Sunday, 19 June 2022

ENCRYPTION: WHY ENCRYPTION MATTERS TO ME?

 

By: Vincent Mwando

1.1.Background

The world today evolves every minute with disruption in the human way of life. This has exacted pressure on human to develop ways of protecting and safeguarding their information in the digital space. Before the era “one click away”, we used to lock pieces of stuff in enclosed cubicles with padlocks or even safes. This hindered unauthorized users from accessing the components inside the safes, granaries and even the lockers. Evolution in information, communication and technology has brought out a beast termed us The Digital World which required the same approach but now through coding and decoding.

Currently, there is advancement in communication through the messaging platforms for instance WhatsApp and signal and in online banking such as mobile and internet banking. This has initiated a way such that prying eyes can access the information in the process of transmitting it to the end-users without even the knowledge of the sender and receiver. In other instances, access the credit data.

Thus, the wide use of emerging trends in communication, information and technology calls for encrypting data by encoding and the receiver having the special key that can decrypt it.

1.2.Introduction

Encryption is the art of encoding (coding and decoding) information. This involves scrambling or enciphering data so that only the target user gets the information hence the term end-to-end encryption.

In our daily life, we rely on encryption in many aspects in achieving privacy in the digital Space. It is applied in almost all sectors in the digital space from that of banking, cloud computing (iCloud, google drive, amazon etc.), communication-messaging (WhatsApp, Signal etc.), online shopping (Amazon, Alibaba, Jumia), normal daily browsing and even that of online streaming services.

Encryption has been under several threats; attacks from the data exfiltration, government, zero-day, malware and ransomware, rogue sites and spear-phishing hence the need to in protection of encryption and privacy in the digital space.

According to the United Nations Human Rights Council, ‘privacy online is important for the realization of the right to freedom of expression and to hold opinions without interference, and the right to freedom of peaceful assembly and association’.[2]

1.3.How encryption works.

Symmetrical, asymmetrical and hybrid encryption are the main types of encryption.

Once the message is composed by the sender majorly as plaintext, it is converted to ciphertext using a special unique key thereby scrambling the data then sending it to the receiver. The receiver has a key that decrypts the ciphertext into special readable text termed plaintext. The two special keys are required to encrypt and decrypt and once encrypted, only the decryption key can enable the receiver to comprehend the message.




      


 





                       


1.4.Threats to encryption

Threats to encryption is an attack on privacy and a violation of human rights. The threats come from all angles; the private sector, governments, businesses and individuals. The threats are Ghost proposals, Key escrow and “Machine in the Middle” (MITM) attack.

1.4.1. Quantum Threat (Post-quantum)[4]

The world currently runs on quantum technology i.e., quantum entanglement, quantum mechanics and quantum superposition. Currently, data and information across the digital space are controlled using a public key encryption algorithm which includes:

a.     Rivest–Shamir–Adleman (RSA). This is an asymmetric cryptographic algorithm i.e., has two keys (Public Key and Private Key) and is used in modern computers to encrypt and decrypt data.

b.     ElGamal. This is an asymmetric cryptographic algorithm that relies on the difficulty of obtaining discrete logarithm in a cyclic group[5].

c.     Elliptic Curve. This is an algebraic structure that offers encryption through public-key cryptography over finite fields.

Advancement in technology has brought by Quantum computers which can break public-key encryption enabling anyone with the manpower and skill to obtain the keys hence able to decrypt the data. This brings the need to come up with the next generation of cryptography other than the RSA, ElGamal and Elliptical curve ones.

1.5.Pros of encryption

a.     It enables a near bulletproof barrier from accessing data by all unauthorized intrusions.

b.     It enables private communication as only intended parties by the sender access the content.

c.     Fosters personal security by keeping your identity safe and hinders people from impersonating you and getting private data.

d.     It’s the cornerstone of national security, by protecting the secrets of countries and organizations.

1.6.Encryption best practices

This entails,

      i.         Understanding the need for strong encryption by staying informed, informing and sharing information with others and finally taking actions through joining hands and keeping it safe.

     ii.         Use of strong encryption across all platforms.

   iii.         Restricting third-party applications from the amount of data and access they have.

   iv.         Government policies to safeguard encryption.

     v.         White hackers will protect and manage the constant changes and advancement in technology.

