EU governments plan to ban secure encryption

[StDragon]

So the EU doesn't trust its own citizens. We knew that, what else is new?

[Poison4K]

Boy, the UK really got out at the right time, huh? lol

[aDoomGuy]

That's it! I'm going to the stone age, who's coming with me?

[Kisai]

12 hours ago, Sauron said:

I don't like this because it's really not necessary or particularly useful but it's not a blanked ban.

In some cases "accessing encrypted data" necessarily means adding a backdoor.

There is no way to ensure only good guys use the backdoor key, just like there is no way to ensure only good guys have access to guns.

 

As far as personal devices go, this is what the purpose of OS's like OpenBSD/NetBSD/FreeBSD/Linux were designed to counter. Open source projects have security libraries that are part of the OS have a lot of eyes on them. Windows doesn't. Mobile devices have no way to be checked if a backdoor hasn't been installed on them by an intermediary (eg say you asked someone to change the battery in the device and they went further.) https://www.cnn.com/2020/08/26/tech/tecno-malware-africa/index.html

Quote

London (CNN Business)Software that eats up mobile data and registers people for unwanted subscriptions has been found pre-installed on thousands of low-cost Chinese smartphones in Africa more than two years after it was first detected.

The Triada malware signs mobile users up to subscription services without their permission and has been discovered on Tecno W2 smartphones in countries such as Ethiopia, Ghana, Cameroon and South Africa, according to a report published this week in partnership with BuzzFeed.

 

This kind of thing happens because a third party has access to the phone and can make changes to it without the user being aware of it. Like if you lived in one of those countries, you're not going to be able to reimage the device to ensure the ISP or the store it was bought from didn't tamper with it.

 

So let's say the EU ISP's take these rules to mean that they have to install backdoors in every device sold, just in case their subscriber is implicated in a crime. All that's going to do is encourage people to buy unlocked devices from another country that doesn't have these rules requiring backdoors. Assuming one exists.

 

[Sauron]

6 hours ago, Kisai said:

There is no way to ensure only good guys use the backdoor key

I know, I never said otherwise.

6 hours ago, Kisai said:

So let's say the EU ISP's take these rules to mean that they have to install backdoors in every device sold

That's reaching for straws, first of all ISPs are not the manufacturers of those devices and secondly something like that would go well beyond what is "necessary and proportional".

 

Again, I'm not saying this is good but it seems to me like people are jumping to the worst possible conclusions over a very vague and very bland bill.

[jagdtigger]

10 minutes ago, Sauron said:

Again, I'm not saying this is good but it seems to me like people are jumping to the worst possible conclusions over a very vague and very bland bill.

Because if there is a abuseable loophole like this its not a question if they are going to abuse it but when.

[Orange1]

Just now, jagdtigger said:

Because if there is a abuseable loophole like this its not a question if they are going to abuse it but when.

They have loopholes for a reason, they arent dumb. Thats why when you found a loophole to help yourself out you must abuse that loophole to the legal limit. Law Makers know this.

[Sauron]

1 minute ago, jagdtigger said:

Because if there is a abuseable loophole like this its not a question if they are going to abuse it but when.

There are SO many loopholes that could already be exploited... in most cases it's not worth the hassle and the cost of years-long legal battles with every major tech corporation under the sun.

[Thaldor]

11 hours ago, Mihle said:

There is only one part of EU that have written this draft, I really doubt it of will go through.

 

A draft do not mean it will actually happen at all.

Even draft is kind of overshot with this one.

 

People are jumping into new heights over a paper that is basicly a revised summary of things talked about in an informal video conference between justice and home ministers of (some) EU countries which will be presented (if no one is against it) to the standing committee of internal security which then can decide do they want to do something with it, like present it to the committee of permanent representatives which then could prep it and present it to the actual EU Council for starting the work to make it a directive.

 

Basicly some people talk about this and decided this was nice wording for an idea and it will be presented to a expert committee which then will talk about it and make their adjustments and whatever before deciding do they want to take it forward to more politically centered expert committee which will then do the same except if they decide to take it further, then it would be actually something that might become something seriously taken if the majority of the Council is for it.

 

So, yeah... This is very serious matter since EU will be banning encrypting this decade or the next because some people in video chat talked about it and someone decided it was a good thing to make it a bit more official.

[sof006]

Makes me think of the new Watch_Dogs Legion game.

[Albal_156]

It sounds like they are looking for an easy solution to something they should be have doing anyway i.e. monitoring and shadowing the guy so they would know if he was buying ammunition and he was also known to police.

