back to article Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

The tech industry has hit back at France and Germany's demands for EU laws requiring secret backdoors in file and communications encryption. Last week, Thomas de Maizière and Bruno Le Roux, respectively the German and French ministers of the interior, sent a letter to the European Commission calling for measures to stem what …

Page:

    1. Phil O'Sophical Silver badge

      Re: Please raise your left hand

      « Pour compléter ce dispositif, la révision do Code Frontière Schengen permettra de procéder à des contrôles systématiques aux frontières extérieures pour les ressortissants européens et étrangers. » Again, emphasis in the original.

      The French politicians for some unknown reason have always been extremely reticent to move their police away from their borders and in France systematic controls have been occurring ever since Schengen was put in place, always with one excuse or another.

      In the original text, doesn't "frontières extérieures" mean the external borders of the EU, not those of France? I would read that as saying that the revision to Schengen allows more extensive controls around "Fortress Europe", not as a desire to increase controls at French borders with the EU. In any case France reintroduced internal border controls with the state of emergency declared after the Charlie Hebdo and Nice attacks.

      1. Anonymous Coward
        Anonymous Coward

        Re: Please raise your left hand

        In the original text, doesn't "frontières extérieures" mean the external borders of the EU, not those of France?

        Yes it does, but: a) border controls already are or can be systematic at Schengen's external borders, and b) you do not need to review the "Schengen Border Code" (whatever that is) in order to do controls at a non-Schengen border.

        As I said, it is written in political language. It is a bit like when they say "no more taxes".

        > In any case France reintroduced internal border controls with the state of emergency declared after the Charlie Hebdo and Nice attacks.

        No. That was just their latest excuse at the time. "Non-systematic" but suspiciously regular controls have always taken place since day 1 of the Schengen agreement. At first they did not even bother to remove the border posts (the one between France and Spain was eventually rebranded a "logistical" facility) until after heavy fines from the EC, about fifteen years ago. At the Italian crossing, they just hang around both entrances of the Mont Blanc tunnel and at the San Bernardino pass. They barricaded the A6 into Germany a couple years back, and so on.

        They just moved the PAF (Police aux frontières) guys away from the border itself and to the nearest motorway toll station. Try driving past one of those in a car with an "exotic" Schengen licence plate.

        1. agatum

          Re: Please raise your left hand

          As I said, it is written in political language. It is a bit like when they [politicians] say "no more taxes".

          So like what, "bullshit bullshit bullshit sun is hot bullshit bullshit bullshit"?

          Maker I hate that lot.

  1. Mephistro
    Flame

    Any politician that proposes shit like this...

    ... should have a legal obligation to provide the exact method to accomplish the feat while guaranteeing the bad guys -and that's a very ample category that includes many 'democratic' government officials- can't gain access to the keys or use mathematical methods to decrypt citizens' comms.

    Those not able -that is, everyone of them- should be put into a barrel and thrown into some big waterfall. Oh, and the barrel should be filled up to the brim with cacti.

    1. Charles 9

      Re: Any politician that proposes shit like this...

      "Those not able -that is, everyone of them- should be put into a barrel and thrown into some big waterfall. Oh, and the barrel should be filled up to the brim with cacti."

      And if they're masochists?

  2. codejunky Silver badge

    Ha

    "There may be British readers who are feeling rather smug about this latest European proposal, and think that Brexit UK will be immune from such silliness. Not so – Blighty already has legislation that paves the way for mandatory backdoored encryption, it just hasn't worked out how to force the issue yet."

    Actually I think there will be British readers who are pretty smug that the shining beacon of utopia has blown another bulb. And probably a few british readers scratching another reason to stay in the place of enlightened transcendence off their argument list with the same pen they scratched off the word 'eurosceptic' when the Euro failed.

    Of course we could all be happier if the various governments would stop intruding into our lives.

    1. Roj Blake Silver badge

      Re: Ha

      Except that the ECHR (which Mrs May will remove us from shortly after Brexit) will declare such blatant backdoorery illegal.

    2. Doctor Syntax Silver badge

      Re: Ha

      You may not have noticed but there's also some pretty draconian stuff already in place here whilst this stuff is only at a proposal stage. The ECJ would almost certainly have something to say about the proposal if it got into law. Sadly it's not going to get much of a chance to do much about our situation: even if we do get a ruling before Brexit it will very quickly cease to apply. The ECHR might do something useful as I'm not certain May can wriggle out of that. Actually GDPR is likely to shoot this down as it would effectively make compliance impossible.

