back to article Europe to push new laws to access encrypted apps data

The European Commission will in June push for access to data stored in the cloud by encrypted apps, according to EU Justice Commissioner Věra Jourová. Speaking publicly, and claiming that she has been pushed by politicians across Europe, Jourová said that she will outline "three or four options" that range from voluntary …

  1. Voland's right hand Silver badge

    tech companies and security experts say that if an encryption backdoor is created it will be impossible to ensure that only the "good guys" use it, and so effectively undermines the whole system.

    Correct for an end-to-end encrypted system. Incorrect for a store and forward encrypt-to-provider, encrypt-from-provider system.

    She cannot do anything against physical persons and corporations using end-to-end crypto themselves. That horse has bolted 20 years ago when Phil Zimmerman gave PGP to the world.

    Now, provider assisted is a different story. She can do that TODAY.

    The law as it stands is an ass and being a dumb ass it does not give a flying f*** about the application design disallowing legal intercept. It insists that legal intercept is provided and the way it is formulated in half of the Eu allows the law to take a big hatchet to any provider-run end-to-end encrypted messaging (once again - it cannot do anything about private persons today). By the way, by disallowing USA corporations to take any cases with them to California, Eu has already done half of the work on this one. The remaining half is a court case which will happen sooner or later (when someone finally explains the retarded politicos that the law has already taken care of this).

    So all it takes is ONE court case to prove that legal intercept requirements apply to Facebook, Google, Telegram and friends. We will be back to using PGP in email on the next day after that.

    So, in fact, she does not even need to legislate. She just needs to pick one of the Eu countries to start the court case.

    1. Adam 52 Silver badge

      "She cannot do anything against physical persons and corporations using end-to-end crypto themselves. That horse has bolted 20 years ago when Phil Zimmerman gave PGP to the world.".

      Yes she can. That's the big advantage to controlling the Police force and a having access to an army. It just requires simple legislation saying anyone sending packets that can't be decoded (encrypted or random, doesn't matter) goes to prison.

      1. Anonymous Coward
        Anonymous Coward

        "That's the big advantage to controlling the Police force and a having access to an army"

        That is probably the most moronic thing I have seen posted for a long time:

        1) She is an EC commissioner, she does't have any control over any police force or army (unless you count the beuracrats who report to her)

        2) Whilst some people may have more influence, national police forces are accountable to governments and legislators, not any individual

        1. big_D Silver badge

          But creating legislation that bans the use of crypto would be within her powers.

          The problem is, what they are suggestig will essentially mean the end of the internet and telecommunications.

          1. Voland's right hand Silver badge

            But creating legislation that bans the use of crypto would be within her powers.

            Actually - no. Crypto nowdays is math, an Eu commissioner is not the Indiana legilsative, it cannot decree that Pi 3.00.

            What she can decree and what she can refine the requirements towards providers for legal intercept to make Telegram, iMessage and Facebook chat in its current form illegal. That is perfectly achievable technically and that is something a politico can and should do.

            She may try to also specify reqs to commercial software, but that is going to die on technical grounds long before it gets anywhere near becoming law.

            1. Smooth Newt
              WTF?

              Nowhere for terrorists to hide

              What she can decree and what she can refine the requirements towards providers for legal intercept to make Telegram, iMessage and Facebook chat in its current form illegal. That is perfectly achievable technically and that is something a politico can and should do.

              As long as they outlaw whispering too. I am sure terrorists whisper to eachother. And curtains. Who knows what people get up to behind closed curtains.

            2. Anonymous Coward
              Anonymous Coward

              "but that is going to die on technical grounds long before it gets anywhere near becoming law."

              when did politicians ever worry about something being technically possible or not to make rules regulating it.

              1. tom dial Silver badge

                There are no serious technical impediments to producing and deploying a cryptosystem that would be subject to third party decryption. Key escrow systems, for example, have been known for decades at least. It may be unwise to use such a cryptosystem, and it may be comparatively easy to use readily available alternatives (possibly with penalties for use that one might need to evaluate), but incorrect claims that it is infeasible confuse and obscure the real issues.

            3. Anonymous Coward
              Anonymous Coward

              What she can decree and what she can refine the requirements towards providers for legal intercept to make Telegram, iMessage and Facebook chat in its current form illegal. That is perfectly achievable technically and that is something a politico can and should do.

              The problem with that is twofold:

              1 - the direct impact of that is a two-lane world, with one lane using the now backdoored technology and all the consequences that that creates such as a near-immediate threat of ID theft and breaching of anything we would like to control such as Internet banking and Internet shopping (I don't have to explain why, that topic has been done to death over decades, and if said politician and her friends want to ignore that body of evidence, on her head the consequences will be). The other lane will sensibly continue to use decent crypto and be safe, but naturally assist law enforcement with investigations as much as POSSIBLE, not IMpossible. By the way, no guessing in which lane this politician herself will want to be in - I noticed a distinct trend there..

              2 - there will be a growth of in-band encryption and obfuscation. WhatsApp (which I wouldn't trust anyway) and others could get an inside shim which takes a text and changes the contents. One time pads are an absolutely *ancient* idea that is easy to implement in software by means of dictionaries of even using an ebook that both parties have to independently download (the discovery of which will no doubt lead to the banning of ebooks as well, I guess). That aside, there will also be a lot of import from countries who couldn't care less, and with that will again come a lot of crime where people will use apps that have backdoors for other crooks (I never assume benign motives for politicians trying to mandate something against all sensible advice out there).

              Either option is detrimental to democracy and freedom - so maybe she should state upfront that targeting that is her real aim. Let's skip the pretence, shall we? Will she also ban cars because they are increasingly used in lone man terrorist attacks? No? Why not? The arguments are no different..

              1. MacroRodent Silver badge

                No problem for banks, sorry

                such as a near-immediate threat of ID theft and breaching of anything we would like to control such as Internet banking and Internet shopping

                Actually there would be no effect on banks, they can encrypt the communications between them and the clients all they want, but as an organization a bank is already compelled to keep records, and provide them to investigators if ordered to do so by courts.

                The law enforcement types are really only after end-to-end encryption between individual people, or people and shady organizations.

              2. Alumoi
                Coat

                Either option is detrimental to democracy and freedom - so maybe she should state upfront that targeting that is her real aim. Let's skip the pretence, shall we?

                What? And let the sheep know they've been had? Who'll vote for them next elections?

              3. SVLI

                Ban manually steered cars as well...

                Well, that makes the perfect case for the future to manually steered cars... wait some years and see.

          2. tom dial Silver badge

            "[W]hat they are suggestig will essentially mean the end of the internet and telecommunications."

            This really is quite silly. In fact, a great deal of communication still is either not encrypted or subject to delivery to a government in decrypted form based on a legal request such as a warrant or sometimes subpoena (US) or equivalent in other countries. Lawful telephone intercept has been in place for decades in the US and probably nearly everywhere else. Requiring lawful decryption capability will not end the Internet or telecommunications going forward any more than lawful intercept capability has done in the past.

            On the other hand, requiring it is extremely unlikely to prevent use of publicly available encryption methods by individuals who consider the risk-reward trade-off favorable. Anyone thinking about using it for criminal purposes would rationally consider whether use of encryption not subject to legally ordered decryption will increase the probability of being detected or caught, or the penalty if caught.. They might also think of other methods to communicate secretly that do not raise similar issues. For everyone else, life will go on much the way it has since the invention of communication.

        2. Anonymous Coward
          Anonymous Coward

          "That's the big advantage to controlling the Police force and a having access to an army"

          That is probably the most moronic thing I have seen posted for a long time:

          1) She is an EC commissioner, she does't have any control over any police force or army (unless you count the beuracrats who report to her)

          Except the comment was on Amber Rudd - who is the Home Secretary. As stated in the article.

