen Facts (October - December 2015)
ICT Watch
 
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
ijcsit
 
Nigf report appendix pages
Agidigba
 
Presentasi ftii intlcyberlaw
ftii
 
Indonesia Netizen Facts (April - June 2016)
ICT Watch
 
Internet Privacy
realpeterz
 
Security in a Mobile World
Hewlett Packard Enterprise Business Value Exchange
 
Hello dr. aguiar and classmates,for this week’s forum we were as
simba35
 
Indonesia Netizen Facts (April - June 2015)
ICT Watch
 
Societal impacts PART2
AVISHITYAGI
 
Instructions please write a 5 page paper answering the question con
simba35
 
ICOCI2013: Keynotes 1
Syamsul Bahrin Zaibon
 
Internet governance
rmvvr143
 
Riseptis report 1
vafopoulos
 
Cybercrime: An Analysis from Positive Law Perspective
Associate Professor in VSB Coimbatore
 
Final national cyber security strategy november 2014
vikawotar
 
Ad

Similar to Vincent O. Mwando - Encryption (19)

PPTX
data privacy in digital technology .pptx
afruafrid5
 
PDF
Tor project and Darknet Report
Ahmed Mater
 
DOC
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy
 
PPTX
Lofty Ideals: The Nature of Clouds and Encryption
Sean Whalen
 
DOCX
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
RAJU852744
 
DOCX
Qstn 27
Nashe Muja Mujah
 
PDF
Security techniques for intelligent spam sensing and anomaly detection in onl...
IJECEIAES
 
PDF
Research on Privacy Protection in Big Data Environment
IJERA Editor
 
PDF
Research on Privacy Protection in Big Data Environment
IJERA Editor
 
DOCX
Hamza
HamzaBaqee
 
PDF
Essay Topic Internet
Paper Writing Service Cheap
 
PDF
Encountering social engineering activities with a novel honeypot mechanism
IJECEIAES
 
PDF
IT8073_Information Security_UNIT I _.pdf
Guru Nanak Technical Institutions
 
PDF
IT8073 _Information Security _UNIT I Full notes
Guru Nanak Technical Institutions
 
PPTX
Chapter 6emerging technology - EMTE.pptx
Tekle12
 
PPTX
3Nov Challanges to Inernal Security.pptx
ssuser84f16f
 
PDF
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
IOSR Journals
 
PDF
L017146571
IOSR Journals
 
PDF
Privacyinvading Technologies And Privacy By Design Safeguarding Privacy Liber...
vrlapvbzgo4480
 
data privacy in digital technology .pptx
afruafrid5
 
Tor project and Darknet Report
Ahmed Mater
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy
 
Lofty Ideals: The Nature of Clouds and Encryption
Sean Whalen
 
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
RAJU852744
 
Qstn 27
Nashe Muja Mujah
 
Security techniques for intelligent spam sensing and anomaly detection in onl...
IJECEIAES
 
Research on Privacy Protection in Big Data Environment
IJERA Editor
 
Research on Privacy Protection in Big Data Environment
IJERA Editor
 
Hamza
HamzaBaqee
 
Essay Topic Internet
Paper Writing Service Cheap
 
Encountering social engineering activities with a novel honeypot mechanism
IJECEIAES
 
IT8073_Information Security_UNIT I _.pdf
Guru Nanak Technical Institutions
 
IT8073 _Information Security _UNIT I Full notes
Guru Nanak Technical Institutions
 
Chapter 6emerging technology - EMTE.pptx
Tekle12
 
3Nov Challanges to Inernal Security.pptx
ssuser84f16f
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
IOSR Journals
 
L017146571
IOSR Journals
 
Privacyinvading Technologies And Privacy By Design Safeguarding Privacy Liber...
vrlapvbzgo4480
 
Ad

Recently uploaded (20)

PDF
The Evolution of Traditional to New Media .pdf
NIKKODENSMIRO
 
PDF
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
DOC
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
PDF
Slides PDF: The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PPTX
Database Information System - Management Information System
faizhossain3
 
