nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Europe to push new laws to access encrypted apps data

Silver badge

Re: No 6...

Thing is, with rubberhose cryptanalysis, you run the risk of encountering a wimp or a masochist. Wimps are too soft and faint at the mere threat; you can't keep them coherent enough to talk. Meanwhile, masochists get off on pain so just beg for more.

As for threatening family, they could also be estranged or black sheep, meaning they counter, "Never liked them anyway."

4
1
Anonymous Coward

Re: No 6...

Thing is, with rubberhose cryptanalysis, you run the risk of encountering a wimp or a masochist.

.. which brings us back to Drupal ...

:)

2
0
Silver badge

Re: No 6...

That wasn't due to masochism, though. More due to having a Gorean (male-supremacist) mindset which means women can get offended.

2
0
Silver badge

This is the European Commission speaking, largely a mouthpiece for the various EU governments. As such the tech companies should call their bluff and force it to a vote on a law (with explanations of how such a back door won't be discovered and abused) to the European Parliament. Many MEPs don't share the same authoritarian streak and it might just get kicked back when the public realise how their own privacy is being screwed over.

26
0
Anonymous Coward

Nah, they'll just couch it over until it's already passed. It's harder to overturn an already-in-force law than to prevent its passing.

2
0

You don't seem to understand how the EU works.

The EU is not a democracy; in fact it's deliberately designed to bypass and nullify democracy.

The Commission is the only body that can propose laws, and if it does, the Parliament can do no more than discuss, object, and (slightly) delay.

This is not a Parliament in the normally understood meaning of the word, it's just a bit of window-dressing; what the Commission wants, the Commission gets.

11
15
Silver badge

Funny. You describe (modulo the Commission being a different word) the process that happens between our government and parliament, then say it's not a parliament.

Our parliament doesn't propose laws either. It just does what it's told by government. Or it misbehaves and makes it all the easier for Sir Humphrey to play them off against his minister.

14
2
Silver badge
Silver badge

Our parliament doesn't propose laws either.

It can, via Private Member's Bills. These are limited in what they can do, though, and generally have a low probability of getting passed.

4
0
Anonymous Coward

The EU Parliament can stop legislation it does not agree to. The European Council also can. I'm sorry if it does not fit your view of the Big Bad Evil Tyrannical EU, but that's how it's been deliberately designed, in order to not repeat the mistakes of the past. A never-seen-before 60 years of peace seem to indicate it doesn't work so badly.

https://europa.eu/european-union/eu-law/decision-making/procedures_en

11
0
Happy

@Nick Kew

Nick,

indeed!

And we have the possibility to kick the 'offending' MP out of office at the next election if enough of the local & grumpy population choose to do so...

Cheers,

Jay

1
0
Happy

@AC

AC,

indeed the various bodies MAY have such capabilities, I wonder how often they have been used???

Apols as I don't have time atm to do some research...

Cheers,

Jay

0
0
Silver badge

This will not go well

Actually, I take that back. It will go very well for some criminals who can't wait for this to happen fast enough so they can get to work.

9
0
Silver badge

Banning delete after forward

How's this going to work? Will deleting e-mail or moving it to local storage become illegal in a poorly drafted law because they thought about IMs only?

If e-mail is not included, what's to stop an IM app using e-mail as the back end?

3
0
Anonymous Coward

Re: Banning delete after forward

they will have to make the transmission and storage of any information in an encrypted format illegal. Thats if they want to make a law without loopholes. but in actuality it will be unworkable and swiss cheese and differently interpreted in all the countries.

so no encrypted chat programs, or email and no whole disk encryption

so more govt laptops with state secrets left on a train or back of a cab.

7
0

Re: Banning delete after forward

> they will have to make the transmission and storage of any information in an

> encrypted format illegal

Trouble is, what is encrypted data. I can see a lot of conversation like:

Gov: Why are you sending encrypted data?

Me: WTF? I'm not

Gov: Explain this then...

Me: It's the install keys for a bunch of products on our shared MSDN account

Gov: (eyes glaze over, understood some of those words) Rubbish, it's encrypted, decrypt it

Me: It's not encrypted

(Rinse and repeat)

Of course it would also ban SSL and WPA encryption on wifi. It would be the end of e-commerce, at least on wireless networks.