          1. Doctor Syntax Silver badge

            "Except the comment was on Amber Rudd - who is the Home Secretary. "

            Which comment? Yours seems to have been the first in the thread to mention her. The article primarily deals with a speech by EU Justice Commissioner Věra Jourová.

            1. Adam 52 Silver badge

              "Which comment?"

              Mine was about Amber Rudd. It doesn't actually matter too much, EU law is backed by the same physical force as national law.

              Of course if you want to be perversely literal then yes, there is little any politician can do. Well, apart from that UKIP one who's handy with his fists.

              1. fruitoftheloon
                Stop

                @Adam 52

                Adam,

                there is no such thing as EU law in the UK (or any country in the EU as such), what our Parliament does (as do others) is ENACT laws here that meet the requirements of a specific EU law - paraphrased a bit, hopefully you get the gist....

                1. Anonymous Coward
                  Anonymous Coward

                  Re: @Adam 52

                  EU regulations (such as MAR) become law in member states without being enacted into law locally. This is a different process to EU directives.

              2. Wayland Bronze badge

                The police are not bound by any laws when it does not suit the purposes of the powers that be. The WhatsApp aspect of the Bridge Of Death fairy tail is just there so they can get a back door into WhatsApp. The same thing happened with BBM after the 2010 city riots. BBM went off line for 2 weeks then came back with the back doors installed.

            2. Anonymous Coward
              Anonymous Coward

              @ Doctor Syntax

              Which comment? Yours seems to have been the first in the thread to mention her. The article primarily deals with a speech by EU Justice Commissioner Věra Jourová.

              The article mentioned Amber Rudd 2 paragraphs before the "Good guys" part that Adam 52 was commenting on.

              Given that Amber Rudd very specifically is the head of the people that control the police force and has access to an army, I suggest that Adam 52 was talking about her rather than the EC commisioner.

            3. vir

              Check This Box If You Are A Terrorist

              There's also this choice tweet (I know, I know) from Nadine Dorries in reply to a tweet pointing out that backdoors can be used by anyone:

              "No - you just develop a terrorist related exception that's all or even one for grieving parents too caught up in this one size doesn't fit"

              And after someone pointed out "that's not how tech works":

              "I don't buy won't or can't after having watched people being mown down and murdered - sorry"

        3. martinusher Silver badge

          You and who's army?

          There are EU police forces but they tend to disguise themselves as national forces that work together in an association. The most obvious sort are the Gendarmerie, a force dedicated to maintaining public order. This of force that doesn't exist in England as a separate entity although there seems to be a part of the Met that performs this function in London.

          Its stupid but I suppose they'll have to jail a few people for extended periods "pour encourager les autres".

        4. Dave 15

          Unfortunately

          No it isn't moronic, it is the truth, well sort of.

          No she doesn't control paramilitary police forces with ability to lock up without trial nor armies.

          However the governments that she effectively instructs DO have these, and worse it is the governments that want to spy on everyone.... mainly to ensure that none of us snotty little prols dare to try and upset the rich get richer and you get screwed current political system. (It has nothing at all to do with terrorism or child porn, these are fig leaf excuses for the stupid)

          I personally can't see the army of any country being involved (they are such a small number anyway and the British army don't possess enough bullets and shells to make a significant dent in London never mind elsewhere).

          However I do see them using the police to enforce such barmy laws and there is already sufficient provision even in the UK to pretend the arrest might be somehow related to some mythical terrorist plot the details of which and the method of discovery of are too 'secret' to be shared (even with a media already muzzled from publishing 'secrets' like the MPs and councillors expense claims). If they pretend the arrest is to do with terrorism they can keep you as long as they like - or ship you out to the Americans for Guantanamo or similar.

          I am white, getting long in the tooth I still remember the IRA blowing London every Christmas (not just once in 7 years) and we survived, we actually survived the dirty habits of the then tv, football and other over paid stars created by the media. I also remember that the BBC broadcast D-Day to the resistance without encryption and that the forerunner of gchq managed to break the ciphers that the Germans had been told couldn't be broken (probably by using exactly the tricks that gchq can still use on the things we are told are secure today).

          This is about control, about fear, about keeping the masses at home watching collywobble street and not protesting about their lack of work and opportunity while the rich get on and take increasingly large amounts of wealth.

      2. Voland's right hand Silver badge

        Yes she can. That's the big advantage to controlling the Police force and a having access to an army

        Shall I refer you to the priceless clip from Shrek 1 - "You and what army?" or you will peruse it without referral. She is an Eu commissioner - she has no army and whatever she does requires a consensus of member states.

      3. Loyal Commenter Silver badge
        Facepalm

        It just requires simple legislation saying anyone sending packets that can't be decoded (encrypted or random, doesn't matter) goes to prison.

        Did you just say random numbers should be illegal? Because I think you did...

        1. Adam 52 Silver badge

          "Did you just say random numbers should be illegal?"

          No. I said a brain-dead politician could make sending them over the Internet illegal if she wanted to.

        2. Jaybus

          "Did you just say random numbers should be illegal?"

          Absolutely. Entropy as well. If they can legislate away entropy, then end-to-end encryption would be impossible.

          1. Anonymous Coward
            Anonymous Coward

            Nothing can be done about encryption.

            If there is a pattern that can be observed since the birth of the transistor, it is that whenever there is an attempt to control or block something, it takes years to legislate and in the meantime ten alternatives spring up in it's place. The government / police etc can't keep pace and they might as well give up trying to control it and accept that shit is gonna happen, that's the way the world works.

            They can claim that some new law has had positive effect and 99.99% of people don't do something anymore because they know it's illegal but the truth is that the remaining 0.01% that still do are more determined to find a way around it so they go deeper underground and find another way around it while the lawmakers repeatedly play catchup-22 (see what I did there). And it's those 0.01% that they were targeting in the first place. So yeah, the control thing never really works.

            So what happens when whatsapp are forced to implement a backdoor, the police get a court order to release a suspect's message history and they discover that they still can't decypher the juicy bits because the suspect encrypted their content once before posting it? Exactly the same as it is now, just one level deeper, that's what. No more information, no more leads, just a 99.99% bunch of decrypted cat pictures and "Look what I had for dinner" posts, and 0.01% suspected juicy bits but they can't find out anyway because the suspect already encrypted it before it went onto whatsapp.

            So they go after the encryption software devs and force them to implement a backdoor. In the meantime 10 other alternatives are written and the government are still scratching their heads, but technically they will be in exactly the same relative position they were waaaaay back in the 80's.

            1. leexgx

              the fix is really having the encryption Optional feature, then at least they can focus more on the people who are actively trying to use encryption (not passively as it is in whatsapp at the moment)

              mass snooping has always happened but with whatsapp and some other apps using OTR by default for a bit now the bad people become noise with all the good (mostly lol)

              its just a shame that a small subset of people can cause problems

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Time to use only non-commercial open source

      For everything.

    3. leexgx

      main issue is extremely easy to use apps like whatsapp can make you invisible to tracking as it encrypts all communications by default,

      now its harder for 3-4 letter agencies to just focus on people that are using encryption for hiding messages or been paranoid, before they only had to keep an eye on people using tor or sending scrambled/encrypted messages now just using whatsapp hides you with the other millions of people who use it which is really no good

      if this act gets though the app makers won't make back doors they just simply turn of OTR in the messaging apps so they can be intercepted again and the people who have somthing to hide will likely use somthing els and get put on the monitoring list

      i don't personally like that whatsapp have done by making OTR the default as they have made it very simple to use for any one doing bad stuff with no technical knowledge

  2. Anonymous Coward
    Anonymous Coward

    Welcome to the Stasi nation

    You are monitored citizen. Your thoughts and words are never private.

