Kyoto Statement on End-To-End Encryption

On the occasion of the 2023 Internet Governance Forum

The Internet Governance Forum is a multi-stakeholder forum that gathers governments, industry, civil society, the technical community, to discuss the most pressing issues related to internet governance. The Global Encryption Coalition was present at the Global Internet Governance Forum in Japan. Members hosted workshops and discussions on the importance of encryption as well as the threats it is facing worldwide due to a growing number of legislative developments that seek to undermine encryption – despite the pivotal role it plays in protecting privacy and security of all users, wherever they are.

On this occasion, the Coalition’s Steering Committee issues a statement in support of strong encryption and calls on all governments, including that of Japan, to protect and promote strong encryption. We also welcome all stakeholders to participate in the worldwide celebration of Global Encryption Day. Find our more, including how to join the Global Encryption Day Summit on 19 October, here: 

Oct. 17, 2023

End-To-End Encryption (E2EE) is an indispensable technology for privacy and security, used by millions, critical for the functioning of a democratic society, and vital for all sectors of our economy. 

Recently, various government initiatives worldwide, including legislative proposals, have sought to curtail E2EE. We write opposing these initiatives as a group of human rights activists, business interests, and cryptography experts.

With E2EE, only the sender and receiver of the data manage the encryption key. This technology renders the data unreadable to interested third parties such as internet service providers or governments. E2EE, then, is a vital tool for protecting sensitive information, such as private communication, personal health data, financial records, and business secrets.

0. We all already use E2EE

E2EE is for everyone. Many popular messaging apps already use E2EE to protect your communications, and others plan to roll it out. It is also used to protect browsing history, video and voice calls, and many other forms of collaboration and communication. 

1. E2EE is essential to human rights

E2EE has been providing safe spaces for hundreds of millions of people under severe oppression.  Limiting or effectively banning E2EE — whether inadvertently or intentionally — will make the world a more dangerous place for everyone.

2.  E2EE is essential to protect children

In a world of pervasive government and corporate surveillance, minors also deserve an empowering and private digital experience. These internet users, too, have a right to freedom of expression and privacy enabled by E2EE. E2EE can play a role in protecting against third parties impersonating parents or other loved ones (i.e. via machine in the middle attack). It ensures their data (including photos) is not leaked or intercepted, exposed to harmful data collection, or that they are targeted by governments for their sexuality. Limiting or banning E2EE to protect children will instead put them at risk, and make it impossible for our children to grow up in this digitized world safely.

3. E2EE is essential to journalism, business, and national security

It is common today for sensitive data critical to journalism, business and national security to be exchanged or managed online. Without E2EE, it is impossible to ensure secure communication channels with at-risk sources or confidentiality and prevent cyber criminals or hostile governments from stealing data.  E2EE is essential for commerce and national security.

4. Proposed “solutions” will backfire

Some governments may require so-called “backdoors” that intentionally create a weakness in E2EE and allow a third party to break it via exceptional access mandates. But if the police or intelligence agencies can break it, it can also be broken by criminals or hostile nation-states. There is no such thing as a “secure” back door.

Other governments have pointed to client-side scanning as a solution. This technology scans the content of a device to compare it against a database of known illegal content before encryption. Client-side scanning places the privacy of everyone in jeopardy yet is prone to serious error and can easily be circumvented by criminals using home technologies, drawing its proportionality and effectiveness into question.  

5.  Call to action

We call on governments around the world, including the government of Japan, to reject proposals that would intentionally or inadvertently limit or ban the use of E2EE. Instead, they should protect and promote encryption for its clear benefits to fundamental human rights such as privacy and freedom of expression.