EU's 'Counter-Terrorism Co-ordinator' Finally Says It: Force Internet Companies To Hand Over Their Crypto Keys

from the just-a-fig-leaf dept

Although calls to ban or backdoor encryption have been made in the past, David Cameron’s rather vague threats against crypto clearly mark the start of a new, concerted campaign to weaken online privacy. Thanks to a leaked paper, written by the EU Counter-Terrorism Co-ordinator and obtained by Statewatch, we now have a clear statement of what the European authorities really want here (pdf):

Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys).

The set-phrase “in full compliance with fundamental rights” is just a fig leaf: there is no real intention of complying with basic rights here. That this is a just a cynical exploitation of people’s concerns in the wake of recent events is shown by the following paragraph from the beginning of the document:

Europe is facing an unprecedented, diverse and serious terrorist threat. The horrific attacks that took place in Paris between 7 and 9 January 2015 were followed by an unprecedented show of unity by millions of citizens in France and across Europe as well as a show of solidarity and political will by many EU and world leaders. In addition to action from the national governments, citizens are looking to the European Union to provide an ambitious response. Core European values have been attacked, in particular freedom of speech. The EU has to respond with meaningful action. Failure to do so could result in disillusionment of citizens with the EU.

Yes, the millions of European citizens who joined marches in support of liberty and freedom of speech would be bitterly disappointed if the EU didn’t react by undermining those self-same core values. Nor is the idea to weaken all encryption in Europe the only deeply troubling proposal in the document. Here’s another one:

Consideration should be given to a role for Europol in either flagging or facilitating the flagging of content which breaches the platforms? own terms and conditions. These often go further than national legislation and can therefore help to reduce the amount of radicalising material available online.? In this context, Europol’s Check the Web project could be beefed up to allow for monitoring and analysis of social media communication on the internet.

That’s a really great idea: get Europe’s main law enforcement agency, Europol, spending its valuable time checking out if Internet users are breaching Facebook’s terms and conditions, and generally spying on social networks. After all, that’s much more important than doing other things like, oh, I don’t know, actually trying to catch murderers and criminals….

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “EU's 'Counter-Terrorism Co-ordinator' Finally Says It: Force Internet Companies To Hand Over Their Crypto Keys”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: A simple question for the European Counter-Terrorism Commission:

Unions, charities and political organizations should be able to hold internal conversations without the government looking over their shoulders. Without that privacy, nobody can safely oppose governments. Also, you should be able to converse with your doctors, lawyers priest/ministers/rabbis/iman etc. without the state listening in.

Anonymous Coward says:

Re: Re: A simple question for the European Counter-Terrorism Commission:

Also the eventual feeling of, somebody is watching, whether being watched or not(offcourse, its all being stored anyway)……thats a first……its not something somebody somewhere has tried before and it didnt work out, its something that was technilogically impossible to do until now……….and to so brazenly try to implement something to this extent without the consent of MANY natural law abiding citizens……well, its gonna RIGHTLY piss off alot of people, and were only SUPPOSEDLY …Talking about the possibility……….if it ACTUALLY gets implemented……oh boy

Individuals using the technology to create new inovations vs governments and certain individuals using technology to survey……….how can they pretend to be the good guys in this

Right now, i put this ABOVE terrorism, its been number one and if todays any indication of things to come it’ll likely STAY as my number one concern…….akin to a child demanding to play with a nuke who doesnt care about the consequences

If they keep demanding more and more authority, i think they’ll find less and less people to lord it over……or more honestly, i hope so

GEMont (profile) says:

Re: Re: A simple question for the European Counter-Terrorism Commission:

“…nobody can safely oppose governments.”

You missed the point entirely then, because that, in a nutshell, is precisely what this is all about.

Government knows full well it is an obsolete and un-necessary institution and a total waste of public money and time, and is now fully occupied with self survival at any cost. Its primary goal is now to do everything in its power to insure that “nobody can safely oppose governments.”

The real job of a government could be easily and efficiently replaced with just a handful of good computers and a couple of 15 year old kids working part time.

Currently, government is nothing more than a rich man’s club, designed to insure that the public remains easily exploited so that the rich may continue to get richer.

George Bush proved that America has absolutely no need for a federal government. For a decade, all that the US had was a gang of thieves and cut-throats sitting in the Oval Office, who were totally occupied with robbing as many countries as possible, as fast as they could, and the country carried on as if it had an actual government, no problem.

Abolish the federal mobsters and the world will follow suit and be a much better place for it.

Turn local governments into honest institutions by letting nobody with an income over $100,000 per annum, or more than $200,000 in assets, occupy any public office.

Citizen Candidates Only.

Establish a law against accepting gifts while in public office with a penalty of permanent removal from politics and the loss of all voting rights for twenty five years.

