[GA - PASSED] Right to Secure Digital Communication

Status
Not open for further replies.

Hulldom

Winter Kingdom
-
Pronouns
He/Him/His
TNP Nation
Boston Castle
Discord
seathestarlesssky
ga.jpg

Right to Secure Digital Communication
Category: Civil Rights | Strength: Significant
Proposed by: Greater Cesnica | Onsite Topic


The General Assembly,

Believing that access to encryption and other secure communication methods in the digital age yields numerous benefits in areas such as personal privacy, consumer protection, and ensuring the integrity of data that is transmitted from one party to another,

Seeking to prevent governments from restricting, compromising or hindering the access and usage of encrypted communication protocols and other means of achieving secure data exchanges,

Hereby:



  1. Defines for the purposes of this resolution:
    1. Encryption as any method which utilizes ciphers to protect the integrity of communications or any other digital data by rendering unencrypted data known as 'plaintext' into an indecipherable form known as 'ciphertext'; which can then only be rendered legible by using a decryption key available to authorized parties, thus denying access to unauthorized parties, and
    2. A secure communication method as a relay, protocol, or standard other than an encryption method intended for communication or otherwise transmitting data and information between two or more digital devices that is intended to prevent the interception of this data or information by any unauthorized parties,

  2. Prohibits member states from:
    1. Banning or restricting user access to any encryption method or other secure communication method, and from enacting any prohibitions upon the implementation of encryption methods or secure communication methods, subject to Article 3, or
    2. Acting to reduce the strength of any encryption method or secure communication method, or
    3. Requiring the usage of insecure encryption methods, technologies, or standards, or
    4. Requiring the insertion of "backdoors" into technologies, tools, or standards that allow states access to private communications through compromised methods of secure communication, or
    5. Requiring third parties to implement methods that would grant an unauthorized party access to secure, private communications between authorized parties,

  3. Permits member states to restrict user access to secure communication methods provided that:
    1. These secure communication methods were originally intended for government or military use, and that
    2. A significant detriment upon the strength or reliability of such secure communication methods can be foreseen or observed as a result of removing restrictions on user access to those outside the government or military,

  4. Clarifies that:
    1. Encryption methods may not be banned or restricted under any circumstances,
    2. The foreseen or observed detriment upon the strength or reliability of secure communication methods required by Article 3(b) to restrict user access to secure communication methods originally intended for government or military use must be sufficient enough to render such secure communication methods either:
      1. Incapable of protecting the privacy and integrity of communications using this secure communication method, or
      2. Unreliable to the extent that communications using this secure communication method are unlikely to reach their intended recipient(s), and that
    3. Member states shall not use any form of coercion in order to bypass any prohibition under Article 2.
Note: Only votes from TNP WA nations and NPA personnel will be counted. If you do not meet these requirements, please add (non-WA) or something of that effect to your vote.
Voting Instructions:
  • Vote For if you want the Delegate to vote For the resolution.
  • Vote Against if you want the Delegate to vote Against the resolution.
  • Vote Abstain if you want the Delegate to abstain from voting on this resolution.
  • Vote Present if you are personally abstaining from this vote.
Detailed opinions with your vote are appreciated and encouraged!

[TR][TD]For[/TD][TD] Against [/TD][TD] Abstain [/TD][TD] Present [/TD][/TR][TR][TD]10[/TD][TD]4[/TD][TD]0[/TD][TD]4[/TD][/TR]

Right to Secure Digital Communication was passed 12,533 (84.6%) votes to 2,282 (15.4%).
 
Last edited by a moderator:
IFV

Overview
This proposal seeks to free up digital communication by spaces by allowing citizens of member states to use encryption and other methods to ensure the secrecy of their communications on and over digital devices, also prohibiting government backdoor access to digital communications platforms. This proposal also places limits on what governments when government can place limits on digital communications platforms and processes.

