Mailfence at CPDP2018: A brief rundown!

Mailfence at CPDP2018 Brussels

In continuation to Mailfence at CPDP 2018, this blogpost will provide a brief run-down of our overall experience with regards to the event. Our team engaged with a number of privacy conscious users, academics, policy makers and digital rights activists at CPDP 2018. Mailfence is a secure and private email-suite that provides users full control over their data, and the CPDP2018 attendees found Mailfence a very useful and much-needed tool in this age of data surveillance.

Mailfence CPDP 2018

Mailfence team at CPDP 2018 – Brussels | https://twitter.com/Mailfence/status/956473347445002240

Mailfence team not only engaged with the participants of CPDP2018, but also attended a number of conferences to better understand the issues relating to data privacy and security in general, and participate in the ongoing global policy discussion.

Following is a brief of some the conferences we attended:

Law Enforcement Access to E-Evidence: Challenges & Risks

CPDP2018 - Mailfence

Sophie In’t Veld – MEP (EU), Karsten Behn – Article 29 Working Party (EU), John Frank – Microsoft (BE), Estelle Massé – Access Now (EU)

The panel discussed the recent developments concerning police access to evidence stored in other jurisdictions, such as the Microsoft search warrant case. With the increase of cloud computing, data that can be valuable in resolving criminal cases may be stored in data centres abroad. Considering that territoriality and sovereignty used to stop at the border, how can law enforcement authorities now get (legal) access to data across the border, both between Member States and between the EU and third countries? What are the underlying challenges and risks for data protection? What is the role of tech companies? During the panel discussion this theme was explored from a policy, legal, and tech perspective.

Data Minimization by Design

CPDP 2018 - Mailfence

Daniel Le Metayer (INRIA), Carmela Troncoso – EPFL (CH)

In the age of data collection and harvesting, the notion of using minimalistic approach is highly needed. This includes minimizing data collection, disclosure, link-ability, centralization, replication and retention. It should be considered right from the beginning to build secure and private systems from ground-up.

Mailfence follows this approach by trying to keep only the most needed data, avoid possible disclosure and linkability. We do have a data redundant infrastructure to keep things decentralized while keeping data replication to the minimum. Last but not the least, we do have a data retention policy in place adhering to Belgian laws.

Anonymous Communications Infrastructures for the Protection of Meta-data

CPDP 2018

Aggelos Kiayias – University Edinburgh (UK), Claudia Diaz – KU Leuven (BE), Gus Hosein – Privacy International (UK), Moritz Bartl – Renewable Freedom Foundation (DE), Carmela Troncoso – EPFL (CH), Eleni Kosta – Tilburg University (NL)

Since many legacy protocols were not designed with security and privacy in mind, Mailfence has long been an advocate of protecting meta-data along with end-to-end encrypted content. This is why we encourage users to use overlay networks (e.g., Tor) and other privacy enhancing solutions. However, existing privacy-oriented overlay networks do not satisfy the threat-models of all users, who often requires more privacy protection, which is where Panoramix comes into play.

Panoramix is an EU project, that uses the mix-net based approach to further enhance the security, privacy and anonymity of users in a given network. We look forward to more concrete developments, further public scrutiny, broader deployment and ways that will help us in integrating this to our application.

(Disruptive/enabling) Technologies, Ethics, and the GDPR

CPDP2018 - Mailfence

Mark Cole – Saarbrücken institute of European Media Law (DE), Andra Giurgiu – University of Luxembourg (LU), Maja Brkan – Maastricht Univerity (NL), Mathilde Stenersen – Commission Nationale pour la Protection des Donnees (LU), Charles Raab – University of Edinburgh (UK), Erik Valgaeren – Stibbe (BE)

As artificial intelligence advances we see more and more autonomous systems working under highly capable neural networks. GPDR holds a great deal of space for regulating both data subjects and cloud entities. It also provides a foundation of data ethics and general practices that could assist in paving a path to better and ethically based designs in the future.

GDPR has many aspects, covering a wide range of subjects from controllers to processors. It also provides a framework that more or less will help organizations addressing data ethics. There is still a lot of work to be done, but existing technology can be used to smoothen up the GDPR adoption and compliance.

Privacy, Advertising and trust: can we have it all

CPDP 2018

Raegan MacDonald – Mozilla (BE), Jennifer Baker – EU tech policy reporter (BE), Catherine Armitage – World Federation of Advertisers (BE), Laura Dornheim – AdBlock Plus (DE), Mathilde Fiquet – FEDMA (BE), Estelle Massé – Access Now (BE), Anna Ciesielska – DG CNECT (EU)

Privacy and advertising are difficult to balance – and trust plays an important role. The business model of most of today’s gigantic IT companies rely on targeted advertising, resulting in a severe erosion of trust in the online ecosystem, while cementing the notion of ‘Free means you are the product’. Many efforts have been done by the community to combat this erosion, both in terms of creating privacy oriented solutions and advocating for likewise policies and regulation.