PPTX
Internet Safety for Seniors presentation
mwnorman1
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PPT
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
PPT
Ethics in Information System - Management Information System
faizhossain3
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PDF
si manuel quezon at mga nagawa sa bansang pilipinas
LizaDeVeraFloresLaya
 
PPTX
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
PDF
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
The Evolution of Traditional to New Media .pdf
NIKKODENSMIRO
 
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
Slides PDF: The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
Database Information System - Management Information System
faizhossain3
 
Internet Safety for Seniors presentation
mwnorman1
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
Funds Management Learning Material for Beg
NKKumar16
 
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
Ethics in Information System - Management Information System
faizhossain3
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
si manuel quezon at mga nagawa sa bansang pilipinas
LizaDeVeraFloresLaya
 
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 

Vincent O. Mwando - Encryption

  • 1. Page 1 of 8 ENCRYPTION: THE LOCK AND KEY WHICH SAFEGUARDS PRIVACY IN THE DIGITAL SPACE By: Vincent Mwando Figure 1: Physical rendition of encryption1 1.1 Background Advancements in information and communications technology have presented challenges and opportunities that are unique. They have disrupted the way human beings conduct their life. In the brick and mortar world, for example, people would safeguard their privacy by locking their belongings in their homes. One would then need permission in order to know what was in the houses. People would also keep records in their homes and the information therein would remain known to them and those they decided to tell. The safety of the home and everything inside was protected using traditional means, for example, forbidding and punishing theft. However, with the advancements in information and communication technology all spheres of life were affected. The internet, for example, gave rise to networks through which people can communicate without physically moving to where the recipient of the information is. This has saved time and energy which can be used to do other things and build other sectors. If you need to speak with someone, you don’t need to travel to where they are; you could send them a message and wait for a response as you attend to other things in your life. However, there are challenges that accompany this opportunity. For example, there is a possibility that the message can be intercepted as it moves from the sender to the recipient, even without any of them knowing. In the brick and mortar world, the person delivering the message would physically move until they met with the recipient. It has therefore become necessary to devise a way in which the message being sent through the network can be kept from being intercepted. One of these ways is encryption. It ‘is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state.’2 Encryption “scrambles” the plaintext to ciphertext aiding in safe and trustworthy data transfer protocol. This is applied in all levels; cloud computing, applications and at software levels to avoid unintended or unauthorized person from accessing the data. 1 Isuru Jayathilake, ‘Introduction to encryption’ Medium, 2 August 2018 <https://medium.com/@isuruj/introduction-to-encryption-4b810996a871>. 2 Internet Society, Protect encryption, protect yourself <https://www.internetsociety.org/issues/encryption/>.
  • 2. Page 2 of 8 1.2 Introduction As discussed above, advancements in information and communication technology have presented various challenges and opportunities. The internet, for example, has led to the creation of a ‘new world’ – the ‘digital world’. Today, there is a form of life that exists in the digital space. With the internet infrastructure, people can communicate and conduct various transactions without having to physically change their location. With this ‘new world’, it has become necessary to protect the rights that people have in the physical world. The challenge has been to find ways to protect the rights in the digital space as they had been protected in the physical world.3 Various stakeholders have been involved in this initiative. For example, in 2016, the United Nations Human Rights Council, while dealing with the promotion, protection and enjoyment of human rights on the internet in its thirty-second session, observed that the ‘same rights that people have offline must also be protected online.’ It noted that ‘the exercise of human rights, in particular the right to freedom of expression, on the Internet is an issue of increasing interest and importance as the rapid pace of technological development enables individuals all over the world to use new information and communication technologies’. These things can only be achieved through the involvement of all stakeholders. This is why the Council noted that confidence and trust in the internet as ‘an enabler for development and innovation can be realized, with full cooperation between governments, civil society, the private sector, the technical community and academia’.4 One of the rights that the Council highlighted was the right to privacy. It stated that ‘privacy online is important for the realization of the right to freedom of expression and to hold opinions without interference, and the right to freedom of peaceful assembly and association’.5 This is what the paper focuses on. It examines the significance of encryption in protection of privacy in the digital space and the threats to encryption. It also offers recommendations on the way forward. 1.3 Application of Encryption in Protection of Privacy Encryption ‘is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state.’6 This protects the privacy of the data since if a person were to intercept the communication, they would not be able to comprehend it since it is scrambled; only the recipient on the other end would know how to arrange the data back to the original state as set by the sender. There are keys that are required in order for the encryption process to be complete. They are demonstrated in figure 1.2 below. The sender of the information composes the message in plaintext. They then use an encryption key which converts the plaintext into ciphertext. This scrambles the data. When the recipient gets the message, they first have to use the decryption key to arrange the data to the 3 Lena Nitsche and Kate Hairsine, ‘What are digital rights?’ Deutsche Welle, 9 December 2016 <https://www.dw.com/en/what-are-digital-rights/a-36703292>. 4 United Nations Human Rights Council, Agenda Item 3: The promotion, protection and enjoyment of human rights on the Internet, A/HRC/32/L.20, 27 June 2016. 5 United Nations Human Rights Council, Agenda Item 3: The promotion, protection and enjoyment of human rights on the Internet. 6 Internet Society, Protect encryption, protect yourself <https://www.internetsociety.org/issues/encryption/>.
  • 3. Page 3 of 8 original form so that they can be able to read. Anyone who intercepts the communication cannot comprehend the message without the decryption key. Figure 2: Encryption and decryption process7 This technology has been used in the various layers of the internet (internet, application and the physical layer) to protect privacy. In the application layer, for example, the messaging service WhatsApp uses end-to-end encryption to protect the privacy and security of its users. WhatsApp states as follows on their website in regard to security: WhatsApp’s end-to-end encryption is available when you and the people you message use our app. Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.8 In doing this, WhatsApp is ensuring that the privacy of the users is maintained. This also fosters security and integrity of the communication. The calls and messages are not tampered with, and therefore reach the recipient in the manner in which the sender intended. The sender and the recipient are also able to maintain their security, for example, where they are journalists, human rights activists or political dissidents or even communication with your loved ones. The end-to- end encryption allows them to communicate in a secure manner free of the interference of oppressive governments or other prying eyes intending to “syphon” the data. It also assists the private sector, for example, companies which are developing patents and trade secrets. Their information does not fall onto the hands of their competitors in the process of communication. In the hardware level, encryption helps to safeguard the security and privacy of information. Apple Inc., the technology company, has designed a feature called ‘FileVault’ which enables the users of its laptops to encrypt the data stored in the laptops: If you store sensitive information on your Mac, you can use FileVault encryption to protect the files from being seen or copied. For example, if you carry all your company’s financial data on your portable computer, losing it could allow someone to access sensitive data 7 Lina Gong, Li Zhang, Wei Zhang, Xuhong Li, Xia Wang and Wenwen Pan, ‘The application of data encryption technology in computer network communication security’ 2017, 5th International Conference on Computer-Aided Design, Manufacturing, Modeling and Simulation (CDMMS 2017). 8 WhatsApp Inc., WhatsApp security <https://www.whatsapp.com/security/>. Ciphertext Plaintext ENCRYPTION DECRYPTION Key