9
0
Anonymous Coward

1984

Was optimistic.

Case in point, everyone over here recently had to upgrade their ccards because the encryption wasn't strong enough.

What happens when lawyers find out that their £1,000,000+ legal case is basically worthless because the opposing lawyers got hold of the case files and email correspondence because someone leaked the key(s)?

8
0
Anonymous Coward

Re: 1984

Not even slightly realistic. It says nothing about Big Sister.

I'll get my coat.

1
0
Silver badge

Strong encryption exists, and is "in the wild".

That horse has bolted. The worms are out of the can. There is absolutely nothing that any .gov can do to change this. It's not going to stop them trying, though. My advice? Point your collective fingers and laugh at the idiots early and often. Send snail mail to your elected officials. Vote, and explain why you voted the way you did.. Be vocal. Let them know that some spills are far to massive to cover up. It probably won't do any good (politicians are immune to free technical advice; they require money, lots & lots of money), but along the way you'll undoubtedly inform a few more people as to the reality of the situation. Maybe, just maybe, eventually someone in power will see sense ... but I'm not holding my breath.

20
1
Silver badge

Re: Strong encryption exists, and is "in the wild".

"There is absolutely nothing that any .gov can do to change this."

Yes, there is. Simply ban the use of any and all encryption that cannot be cracked by the state. Declare it an act of TERRORISM or whatever that means if you're caught, you and anything associated with you are basically ruined forever.

Then you just have to deal with stego, which has its own limitations, especially for improvised messages. mandating media mangling would probably be a good start there.

3
4

Re: Strong encryption exists, and is "in the wild".

Yeah, that doesn't work politically: no such thing as "simply ban".

5
1

Re: Strong encryption exists, and is "in the wild".

It wasn't that long ago encryption was considered a munition, but those days are long gone.

This whole thing is a farce. Apps like WhatsApp moved over to encryption *because* of the amount of snooping governments want over their (mostly) law-abiding citizens. You reap what you sow. Don't complain when your poorly thought-out, ill-conceived and utterly ridiculous plans back-fire. And don't make things worse with a knee-jerk, even more poorly thought-out and more ridiculous reaction.

Even if you could change the laws of mathematics and they get their super-safe backdoor into otherwise (practically) unbreakable encryption, what then? I would imagine terrorists and -- worse -- copyright infringers will just use non-crippled encryption, leaving LEAs across the globe spending all their time decrypting peoples' cat pictures and messages about what they had for dinner.

19
0
Anonymous Coward

Re: Strong encryption exists, and is "in the wild".

"Declare it an act of TERRORISM or whatever that means if you're caught, you and anything associated with you are basically ruined forever."

In the England that law already exists. For T & P investigations - if you fail to provide a key for your encrypted files then it's 2 years in prison. On release it can be repeated indefinitely if you still don't provide the key.

6
0
Silver badge

Re: Strong encryption exists, and is "in the wild".

Which allows the perfect blackmail. Slip a block of pure random data into a user's computer and then tell Scotland Yard the victim is a pedo. No way to prove the block isn't his, absolutely impossible to decrypt (because it was never encrypted to begin with), you tell the news about it, and it's Game Over.

9
2

Re: Strong encryption exists, and is "in the wild".

It still requires that the accuser proves that you know the key. If you genuinely don't know the key it would be torture to detain you for something you do not have or have not done.

For example:

(A) you refuse to give them a key >> go to jail, do not pass go, do not collect £200. with this you have let them know you have the key and that you just simply refuse to provide it.

(B) someone plants a random encrypted file on your computer. you do not know the file exists and you do not know the key. The accuser also cannot prove you have the key, you get off but might still get monitored to be sure.

On my computer I have a swap file because certain programs don't like it disabled. So for good measure it is configured to re-key every time I reboot. The key used is simply the input from /dev/urandom or /dev/random so not even I know the key.

4
0
Silver badge

Re: Strong encryption exists, and is "in the wild".

But it's not necessarily torture if it's "Think of the Children!" or "Do It or the Earth Explodes!" Plus you can just say, "He's lying!" and support your case by replacing one of his legitimate files that's frequently accessed.