However, there is still a lot of work to be done in this area, e.g., making consent clear while taking it for the user. The challenge still lies in making a fair system, where both advertisers and businesses can attain a level-playing field without compromising the privacy of end-users. On the other hand, the toolbox of a novice to mid level user (e.g., browser, email client, add-ons/plugins, overlay networks, etc…) also has a major role to play. Based on Mailfence design philosophy, we not only support solutions that help users to regain privacy online, but advocate them as well.

Data protection challenges in humanitarian action

CPDP 2018 - Mailfence

Catherine Lennman – Swiss DPA (CH),  Vagelis Papakonstantinou – VUB (BE), Alexander Beck – UNHCR (INT), Christopher Kuner – BPH (BE), Massimo Marelli – ICRC (INT), Ben Parker – IRIN (CH), Alexandrine Pirlot de Corbion – Privacy International (UK)

Algorithms and disruptive technologies that hold the potential of changing the landscape of present digital world come with a heap of data security and privacy challenges. Combine them with human right concerns, and the issue becomes severe. One such example is training Machine learning (ML) algorithms with multitude of data to make them efficient and productive.  The data privacy element in such kind of practices generally takes the back-seat. In most cases, the data subjects are not even asked for consent that they are being used for training ML algorithms.

The first step is to implement data protection designs, and compliance (e.g., GDPR) with personal data protection standards. Like other areas, a lot of work needs to be done here too e.g., anonymizing data sets, and or taking clear and fair consents from the parties/data subjects whose data will be used in training ML algorithms etc.

National Security: A free license for government surveillance

CPDP 2018 - Mailfence

Iain G. Mitchell – CCBE (BE), Joseph Cannataci – UN Special Rapporteur on the right to privacy (INT), Isabelle Falque-Pierrotin – CNIL (FR), Sophie in ‘t Veld – MEP (EU), Michiel Pestman – Prakken d’Oliveira (NL), Cecilia-Joanna Verkleij – DG Home (EU)

This debate questioned whether government mass surveillance has more bad’s then perceived good’s. Since a universally accepted definition of national security does not exist, governments can go to any extent they want to sabotage user’s privacy. Not only is this true, but the fact the cyber tools that governments use for such blanket surveillance capabilities, can also fall into bad hands makes things worse. Another angle is the weakening of the existing encryption algorithms, so that governments can break them more easily.  The underlying justification has always been to ensure the national security and safety of the citizens.

However, the community (academics, tech-specialists, human-rights activists, political dissidents, lawyers, etc…) have long been rejecting this proposal, as weakening encryption will weaken it for everybody and not only for pedophiles, terrorists, cyber-criminals, …etc  Blanket surveillance limits citizen’s rights, particularly, data privacy and protection. While, the debate is still on-going.  At Mailfence we believe the focus should also be on laying down a universally accepted definition of national security. A definition that does not restrict the citizen’s rights to data privacy and protection.  A key element remains in the effective judicial laws and accountability frameworks to regulate covert-actions of  governments.

Encryption of communications and e-evidence: Caspar Bowden political Panel

CPDP 2018 - Mailfence

Paul De Hert – VUB (BE), Giovanni Butterelli – EDPS (EU), Jay Stanley – ACLU (US), Bart Preneel – KU Leuven (BE), Xavier Tracol – Eurojust (EU), Graham Willmott – DG Home (EU), Gail Kent – Facebook (UK)

There are many types of e-evidence, that can be used in a court case. However, the weak element is the regulation regarding the collection of such evidence and usage within the boundaries of legal frameworks. Encryption has become a pivotal element of privacy and data protection since it contributes in preserving the confidentiality of communications. The GDPR does seem to set out a foundation for regulation of data privacy and protection both in EU and elsewhere, but how it will work in practice still needs to be seen.

The law enforcement agencies dealing with collecting and using e-evidence, will require transparent accountability procedures. Procedures that do not only guarantees that citizens rights are preserved, but also that surveillance tools will not fall into bad hands. It also calls for a level of trust to be established among  various legal bodies, law-enforcement agencies and the privacy community. Mailfence has long been an advocate of online privacy and digital freedom, and pledges to donate 15% of its annual Pro plan revenues to EFF and EDRi to support their fight.

Parting thoughts regarding Mailfence at CPDP2018

CPDP Brussels 2018 proved to be a significant event that covered a range of data security, privacy and related subjects from various standpoints.

Some parting thoughts:

  • We really want to thank the team behind CPDP2018 for their work and efforts that gave us the opportunity to showcase our solution to journalists, academics, policy makers, human rights organization members and entrepreneur(s).
  • The need for privacy-oriented and secure solutions is undeniable, and the eco-system is very large.
  • Data ethics and the future legal frameworks are of great value. A lot of work still needs to be done in this area.

We are humbled by the work of everybody present at the conference and view it as a privilege to work on our mission of making internet a more secure and open place.

Get your secure email!

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team


Spread the word!

Mailfence Team

End-to-end encrypted e-mail service that values and respects your privacy without compromising the ease-of-use. @mailfence @mailfence_fr

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code

This site uses Akismet to reduce spam. Learn how your comment data is processed.