    Welcome to the terrifying New World Order.

    Comply.

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: 'Comply.'

        "Or just unplug... "

        You would then have to accept that some various things would become impossible, very inconvenient, and probably more expensive.

        The problem is not with the internet - but with the politicians who respond to, or manipulate, popular uninformed opinion in order to keep themselves in a position of power.

  3. Paul

    Encryption systems: secure for all, or secure for none. Backdoors always get leaked or discovered.

    1. Anonymous Coward
      Anonymous Coward

      It would be interested to see if the EC/UK/USA would support and defend Russia, China, Somalia, North Korea etc mandating a backdoor encryption into western products? They would only want it for the same reason after all - to fight *evil*.

      Would this be the same backdoor that all these countries are given access to or would it be a separate backdoor form each (Swiss cheese method). Would it also include SSL, SSH etc and therefore provide these nations (as well as our own) access to communication links used by utilities and infrastructure?

      This doesn't even need an effort to stop bad guys finding the back door, once the can of worms is opened how to you stop the "bad guys"* from being show the back door?

      *For whatever today's definition of bad guy is.

  4. Anonymous Coward
    Anonymous Coward

    We promise it will only be used to Catch T's and P's...

    Later when its forgotten it'll actually be used to round up Whistleblowers, Investigative-Journalists & Human-Rights-Activists etc... Why? Because slurping / snooping has been shown to be ineffective at catching T's & UK government officials 'disappeared' evidence of abuse by P's for decades!

  5. moiety

    And how exactly will this stop unmonitored random nutters driving cars at people again?

    1. Paul Crawford Silver badge

      It wont. Not one bit.

      What it will do is try to pacify politicians screaming "something must be done!" to appease Daily Fail-style readers all over Europe.

      1. P. Lee Silver badge

        >What it will do is try to pacify politicians screaming "stop checking my expenses!"

        FTFY

      2. Nick Kew Silver badge

        Daily Fail?

        What it will do is try to pacify politicians screaming "something must be done!" to appease Daily Fail-style readers all over Europe.

        No need for Daily Fail here: we have plenty enough nonsense right here on El Reg[1]. Like the headline here, which turns out to be a story that a senior civil servant will bring forward a selection of proposals.

        To see the significance of that, think of everyone's favourite civil servant Sir Humphrey doing the same. Then perhaps consider how much harder it's likely to be to manipulate 27 governments and public opinion in public than one minister behind closed doors. She's kicking it into the long grass.

        [1] Not the same as the Wail, but nonsense nevertheless.

    2. Anonymous Coward
      Anonymous Coward

      And how exactly will this stop unmonitored random nutters driving cars at people again?

      That's not what this is intended to achieve.

      What it will do is make it harder for the guys who groom and coerce vulnerable people into doing things like this getting away with it.

      1. Anonymous Coward
        Anonymous Coward

        " What it will do is make it harder for the guys who groom and coerce vulnerable people into doing things like this [...]"

        The Government seems keen to cut the services that would help vulnerable people out of their vulnerability.

      2. Smooth Newt
        Meh

        Re: And how exactly will this stop unmonitored random nutters driving cars at people again?

        What it will do is make it harder for the guys who groom and coerce vulnerable people into doing things like this getting away with it.

        Like money laundering legislation, it will just affect normal people, and not make a jot of difference to the bad guys, since they will just put a little effort into circumventing it. And at the same time make us all a little bit less safe from unconstrained government snooping.

        You also seem to be under the delusion that this will be used just for counter-terrorism. I suppose it is understandable since that is all the Government ever talks about, but if so, then why do you think that dozens and dozens of bodies, such as the Department of Work and Pensions, the Competition and Markets Authority, and the Gambling Commission, can legally access your communications data? Do you think that the Welsh Ambulance Services NHS Trust really have a role in "making it harder for the guys who groom and coerce vulnerable people into doing things like this getting away with it"?

        1. xeroks

          Re: And how exactly will this stop unmonitored random nutters driving cars at people again?

          what it will do is make it easier to identify the bad guys.

          If(I decrypt this person's message)

          they are probably a goody

          else

          they are probably a baddy

    3. harmjschoonhoven
      WTF?

      Re: And how exactly will this stop unmonitored random nutters driving cars at people again?

      Statistically people will be driven over twenty times by drunk drivers before they are hit by an unmonitored random nutter driving a car at people.

  6. John Smith 19 Gold badge
    Gimp

    "politicians and law enforcement insist they don't care how it's done"

    And will go on "not caring" until someone raids their personal message stash and broadcasts their assorted crimes, infidelities and unusual sexual proclivities.

    And I think we know there are going to be quite a few of all of the above amongst the assorted pols comms chatter.

    This couldn't have anything to do with the idea that a backdoor would allow monitoring of anyone they like without them being aware of it and therefor eliminate the need for a search warrant that a number of European states (UK included) law enforcement agencies find so annoying, could it?

  7. hplasm Silver badge
    Big Brother

    No 6...

    "What do you want?"

    "Secure access to your encryoted information."

    "You won't get it!"

    "By hook or by crook we will."

    "No, maths doesn't work like that. Sod off."

    1. Anonymous Coward
      Anonymous Coward

      Re: No 6...

      "Sod off sodding off! We don't care about no stinking maths! You do it or you don't get to operate here! Now DO IT! YESTERDAY! OR ELSE!"

    2. DropBear Silver badge

      Re: No 6...

      You really don't get it, do you. Whenever there's a problem that the Powers That Be _really_ want solved that has no good solution, only a choice between no solution and bad solution, the bad solution will end up getting applied, regardless of how bad it is, no exceptions. The denial permeating the place around here is astonishing - this is textbook xkcd "rubberhose cryptanalysis", only instead of a $5 wrench they'll throw the book at anyone who dares using strong encryption on anything, if that's what they want. "Maths" will not help you while you sit behind bars. Yes, I'm aware that is not what this article (or this "law") is about. It's only the next logical step once the this proves as ineffective as expected in preventing bad people from hurting other people.

      1. Charles 9 Silver badge

        Re: No 6...

        Thing is, with rubberhose cryptanalysis, you run the risk of encountering a wimp or a masochist. Wimps are too soft and faint at the mere threat; you can't keep them coherent enough to talk. Meanwhile, masochists get off on pain so just beg for more.

        As for threatening family, they could also be estranged or black sheep, meaning they counter, "Never liked them anyway."

        1. Anonymous Coward
          Anonymous Coward

          Re: No 6...

          Thing is, with rubberhose cryptanalysis, you run the risk of encountering a wimp or a masochist.

          .. which brings us back to Drupal ...

          :)

          1. Charles 9 Silver badge

            Re: No 6...

            That wasn't due to masochism, though. More due to having a Gorean (male-supremacist) mindset which means women can get offended.

  8. Paul Crawford Silver badge

    This is the European Commission speaking, largely a mouthpiece for the various EU governments. As such the tech companies should call their bluff and force it to a vote on a law (with explanations of how such a back door won't be discovered and abused) to the European Parliament. Many MEPs don't share the same authoritarian streak and it might just get kicked back when the public realise how their own privacy is being screwed over.

    1. Anonymous Coward
      Anonymous Coward

      Nah, they'll just couch it over until it's already passed. It's harder to overturn an already-in-force law than to prevent its passing.

    2. AndrewDu

      You don't seem to understand how the EU works.

      The EU is not a democracy; in fact it's deliberately designed to bypass and nullify democracy.

      The Commission is the only body that can propose laws, and if it does, the Parliament can do no more than discuss, object, and (slightly) delay.