0
2
Anonymous Coward

Re: Strong encryption exists, and is "in the wild".

The only ones who'll enforce a ban on encryption are the Stasi and they're long since gone.

Oh wait....

1
0
Silver badge
FAIL

Re: Strong encryption exists, and is "in the wild".

IIRC in the book "Worm" by Mark Bowden there's a section where he talks of computer forensics, especially in a case just like this. There are ways to detect if a file has been planted or not.

There's whole lots of other procedures in place that would quickly show that a case like the one you proposed is rubbish and it would be unlikely to ever go beyond the initial investigation. The person who made the accusation, however, could find themselves up on charges quite quickly. Cops are aware that people try to plant files and make allegations, but a false allegation needs a lot more than just planted files to make it stick.

But please, go ahead and try it on someone. See how long it is before you meet your new bestest friend Bubba.

0
0
Silver badge

Politics

It's worth noting that this is the much maligned commission acting as it often does at the behest of the member states. Speculation about what exactly will be proposed should be avoided but the wonks at the commission will be aware of the impossibility of getting backdoors for true end-to-end encryption. And the ECJ has already ruled in favour of individual's right to privacy. So this sounds like a stick to beat the tech companies with for better cooperation: get those AIs to do something useful like monitoring phones and reporting any "suspicious" activity.

If end-to-end encryption becomes illegal, which I very much doubt, it's hardly likely to stop anyone who is already breaking, or considering to break, the law…

10
0
Anonymous Coward

Back to the future

Back-doors into encryption will have no effect on savvy criminals, terrorists and those engaging in espionage. It only opens the door tor state sponsored intrusion into commercial and personal messaging. There is no secret how to ensure secrecy; it just requires a little preparation. Pre-arranged messages in clear have always been preferred if you want to hide your true meaning - "How's your father" could easily mean "attack is go/no-go" or just what is says. One-time pads properly used are uncrackable. In reality is is often not what is said as to whom and when, that is required to track, detain and convict a suspect (yes back to metadata again). Whatsapp and their like are just a convenience for lazy perpetrators. If you are a really serious terrorist a back-door will only be a minor inconvenience.

17
0
Silver badge
Stop

Re: Back to the future

Exactly, anyone who is legitimately worried that a government may be surveilling them (ie terrorists, political campaigners, spies), already knows that their electronic communication is compromised, and will fall back to the 1950's era techniques that still work (eg dead drops, book codes).

And of course, all the communications surveillance in the world is unlikely to catch the lone nutters like Breivik or Masood.

8
0
Silver badge

Re: Back to the future

But with a greater chance of a Panopticon, the odds of a dead drop being watched or a First Contact being moled are greater.

0
2
Coat

Re: Back to the future

Oh, sort of like the messages, intended for the French Underground/Resistance, transmitted in the clear by the BBC, just prior to the D-Day landings, during World War II?

Everything old is new again?

Dave

P.S. I'll get my coat. It's the one with a pocket full of message slips, with phrases such as "John has a brown cow.", "Becky has a large garden."

4
0
Silver badge

Re: Back to the future

Code systems STILL need some kind of exchange to establish it, which puts you squarely in the First Contact problem (meaning you can be moled). Unless you can demonstrate a means to establish a code system without actually meeting in person?

1
1
Silver badge

Re: Back to the future

Even if you do meet in person, that's no guarantee that you can trust them to keep your secrets. Internal betrayal is always a problem.

Hopefully, if the security services are throwing resources at ELINT, they won't be spending as much on HUMINT, so your new pal is less likely to be an undercover police officer come to cheat on his wife with an activist or two.

2
0
Anonymous Coward

As someone who has worked both sides of the coin (Government/Public vs Private), the one thing that terrifies me is how often Government (though unintentionally and bumbling ) get it wrong, they get the wrong John Smith or the wrong address or the Telephone/ mobile / Email etc.

A good example of this here....http://www.bbc.co.uk/news/technology-37048521

Now they are advocating back doors, it's almost as if none of them understand the Risks or implications of their legislation - Whether it's applications of Cipher-Block-Chaining (currently a massive area of growth and R&D) , or Post-Quantum Cryptography.

