EU's 'Counter-Terrorism Co-ordinator' Finally Says It: Force Internet Companies To Hand Over Their Crypto Keys
from the just-a-fig-leaf dept
Although calls to ban or backdoor encryption have been made in the past, David Cameron's rather vague threats against crypto clearly mark the start of a new, concerted campaign to weaken online privacy. Thanks to a leaked paper, written by the EU Counter-Terrorism Co-ordinator and obtained by Statewatch, we now have a clear statement of what the European authorities really want here (pdf):
Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to
explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys).
The set-phrase "in full compliance with fundamental rights" is just a fig leaf: there is no real intention of complying with basic rights here. That this is a just a cynical exploitation of people's concerns in the wake of recent events is shown by the following paragraph from the beginning of the document:
Europe is facing an unprecedented, diverse and serious terrorist threat. The horrific attacks that took place in Paris between 7 and 9 January 2015 were followed by an unprecedented show of unity by millions of citizens in France and across Europe as well as a show of solidarity and political will by
many EU and world leaders. In addition to action from the national governments, citizens are looking to the European Union to provide an ambitious response. Core European values have been attacked, in particular freedom of speech. The EU has to respond with meaningful action. Failure to do so could result in disillusionment of citizens with the EU.
Yes, the millions of European citizens who joined marches in support of liberty and freedom of speech would be bitterly disappointed if the EU didn't react by undermining those self-same core values. Nor is the idea to weaken all encryption in Europe the only deeply troubling proposal in the document. Here's another one:
Consideration should be given to a role for Europol in either flagging or facilitating the flagging of content which breaches the platforms’ own terms and conditions. These often go further than national legislation and can therefore help to reduce the amount of radicalising material available online.’ In
this context, Europol's Check the Web project could be beefed up to allow for monitoring and analysis of social media communication on the internet.
That's a really great idea: get Europe's main law enforcement agency, Europol, spending its valuable time checking out if Internet users are breaching Facebook's terms and conditions, and generally spying on social networks. After all, that's much more important than doing other things like, oh, I don't know, actually trying to catch murderers and criminals....
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, encryption, eu, mobile encryption, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
A simple question for the European Counter-Terrorism Commission:
[ link to this | view in thread ]
If the keys are shared
That puts users in a situation that is more dangerous than if they simply didn't use encryption at all. Falsely believing that you are secure when you aren't is worse than not being secured and knowing it. The EU proposal is agitating to dramatically reduce the security of its citizens.
[ link to this | view in thread ]
That they have been. The attackers being European Union officials such as Francois Hollande, David Cameron, and Gilles de Kerchove.
Those extremists attacked people and places. They had no power to attack the concepts and rights of EU citizens. The government officials are the ones attacking the concept of free speech, and the rights of EU citizens.
[ link to this | view in thread ]
I.e.
Lets take the piss and take as big a right in its effectiveness as we can, before the majority of people come to their senses
[ link to this | view in thread ]
Re: A simple question for the European Counter-Terrorism Commission:
[ link to this | view in thread ]
Its like i heard someone else say, im not opposed to a united nations kind of thing, were we are at peace with one another, help one another, i WANT to see the standards of living rise not only were i abode but where others do to..........but NOT, i stress, NOT, how things are being run at the moment..........this being an example of why i feel that way
[ link to this | view in thread ]
Re: A simple question for the European Counter-Terrorism Commission:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: A simple question for the European Counter-Terrorism Commission:
Nah, strings probably got a backdoor in it
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: A simple question for the European Counter-Terrorism Commission:
Individuals using the technology to create new inovations vs governments and certain individuals using technology to survey..........how can they pretend to be the good guys in this
Right now, i put this ABOVE terrorism, its been number one and if todays any indication of things to come it'll likely STAY as my number one concern.......akin to a child demanding to play with a nuke who doesnt care about the consequences
If they keep demanding more and more authority, i think they'll find less and less people to lord it over......or more honestly, i hope so
[ link to this | view in thread ]
Whack-a-Mole time
Ok, back to fantasyland.
[ link to this | view in thread ]
Freedom fighting?
[ link to this | view in thread ]
So what about the unlawful mass collection of data, doesn't stop it there much does it?
[ link to this | view in thread ]
Encryption keys = house keys
http://techcrunch.com/2015/01/27/lockitron-announces-the-99-bolt-a-deadbolt-you-can-unlock-with -your-phone/
At least the SWAT team no longer has any excuse for kicking your door down.