Eliminate lobbying (Bribery) as a legal part of politics and re-establish the separation between church and state.

This entire global surveillance operation is actually just government protecting government and its corporate friends from the public.

GEMont (profile) says:

Re: Re: A simple question for the European Counter-Terrorism Commission:

“The Nazis lost. Fascism won.”

Umm, you probably already know this, but your statement makes it look like you have differentiated between Nazi and Fascist.

NAZI is a short form, in German, of National Socialist.

As you probably can tell from history, the Nazis were not socialists. They were 100% businessmen – fascists.

Nazi was a political label mask, behind which the fascists could infiltrate the German political arena safely. Nazi is a facade of fascism. There are many.

Thus, your statement should read:

“The Nazis won. Fascism won.”

Because they did.

Fascism, or Naziism, is simply what happens when very rich men hang out together and discuss ways and means of expanding their profit potential via legal means.

Eventually, it always occurs to them that the easiest way to do this is to control the law itself and then rewrite the laws so that they can legally expand their profit potential eternally.

This is called fascism.

Naziism was simply the German version of the game.

The reason that the German Businessmen of the WW2 era decided to go with National Socialist as their political mask, is identical to the reason that today’s modern American Businessmen decided to run their facsist gambit under the Republican political mask – popularity and familiarity.

Mind you, the potential for profit under fascism is so outstanding for the already rich, that the wealthy Democrats did not take long to join the game.

Fascists cannot run under the political handle of fascist because the public never wants a fascist society – only businessmen and the very, very wealthy consider the Corporate Government structure as a desired social structure, because such a system is designed to let the wealthy profit unfettered, and the rich are by definition, above the laws they helped write and need not suffer any of the consequences the public faces under that sort of police state regime.

So Nazi = German Fascist.

… but you probably already knew all that anyways right. 🙂

John Fenderson (profile) says:

If the keys are shared

If the keys are shared with anyone who isn’t a party to the data exchange, then the encryption is rendered useless as the security of it can no longer be trusted. In practice, when a government is saying “you have to share your keys,” what the government is effectively saying is “you may no longer use effective encryption”.

That puts users in a situation that is more dangerous than if they simply didn’t use encryption at all. Falsely believing that you are secure when you aren’t is worse than not being secured and knowing it. The EU proposal is agitating to dramatically reduce the security of its citizens.

Anonymous Coward says:

“Core European values have been attacked, in particular freedom of speech.”

That they have been. The attackers being European Union officials such as Francois Hollande, David Cameron, and Gilles de Kerchove.

Those extremists attacked people and places. They had no power to attack the concepts and rights of EU citizens. The government officials are the ones attacking the concept of free speech, and the rights of EU citizens.

Anonymous Coward says:

At first i thought the eu was bad, but then i started to think they’ve got some good bits, now i now its potential to be just another tyrant

Its like i heard someone else say, im not opposed to a united nations kind of thing, were we are at peace with one another, help one another, i WANT to see the standards of living rise not only were i abode but where others do to……….but NOT, i stress, NOT, how things are being run at the moment……….this being an example of why i feel that way

Anonymous Anonymous Coward says:

Whack-a-Mole time

How hard would it be to make 365 different encryption keys, each year? Then, roll them out once per day, and when the Gov comes asking, give them yesterdays (or last weeks) key only. It would certainly piss them off but would follow the letter of the law, if it is enacted.

Ok, back to fantasyland.

Anonymous Coward says:

“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible.”

So what about the unlawful mass collection of data, doesn’t stop it there much does it?

tqk (profile) says:

Re: Re:

… internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible.”

So what about the unlawful mass collection of data …

And, may we please define “relevant national authorities”? Do I get any say in who is included in that phrase? Because, I don’t consider MY ELECTED GOVERNMENT OFFICIALS to have any right to intrude on my private communications. I don’t much care how terrified of terrorists they are, nor how terrified of terrorists they’d like me to be. My business is none of their business, by definition.

Anonymous Coward says:

If the keys are shared

If I am correct this proposal only addresses the scenario wherein the communications provider is also responsible for the technical implementation of the encryption.

So if Bob and Alice use Google’s encryption, the company must provide assistance for law enforcement access.

However, Google is only responsible if it actually has the key or is involved with the technical implementation of the encryption.

If Bob and Alice use a double layer, first Google’s encryption and as second layer their own end to end encryption, Google has no case to answer even if the plaintext is random data.

The really interesting question is if or when the private parties are required by law to disclose their keys.

Such a proposal would pose alls sorts of fair trial, presumption of innocence and self incrimination issues.

BlueLightMemory says:

This is because the central bankers are scared of the population

Therefore, the bankers have their “law enforcement” lackeys demand that there be no encrytion for the population.