The fear of Terrorism (or as I call it, Criminal Violence) is disproportionate to the Risk, it's irrational and it has to stop.

23
0
Anonymous Coward

"... it's almost as if none of them understand the Risks or implications of their legislation ..."

No, what is worse is that they don't care as long as it makes for a good sound-bite - "Look!! I'm being tough on crime!!"

7
0

[QUOTE]

The fear of Terrorism (or as I call it, Criminal Violence) is disproportionate to the Risk, it's irrational ...

[/QUOTE]

It is irrational. But when has a large number of people ever been rational?

5
0
Silver badge

Especially when the ACTUAL risk of an existential threat is constantly rising. By definition, no one can survive such a threat, so you can never defuse that kind of fear without encouraging suicide.

0
0
Silver badge
Facepalm

Legislation like this

Is why we are leaving the EU!

Oh, wait.......

14
0
Silver badge
FAIL

Stupid is a universal constant

Fucking idiots.

They'll be the first ones to wheel out the fine-gun under GDPR when companies start to lose date through the legislated back doors.

7
1
Silver badge
Joke

Re: Stupid is a universal constant

Down-voted for the correct spelling of 'lose' in this context.

4
0
Silver badge

So wrong

By luck, such a foolish legislation shouldn't pass the European Parliament.

1
0

Re: So wrong

EU parliament has no legislative authority.

0
6
Silver badge
Silver badge

Re: So wrong

It depends on the kind of legislation. Parliament can propose changes or may be limited to just accepting or rejecting.

There are other kinds of legislation which do not involve Parliament, i.e. Commission only or Commission + Council.

Parliament doesn't have initiative, i.e. it can't propose laws, the Commission has that.

0
0

Re: So wrong

I don't see why I got downvoted. The Euro parliament has no legislative authority. It's in the same position as the House of Lords. It can reject or accept legislation and suggest modifications, but it has no power to enforce them. It can't legislate. That means it has no legislative authority.

Legislative authority rests with the Commission and the Council. If the Parliament rejects the Commission's legislative proposal or proposes amendments that the Commission or the Council aren't interested in, the two bodies can turn around and say "we're passing it anyway."

0
0
Anonymous Coward

Ok so you install back doors on all the companies you can in the west.

Terrorist start using apps from the east.

Where does this leave you? Block or ban those apps? Good luck with that as you don't understand how the internet works because for every app you block 10 new ones could pop up.

They know this which makes it even worse because they can't all be that stupid. Someone must have pointed this out at some point.

You may think tin foil hat but I'm seeing this differently in that there is something else going on here and it points to totalitarian regimes.

13
0
Anonymous Coward

and picture messaging will be banned

..because steganography? OFFS when will these turd brains realize they are backing the wrong horse. The internet has already out-smarted them and it is at a lazy trot, just wait till they turn up the heat and it breaks into a canter. Meanwhile lawyers get richer, consumers and IT suppliers get billed, Police get even more frustrated, and MPs show themselves to be even greater nitwits than we already knew they were.

Steg can be detected!? Some forms can, and, at best, some images can be highly suspect because of noise characteristics. Go for busy, moody, grainy shots to best leave them guessing.

Even steg found does not equate to means broken. Message is encrypted anyway so even if you separate the message from the carrier you are now into round two. Which for a halfway decent encryption scheme means the next new challenge for a cow shed full of qbits* and some very, very brainy people - plus a HUGE bill per message.

Yeah pass the law to stop the tide coming in - I'll stand on the beach with popcorn and laugh while you drown. Then we will need a new law to seize your assets and pensions to (part) compensate the companies and tax payers for this debacle.

Four people died recently because of the actions of one lone nutter (also dead). How many people died in the UK on the same day as a result of accidents and incidents not related to misguided nutters? The excuse does not add up - so what, or who†, are 'they' really afraid of?

*allegedly, in the best spirit of Eye and HIGNFY.

† I do so hope the answer is 'us' - because ... icon.

8
0
Silver badge

Re: and picture messaging will be banned

Mangle pictures in transit and most stego gets squashed. Who cares if you can't detect it if you make it practically useless for "The Bad Guys"? You're still coming out ahead.

0
4

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing