back to article Europe to push new laws to access encrypted apps data

The European Commission will in June push for access to data stored in the cloud by encrypted apps, according to EU Justice Commissioner Věra Jourová. Speaking publicly, and claiming that she has been pushed by politicians across Europe, Jourová said that she will outline "three or four options" that range from voluntary …

Silver badge

tech companies and security experts say that if an encryption backdoor is created it will be impossible to ensure that only the "good guys" use it, and so effectively undermines the whole system.

Correct for an end-to-end encrypted system. Incorrect for a store and forward encrypt-to-provider, encrypt-from-provider system.

She cannot do anything against physical persons and corporations using end-to-end crypto themselves. That horse has bolted 20 years ago when Phil Zimmerman gave PGP to the world.

Now, provider assisted is a different story. She can do that TODAY.

The law as it stands is an ass and being a dumb ass it does not give a flying f*** about the application design disallowing legal intercept. It insists that legal intercept is provided and the way it is formulated in half of the Eu allows the law to take a big hatchet to any provider-run end-to-end encrypted messaging (once again - it cannot do anything about private persons today). By the way, by disallowing USA corporations to take any cases with them to California, Eu has already done half of the work on this one. The remaining half is a court case which will happen sooner or later (when someone finally explains the retarded politicos that the law has already taken care of this).

So all it takes is ONE court case to prove that legal intercept requirements apply to Facebook, Google, Telegram and friends. We will be back to using PGP in email on the next day after that.

So, in fact, she does not even need to legislate. She just needs to pick one of the Eu countries to start the court case.

40
0
Silver badge

"She cannot do anything against physical persons and corporations using end-to-end crypto themselves. That horse has bolted 20 years ago when Phil Zimmerman gave PGP to the world.".

Yes she can. That's the big advantage to controlling the Police force and a having access to an army. It just requires simple legislation saying anyone sending packets that can't be decoded (encrypted or random, doesn't matter) goes to prison.

15
32
Anonymous Coward

"That's the big advantage to controlling the Police force and a having access to an army"

That is probably the most moronic thing I have seen posted for a long time:

1) She is an EC commissioner, she does't have any control over any police force or army (unless you count the beuracrats who report to her)

2) Whilst some people may have more influence, national police forces are accountable to governments and legislators, not any individual

27
6
Silver badge

But creating legislation that bans the use of crypto would be within her powers.

The problem is, what they are suggestig will essentially mean the end of the internet and telecommunications.

16
4
Silver badge

Yes she can. That's the big advantage to controlling the Police force and a having access to an army

Shall I refer you to the priceless clip from Shrek 1 - "You and what army?" or you will peruse it without referral. She is an Eu commissioner - she has no army and whatever she does requires a consensus of member states.

11
1
Silver badge

But creating legislation that bans the use of crypto would be within her powers.

Actually - no. Crypto nowdays is math, an Eu commissioner is not the Indiana legilsative, it cannot decree that Pi 3.00.

What she can decree and what she can refine the requirements towards providers for legal intercept to make Telegram, iMessage and Facebook chat in its current form illegal. That is perfectly achievable technically and that is something a politico can and should do.

She may try to also specify reqs to commercial software, but that is going to die on technical grounds long before it gets anywhere near becoming law.

4
17
Silver badge
WTF?

Nowhere for terrorists to hide

What she can decree and what she can refine the requirements towards providers for legal intercept to make Telegram, iMessage and Facebook chat in its current form illegal. That is perfectly achievable technically and that is something a politico can and should do.

As long as they outlaw whispering too. I am sure terrorists whisper to eachother. And curtains. Who knows what people get up to behind closed curtains.

57
0
Anonymous Coward

"That's the big advantage to controlling the Police force and a having access to an army"

That is probably the most moronic thing I have seen posted for a long time:

1) She is an EC commissioner, she does't have any control over any police force or army (unless you count the beuracrats who report to her)

Except the comment was on Amber Rudd - who is the Home Secretary. As stated in the article.

8
4
Silver badge

"Except the comment was on Amber Rudd - who is the Home Secretary. "

Which comment? Yours seems to have been the first in the thread to mention her. The article primarily deals with a speech by EU Justice Commissioner Věra Jourová.