1.7.How to keep safe in the digital space.

a)     Only using end-to-end encrypted messaging applications such as WhatsApp and Signal. Setting encryption default before using devices and various online and offline services.

b)    Using strong and unique passwords and codes and always having additional security features such as two-factor verification (2FA) and erase-data options turned on to avoid prying eyes and black hat hackers accessing the data.

c)     Updating security features and universal updates to be up to date. Software and application developers once realize britches and bugs in the system, tend to develop a solution and roll them through updates. This help safeguard privacy.

To conclude, encryption is part and parcel of our daily life. Achieving it requires a collective effort from individuals, government and more so the policies makers to come together and ensure strong encryption.



[1] Isuru Jayathilake, ‘Introduction to encryption’ Medium, 2 August 2018 <https://medium.com/@isuruj/introduction-to-encryption-4b810996a871>.

[2] United Nations Human Rights Council, Agenda Item 3: The promotion, protection and enjoyment of human rights on the Internet.

[3] Lina Gong, Li Zhang, Wei Zhang, Xuhong Li, Xia Wang and Wenwen Pan, ‘The application of data encryption technology in computer network communication security’ 2017, 5th International Conference on Computer-Aided Design, Manufacturing, Modeling and Simulation (CDMMS 2017).

[4] The Quantum Threat, < https://www.post-quantum.com/the-quantum-threat/#:~:text=Quantum%20computers%20can%20break%20current,one%20requiring%20mitigation%20strategies%20today.>

[5]ElGamal Encryption Algorithm, 16 Nov, 2018, <https://www.geeksforgeeks.org/elgamal-encryption-algorithm/>

2021 IGF YOUTH AMBASSADOR PROGRAM MOCK IGF

 REPORT ON THE VIRTUAL 2021 MOCK IGF (TEAM B) - ROLE PLAY

THEME: INTERNET GOVERNANCE RESILIENCE IN PANDEMICS.

The Internet Governance Forum (IGF) serve to bring people together from various stakeholder groups as equals, in discussions on public policy issues relating to the Internet. The IGF informs and inspires those with policy-making power in both the public and private sectors.

At their annual meeting, delegates discuss, exchange information and share good practices. The IGF facilitates a common understanding of how to maximize Internet opportunities and address risks and challenges that arise.

Host country, Ghana: Ghana is centrally located and easily accessible via roads, air travel both locally and internationally. The country is also known to have limited restrictions hence conducive to allow for participation. Ghana has adequate resources which will ease the entire process.

Theme: “Internet Governance Resilience in Pandemics”

Internet governance is the development and application of shared principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the Internet. Resilience is the capacity to recover quickly from difficulties or withstand toughness. Pandemic refers to anything, usually a disease that is prevalent or occurring over a whole country or the world.

With this background and cognizance of the impact COVID -19 had on the world and the Internet Governance Forum, the MAG group of Team B has chosen the theme, “Internet Governance Resilience in Pandemics”, to enable a discussion and draw a resolution on:

·         how Internet governance responds or thrives in Pandemics;

·         the efforts, guidelines, procedures and policies we can develop in preparation for future pandemics;

·         the interventions that can be adapted to aid in achieving greater participation of the different stakeholder groups in the multi-stakeholder discussions

·         efforts of the youth in ensuring digital inclusion and their involvement in the mainstream Internet Governance.

AGENDA

BREAKOUT ROOM 1

a.              Human rights and gender inclusion (digital rights) in the internet space.

b.              Digital inclusion

c.              Online Child Protection

d.              Policy- freedom of speech, democratic society, internet shutdowns.

Key point : Human rights are to be protected online and offline and states have responsibility towards that. Those right are : Freedom of Assembly , Freedom of expression and online safety

The UN Special Rapporteur on the Right to Freedom of Assembly noted, in his 2019 report to UNGA, that human rights ought to be accorded the same level of protection online, as they do offline. States have a responsibility to fulfil, protect, promote, respect and observe all persons’ rights and fundamental freedoms, including digital rights.

In the wake of the coronavirus, there were many cases of civil unrest, resulting from the public demanding justice against systemic violations and impunities, for example the BLM Movement that struck a wave all over the world. Due to the limitations arising from COVID, we saw many joining the protests through online platforms such as Twitter and Facebook. Freedom of assembly can be recognized through online platforms in two ways, using digital platforms to organize for the assemblies and the right to host such assemblies.