  • 4. Page 4 of 8 that might hurt your business. FileVault encodes the information stored on your Mac so that it can’t be read unless the login password is entered.9 This enhances privacy in the digital space since hackers and other unauthorized persons cannot access the information stored on the devices. It therefore ensures the integrity of the communications between the user of the device and other users in the internet. This is a win for privacy but those seeking to intercept communication are not resting. They have made attempts to weaken encryption through ways including those discussed below. 1.4 Current Threats to Encryption Owing to the fact that encryption has offered a way to maintain privacy online, various attacks have been launched against it. As noted above, those seeking to intercept communication are not resting. This paper discusses three kinds of attacks on encryption and their implications on the internet and the protection of human rights in the digital space. The challenges are: hacking software; calls for ‘exceptional access’ by law enforcement; and blocking Transport Layer Security (TLS) version 1.3 and Encrypted Server Name Indication (ESNI). 1.4.1 Hacking Software The players interested in accessing personal data and intercepting communication have come up with various ways to try and breach the encryption measures. Most of them have developed hacking software which are used to target the devices and communications of certain members of the society. They exploit vulnerabilities and design features in the encryption systems and devices in order to gain access to the information. Figure 3: Picture of a hacked phone10 A current example in this case is the situation involving WhatsApp and NSO Group Technologies, the Israeli surveillance company. WhatsApp has stated that NSO Group was ‘deeply involved’ in the hacking of mobile phones of 1,400 WhatsApp users, including senior government officials, journalists, lawyers, academics, diplomatic officials and human rights activists. NSO Group is said to be involved in human rights violations including hacking of Pakistani intelligence officials, Indian journalists and exiled Rwandan political activists. The software used in these situations is 9 Apple Inc., macOS User Guide: How does FileVault encryption work on a Mac? <https://support.apple.com/en- gb/guide/mac-help/flvlt001/10.15/mac/10.15>. 10 Deutsche Welle, ‘WhatsApp sues Israeli company over spyware scandal’ 30 October 2019 <https://www.dw.com/en/whatsapp-sues-israeli-company-over-spyware-scandal/a-51042952>.
  • 5. Page 5 of 8 called ‘Pegasus’.11 WhatsApp and NSO Group are currently parties to a case in a California court. NSO Group has responded to the claims by stating that it merely provides its software to governments for use in security operations and that NSO Group is not responsible for what governments do when they get the software. In July this year, the US District Court in California ruled that the case could proceed against NSO Group. The judge said it appeared that NSO Group had retained some role in the targeting of individuals. The case is now at the discovery stage where both sides will request documents and records from each other.12 The outcome of this case will have crucial implications on the protections of privacy in encrypted services. It will offer a way forward on legality of the use of hacking software to target the privacy of users of internet services. 1.4.2 “Exceptional Access”: The Back Door That Essentially Unlocks the Front Door Figure 4: Physical depiction of safecracking13 Another threat to encryption is the call by government and law enforcement agencies for an ‘exceptional access’ to encrypted data. Law enforcement agencies have long sought to gain access to encrypted locked phones and other devices in claiming that they are seeking to protect citizens from criminal and terrorist attacks. They have tried all means possible to persuade the technology companies to facilitate the unlocking of the encrypted devices. A good example is the situation between Apple Inc., the technology company, and the Federal Bureau of Investigations (FBI), the United States of America law enforcement agency. The FBI has attempted to compel Apple to open locked encrypted phones several times. Between 2015 and 2016, Apple received and objected to at least 11 such orders. The FBI has wanted Apple to provide a ‘back door’ to the security of iPhones on the grounds that it would enable FBI to move fast in emergency situations and prevent future attacks on the country. Apple has always objected to the orders for reasons that a ‘back door’ would put the privacy and security of all its users and not just those under investigation.14 If a ‘back door’ is created for law enforcement, there is a 11 Nick Hopkins and Stephanie Kirchgaessner, “WhatsApp sues Israeli firm, accusing it of hacking activists’ phones” The Guardian, 29 October 2019 <https://www.theguardian.com/technology/2019/oct/29/whatsapp-sues-israeli-firm- accusing-it-of-hacking-activists-phones>. 12 Stephanie Kirchgaessner, ‘US judge: WhatsApp lawsuit against Israeli spyware firm NSO can proceed’ The Guardian, 17 July 2020 <https://www.theguardian.com/technology/2020/jul/17/us-judge-whatsapp-lawsuit-against- israeli-spyware-firm-nso-can-proceed>. 13 Robert Valdes, ‘How safecracking works’ HowStuffWorks <https://home.howstuffworks.com/home- improvement/household-safety/safecracking4.htm> 14 Leander Kahney, ‘The FBI wanted a back door to the iPhone. Time Cook said no’ Wired Magazine 16 April 2019 <https://www.wired.com/story/the-time-tim-cook-stood-his-ground-against-fbi/>.