8
1
Anonymous Coward

"but that is going to die on technical grounds long before it gets anywhere near becoming law."

when did politicians ever worry about something being technically possible or not to make rules regulating it.

6
0
Anonymous Coward

What she can decree and what she can refine the requirements towards providers for legal intercept to make Telegram, iMessage and Facebook chat in its current form illegal. That is perfectly achievable technically and that is something a politico can and should do.

The problem with that is twofold:

1 - the direct impact of that is a two-lane world, with one lane using the now backdoored technology and all the consequences that that creates such as a near-immediate threat of ID theft and breaching of anything we would like to control such as Internet banking and Internet shopping (I don't have to explain why, that topic has been done to death over decades, and if said politician and her friends want to ignore that body of evidence, on her head the consequences will be). The other lane will sensibly continue to use decent crypto and be safe, but naturally assist law enforcement with investigations as much as POSSIBLE, not IMpossible. By the way, no guessing in which lane this politician herself will want to be in - I noticed a distinct trend there..

2 - there will be a growth of in-band encryption and obfuscation. WhatsApp (which I wouldn't trust anyway) and others could get an inside shim which takes a text and changes the contents. One time pads are an absolutely *ancient* idea that is easy to implement in software by means of dictionaries of even using an ebook that both parties have to independently download (the discovery of which will no doubt lead to the banning of ebooks as well, I guess). That aside, there will also be a lot of import from countries who couldn't care less, and with that will again come a lot of crime where people will use apps that have backdoors for other crooks (I never assume benign motives for politicians trying to mandate something against all sensible advice out there).

Either option is detrimental to democracy and freedom - so maybe she should state upfront that targeting that is her real aim. Let's skip the pretence, shall we? Will she also ban cars because they are increasingly used in lone man terrorist attacks? No? Why not? The arguments are no different..

18
0
Silver badge

No problem for banks, sorry

such as a near-immediate threat of ID theft and breaching of anything we would like to control such as Internet banking and Internet shopping

Actually there would be no effect on banks, they can encrypt the communications between them and the clients all they want, but as an organization a bank is already compelled to keep records, and provide them to investigators if ordered to do so by courts.

The law enforcement types are really only after end-to-end encryption between individual people, or people and shady organizations.

7
1
Silver badge

"Which comment?"

Mine was about Amber Rudd. It doesn't actually matter too much, EU law is backed by the same physical force as national law.

Of course if you want to be perversely literal then yes, there is little any politician can do. Well, apart from that UKIP one who's handy with his fists.

3
1
Anonymous Coward

@ Doctor Syntax

Which comment? Yours seems to have been the first in the thread to mention her. The article primarily deals with a speech by EU Justice Commissioner Věra Jourová.

The article mentioned Amber Rudd 2 paragraphs before the "Good guys" part that Adam 52 was commenting on.

Given that Amber Rudd very specifically is the head of the people that control the police force and has access to an army, I suggest that Adam 52 was talking about her rather than the EC commisioner.

4
1
Silver badge
FAIL

Time to use only non-commercial open source

For everything.

10
1
Silver badge
Facepalm

It just requires simple legislation saying anyone sending packets that can't be decoded (encrypted or random, doesn't matter) goes to prison.

Did you just say random numbers should be illegal? Because I think you did...

7
2
Stop

@Adam 52

Adam,

there is no such thing as EU law in the UK (or any country in the EU as such), what our Parliament does (as do others) is ENACT laws here that meet the requirements of a specific EU law - paraphrased a bit, hopefully you get the gist....

1
0
Silver badge

"Did you just say random numbers should be illegal?"

No. I said a brain-dead politician could make sending them over the Internet illegal if she wanted to.

4
0
Silver badge

"[W]hat they are suggestig will essentially mean the end of the internet and telecommunications."

This really is quite silly. In fact, a great deal of communication still is either not encrypted or subject to delivery to a government in decrypted form based on a legal request such as a warrant or sometimes subpoena (US) or equivalent in other countries. Lawful telephone intercept has been in place for decades in the US and probably nearly everywhere else. Requiring lawful decryption capability will not end the Internet or telecommunications going forward any more than lawful intercept capability has done in the past.