[Froody129]

Is it a necessity of asynchronous encryption that the provided public key is tied to an owner? What's stopping someone from just encrypting their data and the government not being able to track them. This would just be another case of everyone except the intended targets being harmed by a law.

[mousesnob]

How would the go about restricting people for encrypting their stuff?

[Prodigy_Smit]

Again this is the most retarded thing I have heard from the EU. Also I am sure that the President of the EU would have his communications encrypted even with this law. Its just a bad idea all around.

[Mark Kaine]

4 hours ago, mousesnob said:

How would the go about restricting people for encrypting their stuff?

This is more about having a backdoor or 'trojan' on everyone's computer rather than encryption. To my understanding. 

German government wants this since 20 years, they already had it then it was deemed illegal, but you can be sure they'll keep trying until they got what they want. 

[vorticalbox]

Criminals by definition don't follow the law, so wouldn't they just encrypt the text/image before sending it over the now back doored app?

 

As always this has nothing to with stopping criminals, it's hidden under the cover of doing something good but really it's so government can get more Intel on its people.

 

How very 1984.

[Kisai]

16 minutes ago, vorticalbox said:

Criminals by definition don't follow the law, so wouldn't they just encrypt the text/image before sending it over the now back doored app?

 

As always this has nothing to with stopping criminals, it's hidden under the cover of doing something good but really it's so government can get more Intel on its people.

 

How very 1984.

Like, you can always layer encryption. It's not like you can't just encrypt a URL in a QR code, and whatever is spying on the phone only see's a QR code, not  "send the drugz to this address". Stegographic applications exist.

 

[Letgomyleghoe]

On 11/9/2020 at 4:19 AM, dasbene said:

These backdoors can be miss used or leak to goverments or organizations that are not trustworthy. Its difficult enough to keep the ship of encryption afloat without someone wanting to drill holes into it.

 

depends, if the stub is created for two pc's and the one for the government for monitoring it could remain safe, or people will just start learning how to create their own stubs...

[straight_stewie]

On 11/9/2020 at 9:29 AM, Intergalacticbits said:

Personally I want people who fight crime to have the tools they need to protect people.

This is just as tired an argument as the terrorism argument.

For those of us that live in the US, the government is not allowed to require us to open a safe for them, whether or not they have a warrant and whether or not we are found guilty of a crime. 

They are allowed to attempt to open the safe themselves after receiving a warrant to do so from a judge. To get this warrant (outside of the FISA circle), it is required that law enforcement officials prove that there is evidence necessary to solving the case hidden in the safe. Again, this does not require you or the safe manufacturer to help them, it just allows them to attempt to get into the safe themselves.

The data on your hard drive should be treated identically to letters or files in your house, and to push the notion that it shouldn't is exactly the same as pushing the notion that the government (whichever one applies to you) should be allowed to send representatives of the government to your house to search your house with or without any cause to do so.

[Kisai]

2 hours ago, straight_stewie said:

This is just as tired an argument as the terrorism argument.

For those of us that live in the US, the government is not allowed to require us to open a safe for them, whether or not they have a warrant and whether or not we are found guilty of a crime. 

 

This is probably the biggest argument against electronic locks in the first place. Store a hard drive inside a safe, and nobody is gonna be able to decrypt if they have to destroy the safe to get inside it.

 

IMO, I wonder if anyone has devised a phone case or laptop case to the same idea. I doubt anyone is going to carry around a 20lb phone safe, but it might be something considered to turn off and airgap a device when it will be out of your possession.

 

2 hours ago, straight_stewie said:

They are allowed to attempt to open the safe themselves after receiving a warrant to do so from a judge. To get this warrant (outside of the FISA circle), it is required that law enforcement officials prove that there is evidence necessary to solving the case hidden in the safe. Again, this does not require you or the safe manufacturer to help them, it just allows them to attempt to get into the safe themselves.

 

Which is why compelling Apple or Google to unlock a device is futile. If the device is encrypted and the key is part of the user's faceid/pin/password then it's not going to help.

2 hours ago, straight_stewie said:

The data on your hard drive should be treated identically to letters or files in your house, and to push the notion that it shouldn't is exactly the same as pushing the notion that the government (whichever one applies to you) should be allowed to send representatives of the government to your house to search your house with or without any cause to do so.

I don't know, a lot of stuff is turning encryption on by default, and it starts looking like a recipe for disaster if end-users encrypt all their data and then one day have a stroke or something and can no longer remember how to access it.

[straight_stewie]

1 hour ago, Kisai said:

if end-users encrypt all their data and then one day have a stroke or something and can no longer remember how to access it.

Possibly. But that's no excuse to make any law restricting the use of encryption in any way.