      This is not a Parliament in the normally understood meaning of the word, it's just a bit of window-dressing; what the Commission wants, the Commission gets.

      1. Nick Kew Silver badge

        Funny. You describe (modulo the Commission being a different word) the process that happens between our government and parliament, then say it's not a parliament.

        Our parliament doesn't propose laws either. It just does what it's told by government. Or it misbehaves and makes it all the easier for Sir Humphrey to play them off against his minister.

        1. Rich 11 Silver badge

          Our parliament doesn't propose laws either.

          It can, via Private Member's Bills. These are limited in what they can do, though, and generally have a low probability of getting passed.

        2. fruitoftheloon
          Happy

          @Nick Kew

          Nick,

          indeed!

          And we have the possibility to kick the 'offending' MP out of office at the next election if enough of the local & grumpy population choose to do so...

          Cheers,

          Jay

      2. Potemkine Silver badge
      3. Anonymous Coward
        Anonymous Coward

        The EU Parliament can stop legislation it does not agree to. The European Council also can. I'm sorry if it does not fit your view of the Big Bad Evil Tyrannical EU, but that's how it's been deliberately designed, in order to not repeat the mistakes of the past. A never-seen-before 60 years of peace seem to indicate it doesn't work so badly.

        https://europa.eu/european-union/eu-law/decision-making/procedures_en

        1. fruitoftheloon
          Happy

          @AC

          AC,

          indeed the various bodies MAY have such capabilities, I wonder how often they have been used???

          Apols as I don't have time atm to do some research...

          Cheers,

          Jay

  9. Ole Juul Silver badge

    This will not go well

    Actually, I take that back. It will go very well for some criminals who can't wait for this to happen fast enough so they can get to work.

  10. Dan 55 Silver badge

    Banning delete after forward

    How's this going to work? Will deleting e-mail or moving it to local storage become illegal in a poorly drafted law because they thought about IMs only?

    If e-mail is not included, what's to stop an IM app using e-mail as the back end?

    1. Anonymous Coward
      Anonymous Coward

      Re: Banning delete after forward

      they will have to make the transmission and storage of any information in an encrypted format illegal. Thats if they want to make a law without loopholes. but in actuality it will be unworkable and swiss cheese and differently interpreted in all the countries.

      so no encrypted chat programs, or email and no whole disk encryption

      so more govt laptops with state secrets left on a train or back of a cab.

      1. Alan Edwards

        Re: Banning delete after forward

        > they will have to make the transmission and storage of any information in an

        > encrypted format illegal

        Trouble is, what is encrypted data. I can see a lot of conversation like:

        Gov: Why are you sending encrypted data?

        Me: WTF? I'm not

        Gov: Explain this then...

        Me: It's the install keys for a bunch of products on our shared MSDN account

        Gov: (eyes glaze over, understood some of those words) Rubbish, it's encrypted, decrypt it

        Me: It's not encrypted

        (Rinse and repeat)

        Of course it would also ban SSL and WPA encryption on wifi. It would be the end of e-commerce, at least on wireless networks.

  11. Anonymous Coward
    Anonymous Coward

    1984

    Was optimistic.

    Case in point, everyone over here recently had to upgrade their ccards because the encryption wasn't strong enough.

    What happens when lawyers find out that their £1,000,000+ legal case is basically worthless because the opposing lawyers got hold of the case files and email correspondence because someone leaked the key(s)?

    1. Anonymous Coward
      Anonymous Coward

      Re: 1984

      Not even slightly realistic. It says nothing about Big Sister.

      I'll get my coat.

  12. jake Silver badge

    Strong encryption exists, and is "in the wild".

    That horse has bolted. The worms are out of the can. There is absolutely nothing that any .gov can do to change this. It's not going to stop them trying, though. My advice? Point your collective fingers and laugh at the idiots early and often. Send snail mail to your elected officials. Vote, and explain why you voted the way you did.. Be vocal. Let them know that some spills are far to massive to cover up. It probably won't do any good (politicians are immune to free technical advice; they require money, lots & lots of money), but along the way you'll undoubtedly inform a few more people as to the reality of the situation. Maybe, just maybe, eventually someone in power will see sense ... but I'm not holding my breath.

    1. Charles 9 Silver badge

      Re: Strong encryption exists, and is "in the wild".

      "There is absolutely nothing that any .gov can do to change this."

      Yes, there is. Simply ban the use of any and all encryption that cannot be cracked by the state. Declare it an act of TERRORISM or whatever that means if you're caught, you and anything associated with you are basically ruined forever.

      Then you just have to deal with stego, which has its own limitations, especially for improvised messages. mandating media mangling would probably be a good start there.

      1. StaudN

        Re: Strong encryption exists, and is "in the wild".

        Yeah, that doesn't work politically: no such thing as "simply ban".

      2. badger31

        Re: Strong encryption exists, and is "in the wild".

        It wasn't that long ago encryption was considered a munition, but those days are long gone.

        This whole thing is a farce. Apps like WhatsApp moved over to encryption *because* of the amount of snooping governments want over their (mostly) law-abiding citizens. You reap what you sow. Don't complain when your poorly thought-out, ill-conceived and utterly ridiculous plans back-fire. And don't make things worse with a knee-jerk, even more poorly thought-out and more ridiculous reaction.

        Even if you could change the laws of mathematics and they get their super-safe backdoor into otherwise (practically) unbreakable encryption, what then? I would imagine terrorists and -- worse -- copyright infringers will just use non-crippled encryption, leaving LEAs across the globe spending all their time decrypting peoples' cat pictures and messages about what they had for dinner.

      3. Anonymous Coward
        Anonymous Coward

        Re: Strong encryption exists, and is "in the wild".

        "Declare it an act of TERRORISM or whatever that means if you're caught, you and anything associated with you are basically ruined forever."

        In the England that law already exists. For T & P investigations - if you fail to provide a key for your encrypted files then it's 2 years in prison. On release it can be repeated indefinitely if you still don't provide the key.

        1. Charles 9 Silver badge

          Re: Strong encryption exists, and is "in the wild".

          Which allows the perfect blackmail. Slip a block of pure random data into a user's computer and then tell Scotland Yard the victim is a pedo. No way to prove the block isn't his, absolutely impossible to decrypt (because it was never encrypted to begin with), you tell the news about it, and it's Game Over.

        2. Sir Alien

          Re: Strong encryption exists, and is "in the wild".

          It still requires that the accuser proves that you know the key. If you genuinely don't know the key it would be torture to detain you for something you do not have or have not done.

          For example:

          (A) you refuse to give them a key >> go to jail, do not pass go, do not collect £200. with this you have let them know you have the key and that you just simply refuse to provide it.

          (B) someone plants a random encrypted file on your computer. you do not know the file exists and you do not know the key. The accuser also cannot prove you have the key, you get off but might still get monitored to be sure.

          On my computer I have a swap file because certain programs don't like it disabled. So for good measure it is configured to re-key every time I reboot. The key used is simply the input from /dev/urandom or /dev/random so not even I know the key.

          1. Charles 9 Silver badge

            Re: Strong encryption exists, and is "in the wild".

            But it's not necessarily torture if it's "Think of the Children!" or "Do It or the Earth Explodes!" Plus you can just say, "He's lying!" and support your case by replacing one of his legitimate files that's frequently accessed.

            1. Anonymous Coward
              Anonymous Coward

              Re: Strong encryption exists, and is "in the wild".

              The only ones who'll enforce a ban on encryption are the Stasi and they're long since gone.

              Oh wait....

            2. Kiwi Silver badge
              FAIL

              Re: Strong encryption exists, and is "in the wild".