On the other hand, requiring it is extremely unlikely to prevent use of publicly available encryption methods by individuals who consider the risk-reward trade-off favorable. Anyone thinking about using it for criminal purposes would rationally consider whether use of encryption not subject to legally ordered decryption will increase the probability of being detected or caught, or the penalty if caught.. They might also think of other methods to communicate secretly that do not raise similar issues. For everyone else, life will go on much the way it has since the invention of communication.

1
0
Silver badge

There are no serious technical impediments to producing and deploying a cryptosystem that would be subject to third party decryption. Key escrow systems, for example, have been known for decades at least. It may be unwise to use such a cryptosystem, and it may be comparatively easy to use readily available alternatives (possibly with penalties for use that one might need to evaluate), but incorrect claims that it is infeasible confuse and obscure the real issues.

1
1
Bronze badge

You and who's army?

There are EU police forces but they tend to disguise themselves as national forces that work together in an association. The most obvious sort are the Gendarmerie, a force dedicated to maintaining public order. This of force that doesn't exist in England as a separate entity although there seems to be a part of the Met that performs this function in London.

Its stupid but I suppose they'll have to jail a few people for extended periods "pour encourager les autres".

0
0
vir
Bronze badge

Check This Box If You Are A Terrorist

There's also this choice tweet (I know, I know) from Nadine Dorries in reply to a tweet pointing out that backdoors can be used by anyone:

"No - you just develop a terrorist related exception that's all or even one for grieving parents too caught up in this one size doesn't fit"

And after someone pointed out "that's not how tech works":

"I don't buy won't or can't after having watched people being mown down and murdered - sorry"

1
0

main issue is extremely easy to use apps like whatsapp can make you invisible to tracking as it encrypts all communications by default,

now its harder for 3-4 letter agencies to just focus on people that are using encryption for hiding messages or been paranoid, before they only had to keep an eye on people using tor or sending scrambled/encrypted messages now just using whatsapp hides you with the other millions of people who use it which is really no good

if this act gets though the app makers won't make back doors they just simply turn of OTR in the messaging apps so they can be intercepted again and the people who have somthing to hide will likely use somthing els and get put on the monitoring list

i don't personally like that whatsapp have done by making OTR the default as they have made it very simple to use for any one doing bad stuff with no technical knowledge

0
2
Silver badge

Unfortunately

No it isn't moronic, it is the truth, well sort of.

No she doesn't control paramilitary police forces with ability to lock up without trial nor armies.

However the governments that she effectively instructs DO have these, and worse it is the governments that want to spy on everyone.... mainly to ensure that none of us snotty little prols dare to try and upset the rich get richer and you get screwed current political system. (It has nothing at all to do with terrorism or child porn, these are fig leaf excuses for the stupid)

I personally can't see the army of any country being involved (they are such a small number anyway and the British army don't possess enough bullets and shells to make a significant dent in London never mind elsewhere).

However I do see them using the police to enforce such barmy laws and there is already sufficient provision even in the UK to pretend the arrest might be somehow related to some mythical terrorist plot the details of which and the method of discovery of are too 'secret' to be shared (even with a media already muzzled from publishing 'secrets' like the MPs and councillors expense claims). If they pretend the arrest is to do with terrorism they can keep you as long as they like - or ship you out to the Americans for Guantanamo or similar.

I am white, getting long in the tooth I still remember the IRA blowing London every Christmas (not just once in 7 years) and we survived, we actually survived the dirty habits of the then tv, football and other over paid stars created by the media. I also remember that the BBC broadcast D-Day to the resistance without encryption and that the forerunner of gchq managed to break the ciphers that the Germans had been told couldn't be broken (probably by using exactly the tricks that gchq can still use on the things we are told are secure today).

This is about control, about fear, about keeping the masses at home watching collywobble street and not protesting about their lack of work and opportunity while the rich get on and take increasingly large amounts of wealth.

4
0
Bronze badge
Coat

Either option is detrimental to democracy and freedom - so maybe she should state upfront that targeting that is her real aim. Let's skip the pretence, shall we?

What? And let the sheep know they've been had? Who'll vote for them next elections?