[ link to this | view in thread ]
Re: Whack-a-Mole time
They will insist that anbody using encryption they don't already have keys to is a criminal, convicted by your own actions, and failure to immediately surrender ALL keys will be grounds for immediate execution.
[ link to this | view in thread ]
Re: If the keys are shared
So if Bob and Alice use Google's encryption, the company must provide assistance for law enforcement access.
However, Google is only responsible if it actually has the key or is involved with the technical implementation of the encryption.
If Bob and Alice use a double layer, first Google's encryption and as second layer their own end to end encryption, Google has no case to answer even if the plaintext is random data.
The really interesting question is if or when the private parties are required by law to disclose their keys.
Such a proposal would pose alls sorts of fair trial, presumption of innocence and self incrimination issues.
[ link to this | view in thread ]
[ link to this | view in thread ]
Broken encryption, because
[ link to this | view in thread ]
This is because the central bankers are scared of the population
Since the EU is failing, the last thing the central bank scoundrels want is the people privately communicating amongst themselves and forming hangmen parties for the central bankers.
[ link to this | view in thread ]
T&C violations?
[ link to this | view in thread ]
Encription outlawed.. because.. terrorists?
Possibly WW2, when encrypted messages were vital and broadcast over short wave radio.
These messages were encrypted by the the source.
They did not rely on the medium over which they were sent to perform the encryption, so why the hell do governments assume that "terrorist" messages on the internet are sent in plain text, relying purely on the encryption provided?
[ link to this | view in thread ]
Re: A simple question for the European Counter-Terrorism Commission:
The Nazis lost. Fascism won. Deal with it.
[ link to this | view in thread ]
Re: Re: A simple question for the European Counter-Terrorism Commission:
I hope I'm still alive when the war against Fascism finally takes off. That !@#$ has lived far too long already!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Broken encryption, because
You said the same thing twice there, no need to repeat yourself to emphasize the point.
[ link to this | view in thread ]
Re:
And, may we please define "relevant national authorities"? Do I get any say in who is included in that phrase? Because, I don't consider MY ELECTED GOVERNMENT OFFICIALS to have any right to intrude on my private communications. I don't much care how terrified of terrorists they are, nor how terrified of terrorists they'd like me to be. My business is none of their business, by definition.
[ link to this | view in thread ]
Re: Encription outlawed.. because.. terrorists?
To most of the public, those that would be considered 'terrrorists' are in fact almost always smart enough not to use potentially compromised forms of communications to plan their attacks, so destroying encryption like this would be pretty useless at dealing with them.
To the government however, whether US or UK, we're all terrorists or 'potential' terrorists, and so their efforts are in undermining the communications of those that are trusting in basic encryption, because we don't(or didn't) expect entire governments to be trying to gain access to our communications, making standard encryption safe enough in most cases.
[ link to this | view in thread ]
Re: Re:
That would be 'not at all', and 'as much as humanly possible' respectively.
[ link to this | view in thread ]
Hackers Everywhere...
[ link to this | view in thread ]
Re: Re: A simple question for the European Counter-Terrorism Commission:
[ link to this | view in thread ]
Re: Re: Re: A simple question for the European Counter-Terrorism Commission:
[ link to this | view in thread ]
Robust encryption is mandatory...
These people must hate paper shredders as well. Especially those new-fangled crosscut ones.
[ link to this | view in thread ]
If it's possible to make...
Hmmm... These MUST exist.
[ link to this | view in thread ]
Re: If it's possible to make...
The spy agencies/governments want it all, there is no chance they would take something like that lying down or without a vicious retaliation against any company that tried it.
[ link to this | view in thread ]
Re: Re: Broken encryption, because
[ link to this | view in thread ]
ZOMG Terrorists is wearing thin, as they push for more and more gathering and cutting back in the rights they love to claim the terrorists are undercutting.
[ link to this | view in thread ]
Of course...
[ link to this | view in thread ]
Re: Re: Re: Re: A simple question for the European Counter-Terrorism Commission:
...unless you've fallen victim to partisan nitwit disease, in which case [deity of your choice] help us all.
[ link to this | view in thread ]
[ link to this | view in thread ]
Vicious maybe...
As I said above, many enterprises depend on privacy in order to stay competitive. It's not a luxury, especially when state agencies are willing to engage in surveillance practices for the benefit of their favored companies. Those states who mandate backdoors or weak encryption are sabotaging their own economies.