  • 6. Page 6 of 8 possibility that they might share or might get leaked and then fall into the hands of criminals. In the end, it would be as if there were no encryption at all; the front door would be essentially open. Despite Apple’s refusal, the FBI continues to make seek for search warrants for locked encrypted devices. Early this year, the FBI served Apple with a search warrant for two iPhones in an incident involving a gunman in a shooting at a naval base in Pensacola in Florida in December 2019. The search warrant sought Apple’s assistance in gaining access to the devices. The owner of the phones had died in the shooting incident and the law enforcement agencies believed that the deceased had been the shooter. Apple responded that it had no access to the material stored on the locked encrypted phones.15 However, this has not deterred law enforcement from exploring other avenues. For example, the United States Congress is currently looking at Bill called The Lawful Access to Encrypted Data Act. If passed, the law would force companies to provide ‘technical assistance’ to law enforcement in accessing encrypted data. This would pose a great threat to encryption and privacy since ‘the only way for companies to comply would be to build backdoors into their products and services, or not use encryption at all’.16 This would result in companies making less safer products and services. Various stakeholders have advocated against the Bill. The Internet Society, for example, strongly opposed the Bill through an open letter signed by civil society organizations, technology companies and trade associations, and security and policy experts.17 The world is waiting to see what Congress will do and the implications of such on digital privacy. 1.4.3 Blocking TLS 1.3 in China Makes the Internet Less Secure Figure 5: Transport Layer Security (TLS) 1.3 In July 2020 when the Chinese government decided to block encrypted Hypertext Transfer Protocol Secure (HTTPS) connection from the previous versions which are less secure. This encompasses interception-proof protocols, modern and more advance technologies of the TLS 1.3 and ESNI. The government through this will monitor and control the content its citizens have access to18 . This is an attack on the Internet Society’s vision “The Internet is for everyone”. 15 Jack Nicas and Katie Benner, ‘FBI asks Apple to help unlock two iPhones’ New York Times, 7 January 2020 <https://www.nytimes.com/2020/01/07/technology/apple-fbi-iphone-encryption.html>. 16 Kenneth Olmstead and Ryan Polk, “Latest US ‘Anti-encryption’ Bill threatens security of millions” Internet Society, 7 July 2020 <https://www.internetsociety.org/blog/2020/07/latest-u-s-anti-encryption-bill-threatens-security-of- millions/>. 17 Internet Society Open Letter Against Lawful Access to Encrypted Data Act, Global Encryption Project, 7 July 2020 <https://www.globalencryption.org/open-letter-against-laed-act/>. 18 Catalin Cimpanu, “China is now blocking all encrypted HTTPS traffic that uses TLS 1.3”, ZDNet, August 8, 2020 < https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/>
  • 7. Page 7 of 8 HTTPS performance with the TLS version 1.3 will offer secure and unprecedented privacy. The modern technology algorithm and the Authenticated Encryption and Additional Data applies the three cipher suites which is fast enabling the system to have negligible set of cleartext protocol bits thereafter preventing progressive reduction in the flexibility of network protocol design19 . Encrypting client’s certificate which is part of data integrity and hardened and advanced security secures the communication channel giving rich to end-to-end encryption. Businesses and other sectors are integrating and encouraging the latest version TLS 1.3 with companies such as Microsoft highly recommending interested parties such as developers to start incorporating the version in their operating systems, services and more so applications20 . This is pegged on the reason that a variety of web browsers have the advanced security installed in them and enhances trust of the data through; privacy, security, and guaranteed the performance of various websites. Such moves by the Chinese government makes the internet less secure with the citizens open to, scrutiny, security and privacy issues within or outside its borders. The internet and physical layer encryption is very key to achieving end-to-end encryption, this starts from enterprise and operating system security and the information being transferred through the fiber and copper cables. 1.5 Recommendations for the Way Forward The paper recommends the following in order to contribute to internet governance initiatives. 