1
0

Ban manually steered cars as well...

Well, that makes the perfect case for the future to manually steered cars... wait some years and see.

1
0
Bronze badge

The police are not bound by any laws when it does not suit the purposes of the powers that be. The WhatsApp aspect of the Bridge Of Death fairy tail is just there so they can get a back door into WhatsApp. The same thing happened with BBM after the 2010 city riots. BBM went off line for 2 weeks then came back with the back doors installed.

0
0

"Did you just say random numbers should be illegal?"

Absolutely. Entropy as well. If they can legislate away entropy, then end-to-end encryption would be impossible.

1
0
Anonymous Coward

Nothing can be done about encryption.

If there is a pattern that can be observed since the birth of the transistor, it is that whenever there is an attempt to control or block something, it takes years to legislate and in the meantime ten alternatives spring up in it's place. The government / police etc can't keep pace and they might as well give up trying to control it and accept that shit is gonna happen, that's the way the world works.

They can claim that some new law has had positive effect and 99.99% of people don't do something anymore because they know it's illegal but the truth is that the remaining 0.01% that still do are more determined to find a way around it so they go deeper underground and find another way around it while the lawmakers repeatedly play catchup-22 (see what I did there). And it's those 0.01% that they were targeting in the first place. So yeah, the control thing never really works.

So what happens when whatsapp are forced to implement a backdoor, the police get a court order to release a suspect's message history and they discover that they still can't decypher the juicy bits because the suspect encrypted their content once before posting it? Exactly the same as it is now, just one level deeper, that's what. No more information, no more leads, just a 99.99% bunch of decrypted cat pictures and "Look what I had for dinner" posts, and 0.01% suspected juicy bits but they can't find out anyway because the suspect already encrypted it before it went onto whatsapp.

So they go after the encryption software devs and force them to implement a backdoor. In the meantime 10 other alternatives are written and the government are still scratching their heads, but technically they will be in exactly the same relative position they were waaaaay back in the 80's.

2
0

the fix is really having the encryption Optional feature, then at least they can focus more on the people who are actively trying to use encryption (not passively as it is in whatsapp at the moment)

mass snooping has always happened but with whatsapp and some other apps using OTR by default for a bit now the bad people become noise with all the good (mostly lol)

its just a shame that a small subset of people can cause problems

0
0
Anonymous Coward

Re: @Adam 52

EU regulations (such as MAR) become law in member states without being enacted into law locally. This is a different process to EU directives.

0
0
Anonymous Coward

Welcome to the Stasi nation

You are monitored citizen. Your thoughts and words are never private.

Welcome to the terrifying New World Order.

Comply.

42
4

This post has been deleted by its author

Anonymous Coward

Re: 'Comply.'

"Or just unplug... "

You would then have to accept that some various things would become impossible, very inconvenient, and probably more expensive.

The problem is not with the internet - but with the politicians who respond to, or manipulate, popular uninformed opinion in order to keep themselves in a position of power.

21
0
Bronze badge

Encryption systems: secure for all, or secure for none. Backdoors always get leaked or discovered.

45
0
Anonymous Coward

It would be interested to see if the EC/UK/USA would support and defend Russia, China, Somalia, North Korea etc mandating a backdoor encryption into western products? They would only want it for the same reason after all - to fight *evil*.

Would this be the same backdoor that all these countries are given access to or would it be a separate backdoor form each (Swiss cheese method). Would it also include SSL, SSH etc and therefore provide these nations (as well as our own) access to communication links used by utilities and infrastructure?

This doesn't even need an effort to stop bad guys finding the back door, once the can of worms is opened how to you stop the "bad guys"* from being show the back door?

*For whatever today's definition of bad guy is.

19
0
Anonymous Coward

We promise it will only be used to Catch T's and P's...

Later when its forgotten it'll actually be used to round up Whistleblowers, Investigative-Journalists & Human-Rights-Activists etc... Why? Because slurping / snooping has been shown to be ineffective at catching T's & UK government officials 'disappeared' evidence of abuse by P's for decades!

23
0
Silver badge

And how exactly will this stop unmonitored random nutters driving cars at people again?

63
0
Silver badge

It wont. Not one bit.