Incidentally, Google searches for false-bottom or false-partition encryption yielded very little. I haven't yet investigated crisis-incinerating key management, yet, which is another feature we've discussed before on TD when the subject of privacy concerns has risen.
[ link to this | view in thread ]
ZOMG Terrorists wore thin in 2004
I'm not sure who is motivated by ZOMG Terrorists (or for that matter ZOMG Children's Interests) but I'd think even the laity are tired of it by now.
[ link to this | view in thread ]
Re: Vicious maybe...
Not encryption, but if you create two partitions on a USB key, the first one FAT-32/vfat and the second one Linux ext[234], MS Win* won't even see the second ptn when it's plugged in. I wouldn't expect TSA/FBI/DHS/ICE to be using Linux. I'm unaware if this's also true of Apple's OSX.
I'd try searching Schneier's cryptogram archives for that false partition stuff.
[ link to this | view in thread ]
Re: Re: Vicious maybe...
However, this isn't very secretive. Any paritioning tool (even the one that Windows comes with) will quickly tell you that there is another partition there and what filesystem it has been formatted with.
There are trickier things you can do to keep the extra partition a secret (mostly, by carefully corrupting the partition table), but that sort of thing is beyond the scope of a comment.
[ link to this | view in thread ]
Re: Re: Re: Vicious maybe...
[ link to this | view in thread ]
Re: Re: Vicious maybe...
Essentially, it's a steganographic element in your encryption scheme.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Vicious maybe...
[ link to this | view in thread ]
Re: Re: A simple question for the European Counter-Terrorism Commission:
You missed the point entirely then, because that, in a nutshell, is precisely what this is all about.
Government knows full well it is an obsolete and un-necessary institution and a total waste of public money and time, and is now fully occupied with self survival at any cost. Its primary goal is now to do everything in its power to insure that "nobody can safely oppose governments."
The real job of a government could be easily and efficiently replaced with just a handful of good computers and a couple of 15 year old kids working part time.
Currently, government is nothing more than a rich man's club, designed to insure that the public remains easily exploited so that the rich may continue to get richer.
George Bush proved that America has absolutely no need for a federal government. For a decade, all that the US had was a gang of thieves and cut-throats sitting in the Oval Office, who were totally occupied with robbing as many countries as possible, as fast as they could, and the country carried on as if it had an actual government, no problem.
Abolish the federal mobsters and the world will follow suit and be a much better place for it.
Turn local governments into honest institutions by letting nobody with an income over $100,000 per annum, or more than $200,000 in assets, occupy any public office.
Citizen Candidates Only.
Establish a law against accepting gifts while in public office with a penalty of permanent removal from politics and the loss of all voting rights for twenty five years.
Eliminate lobbying (Bribery) as a legal part of politics and re-establish the separation between church and state.
This entire global surveillance operation is actually just government protecting government and its corporate friends from the public.
---
[ link to this | view in thread ]
Re: Re: A simple question for the European Counter-Terrorism Commission:
Umm, you probably already know this, but your statement makes it look like you have differentiated between Nazi and Fascist.
NAZI is a short form, in German, of National Socialist.
As you probably can tell from history, the Nazis were not socialists. They were 100% businessmen - fascists.
Nazi was a political label mask, behind which the fascists could infiltrate the German political arena safely. Nazi is a facade of fascism. There are many.
Thus, your statement should read:
"The Nazis won. Fascism won."
Because they did.
Fascism, or Naziism, is simply what happens when very rich men hang out together and discuss ways and means of expanding their profit potential via legal means.
Eventually, it always occurs to them that the easiest way to do this is to control the law itself and then rewrite the laws so that they can legally expand their profit potential eternally.
This is called fascism.
Naziism was simply the German version of the game.
The reason that the German Businessmen of the WW2 era decided to go with National Socialist as their political mask, is identical to the reason that today's modern American Businessmen decided to run their facsist gambit under the Republican political mask - popularity and familiarity.
Mind you, the potential for profit under fascism is so outstanding for the already rich, that the wealthy Democrats did not take long to join the game.
Fascists cannot run under the political handle of fascist because the public never wants a fascist society - only businessmen and the very, very wealthy consider the Corporate Government structure as a desired social structure, because such a system is designed to let the wealthy profit unfettered, and the rich are by definition, above the laws they helped write and need not suffer any of the consequences the public faces under that sort of police state regime.
So Nazi = German Fascist.
... but you probably already knew all that anyways right. :)
---
[ link to this | view in thread ]