Recommendation
While a sanctioned right to user privacy in digital communication is not in the General Assembly’s books yet, this proposal is an encouraging step in that direction, offering reasonable protections for consumers from government restrictions and overreach.

For these reasons, the Ministry of World Assembly Affairs recommends a vote For the General Assembly resolution at vote, “Right to Secure Digital Communication”.
 
Last edited:
I think it’s better that law enforcement has some way to monitor communications. They shouldn’t be able to wiretap whoever they want, but if there are, for example, organized criminals or terrorists the government would have a good reason to listen in on their communications for public safety. I agree that restrictions are needed but this isn’t the way to go.
 
I think it’s better that law enforcement has some way to monitor communications. They shouldn’t be able to wiretap whoever they want, but if there are, for example, organized criminals or terrorists the government would have a good reason to listen in on their communications for public safety. I agree that restrictions are needed but this isn’t the way to go.
that is the reason warrants exist irl
 
I think it’s better that law enforcement has some way to monitor communications. They shouldn’t be able to wiretap whoever they want, but if there are, for example, organized criminals or terrorists the government would have a good reason to listen in on their communications for public safety. I agree that restrictions are needed but this isn’t the way to go.
Well let's look at IRL. Currently the most secure encryption algorithm is the 256-bit Advanced Encryption Standard (AES) algorithm. This is the premier encryption algorithm used by the United States government and military. To give you some perspective on how secure this is, the number of possible keys to a 128-bit AES algorithm would be 2^128, or 3.4x10^38, or 340 undecillion. Provided that we don't know any hints or clues about a potential password to encrypted data; if we had the computational power to test even 1 trillion keys per second, it would take roughly 10.79 quintillion years to run through all the potential key possibilities. Now with 2^256, we get into exceedingly more momentous proportions of work in order to decrypt data encrypted with this algorithm.

This 256-bit AES algorithm is available for use to the general public in the United States. What would be the rationale for the United States government to allow such a secure algorithm to be utilized by the general public? The U.S government has decided that protecting the integrity of sensitive private and/or commercial communications is more important than compromising user privacy and data integrity on a mass scale.

As for your point about organized criminals or terrorists, nothing in my resolution prevents member states from carrying out such targeted surveillance, nor does it prevent warrant-based searches and seizures. The fact of the matter is, despite encryption being as powerful as it is, no program, no device, no technology, no platform is fully immune from bugs and exploits that would permit a third party to gain access to protected data. That's how the FBI got into Rizwan Farook's iPhone (Rizwan Farook was one of two shooters who perpetrated the 2015 San Bernardino terrorist attack), they utilized an unintentional security flaw to gain entry. They did this even as they demanded Apple to create a backdoor for them, a request which Apple wisely refused to acquiesce to. Here's the thing- backdoors not only allow the authorities to gain access to devices and communications, but also allows black hats to do so.

What my resolution prohibits is the willful degradation of security and data integrity, something which is in the interest of private companies, people like you and I, and any well-meaning government.
 
Last edited:
Actually, I can't decide if vote for or against...

I am voting Present (for now, may change my vote) But it's a very good idea and it is well written.


Changing my vote to For.
 
Last edited by a moderator:
Against. 4.1 is fatally flawed - by prohibiting the banning or restriction of encryption in all circumstances, the author has made it impossible for states to protect end users by restricting the use of depreciated, outdated and compromised methods of encryption.
 
For.
To compromise the digital security of the average online device would be compromising the security of all devices, including systems for internal affairs.
 
Against. 4.1 is fatally flawed - by prohibiting the banning or restriction of encryption in all circumstances, the author has made it impossible for states to protect end users by restricting the use of depreciated, outdated and compromised methods of encryption.
Why should end users be compelled to stop using a weaker form of encryption? That's an extreme overreach into the personal affairs of the individual. In the same manner that the government can't force me to stop using a depreciated version of Java, or Windows 10, why should the government stop me from using 64-bit encryption, or even something weaker?
 
