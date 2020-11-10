EU Takes Another Small Step Towards Trying To Ban Encryption; New Paper Argues Tech Can Nerd Harder To Backdoor Encryption
In September, we noted that officials in the EU were continuing an effort to try to ban end-to-end encryption. Of course, that's not how they put it. They say they just want "lawful access" to encrypted content, not recognizing that any such backdoor effectively obliterates the protections of end-to-end encryption. A new "Draft Council Resolution on Encryption" has come out as the EU Council of Ministers continues to drift dangerously towards this ridiculous position.
We've seen documents like this before. It starts out with a preamble insisting that they're not really trying to undermine encryption, even though they absolutely are.
The European Union fully supports the development, implementation and use of strong encryption. Encryption is a necessary means of protecting fundamental rights and the digital security of governments, industry and society. At the same time, the European Union needs to ensure the ability of competent authorities in the area of security and criminal justice, e.g. law enforcement and judicial authorities, to exercise their lawful powers, both online and offline.
Uh huh. That's basically we fully support you having privacy in your own home, except when we need to spy on you at a moment's notice. It's not so comforting when put that way, but it's what they're saying. Then there's a lot of nonsense about how encryption is creating a "challenge" for public safety, even though there is no evidence at all to support this claim. The reality is that law enforcement has access to more data and more tools than ever before in history. That one small fragment of it might sometimes be encrypted, is not an issue. And it's certainly not an issue that requires the wholesale destruction of end-to-end encryption. But, of course, that's not where the EU is coming out on this.
Instead, it concludes with the inevitable "nerd harder" bullshit argument without ever explaining how this can be done (answer: because it cannot be done safely).
Moving forward, the European Union strives to establish an active discussion with the technology industry, while associating research and academia, to ensure the continued implementation and use of strong encryption technology. Competent authorities must be able to access data in a lawful and targeted manner, in full respect of fundamental rights and the data protection regime, while upholding cybersecurity. Technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity and proportionality.
Since there is no single way of achieving the set goals, governments, industry, research and academia need to work together to strategically create this balance.
This is the same old garbage we've seen before. Technologically illiterate bureaucrats who have no clue at all, insisting that if they just "work together" with the tech industry, some magic golden key will be found. This is not how any of this works. Introducing a backdoor into encryption is introducing a massive, dangerous vulnerability that basically takes the secure walls of a house and rams a giant tank through the side. It's not adding a special key for law enforcement. It's breaking the very foundation of how end-to-end encryption works, and introducing a wide variety of shaky dangerous elements that they insist will never get exploited. But, with encryption, any vulnerability inevitably gets exploited.
Attacking end-to-end encryption in order to deal with the miniscule number of situations where law enforcement is stymied by encryption would, in actuality, put everyone at massive risk of having their data accessed by malicious parties. It's incredibly clueless and incredibly shortsighted.
And it's absolutely stunning that it's coming from the EU. After all, we keep hearing how the EU believes in "privacy" and "data protection" much more than the US. We hear stories about the lessons learned from World War II about how governments can abuse access to the private information on citizens. Indeed, the EU courts recently blew up the EU/US "Privacy Shield" agreement regarding transferring data from the EU to the US because of NSA surveillance efforts that cannot guarantee EU data remains protected.
And then they turn around and want to destroy encryption? Incredible.
At this point, this is nothing more than a draft policy paper from the Council. A lot more needs to happen before this becomes anything resembling a law in the EU. But just the fact that this continues to lurch forward, pushed by ridiculously ignorant bureaucrats is hugely problematic. People in the EU need to speak up loudly about what a mess this is.
Filed Under: backdoors, encryption, end-to-end encryption, eu, eu council, lawful access
Isn't one of those rights an ability to have a conversation that governments are not party to?
Hmmm
The subtitle reads:
from the that's-now-how-any-of-this-works dept
You put in the wrong word. Any should read all.
Someone should sit down with regulators and explain how actual physical backdoors weaken security on homes and businesses, then ask them how they think backdoors for encryption will work any differently. I don’t think they’ve ever thought about the connection too hard and someone needs to educate them before they fuck everything up for the sake of “doing something”.
Re:
If you really want to hammer the lesson home insist that if they think that encryption can be 'safely' crippled then they should have no problem using locks on their houses and offices where there is a known master key that the owner pinky-promises they won't sell or allow to be copied.
Re: Re:
And then post a picture of the key and/or their address on the internet.
Cause real life isn't like the internet until you have thousands of random people trying to break into your house 24/7/365
Re: Re: Re:
What do you mean break in?
Breaking in involves the act of breaking something.
They have a key so they just walk in just like the hotel staff or building managers. Those places don't suffer from theft and assault by people who have access right? Ah dang it, they do don't they.
No, that's not what that word means at all
Moving forward, the European Union strives to establish an active discussion with the technology industry, while associating research and academia, to ensure the continued implementation and use of strong encryption technology.
Much like when that 'argument' is used in the US there's really only one proper response to that: Liar.
A discussion is a two-way thing, where one side says makes their arguments or statements and the other side makes their arguments/statements, with a healthy back and forth as they try to convince each other and/or share their position with the other person. Those trying to undermine encryption on the other hand are not looking for a discussion or argument as they have shown no interest or willingness to listen to the other side, and instead merely want the other side to simply accept their demands at face value or else.
That's not an argument or discussion, that's an order/ultimatum.
nerd harder
... you know, because the "intelligence" backing police/military are already doing the "best" it can.
Too bad there's not enough 'intelligence' to realize that any sort of 'backdoor' is impossible to secure.
I won't ask them to 'police' harder, because that'll lead to the (ab)use of physical force that's already problematic.
A darker view
I think not. I do not believe you can reasonably apply Hanlon's Razor here. I think these people, in Europe, in the US, and elsewhere, know exactly what they are proposing. I think they are completely willing to sacrifice our rights, the security of the financial and commercial networks, and anything else that might stand between them and complete authoritarian control. There exist evil people, and many of them find the allure of unlimited power via government to be irresistible.
What really needs to happen is anonymous to take up the mantle and share the keys as well as all the personal info for each and every faceless beaurocrat involved in this septic tank of a beaurocracy..
Once someone piddles in their breakfast cereal and shine a light on their faces, maybe then they will either change or be tarred and featherd by the incensed masses.
