The European parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) has put forward a proposal that would amend the EU’s charter of fundamental rights to extend privacy rights to the digital realm and prevent governments of EU Member States from backdooring end-to-end encrypted services.
“This Regulation aims at ensuring an effective and equal protection of end-users when using functionally equivalent services, so as to ensure the protection of confidentiality, irrespective of the technological medium chosen,” they write in the draft eprivacy proposal.
“The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.”On encryption the committee amends an earlier text, proposed by the EU’s executive body, the European Commission, to state: “[W]hen encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”
It’s only a committee proposal for now that will need approval from the European Parliament, but at least it’s something. It also happens to fly in the face of European leaders, who are talking of weakening encryption or banning it outright.
This proposal would obviously be the right thing to do, but with so many leaders around the world exploiting the wholly irrational fear of terrorism (you’re much more likely to die sitting on the couch than at the hands of terrorists here in Europe) among the media-primed public and people falling for that nonsense hook, line, and sinker (see Brexit, Trump, and extreme right parties in The Netherlands and France), this proposal will most likely not make it.
They’ll find a backdoor to their own legislation against backdoors. That’s how governments work.
I’ve said it.
I guess it depends on how you define back door, but yeah you can definitely tilt the odds in your favor if you design the math just right. See NSA and DES.
https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.27s_invol…
I’m neither a physicist nor a mathematician, so I don’t really understand quantum computing, but I’m interested in the influence that it will have on the debate.
I think we should start considering this as – at least according to popular publications – governments and educational institutions might gain access to real quantum computers in the next few decades.
In this light, banning encryption or not hardly matters since quantum algorithms to crack our known public-key systems have already been conceived. ( Think of Peter Shors work on cracking RSA and Diffie-Hellman )
As I understand it, I think a sensible compromise between being able to get criminals’ data and giving regular citizens the tools to protect their privacy is possible. We just need to ban civilian use of quantum resistant encryption.
Obviously, this will not help protect us from the government. It’s a compromise that can be made to address the fact that people are more worried criminals get privacy than they are about themselves losing privacy ( maybe rightly so … )
Also, the debate about encryption should be in the least about terrorism. However threatening you find terrorism to be or not to be, terrorists aren’t even a small fraction of the bad people that can maliciously benefit from encrypting evidence.
I’m less afraid of the “bad guys” than I am of what our government is likely to become. Your argument sounds like a dressed up version of the “if you have nothing to hide you have nothing to fear” crap. How well did that work out for the people east of the Berlin Wall (and that predates the average person owning a computer at all)? How well does it work now for people in China?
Of course, the arrogant way you used the word “civilian” already shows me your mentality regarding the rest of us.
I’m sorry, but I’m not even going to rebut a post so full of strawmen. Also, how on earth can you use the word ‘civilian’ arrogantly?
I never made any of your points. What I’d like to hear others’ opinion about is the idea I have that the rise of quantum computing can actually be beneficial to those concerned about privacy. If there’s no problem with users using strong non-quantum-proof encryption for their privacy but people can still feel secure because a quantum computer can crack that encryption in a life-or-death scenario, will we not reach an equilibrium optimally to the side of privacy in this increasingly paranoid world?
People wanting to feel safe is a reality politicians have to deal with. And I said that people are maybe right to value safety over privacy because I don’t want to pretend to know it better than my “dumb” peers like so many people in the tech community like to do. Wanting to feel safe is a basic human need. In an ideal world people would be more rational. But this is not an ideal world and it would be a nice thought that new technology could at least pull the brakes a bit on this dangerous trend.
People who sacrifice freedom for safety will have neither. If we sacrifize our freedom to privacy in order to be protected by the government, then who protects us against the government? Nobody will. If we sacrifice our freedom to protect ourselves against the government for safety provided by the government, then the government will become the very terrorists that we gave up our freedom for to be protected against. And then we will not be able to defend ourselves against them. Thus we will end up with neither freedom nor safety.
People who think that they can get safety by making themselves and everyone else completely vulnerable to a certain group of strangers are deluded. Especially if those strangers are a government controlled by psychopathic bankers like the US government is.
The government is just another corporation seeking profit and power. Would you want McDonalds or Walmart to be able to see all your private communications? No? Then you probably should not let the government see either.
You know, a modern democratic government is not monolithic, it has check and balances. If most of the Western world has given the monopoly of violence to governments without these countries becoming totalitarian dictatorships due to these checks-and-balances, why could we not safely allow our security services access to a tool that can break our privacy?
Of course, blind trust in a government is a pernicious idea. Americans are 100% right in that. But governments will always have dangerous tools to their disposable – how many people would really pay taxes without that gun? -. Seeing as a world without government does not seem feassible, the art is in giving governments CHECKED power.
And also you should factor in that quantum computing might be quite expensive, even for governments. So if my idea was implemented, I doubt the government would waste its “cycles” on Joe Sixpack.
Did you not get the memo that governments have no problem either ignoring the rules, changing them with or without anyone’s knowledge, or simply doing things behind closed doors while telling you it’s none of your business what’s going on. Our government is supposed to have checks-&-balances baked into it. And considering this countries history from the beginning until today, how well has that worked out? How do you explain the massive abuses of power? The massive transfers of wealth to the top 1%? The massive meddling and manipulation in foreign governments? The historically low approval ratings? The blatant disregard for the public will and good? If you’re American, you live in a country whose government has proven repeatedly that it will lie, cheat, steal, and anything else to get what it wants. Does that make you feel safe? Do you believe mass domestic surveillance is healthy? Are you ok knowing practically every aspect of your life is being logged? Whether or not you have anything to hide is 100% irrelevant and not the point. Society, and more basic, human beings, simply don’t do well without having a sense of privacy.