Why should end users be compelled to stop using a weaker form of encryption?
Because in many many many cases, the encryption isn't just weak, it's massively insecure. Your proposal bars governments from taking measures to secure its own systems, as anyone interfacing with that system with deficient encryption becomes a risk to the entire thing. Your system is only as secure as the weakest part of it. Your proposal, frankly, means the end of governments being able to keep any information on its citizens in a way that is secure.
 
Because in many many many cases, the encryption isn't just weak, it's massively insecure. Your proposal bars governments from taking measures to secure its own systems, as anyone interfacing with that system with deficient encryption becomes a risk to the entire thing. Your system is only as secure as the weakest part of it. Your proposal, frankly, means the end of governments being able to keep any information on its citizens in a way that is secure.
I am assuming that your concerns are primarily in regards to government surveillance?
 
I am assuming that your concerns are primarily in regards to government surveillance?
No. My concerns are in regards to the security of the average device, but also what happens when unsecured devices interact with government systems. By allowing the use of depreciated and insecure encryption systems, and preventing government intervention to restrict their use, your proposal undermines almost every other security system out there.

Look at it this way. In a 'smart house' with everything interconnected it would be easy to access an unsecured device and from there move into the entire network. Let's take a real world example - smart fridges (fridges that monitor say... the amount of milk you have and orders a replacement from Amazon or wherever when you run low), are often used by hackers to access an entire house's network, because they're either sold with insufficient encryption and security, or because the manufacturer does not roll out security updates in a timely or effective manner. Both of these actions are taken to lower costs, both to the manufacturer and consumers, as well as making the device easier to use.

It has been shown that once accessing a shared network - an 'Internet of Things' - via an unsecured device that a lateral move from that device, into all the devices on the shared network, is incredibly easy. The proposal, as I read it, prevents governments from taking measures to ensure that such events do not occur, both in their own systems and in everyone's systems.
 
No. My concerns are in regards to the security of the average device, but also what happens when unsecured devices interact with government systems. By allowing the use of depreciated and insecure encryption systems, and preventing government intervention to restrict their use, your proposal undermines almost every other security system out there.

Look at it this way. In a 'smart house' with everything interconnected it would be easy to access an unsecured device and from there move into the entire network. Let's take a real world example - smart fridges (fridges that monitor say... the amount of milk you have and orders a replacement from Amazon or wherever when you run low), are often used by hackers to access an entire house's network, because they're either sold with insufficient encryption and security, or because the manufacturer does not roll out security updates in a timely or effective manner. Both of these actions are taken to lower costs, both to the manufacturer and consumers, as well as making the device easier to use.

It has been shown that once accessing a shared network - an 'Internet of Things' - via an unsecured device that a lateral move from that device, into all the devices on the shared network, is incredibly easy. The proposal, as I read it, prevents governments from taking measures to ensure that such events do not occur, both in their own systems and in everyone's systems.
The smart fridge example is an interesting one. There was a major scandal some 5 years ago regarding Samsung smart fridges. Their security was so atrocious that I can say with a high degree of confidence that it would not be covered under definition 1(a). Why? Well, these Samsung smart fridges supposedly utilized SSL encryption for their security- something that, as you may know, most websites use to ensure an encrypted connection exists between the device and the web server. But here's the thing: since the manufacturers wanted to lower the time needed to access the device, and increase user-friendliness as you pointed out, those fridges didn't even verify the certificate needed to access encrypted data. And since these fridges could be linked to view Gmail calenders; this would allow someone with even a limited degree of spoofing prowess to steal Gmail login credentials. From there, shit would hit the fan.

Why am I bringing this up? The majority of the issues that pertain to devices on a shared network are issues that exist because encryption is either non-existent, or exists in such a manner that it doesn't complete the decryption process in a manner required to be covered by my definition.
 
That's a good point, and I see I didn't properly take 1(a) into account when making my against vote.

I'm for this now.
 
Status
Not open for further replies.
Back
Top