back to article Backdoors are bad, Euro security wonks ENISA tell governments

The European Agency for Network and Information Security (ENISA) has weighed into the cryptography debate, warning that crimping cryptography will “create vulnerabilities that can in turn be used by criminals and terrorists”. Its January-dated but just-released paper states boldly that “unprotected communication becomes a …

  1. JohnMurray

    Another pointless diatribe.

    Governments are much less worried about criminals and terrorists than they are of their own people.

    1. 2460 Something

      Too right. When all the evidence given supports the premise that there has been very little (if any) actionable intelligence gathered from mass surveillance. In most cases the people who have been behind attacks were already on the watch lists, just nothing was been done about them.

      The only real tangible thing that comes out of all this is the ability to spy on your own citizens for goodness knows what reason. What are they ever going to get that is useful? It is pretty much comparable to phishing attacks, the only ones that are caught by it are the ones with don't know any better. Any organised criminal entities will already be using proper encryption, one-time use phones and other techniques to avoid eavesdropping. So were just going to have massive databases for which the only benefit to the government is to sell off their patented 'reversible anonymised' data packages to whichever company can cough up enough cash.

      Most of the populace is being deceived as we waltz unknowingly along into a police state.

  2. Anonymous Coward
    Anonymous Coward

    I'm for banning encryption. Stenography will get a real boost, whereas currently there's not much impetus to work on it.

    End-to-end Encryption is no longer sufficient because the spooks are sucking up all your social connections, to see if you're within 6 degrees of separation from a terrorist / politically active citizen.

    1. Doctor_Wibble
      Trollface

      > Stenography will get a real boost

      Excellent, those mini typewriter things are awesome!

      1. amanfromMars 1 Silver badge

        With the evidence before your eyes, does your brain accept and mine the trail before you ‽ .

        > Stenography will get a real boost

        Excellent, those mini typewriter things are awesome! ..... Doctor_Wibble

        Ok, Doctor_Wibble, we get it real fine, but you could have at least mentioned to everyone, just in case it wasn't obvious, that steganography is the encryption that hides in plain sight text.

        Or is the absolutely fabulous really hard to imagine can be realised …… via AI and IT Memes and Means ….. Virtual Ways?

        The posit here is that is the future way of the internetworking of things, and of this internetworking thing too?

        Deny and/or resist it if you will, and guarantee yourself a place in some space as a lowly paid spectator following news and views rather than highly paid player creating and leading them primely, or sub-primely as the case may also be.

        1. Robert Helpmann??
          FAIL

          Re: With the evidence before your eyes, does your brain accept and mine the trail before you ‽ .

          AMFM: "...steganography is the encryption that hides in plain sight text."

          No, steganography is by definition not encryption, though they can be used for similar purposes. Encryption is the process whereby a meaningful set of data is rendered into a seemingly meaningless jumble, but which can be retrieved by reversing the process. Steganography is the process by which information is hidden within a larger set. I can understand your apparent confusion on the subject as I am not sure which process you applied to your post.

          1. amanfromMars 1 Silver badge
            Thumb Up

            Re: Re: With the evidence before your eyes, does your brain accept and mine the trail before you ‽ .

            Hi, Robert Helpmann??

            I would plead guilty to obfuscation rather than confusion regarding the unconventional role of encryption in steganography, but would agree it is much more effective the bigger the issues at stake and the fewer the folk able and/or enabled to use it securely for security.

        2. Doctor_Wibble

          Re: With the evidence before your eyes, does your brain accept and mine the trail before you ‽ .

          > steganography is the encryption that hides in plain sight text.

          My handwriting is by definition a form of steganography. It is a cunning ploy where the information in the text is disguised as itself, with people attempting to read it giving up after deciding that those things on the page only *look* like they might be words.

  3. Paul Kinsler

    "an average skilled programmer could implement them.”

    ... albeit with the occasional added bug or two, if current evidence is anything to go by... :-)

    1. Anonymous Coward
      Anonymous Coward

      Re: "an average skilled programmer could implement them.”

      Most bugs in security libraries are downgrade attacks, or otherwise in crusty old code for legacy protocols.

      If you were only implementing the latest and greatest, with zero backwards compatibility, and no bells and whistles, I'd bet an average programmer would have a fighting chance.

  4. Paul Shirley

    escrow taints all evidence

    Availability of keys to investigators taints and devalues all evidence, even if no tampering or forgery happens. A horrible choice between courts having to trust law enforcement too much or let criminals escape by raising doubt over the evidence.

    If escrow ever happens it could easily hamper investigations more than it helps by creating a need for strong safeguards to prevent and detect abuse. Let's just not go there.

    1. Rich 11

      Re: escrow taints all evidence

      Availability of keys to investigators taints and devalues all evidence

      And it's not like various police forces haven't got form in this area, not to mention MI5 and some senior Army staff becoming unduly paranoid about Harold Wilson back in the 70s.

    2. My-Handle

      Re: escrow taints all evidence

      And to top it off, we'd only be one classic government "oops I left my briefcase on the train" (or similar security blunder) away from losing the entire key escrow database and rendering every single reliant service open to attack. Now obviously in such a case the government could just retire all the affected keys and forcibly issue new ones, but how quickly do we think they'll admit to a loss like that?

  5. Anonymous Coward
    Anonymous Coward

    If you aren't doing anything then you have nothing to fear.

    1. Anonymous Coward
      Anonymous Coward

      If you aren't doing anything then you have nothing to fear today, tomorrow is a different story

      FTFY

      1. Vector
        Trollface

        Besides, most of us like to actually do things so, personally, I worry.

        1. Anonymous Coward
          Anonymous Coward

          Oh, I know. I personally do things an average of every second or two. But the people pushing for this are mostly old gits who will have stopped doing anything by the time it comes into force.

    2. allthecoolshortnamesweretaken

      If you aren't doing anything you are probably dead.

      1. Anonymous Coward
        Anonymous Coward

        There are an awful lot of laws on the statutes & ignorance of the law is no defence in court, can you guarantee you haven't broken some obscure law that you don't even know about ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like