Privacy – the illusion and whatever privacy actually still exists in todays world, is vitally important. It’s worth protecting and worth defending. I don’t know many people who actually fear “terrorists” or “terrorism”. I know a lot of people who absolutely fear abuse of power and the people by the government.
So much for “CHECKED power”…
The people greatly outnumber the government. If the government would initiate force on a whim without first preparing the people using lies and propaganda they would be destroyed by a revolution. The way that governments work is by first using lies and propaganda to shape the peoples perception of reality and then they can gradually take rights away. This often needs to be done over multipe generations. And in fact it is being done to great success right now in the west.
So just because the government does not posses the ability to use force on a whim does not mean they are not dangerous. Take any dictatorship that has ever existed. Do you think that a small group of dictators could ever stand up using brute force alone against the many people they were oppressing? Dictatorships get made with information. Spy on the people to find out what they are thinking and use propaganda to alter it.
This is how they turned once independent, free, and strong Americans into the weak fat dependent dumbed-down enslaved Americans we see today.
The government is our biggest treat to liberty. Dictatorships always come from the government. Not ISIS, not Al-Qaeda, not normal Jews, or whatever terrorist of the month they come with. It is always the government and those that control it which a country has to fear. So if we should have privacy against someone then let it be against the government and the ones they truly work for.
There are some public-key cryptosystems that are not vulnerable to known attacks by quantum computers. They’re not even new algorithms, just ones that were impractical due to the sizes of keys or the amount of memory/CPU required to run them. One of the ones we’ve worked on was proposed in the 70s, IIRC.
Note also that symmetric cryptosystems like AES are safe already, if you double the size of the keys you’re working with; for example, using AES with 256-bits of security is the equivalent of 128-bits of security against a quantum adversary. That’s generally “good enough”.
Disclaimer: I work for a startup implementing this sort of thing.
Looks like a well intentioned first attempt but I don’t like the language used. Limiting or blocking monitoring and backdoring is fine but limiting reverse engineering, even to governments, is not. Encryption algorithms need to be attacked to be secure. That is the reason why you should not write your own encryption algorithms.
The european centre-left parties are among the strongest supporters of limiting civil liberties, particularly freedom of expression and right to privacy. In close competition with the mainstream centre-right.
The far left and the far right – as well as non-mainstream libertarians (left and right kinds) are on the other hand usually opposed to these limitations. It cannot be reduced to an evil agenda by the admittedly extremist far right.
Actually, this is not as true as you make it out to be
I’m Belgian so I don’t know if I’m completely correct, but as far as I can tell you have two centre left parties in the Netherlands: PvdA and GroenLinks.
GroenLinks is openly in favor of strong encryption:
https://www.security.nl/posting/484275/GroenLinks+voor+sterke+encryp…
PvdA’s website is http://www.pvda.nl. They appear to support several good cybercauses such as net neutrality, but not a single word is said on banning or safeguarding encryption
In my native Belgium encryption is barely a topic of debate. A Flemish nationalist ( centre right )politician proposed it but the proposal silently died. No leftist party, centre or extreme, did proposals on an encryption policy. We did win a lawsuit against Skype once because they would not give our intelligence services access to calls, but seeing that Skype clearly has backdoors how that would translate to a stance on encryption is not clear at this point in time.
It’s true that the leaders of France and Germany have made a proposal to effectively ban end-to-end VoIP, but at least in France that’s definitely not a partisan issue.
So, you are misinforming people. Few European parties are effectively pushing for an encryption ban. I think the British Conservative Party is quite lonely in that regard.
This will also benefit individuals who cared for their freedom, this will also enhance the security of the communication used by terrorists and further protect them from government spying.
The is the true essence of western democracy, protect everyone including terrorists, regardless of their beliefs including extremism.
My country is still battling terrorists that captured few villages in the heart of Marawi City. ISIS is one of the fruits of western imperialism, regime change and interventionism.
Edited 2017-06-21 00:20 UTC
Are you under the impression that bulk spying on everyone’s emails & texts is the only way to identify a threat, credible or otherwise? A government spying on its’ own people `for their own good` is not a new idea. We’ve been to this rodeo before. It has never ended well. But, you know, I’m sure it will be different this time…
No, there should be something that the government can do if a terrorist will use a secure network to hide his communication.
I really like encryption for privacy purposes, but we should find a way to defeat terrorists from using this medium.
allanregistos,
I don’t think it’s wise to allow governments to pass crypto regulations that are fundamentally impossible to enforce without extremely draconian mass surveillance and censorship of the internet.
Consider the DVD-Jon case where the MPAA sued thousands of individuals over crypto code and still never managed to put the cat back in the bag. There’s absolutely nothing the government can do here short of curbing significant portions of our constitutional liberties.
I don’t know if you recall this, but in the 90s the US tried and failed to regulate cryptography under munitions laws, they couldn’t stop crypto from crossing national boundaries. If government were to mandate backdoors, it will just increase the use of unauthorized crypto. Crypto is here to stay whether we like it or not.
Just use a set of dices and Rubick cubes.
The effort should be now to STOP the diaspora.