Since the EU is failing, the last thing the central bank scoundrels want is the people privately communicating amongst themselves and forming hangmen parties for the central bankers.

Arioch (profile) says:

Encription outlawed.. because.. terrorists?

Take a look back in time.
Possibly WW2, when encrypted messages were vital and broadcast over short wave radio.
These messages were encrypted by the the source.
They did not rely on the medium over which they were sent to perform the encryption, so why the hell do governments assume that “terrorist” messages on the internet are sent in plain text, relying purely on the encryption provided?

That One Guy (profile) says:

Re: Encription outlawed.. because.. terrorists?

The disconnect there is based upon the two different definitions of ‘terrorist’.

To most of the public, those that would be considered ‘terrrorists’ are in fact almost always smart enough not to use potentially compromised forms of communications to plan their attacks, so destroying encryption like this would be pretty useless at dealing with them.

To the government however, whether US or UK, we’re all terrorists or ‘potential’ terrorists, and so their efforts are in undermining the communications of those that are trusting in basic encryption, because we don’t(or didn’t) expect entire governments to be trying to gain access to our communications, making standard encryption safe enough in most cases.

Rapnel (profile) says:

Encryption is the ONLY solution and the public should adopt it at every possible opportunity. Your protect your “goods” from the casual AND targeted hack. Guaranteed government keys are not acceptable, in any way or form. The rule of law is not predicated on government or law enforcement access to communications and content. “Accessorizing” for enforcement purposes stands in direct opposition to the social contract that is law. Military espionage tools have gone too far and the burden on law, the real law, is fracturing the premise.

Uriel-238 (profile) says:

Robust encryption is mandatory...

…for too many businesses. And any nation that mandates backdoors is going to watch their own economy tank and get dominated by nations that don’t. Unless the independent nations of Europe plan on going back to pre-WWI isolationist policies.

These people must hate paper shredders as well. Especially those new-fangled crosscut ones.

That One Guy (profile) says:

Re: If it's possible to make...

I’m sure they do. I’m equally sure if a company did that, they would be facing extremely harsh ‘penalties’ for ‘obstructing current and future investigations and intelligence gathering.’

The spy agencies/governments want it all, there is no chance they would take something like that lying down or without a vicious retaliation against any company that tried it.

Uriel-238 (profile) says:

Re: Re: Vicious maybe...

…but they’d first have to prove it was tried. And then appear like a shitty dictatorship in front of the public when they rip apart someone who was only protecting their own interests from an adversarial system.

As I said above, many enterprises depend on privacy in order to stay competitive. It’s not a luxury, especially when state agencies are willing to engage in surveillance practices for the benefit of their favored companies. Those states who mandate backdoors or weak encryption are sabotaging their own economies.

Incidentally, Google searches for false-bottom or false-partition encryption yielded very little. I haven’t yet investigated crisis-incinerating key management, yet, which is another feature we’ve discussed before on TD when the subject of privacy concerns has risen.

tqk (profile) says:

Re: Re: Re: Vicious maybe...

Incidentally, Google searches for false-bottom or false-partition encryption yielded very little.

Not encryption, but if you create two partitions on a USB key, the first one FAT-32/vfat and the second one Linux ext[234], MS Win* won’t even see the second ptn when it’s plugged in. I wouldn’t expect TSA/FBI/DHS/ICE to be using Linux. I’m unaware if this’s also true of Apple’s OSX.

I’d try searching Schneier’s cryptogram archives for that false partition stuff.

John Fenderson (profile) says:

Re: Re: Re:2 Vicious maybe...

I developed this habit a long time ago. The very first thing I do to any USB key I get is to repartition it as you suggest. I keep one FAT so that Windows machines can read it, and make the other an encrypted Linux partition. I even do this with my phone.

However, this isn’t very secretive. Any paritioning tool (even the one that Windows comes with) will quickly tell you that there is another partition there and what filesystem it has been formatted with.

There are trickier things you can do to keep the extra partition a secret (mostly, by carefully corrupting the partition table), but that sort of thing is beyond the scope of a comment.

Uriel-238 (profile) says:

Re: ZOMG Terrorists wore thin in 2004

After an attack from Saudi Arabia / Afghanistan / Pakistan / open desert was decided to be from Iraq and we tanked the US economy to fuel a regime change there.

I’m not sure who is motivated by ZOMG Terrorists (or for that matter ZOMG Children’s Interests) but I’d think even the laity are tired of it by now.

DaveHowe (profile) says:

Of course...

Under UK’s RIPa, the police are perfectly entitled to connect to any website, then demand the https secret key from any individual in their jurisdiction who has (or can obtain) that key (they need to connect first as they need a data set that is encrypted with the key to justify the demand); that doesn’t need a new law or ruling, its an already existing non-judicial warrant route (and has a gag order attached in the NSL style)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...