      I don't see on what basis you dragged the Euro into this as the UK isn't in it and was never likely to have been and is quite irrelevant to encryption and/or back doors.

      1. codejunky Silver badge

        Re: Ha

        @ Doctor Syntax

        "You may not have noticed but there's also some pretty draconian stuff already in place here whilst this stuff is only at a proposal stage"

        Well the Germans were working with the NSA until they spied on Merkels phone. And now they are proposing doing similar stuff. Also I didnt drag the Euro into this I dragged eurosceptic into this as my comment clearly points out this is yet another argument for the utopia delusion of the EU to be scratched off in the face of truth. And that is very relevant.

  3. Scroticus Canis
    Big Brother

    "...law enforcement agencies or other competent authorities..." - LMFAO

    "Encryption technology should not prevent law enforcement agencies or other competent authorities from intervening in the lawful exercise of their functions,"

    First find ANY competent government authority.

    1. Doctor Syntax Silver badge

      Re: "...law enforcement agencies or other competent authorities..." - LMFAO

      In this context anything from your local dog-catcher and upwards would be regarded as a competent authority.

  4. Anonymous Coward
    Anonymous Coward

    So the U.S. doesn't have a monopoly on "crazy."

    So much for my retirement plans...

  5. Eclectic Man Silver badge

    Some things can be done

    It s possible to have a form of key escrow which allows for message recovery without key recovery, BUT it is convoluted and expensive.(*)

    I have two rather fundamental issues with the idea of deliberate backdoors in the algorithms (in addition to the ones listed by the august and intelligent readers of El Reg., of course):

    1 I do not trust every member of the government apparatus not to use my backdoored credentials to impersonate me.

    2 I do not trust all future politicians not to sign search warrants for the escrow agencies (something not considered the first time around by the civil servants in the late '80s / early /90s)

    (* My paper on this languishes as yet unpublished, but hey ho, maybe it is time to dust it off.)

    1. Paul Crawford Silver badge

      Re: Some things can be done

      This really nails one aspect on the head - I don't trust those in power (politicians or civil servants) to either by honourable in their use of such vast powers, nor do I trust them to be competent not to leak the lot on some train, etc, or through bribery or corruption.

      And that is before we get in to the practical business of how you make such a system that is technically workable and resistant to criminals (private or state-sponsored) who we have seen to have already broken in and looted massive gov data sets that ought to have been secure.

  6. Morrie Wyatt
    Black Helicopters

    Hah!

    And all this from the self-same countries that screamed blue murder over data sovereignty and "Safe harbor" because their citizens privacy might be impacted.

    Now we know why. This way they might be able to keep all the data where their backdoored encryption keys can be used to get at it.

    What? Me cynical?

  7. Lennart Sorensen

    Strong encryption already exists. So no matter what new encryption you invent with a backdoor (ignoring for the moment that you can't do that while also making it secure enough to be worth using), there is nothing stopping the criminals from just continuing to use the strong encryption, leaving the new backdoored garbage for the rest of us. So no help for law enforcement, just harm for everyone else.

  8. Jeffrey Nonken

    Exactly how many acts of terror have not been prevented due to encryption that could have, had such a backdoor been available?

  9. Franco

    Do the fucktards who come up with this nonsense honestly think that people believe it is purely for anti-terror purposes?

    Lets go back 80 years or so. Encryption wasn't an option for data transmission then, so instead the data itself was encrypted. Terrorist sends message encrypted via one time pad over an unencrypted channel and there is precisely heehaw that a backdoor can do about it.

    Of course, if we have nothing to hide we have nothing to fear though.....

  10. Herby
    Joke

    Godwins law, revised (as it relates to part of this discussion)

    s/Hitler/Trump/g

    Seems proper given the current political climate.

    I await thumbs up. :-)

    1. Yet Another Anonymous coward Silver badge

      Re: Godwins law, revised (as it relates to part of this discussion)

      But look on the bright side - the last time the Hun tried to do mandatory encryption we got computers as a spin-off

  11. Anonymous Coward
    Anonymous Coward

    So Much for EU Data Privacy

    It seems that much of the objection to EU-US data exchange is predicated on the NSA being able to grab the data of EU citizens without their knowledge. Many of us knew all along that this was a specious claim because the intelligence agencies of most EU countries do as much (if not more) than the NSA -- and now it is clear to all exactly what they are doing.