              IIRC in the book "Worm" by Mark Bowden there's a section where he talks of computer forensics, especially in a case just like this. There are ways to detect if a file has been planted or not.

              There's whole lots of other procedures in place that would quickly show that a case like the one you proposed is rubbish and it would be unlikely to ever go beyond the initial investigation. The person who made the accusation, however, could find themselves up on charges quite quickly. Cops are aware that people try to plant files and make allegations, but a false allegation needs a lot more than just planted files to make it stick.

              But please, go ahead and try it on someone. See how long it is before you meet your new bestest friend Bubba.

  13. Charlie Clark Silver badge

    Politics

    It's worth noting that this is the much maligned commission acting as it often does at the behest of the member states. Speculation about what exactly will be proposed should be avoided but the wonks at the commission will be aware of the impossibility of getting backdoors for true end-to-end encryption. And the ECJ has already ruled in favour of individual's right to privacy. So this sounds like a stick to beat the tech companies with for better cooperation: get those AIs to do something useful like monitoring phones and reporting any "suspicious" activity.

    If end-to-end encryption becomes illegal, which I very much doubt, it's hardly likely to stop anyone who is already breaking, or considering to break, the law…

  14. Anonymous Coward
    Anonymous Coward

    Back to the future

    Back-doors into encryption will have no effect on savvy criminals, terrorists and those engaging in espionage. It only opens the door tor state sponsored intrusion into commercial and personal messaging. There is no secret how to ensure secrecy; it just requires a little preparation. Pre-arranged messages in clear have always been preferred if you want to hide your true meaning - "How's your father" could easily mean "attack is go/no-go" or just what is says. One-time pads properly used are uncrackable. In reality is is often not what is said as to whom and when, that is required to track, detain and convict a suspect (yes back to metadata again). Whatsapp and their like are just a convenience for lazy perpetrators. If you are a really serious terrorist a back-door will only be a minor inconvenience.

    1. phuzz Silver badge
      Stop

      Re: Back to the future

      Exactly, anyone who is legitimately worried that a government may be surveilling them (ie terrorists, political campaigners, spies), already knows that their electronic communication is compromised, and will fall back to the 1950's era techniques that still work (eg dead drops, book codes).

      And of course, all the communications surveillance in the world is unlikely to catch the lone nutters like Breivik or Masood.

      1. Charles 9 Silver badge

        Re: Back to the future

        But with a greater chance of a Panopticon, the odds of a dead drop being watched or a First Contact being moled are greater.

    2. Dave 32
      Coat

      Re: Back to the future

      Oh, sort of like the messages, intended for the French Underground/Resistance, transmitted in the clear by the BBC, just prior to the D-Day landings, during World War II?

      Everything old is new again?

      Dave

      P.S. I'll get my coat. It's the one with a pocket full of message slips, with phrases such as "John has a brown cow.", "Becky has a large garden."

      1. Charles 9 Silver badge

        Re: Back to the future

        Code systems STILL need some kind of exchange to establish it, which puts you squarely in the First Contact problem (meaning you can be moled). Unless you can demonstrate a means to establish a code system without actually meeting in person?

        1. phuzz Silver badge

          Re: Back to the future

          Even if you do meet in person, that's no guarantee that you can trust them to keep your secrets. Internal betrayal is always a problem.

          Hopefully, if the security services are throwing resources at ELINT, they won't be spending as much on HUMINT, so your new pal is less likely to be an undercover police officer come to cheat on his wife with an activist or two.

  15. Anonymous Coward
    Anonymous Coward

    As someone who has worked both sides of the coin (Government/Public vs Private), the one thing that terrifies me is how often Government (though unintentionally and bumbling ) get it wrong, they get the wrong John Smith or the wrong address or the Telephone/ mobile / Email etc.

    A good example of this here....http://www.bbc.co.uk/news/technology-37048521

    Now they are advocating back doors, it's almost as if none of them understand the Risks or implications of their legislation - Whether it's applications of Cipher-Block-Chaining (currently a massive area of growth and R&D) , or Post-Quantum Cryptography.

    The fear of Terrorism (or as I call it, Criminal Violence) is disproportionate to the Risk, it's irrational and it has to stop.

    1. Anonymous Coward
      Anonymous Coward

      "... it's almost as if none of them understand the Risks or implications of their legislation ..."

      No, what is worse is that they don't care as long as it makes for a good sound-bite - "Look!! I'm being tough on crime!!"

    2. sitta_europea

      [QUOTE]

      The fear of Terrorism (or as I call it, Criminal Violence) is disproportionate to the Risk, it's irrational ...

      [/QUOTE]

      It is irrational. But when has a large number of people ever been rational?

      1. Charles 9 Silver badge

        Especially when the ACTUAL risk of an existential threat is constantly rising. By definition, no one can survive such a threat, so you can never defuse that kind of fear without encouraging suicide.

  16. David Roberts Silver badge
    Facepalm

    Legislation like this

    Is why we are leaving the EU!

    Oh, wait.......

  17. 0laf Silver badge
    FAIL

    Stupid is a universal constant

    Fucking idiots.

    They'll be the first ones to wheel out the fine-gun under GDPR when companies start to lose date through the legislated back doors.

    1. Sir Runcible Spoon Silver badge
      Joke

      Re: Stupid is a universal constant

      Down-voted for the correct spelling of 'lose' in this context.

  18. Potemkine Silver badge

    So wrong

    By luck, such a foolish legislation shouldn't pass the European Parliament.

    1. Graham Dawson

      Re: So wrong

      EU parliament has no legislative authority.

      1. Potemkine Silver badge
        1. Dan 55 Silver badge

          Re: So wrong

          It depends on the kind of legislation. Parliament can propose changes or may be limited to just accepting or rejecting.

          There are other kinds of legislation which do not involve Parliament, i.e. Commission only or Commission + Council.

          Parliament doesn't have initiative, i.e. it can't propose laws, the Commission has that.

      2. Graham Dawson

        Re: So wrong

        I don't see why I got downvoted. The Euro parliament has no legislative authority. It's in the same position as the House of Lords. It can reject or accept legislation and suggest modifications, but it has no power to enforce them. It can't legislate. That means it has no legislative authority.

        Legislative authority rests with the Commission and the Council. If the Parliament rejects the Commission's legislative proposal or proposes amendments that the Commission or the Council aren't interested in, the two bodies can turn around and say "we're passing it anyway."

  19. Anonymous Coward
    Anonymous Coward

    Ok so you install back doors on all the companies you can in the west.

    Terrorist start using apps from the east.

    Where does this leave you? Block or ban those apps? Good luck with that as you don't understand how the internet works because for every app you block 10 new ones could pop up.

    They know this which makes it even worse because they can't all be that stupid. Someone must have pointed this out at some point.

    You may think tin foil hat but I'm seeing this differently in that there is something else going on here and it points to totalitarian regimes.

  20. Anonymous Coward
    Anonymous Coward

    and picture messaging will be banned

    ..because steganography? OFFS when will these turd brains realize they are backing the wrong horse. The internet has already out-smarted them and it is at a lazy trot, just wait till they turn up the heat and it breaks into a canter. Meanwhile lawyers get richer, consumers and IT suppliers get billed, Police get even more frustrated, and MPs show themselves to be even greater nitwits than we already knew they were.

    Steg can be detected!? Some forms can, and, at best, some images can be highly suspect because of noise characteristics. Go for busy, moody, grainy shots to best leave them guessing.

    Even steg found does not equate to means broken. Message is encrypted anyway so even if you separate the message from the carrier you are now into round two. Which for a halfway decent encryption scheme means the next new challenge for a cow shed full of qbits* and some very, very brainy people - plus a HUGE bill per message.