1.5.1 Wider Adoption of Encryption There is need to encourage wider adoption of encryption across the internet and other information and communication technology-based services. It has been common in messaging services and device manufacturing. It is important that it is widely adopted in other sectors, for example, online banking, Internet of Things, healthcare, e-commerce, and social media. This is important especially given that due to the COVID-19 pandemic, many people have been forced to adopt internet models of operation and carry whatever they are doing to the internet space not forgetting to work or study from home. The internet services are now being used more than ever. Protecting the privacy and security of all the activities going on is crucial, and encryption is at the center of this. This will be in line with Internet Society’s goals of improving end-to-end encryption against various threats (exceptional access) and then that of engaging with the global network community by the end of 2020 and to wipe out the idea of exceptional access by governments while urging them to adopt, promote and support end-to-end encryption to protect data, online communications and networks involved by 2025 through seeing the need of a strengthen digital space.21 19 Microsoft Corporation, “Taking Transport Layer Security (TLS) to the next level with TLS 1.3”, August 20 2020 <https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls- 1-3/> 20 Microsoft Corporation, “Taking Transport Layer Security (TLS) to the next level with TLS 1.3”, August 20 2020 <https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls- 1-3/> 21 Internet Society, Protect encryption, protect yourself <https://www.internetsociety.org/issues/encryption/>.
  • 8. Page 8 of 8 1.5.2 Use of White Hat Hackers to Strengthen Encryption Protocols There is need for the technology community and experts to engage in the encryption process as white hat hackers. This will aid the process by looking for and identifying loopholes within the encryption process which could be used by black hat hackers as discussed above in the case of WhatsApp and NSO Group. The loopholes identified by white hat hackers will help the internet community to generate solutions and enhance security in the internet. 1.5.3 Legal Action Against Hackers It is also important that all the stakeholders in internet governance take legal action in the event of hacking. Taking legal action serves to deter some of the persons who would engage in hacking and other criminal acts against encryption and privacy in the digital space. The example of the lawsuit by WhatsApp, as discussed above, is a good step. The outcome is yet to be known but the internet governance stakeholders should not be discouraged if the outcome is not favorable. It is important to keep approaching the courts as the law may evolve in favor of protection of privacy in the digital space. 1.5.4 Cooperation and Convergence of Efforts to Enhance Encryption It is crucial for internet governance in general and encryption in specific, that all the stakeholders and actors from the government, civil society and the private sector-who largely own the Internet's infrastructure and services, continue to engage in discussions around protection of privacy. Every stakeholder has a part to play, and development of inclusive and open policies requires everyone to get on board. In some cases, for example that in China, diplomacy can be applied in dealing with divergent views on encryption by different stakeholders such as governments and internet governance community. 1.6 Conclusion The discussion above has highlighted the manner in which encryption is essential for privacy in the digital world. It also important, as pointed out above, that discussions and solutions are found for the threats facing encryption. The threats are formidable and have the potential of eroding privacy protections in the digital space, and consequently the trust and confidence in the internet as an enabler of development and human rights protection. Strong encryption is also key to the realization of Sustainable Development Goals (SDGs)for example, SDG number 9 on industry, innovation and infrastructure notes that the importance of Technological progress in finding lasting solutions to economic and environmental challenges. Encryption is at the center of technological progress in that it ensures development of safe and secure infrastructure and builds trust in the use of information and technological resources. There is need to incorporate multistakeholder engagement and multilateralism approach to foster coordination both at local and international level. The various actors need to cooperate and find a way forward in the use of strong encryption for everyone.22 22 Global Encryption Coalition to Promote Internet Security http://www.circleid.com/posts/20200818-afilias-joins- global-encryption-coalition-for-internet-security/.