What it will do is try to pacify politicians screaming "something must be done!" to appease Daily Fail-style readers all over Europe.

31
1
Silver badge

>What it will do is try to pacify politicians screaming "stop checking my expenses!"

FTFY

11
1
Silver badge

Daily Fail?

What it will do is try to pacify politicians screaming "something must be done!" to appease Daily Fail-style readers all over Europe.

No need for Daily Fail here: we have plenty enough nonsense right here on El Reg[1]. Like the headline here, which turns out to be a story that a senior civil servant will bring forward a selection of proposals.

To see the significance of that, think of everyone's favourite civil servant Sir Humphrey doing the same. Then perhaps consider how much harder it's likely to be to manipulate 27 governments and public opinion in public than one minister behind closed doors. She's kicking it into the long grass.

[1] Not the same as the Wail, but nonsense nevertheless.

4
2
Anonymous Coward

And how exactly will this stop unmonitored random nutters driving cars at people again?

That's not what this is intended to achieve.

What it will do is make it harder for the guys who groom and coerce vulnerable people into doing things like this getting away with it.

3
7
Anonymous Coward

" What it will do is make it harder for the guys who groom and coerce vulnerable people into doing things like this [...]"

The Government seems keen to cut the services that would help vulnerable people out of their vulnerability.

18
0
Silver badge
Meh

Re: And how exactly will this stop unmonitored random nutters driving cars at people again?

What it will do is make it harder for the guys who groom and coerce vulnerable people into doing things like this getting away with it.

Like money laundering legislation, it will just affect normal people, and not make a jot of difference to the bad guys, since they will just put a little effort into circumventing it. And at the same time make us all a little bit less safe from unconstrained government snooping.

You also seem to be under the delusion that this will be used just for counter-terrorism. I suppose it is understandable since that is all the Government ever talks about, but if so, then why do you think that dozens and dozens of bodies, such as the Department of Work and Pensions, the Competition and Markets Authority, and the Gambling Commission, can legally access your communications data? Do you think that the Welsh Ambulance Services NHS Trust really have a role in "making it harder for the guys who groom and coerce vulnerable people into doing things like this getting away with it"?

22
0

Re: And how exactly will this stop unmonitored random nutters driving cars at people again?

what it will do is make it easier to identify the bad guys.

If(I decrypt this person's message)

they are probably a goody

else

they are probably a baddy

2
3
Bronze badge
WTF?

Re: And how exactly will this stop unmonitored random nutters driving cars at people again?

Statistically people will be driven over twenty times by drunk drivers before they are hit by an unmonitored random nutter driving a car at people.

1
0
Gold badge
Gimp

"politicians and law enforcement insist they don't care how it's done"

And will go on "not caring" until someone raids their personal message stash and broadcasts their assorted crimes, infidelities and unusual sexual proclivities.

And I think we know there are going to be quite a few of all of the above amongst the assorted pols comms chatter.

This couldn't have anything to do with the idea that a backdoor would allow monitoring of anyone they like without them being aware of it and therefor eliminate the need for a search warrant that a number of European states (UK included) law enforcement agencies find so annoying, could it?

24
0
Silver badge
Big Brother

No 6...

"What do you want?"

"Secure access to your encryoted information."

"You won't get it!"

"By hook or by crook we will."

"No, maths doesn't work like that. Sod off."

31
0
Anonymous Coward

Re: No 6...

"Sod off sodding off! We don't care about no stinking maths! You do it or you don't get to operate here! Now DO IT! YESTERDAY! OR ELSE!"

8
1
Silver badge

Re: No 6...

You really don't get it, do you. Whenever there's a problem that the Powers That Be _really_ want solved that has no good solution, only a choice between no solution and bad solution, the bad solution will end up getting applied, regardless of how bad it is, no exceptions. The denial permeating the place around here is astonishing - this is textbook xkcd "rubberhose cryptanalysis", only instead of a $5 wrench they'll throw the book at anyone who dares using strong encryption on anything, if that's what they want. "Maths" will not help you while you sit behind bars. Yes, I'm aware that is not what this article (or this "law") is about. It's only the next logical step once the this proves as ineffective as expected in preventing bad people from hurting other people.

17
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018