States, therefore, have a responsibility to respect organization of assemblies through online assemblies. Their responsibility thus mandates them to refrain from interfering and ensure that all persons have access to the internet. In the digital age, the positive obligation to facilitate the exercise of the rights to freedom of peaceful assembly and of association includes efforts “to bridge the digital divides, including the gender digital divide.

However, the limitation of the right to freedom of assembly online has been exacerbated through indiscriminate surveillance. Surveillance can be done during the organization/planning phase of the assembly, during the online assembly and further continue after the online assembly proceeds. The other tactics used may include filtering of content related to protests; blocking of websites or platforms used to plan, organize and mobilize protests; closing accounts that belong to organizers, activists or journalists; and shutting down of the Internet and communications networks- as was seen in Nigeria, Uganda and India.

Freedom of expression has also been arbitrarily curtailed, against the standards under international human rights law, under the guise of national security and public health- especially following COVID. Research has demonstrated the following adverse measures:

·         The use of restrictive legislation to silence critical voices, including the use of misinformation legislation.

·         Censorship and restrictions on access to information, including the suspension of media outlets due to their COVID-19 coverage.

·         Attacks on journalists over their reporting of the pandemic, including physical attacks and arrests.

There has also been a battle of competing rights, given online sexual violence has been on the rise through use of digital platforms- against women and girls. We, therefore, seek states, as well as private actors and the technical community, to join the fight in denial of freedom of expression in the context of defamation cases against survivors of sexual violence and prioritization of freedom of expression over safety and protection from online sexual exploitation and abuse.

Many women are subjected to defamation suits after sharing their survivor stories online, curtailing others from freely expressing themselves.

Key point : Government needs to know that Internet Rights are Human Rights and States need a multi-stakeholder approach to address digital rights issues

 

Other recommendations:  

- Research Collaboration with Academia

- Collaboration with the Organized Private Sector

 - Youth-Led Civil Society Task Force

- Continental Broadband Masterplan

Key point : Private sector has a role to play regarding child protection

Child online protection primarily protects a safer digital environment for every child

 Gaps-

Lack of national policies

There is an ineffective implementation of the existing legal framework and inadequate capacities of professionals working in key departments like the police, prosecution, judges, and staff of Cybercrime Unit and Domestic Violence unit to prevent and respond to cases of online abuse, violence and exploitation.

- Countries failing to comply with ITU guidelines in protecting children.

- Lack of Content moderation from the Private sector.

Recommendations

-Addressing regulatory framework must need actionable work with collaboration with the private sector for the effective legal framework

-Content moderation; moderation of content made accessible to children and this can be achieved with inputs from stakeholders in academia & civil society to bridge the knowledge gap in developing user-friendly content in line with ITU recommendations

To ensure Child protection there is a need for content Moderation while private sector will take a role with the collaboration of private sector

Child protection from online exploitation is possible if there is a collaboration and engagement from and between stakeholders, and the development of adequate policy following for example ITU guideline on child’s protection .to

Connecting the non-connected can also be possible if the Private sector and Government engage together.

BREAKOUT ROOM 2

Accessibility and affordability of the internet (ROOM 2).

1.      Technical Interventions for Internet Inclusivity and accessibility.

2.      Accessibility and Openness of the internet to the vulnerable group.

3.      Research into the provision of affordable internet and information accessibility

Need for Government x Private Sector collaborations centred on digital tax reductions to enable faster and cheaper internet to users.

Internet spaces open up so many possibilities for connecting, learning, working and entertaining.

But not everyone has the chance to easily get access to the internet, and by doing so, some people feel excluded from online settings.

Key barriers.

·         Means to learn

·         Lack of internet/devices to access it

·         Confidence to use and be engaged

Suggestions

For digital inclusivity, accessibility and affordability, we come up with the following suggestions :

1.              Make people understand the concept of the internet: what it is and how it simply works!

2.              Invest in the building of infrastructures at different and various levels.

3.              Share and spread infrastructures across several areas

4.              Insert Natural Language Processing (NLP) in the applications developed on the internet to reduce language barriers.

5.              Collaborate with governments, technical communities, Internet Service Providers and private sectors to improve standard protocols and reduce tax on infrastructures equipment and data bundles vulnerable groups are made to benefit from the internet through social interventions.

6.              Advocate for more community networks, technical workshops and webinars to teach Internet Governance.

  

BREAKOUT ROOM 3

Bridging the knowledge and digital gap.

a.      Role of various stakeholder groups in bridging the knowledge gap.