    Yeah pass the law to stop the tide coming in - I'll stand on the beach with popcorn and laugh while you drown. Then we will need a new law to seize your assets and pensions to (part) compensate the companies and tax payers for this debacle.

    Four people died recently because of the actions of one lone nutter (also dead). How many people died in the UK on the same day as a result of accidents and incidents not related to misguided nutters? The excuse does not add up - so what, or who†, are 'they' really afraid of?

    *allegedly, in the best spirit of Eye and HIGNFY.

    † I do so hope the answer is 'us' - because ... icon.

    1. Charles 9 Silver badge

      Re: and picture messaging will be banned

      Mangle pictures in transit and most stego gets squashed. Who cares if you can't detect it if you make it practically useless for "The Bad Guys"? You're still coming out ahead.

    2. Anonymous Coward
      Anonymous Coward

      Re: and picture messaging will be banned

      Don't need Steg., if I send you an image of a kitten it means the mission is on. Dog image means "off".

    3. Frumious Bandersnatch Silver badge

      Re: and picture messaging will be banned

      As someone mentioned above, it's much easier to use specific pre-arranged codes, preferably one use only. Something simple like posting an animal picture or video on a certain day, with the choice of animal (or no post at all) giving a traffic light-like status update or selecting from a set of targets, or whatever. Assuming you can meet up in person at least once without being bugged/spied on, it's trivial to pre-arrange this sort of thing and no amount of technology or anti-encryption laws can defeat it.

      (Hmm... I didn't see that post that's (now) right above mine, suggesting exactly the same thing)

      1. Charles 9 Silver badge

        Re: and picture messaging will be banned

        "Assuming you can meet up in person at least once without being bugged/spied on, it's trivial to pre-arrange this sort of thing and no amount of technology or anti-encryption laws can defeat it."

        But as I've mentioned, THERE'S your problem: The First Contact problem. How can you be sure you aren't being moled?

        1. Kiwi Silver badge
          Holmes

          Re: and picture messaging will be banned

          The First Contact problem. How can you be sure you aren't being moled?

          How many people in this world? How many are employed to follow other people? How many people are actually targeted for being followed?

          Chances are, even if you're high on a watch list, you're not being followed. Going off stuff over recent years it's more likely a cop will kill an innocent civilian than a highly trained "operative" will actually be following someone of consequence. There's just way to many people in the world who're of interest and way too few people doing a decent job following them. Even those nations who employed most of the population in spying on their neighbours and their own families couldn't keep track of those they actually needed to follow.

          If you're not on a watch list, then unless you're that innocent civilian about to be shot, you're not being followed anyway. Someone you trust can introduce you to someone they trust, or can provide a way to meet securely. Yes, one in a few thousand might get caught, but the vast majority complete all their meetings and tasks without it being known they even exist. They're out there meeting in plain sight under the watchful eye of a thousand monitored security cameras, and not one watcher gives them a second glance.

          1. Charles 9 Silver badge

            Re: and picture messaging will be banned

            What about a COMPUTERIZED Panopticon, with humans reserved for the red flags? Think how casino security works, cranked up to eleven.

            1. Kiwi Silver badge

              Re: and picture messaging will be banned

              What about a COMPUTERIZED Panopticon, with humans reserved for the red flags? Think how casino security works, cranked up to eleven.

              What, you mean like the "facial recognition" that doesn't exactly have the greatest abilities?

              Ever heard of felt tips? "Sorry officer, I cut myself shaving, I wasn't trying to change my appearance". Etc etc etc etc. A little bit of thought tells you lots of ways to get around this sort of stuff. And if you don't come up with anything, spend some time in some decent books that cover the subject. Don't watch the CSI crap where they can zoom in on a shiny grain of sand from 10,000 miles away and further zoom in to something that happened around the corner 10,000,000,00,000,000,000 miles away - original filmed on a 320x240 webcam, there's laws against that.. Laws of physics, so none of your "but WHAT if the GOVERNMENT makes a LAW that saws CAMERAS must BE able TO do THAT!" please. Computer eyes or human eyes, there's to much movement out there to watch it all. Just a few moments thinking about it.

  21. Andy The Hat Silver badge

    If apps are intrinsicly insecure ...

    then why should I be using an 'internet banking app' or a secure sharedealing service or a bitcoin service, shopping app or GP's online app when they have a known backdoor?

    Perhaps my mum, who couldn't spot the difference between "those W W dots" and VHS, has actually got it right ... start opening those High Street bank branches again please, and all is forgiven bring back Woolies.

    1. Frumious Bandersnatch Silver badge

      Re: If apps are intrinsicly insecure ...

      Actually, I was also thinking about Bitcoin. Since the ledger is public, you can encode your "go/no-go" message using a transaction of a certain amount. I assume that wallet IDs are stored in the ledger, although it's impossible to know who they belong to unless you find it on someone's PC, which shouldn't happen if you're doing it right.

  22. Christoph Silver badge

    "Meanwhile politicians and law enforcement insist they don't care how it's done, they want to be able to access people's private communications and stored data, particularly if they have a warrant regarding suspected criminal behavior."

    Fixed it for you

  23. Doctor Syntax Silver badge

    I look forward to Věra Jourová leading by example and doing a Clarkson. She wants to expose the EU population to having all their online security compromised. She should compromise her own to show how safe it is by telling us her banking, email and any other online credentials she has.

  24. Anonymous Coward
    Anonymous Coward

    What can they find out?

    There are two distinct problems.

    First, it has always been possible to find where a message went or was sent to. If the Police were watching you, they could read the addresses on your mail. On the internet, every packet carries source and destination IP addresses. It has become hugely cheaper to collect this info, the Police-types can learn a great deal from it. It's called Traffic Analysis, and it's data that cannot be encrypted.

    I think that needs good warrant-level control, a combination of privacy protection and a legal duty for the providers to follow.

    But the contents of a physical envelope, while not absolutely safe, needed significant effort for those Police-types to read without the addressee's knowledge. That was part of our protection, and part of why we didn't have a strong need for laws. So what are the implications of a system that gives those Police-types a cheap method of reading everything.

    Laws which make a read-everything approach easy and cheap are dangerous.

    How easy, how cheap, that's the question. And it needs to be nearly universal. Some places, such as New Zealand, might not be the man in the middle on a route, but if A and B require warrants, what's to stop the spying being done somewhere on the route between them?

    So I can't see how we can walk away from the EU on these issues. What happens if nobody trusts our internet? But there's room for a lot of ignorance and stupidity between "we must do something" and what eventually gets done, and we're already seeing the usual suspects sticking their oars in.

    And an EU Commissioner has to keep dealing with the idiots to be sure of having the necessary hashtags at the end of the process

    1. Anonymous Coward
      Anonymous Coward

      Re: What can they find out?

      And an EU Commissioner has to keep dealing with the idiots to be sure of having the necessary hashtags at the end of the process

      And it is very difficult when said EU Commissioner is likewise an idiot for entertaining such an idea.

      We all know that the first requirement to be a politician is complete ignorance of anything technical. All they have to know is how to screw the people.

  25. Dieter Haussmann

    How many more false flags must we endure?

  26. Haku
    Facepalm

    Encryption backdoors won't stop terrorists.

    It'll just give hackers a new goal, one with potentially untold riches and/or damage capability.

  27. CrashM

    Terrorists are not stupid!

    Do governments really believe that the terrorists are stupid? Do they think that the terrorists don't have even semi skilled programmers?

    If you want to send secret messages and guarantee their security all you need to do with spend a few hours programming and you have your own instant messenger, using encryption you implemented yourself, sent though a server you control.

    With all this attention on WhatsApp, Facebook and other popular instant messengers why would you use them for mission critical communication?

    1. Brewster's Angle Grinder Silver badge

      Re: Terrorists are not stupid!

      First, do you really think the Westminster Bridge attacker would have been able to do that? That's what Whatsapp does: it brings the expertise to the masses for free.

      Second, I guarantee your system would take more than a few hours and if you implemented the encryption yourself it would be crackable by the security services. Encryption is really hard to get right. One bug and it becomes crackable.

      1. CrashM

        Re: Terrorists are not stupid!

        Well... Firstly, the Westminster Bridge attacker was just an angry random. Had he been an actual ISIS soldier and probably would have been better outfitted (software and hardware).

        Secondly, Yeah i may have underestimated the time taken to write an encryption implementation but they could use one of the many open source implementations that have been security checked by hundreds of people. However creating their own IM that make use of dark networks like Tor (for that additional layer of security) would not be much of a challenge for an intermediate programmer.

        1. Pascal Monett Silver badge

          Re: "not be much of a challenge for an intermediate programmer"

          Encryption is NOT EASY, and implementing it properly is NOT the domain of an "intermediate programmer".

          In order to properly implement encryption into a home-grown product, you have to have a programmer that is bloody good. Not Torvalds-level good, I agree, but better than "intermediate" for sure.

    2. Anonymous Coward
      Anonymous Coward

      Re: Terrorists are not stupid!

      No, but the people who think it's to do with terrorism are.

      IT'S NOTHING TO DO WITH TERRORISM.

  28. mithrenithil

    Terrorists (and other bad people) abide by laws don't they....

    After Swiss cheesing encryption for legit users, the bad ppl will just create their own messaging apps which are secure. The threat of jail time isn't going to be much of a deterrent to these types of people, especially those willing to commit mass murder...

    1. Charles 9 Silver badge

      Re: Terrorists (and other bad people) abide by laws don't they....

      But the moment you do, in a world where all other systems are Ementaller, you stand out like a sore thumb, and if you try to stego your way past, you're likely to get your message mangled.

      1. Paul Crawford Silver badge

        Re: "you stand out like a sore thumb"

        No, you just encrypt before using WhatsApp or similar. Unless they decrypt and check EVERY WhatsApp message then they won't see your message as having any unusual characteristics. By time they do it probably too late anyway.

        Depending on how any back door is implemented the cost of decryption could be made very high, for example to thwart mass surveillance but keep to the letter of the law, so they would need to have prior knowledge of suspects to check and then you are back to square one - to crack the 2nd level of encryption you need to arrest them and so on to obtain the key, so its no longer usable for surveillance as the suspects know they are being followed.

        1. Charles 9 Silver badge

          Re: "you stand out like a sore thumb"

          But you have to assume the law will demand the back door be EASY for law enforcement to implement, meaning they can probably screen the stuff near-realtime and anything that comes out STILL encrypted, like I said, sticks out.

  29. Anonymous Coward
    Anonymous Coward

    Bunch of drongos

    Fark, these people are stupid.

  30. Jess

    I hope the app providers don't provide back doors.

    The only concession they should give is to provide a separate unencrypted channel, to send messages if the main secure channel is blocked, but making it completely clear that the channel in use is insecure.

  31. Anonymous Coward
    Anonymous Coward

    Hitler, Stalin, Mao, and The Combine would approve. The ends justify the means.

    1. jake Silver badge
  32. Anonymous Coward
    Anonymous Coward

    @ Kieren McCarthy

    "The European Commission will in June push for backdoor access to encryption used by apps, according to EU Justice Commissioner Věra Jourová"

    Could you please provide the source of that statement (date and place), and if possible a link to an official copy, such as a press release in the europa.eu domain?

    It's not that I do not trust you, but it would seem advisable to double check, plus I would like to be appraised of the context in which the aforementioned statement might have been made. Cheers!

  33. dahle llama

    Obligatory CGP Grey

    https://www.youtube.com/watch?v=VPBH1eW28mo

  34. Anonymous Coward
    Anonymous Coward

    Start

    by adding a large chunk of false data to an email.

    &^BTITRB*TVFGYTVFFhgv jhgbhjv ghjgbigKJBJ Hgkh gigV JHG Vjh GFBHGO giuyytoiuyobiutoi7BOIygOguiytbigyOuINYI vkjhGybgUYgnkJHGOHgBgFnjhon h kjHgnjGngK&^BTITRB*TVFGYTVFFhgv jhgbhjv ghjgbigKJBJ Hgkh gigV JHG Vjh GFBHGO giuyytoiuyobiutoi7BOIygOguiytbigyOuINYI vkjhGybgUYgnkJHGOHgBgFnjhon h kjHgnjGngK&^BTITRB*TVFGYTVFFhgv jhgbhjv ghjgbigKJBJ Hgkh gigV JHG Vjh GFBHGO giuyytoiuyobiutoi7BOIygOguiytbigyOuINYI vkjhGybgUYgnkJHGOHgBgFnjhon h kjHgnjGngK&^BTITRB*TVFGYTVFFhgv jhgbhjv ghjgbigKJBJ Hgkh gigV JHG Vjh GFBHGO giuyytoiuyobiutoi7BOIygOguiytbigyOuINYI vkjhGybgUYgnkJHGOHgBgFnjhon h kjHgnjGngK&^BTITRB*TVFGYTVFFhgv jhgbhjv ghjgbigKJBJ Hgkh gigV JHG Vjh GFBHGO giuyytoiuyobiutoi7BOIygOguiytbigyOuINYI vkjhGybgUYgnkJHGOHgBgFnjhon h kjHgnjGngK&^BTITRB*TVFGYTVFFhgv jhgbhjv ghjgbigKJBJ Hgkh gigV JHG Vjh GFBHGO giuyytoiuyobiutoi7BOIygOguiytbigyOuINYI vkjhGybgUYgnkJHGOHgBgFnjhon h kjHgnjGngK

    For example. Make it LOOK like encryption, watch as they drown in a sea of falsehoods and misdirection.

  35. Anonymous Coward
    Anonymous Coward

    New (old?) means of investigation needed

    So the reasoning goes like this:

    1. People encrypt their communication to enforce their privacy from the government. Since the government has no business in their communications and expresses interest in protecting the privacy of people that should be perfectly well.

    2. People expect that encryption will protect them from a government who stops expressing interest in their privacy.

    3. Government who likes privacy can't check up on the groups who don't like privacy (and use violence to impose their will).

    4. Groups who don't like privacy use the privacy shield of encryption to undermine the privacy-loving government.

    5. The anti-privacy groups take power one way or another. They then use violence to make everybody who uses encryption to go to jail or die.

    6. Groups who like privacy have no means of undermining the privacy-hating government.

    With privacy the bad guys who want to subjugate you can't be spied on - people have to risk their lives infiltrating their circles, but you know that if the bad guys are in government they can't spy on you. Without privacy you don't know if the bad guys are in government and spying on you, and people "get disappeared" all the time without a trace and no indication of who did it.

    The only solution then is to strengthen democracy and make government as transparent as possible so that when shit gets around to point 5 they get dealt with quickly and a proper government elected back in.

    What the EU, May, and other national governments say is that they're not bad guys and promise they'll never be. Strong democracy would on the other hand mean that getting to point 5 is a possibility, but after a small period of tribulations point 6 is averted rather than set in stone. Human nature says that there's no way to ensure the people in power will never be bad guys.

  36. tfewster Silver badge
    Facepalm

    She's right that it needs a change in the law. Her problem is that the EU doesn't have jurisdiction over the laws of mathematics.

  37. Harry Stottle

    Educate the Public

    I know.

    That's as plausible a strategy as "Win Game"

    I did give fleeting thought to starting up a petition along the lines of criminalising uninformed authoritarian comment on matters they know nothing about but that eliminates virtually all political discussion, which, while desirable, is even more unrealistic.

    Public education is, in my view, the only realistic way to defeat the bastards in the long term. It does not require that every voter understands the fundamental ethics, let alone the fundamental mechanics of secure communications. All it requires is moral comprehension by a significant minority, say 20% or so, of the implications of criminalising secure communications. That's enough to ensure, when the relevant test cases come before a jury, that the case is dismissed with the same finality as we've seen (in the UK) with certain infamous attempts to use the Official Secrets Act. (eg Peter Wright)

    This could work in the UK and Commonwealth countries which use the UK legal model. Not much use in those European countries which don't use juries and not much use in the USA, where jury-rigging is standard, but we can't let the perfect be the enemy of the good.

    As to how we educate the masses, I think we need to start with the lowest common denominator - the Daily Mail - and persuade an appropriate hack to write the story from the angle that those nasty civil servants are trying to curtail their liberty. Writing the more balanced and rational version for the broadsheets would be relatively trivial as half of them are already on side.

  38. d3vy Silver badge

    Ive not read the rest of the comments yet but it seems to me that there isnt a way to enforce this.

    You can compel companies to give you access to their services but anyone wanting to communicate privately will find ways to do so.

    I mean whats to stop me going on twitter and tweeting a lump of 140 characters of encrypted text with a #TodaysBigNewsStory hash tag?

    Potentially thousands will see it and disregard it - only the one guy that I have previously shared the key with can decrypt it...

    Actually Im pretty sure I could patent this in the US :)

    Or you know.. we could go back to the 70s and start posting hidden messages in the lonely hearts section of the local paper..

    1. Charles 9 Silver badge

      The fact you'll stand out like a sore thumb since your tweet has no legible text in it...

      You not only have to prevent the plods from decrypting your message, but most of the time you also have to hide the fact you're communicating at all, or the plods simply track the tweet activity to nail you down.

  39. Mathman

    The only way to enforce a ban would be make it illegal to run non-approved software on any device. Otherwise if you can side-load or install an executable then it could be an end-to-end encryption application or contain hidden somewhere in the interface the possibility of end-to-end encrypted communication.

    The only "walled garden" where this is remotely achievable is on locked down Apple devices (iOS) - where even developers are required to acquire special certificates to test their own software.

    In such a world, software development would be a potentially illegal and dangerous activity - especially if not being done for a "legitimate" approved organisation. Even then it would be difficult because any software application that supports a scriptable interface (including Javascript) is a potential encryption device. Spreadsheets would also be banned. Javascript would be ditched. Only "approved" code can be executed. All OS's would be locked down, Linux would be frozen. Open Source would be restricted.

    Basically running or controlling software would be licensed under the sole auspices of the "authorities". In this dark world all developers would be vetted and regularly checked up on.

    And all for what? So we can see the last "goodbye world" message sent by a deranged individual.

  40. Number6

    Not to be used in the following countries.

    If I was an app writer and I lived outside the EU, my solution would be to put up a disclaimer notice pointing out that the app did not comply with the legal requirements to weaken encryption in EU countries and so people in those countries shouldn't install the app and that I took no responsibility for anyone caught doing so. No idea whether it would hold up in law, but given that a good part of what we do is illegal somewhere in the world, the concept is not unreasonable.

    Isn't Telegram open-source? If so, you'll just get a 'Eurocrypt' module written that gets compiled in or not as needed, and if you accidentally use the strong version by mistake then 'oops'.

  41. Cynic_999 Silver badge

    The solution is obvious

    The banning of encryption etc. would be terribly difficult, and is just a means to an end.

    Why not simply ban terrorism? In fact we could make all crime illegal. Surely this would be just as effective as banning encryption?

    1. Charles 9 Silver badge

      Re: The solution is obvious

      WHY would it be so terribly difficult if there were ways to mangle stego and so on? Then it's down to code phrases and so on that require First Contact to establish, and those can be moled.

  42. John Brown (no body) Silver badge
    Paris Hilton

    Is -xit the new -gate?

    See title.

  43. Doctor Syntax Silver badge

    Maybe bringing https://www.searchinternethistory.com/ to politicians' notice might concentrate their minds a little (or concentrate their little minds).

  44. Rob D.
    Coat

    Opportunity

    Let the EU render encryption useless for protecting data and then after Brexit, offer the UK as a safe data haven just off-shore with proxies and protected services readily accessible through our fine infrastructure, slimline business regulation and privacy laws protecting the rights of the consumer.

    Oh, hang on, that's not going to work, is it?

  45. Marketing Hack Silver badge

    The next time political leaders in Europe wonder why there isn't a European Google/Snapchat/FB/etc.

    Please refer them to Ms. Jourova's office for at least part of the answer.

  46. Version 1.0 Silver badge
    Facepalm

    Meet the law, and defeat it.

    So they want to ban encrypted communications?

    No big deal, there are lots of ways to communicate in plain text without anyone having a clue about what you are talking about. I think I could knock one or two apps to do this in a couple of days if I cared.

    1. Charles 9 Silver badge

      Re: Meet the law, and defeat it.

      The moment you do, the law will just download their own copy and break the system. The only way to ensure that is to make sure the law never gets a hold of the code, which can't be guaranteed due to the First Contact problem.

  47. Sgtpanda

    I really hope if this does come to pass then tech companies refuse to comply.

    Politicians rely on the fact that not enough of the general public know the nuances of why E2E encryption (or any encryption) is needed.

    So let's see them deal with the public reaction if Facebook/Twitter etc. threaten to pull services, who do you think the public will side with, the sites who they basically spend their entire life of or 'The Government'?

    You'll have to put the riot police on standby if you threaten to take away people's beloved Facebook.

    1. Marketing Hack Silver badge

      On the plus side though, you wouldn't have to read Donald Trump's or most celebrity tweets.

      1. jake Silver badge

        Contrary to the marketing hype, you don't have to read their tweets now.

        In fact, I have never read anybody's tweet. Nor do I plan to any time soon.

  48. DougS Silver badge

    I wonder if they'd make non compliant products illegal to sell or illegal to POSSESS?

    If they ban iPhones when Apple inevitably tells them to go pound sand, will I have mine confiscated at the border? It would annoy me to no end to have to leave it at home when I visit, and bring some buggy piece of crap that the EU and everyone else can easily snoop just because they have idiots in charge who don't understand shit about technology!

    Plus it would piss me off as a shareholder that Apple couldn't sell phones in the EU anymore.

    1. Rattus Rattus

      Re: "that Apple couldn't sell phones in the EU anymore"

      See, every cloud does have a silver lining!

  49. steve hayes
    FAIL

    Ridiculous

    As an IT aware person, like many here, I can think of a few ways which could get around any 'interception' of encrypted communications assuming it was done in an organised manner. I am sure there are far better 'brains' than mine that could think up even subtle better ways.

    Apart from risky backdoors, it is a fundamental requirement of the security of business and banking that transactions are fully secure. Perhaps the EEC and Trump should seek advice from the 'Ruskies' who seem to have some sort of an advantage on this.

  50. Stevie Silver badge

    Bah!

    And on the eighth day the banking system got rooted and the world was forcibly pushed back onto the barter system, which in turn caused the collapse of the taxation systems across the western world bringing with it the destruction of each and every government bigger vthan a village bowling green maintenance committee.

  51. oneeye

    World's Experts Speak Out

    Here is a paper by some of the top experts on Encryption and Information Security.

    PDF,encryption paper,experts

    http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=6

  52. Anonymous Coward
    Anonymous Coward

    Her name appears Eastern European

    They should know better than most about the dangers of states spying on their citizens.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019