Governments need to deploy emerging technologies such as Artificial Intelligence, Blockchain & IoT to reach many people, promote accessibility and bridge the divide. Increased internet penetration could be achieved through lowering internet costs to enhance its affordability.

There is a need for governments and academic institutions to reform current curriculums to match current needs and as a solution to the knowledge deficiency. Governments need to enact favourable laws concerning internet governance to ensure ubiquitous accessibility and affordability. He also highlighted the need for multi-stakeholder collaboration in the evolution of the internet.

b.      Monitoring and implementation of strategies to bridge the knowledge and digital gap

Governments need to set up tools for effective monitoring through support and collaboration with the technical community and the private sector.

Governments in collaboration with the private sector and the technical community, can formulate key priority areas and establish indicators that will ensure effective implementation on the key priority areas.

c.       Community training on digital solutions (e-learning platforms, etc)

There is a need for each stakeholder to play their individual role in training communities on digital solutions. Civil society can establish community education programs to enlighten the masses on the internet and the services that can be offered. Businesses/Private sector could also educate consumers on the benefits of the internet. Academia could include studies on digital solutions in the curriculum and also organise Continuous Development Programs for professionals to highlight current internet trends. The government could also start campaigns to train people across various media and fora.

d.      Collaboration with Govts, NGOs, CBOs, to build community networks.

Establishment of pacts between all stakeholders to guide collaboration amongst all of them as a way to build community networks.

Questions and Answers

How best can the knowledge gaps today among government employees be eliminated? Call for research into the precise knowledge gaps and then reforming curriculums to address these specific knowledge gaps.

Why internet costs in Africa are high compared to elsewhere and how the internet could be made affordable. This can be achieved by the introduction of modern networks such as 5G networks, internet balloons and low orbit satellites to bring internet costs down. She also called for reform in the government's policies to bring the internet costs down.

Reduction of taxes on the internet to achieve lower internet costs. Africa’s high internet costs were due to various reasons and therefore a multi-stakeholder approach was needed to tackle these underlying reasons to reduce internet costs. Collaborations between governments and the private sector to bring internet prices down.

The government policies and taxes are unfair for achieving low internet prices. Looking into the need to end monopolies in provision of internet services as a way to reduce internet prices in Africa. One of the other reasons is based on the fact that monopolised internet markets act as a barrier and called for reforms of laws and policies concerning the internet to ensure lower prices. This brings us to the need for cooperation in ensuring achievement of lower internet prices.

What are the possible solutions to stereotypical stigmatisation of youths in Nigeria who own laptops as scammers and criminals by the security forces. This can be achieved through retraining of the police and all concerned units to change their skewed ideologies. Disbandment of SARS and collaboration among all stakeholders to end this stigma and harassment.

 

 

BREAKOUT ROOM 4

Cybersecurity and Data Protection.

Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Data privacy, sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive data including, notably, personal data but also other confidential data, such as certain financial data and intellectual property data.

a.      Utilizations of health data in the Covid 19 period.

In the health system, data privacy is not respected in some countries which leads to institutions and companies misusing client’s data therefore there is a need to improve methods of keeping data secure.

b.      Threats to data privacy or encryption.

The is a need for improved awareness in the area of data privacy and the threats surrounding it. It is advised that stakeholders create data privacy awareness campaigns.

c.       Evolution of the Internet of Things in the Health Sector.

It is now possible to use IoT to monitor patients' vitals such as heart rate, temperature as well as blood pressure and there is a need to protect patients’ data to avoid data loss and data theft. Stakeholders can provide or create applications to monitor heart rate, and temperature and store this data for statistical purposes and provide doctors' history of their clients' vital.

It is important to note that there is a need for upgrades in the data protection infrastructure to provide a safe environment for a person’s data to be safely stored. Lastly, we are now living in an era where IoT is now changing the way we operate in the health sector providing an efficient way of completing tasks.

To conclude, the MOCK IGF has offered a taste of how the real IGF occurs and the members appreciated the discussions. The role play was something that highlighted the need for a multistakeholder approach as we all combined from various stakeholder groups and made the MOCK IGF a success. Such platforms will be used to continue the discussions and come up with some solutions to critical internet governance issues.

Thanks to the course moderator (Esther Mwema) for the coordination and cooperation throughout the four weeks and more so the MOCK IGF preparation.