    I wonder how this push by the French and German authorities will affect some of the basis for court cases objecting to things like Privacy Shield or other efforts to promote privacy in the EU.

  12. Anonymous Coward
    Anonymous Coward

    "There's no mechanism in any real democracy to prevent this"

    The reason and the means:

    "That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, — That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government,"

    "A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed."

    1. Anonymous Coward
      Anonymous Coward

      'the right of the people to keep and bear Arms, shall not be infringed'

      It worked in the XVIII century when the government didn't have tanks and bombers, and soldiers had mostly the same weapons, and artillery was slow to be deployed.

      Today, it's utterly useless. Today or you have enough of the Armed Forces on your side, or you can't really have any hope to change the government with a bunch of people armed with guns. Actually, a pacific revolution could achieve much more.

      1. Doctor Syntax Silver badge

        Re: 'the right of the people to keep and bear Arms, shall not be infringed'

        "It worked in the XVIII century when the government didn't have tanks and bombers, and soldiers had mostly the same weapons, and artillery was slow to be deployed."

        I assume the US gun lobby would be quite happy to be able to restore that balance.

      2. Yet Another Anonymous coward Silver badge

        Re: 'the right of the people to keep and bear Arms, shall not be infringed'

        It says "arms" not guns, and nothing about conventional weapons.

        You can prize my H-bomb from my glowing dead fingers

        1. Charles 9

          Re: 'the right of the people to keep and bear Arms, shall not be infringed'

          But who else but a state has the resources to make a working and relatively safe H-bomb?

  13. James Ashton
    Big Brother

    Make the Government Use It

    Ask the government to encrypt government documents using only the same cryptography that has been used to backdoor everyone else's documents. Ask them why they're not comfortable publishing encrypted versions of, say, the minutes of recent cabinet meetings.

  14. Anonymous Coward
    Anonymous Coward

    Cost, Policing Effectiveness, End Goal, and the Social Contract of a Country

    I think it's interesting to look at the reasons why politicians make such statements of need.

    Policitian's Job

    Most of us get to elect our politicians, some of us pay some tax, and then we hold them to account for their response to occasions when bad shit happens. Look at Spain - they turfed out the ruling party at the general election soon after the Madrid train bombings.

    Understandably then politicians are keen (well, they should be keen) to do a half-decent job of preventative policing. Using only restorative policing is unlikely to result in plaudits after a bad incident; the incident has already happened.

    Cost, Morals and Feasibility of Surveillance

    But preventative policing costs money, and is much more elusive than restorative policing. For the Police to be able to guarantee preventing someone doing something nasty they basically have to follow them all the time, with the aim of intervening as soon as their intentions become clear. And the only way for the police to guarantee on their own that no-one will be able to launch an attack is for them to follow everybody, all the time.

    However, as well as being pretty morally bad, it's not affordable to do that for everyone all the time. East Germany tried to do this, they used some pretty nasty methods to force wives to spy on husbands, etc, with a great saving to state expenditure (even communist governments had to pay their own spies).

    Laws, Borders between Policing Zones

    The right laws can help. It's useful to be able to pin a charge on someone that'll send them to jail before they let off their big bomb, shoot up a cinema, whatever. If there's laws that make it an offense to prepare an attack, then there's a route open for policing intervention well in advance of the actual attack. There's no need to take it down to the wire before intervening. If they're in jail having been convicted of such an offense, they then cannot carry out their plan.

    In the USA they're in very poor shape in this regard; more or less anyone can legally possess a severely dangerous weapon, and they've not broken any law right up until they pull the trigger whilst aiming it at someone, by which time it's too late. Gun control is pretty lax in a lot of Europe, so similar problems there. Gun control in Britain is pretty tight, so anyone found in possession of a weapon most likely has broken some law or other, so they can be charged, tried and jailed if convicted, all before they've pulled that trigger. Same for knives, diesel / fertiliser, pamplets of a certain sort, etc.

    Being an island helps too; there's less opportunity for a miscreant to exploit slack policing in one country to launch an attack in another. If one has open borders but variations in policing standard / laws / etc, such as is the situation in Europe, then it's easier for a miscreant to succeed.

    Closing the borders afterwards just makes them look daft. In fact, despite borders clanging shut all across Europe on occasion in recent years, I've not heard of any discussion within Europe about modifying Schengen to make dealing with such events better thought out.

    Any Beneficial Effect from what Germany and France are Calling For?

    So one is not going to go down the route of the Stasi / East Germany because it's too expensive or abhorrent. Nor is Europe intending to achieve full political / law / policing union across Europe. Of course, one of Europe's big problems is that it's a terrible splitting of sovereignty. Police forces, which are still the responsibility of each sovereign nation, have no idea who is in their country because there's no borders between them. And if you're not looking for nasty people at one's borders, your only option then is to look for nasty people within, which is always going to be more intrusively Stasi-esque.

    How then does the law enforcement types get tip-offs?

    Germany and France seem to be trying to do it the lazy way, thinking that it will be possible to solve the problem simply by snooping on everyone's email / facebook / whatever.

    Snooping no doubt produces a lot of data. Turning that into accurate and useful information cannot simple, even if one somehow has the magic keys that unlocks everything. Used on its own as a tool for making decisions about people must inevitably be a blunt and inaccurate instrument.

    Even if they did achieve that data-haul nirvanah that they're calling for, it would be short-lived as a means of finding out if bad things are about to happen. The canny sort of nasty guys would just stop using electronic communication altogether (as has happened before; the Taliban got wise to how dangerous a mobile could be). Meanwhile the nasty guys would still be grooming impressionable and vulnerable people, they'd stilll be improvising explosive devices, acquiring guns, buying machetes, hijacking lorries, spreading a lot of hate talk, and they'd be using the postal service instead (that's even less surveyable than electronic comms).

    I reckon comms surveillance does serve a role - you have to do it because if you don't then comms will (and has been) be used by nasty guys, and it is useful to them. There's no need to make it too easy.

    Policing With the Consent of the People

    The most effective measures to prevent problems includes a strong and willing relationship between law enforcement and the communities they're there for. People need to feel that if their son or someone they know is going off the rails that getting in touch with the local cops will ultimately be a good thing. They need to know that dibbing in a trouble maker no matter who they are will be a good thing for them an their kin. Good relationships with people yields tremendous results - they'll be keen to make the police aware of problems that are developing.

    Best bit - is basically free.

    Bad relationships with people cannot be compensated for by technology of any sort, no matter how much of it one has.

    Certainly this is one of the lesser mentioned successful aspects of policing in the UK in recent times (people focus a lot on GCHQ and the like), and is a welcome even if it is not yet a universal change from how it used to be in the bad old days. It takes proactive and continual work by police - you know, speaking to people on occassions other than when they're arresting someone, making a point of calling in on local bigwigs for a cup of tea and a chat, etc.

    That, backed up only when necessary by strong surveillance and strong application of the law, works. Surveillance on its own does not, because you can never afford to have enough of it to guarantee that the end goal of law-and-order (namely, settled and contented order in a country) is achieved, and it cannot be acted on in isolation without tremendous cock-ups that impact perfectly innocent people bringing the whole thing into disrepute. Altogether now, "Brasil, meu Brasil Brasileiro / Meu mulato inzoneiro / Vou cantar-te nos meus versos"

    It's the aspect of policing that had so catastrophically failed in Brussels, Paris, and seemingly large parts of the USA, etc. There should be no such thing as a police no-go zone; it's a curious kind of racism to refuse to police an area. No-go zones mean that the police have been doing it wrong.

    So I'm unimpressed by Germany and France's proposal. I'd be more impressed if they (particularly France and Belgium) were talking about doing something about getting policing back to normal in the communities that have been neglected for far too long allowing the nastier types to find a safe haven.

  15. Someone Else Silver badge
    Big Brother

    Well, there you go again....

    Once again, as is depressingly predictable nowadays, we find yet another example of your bog-standard bureaucrat being dumb as a sack of hair, and pleased as punch about demonstrating that fact in front of people.

  16. harmjschoonhoven
    Black Helicopters

    Re: be bribed or coerced into handing over the keys

    If I am well informed, was the list of people to be arrested (prepared in advance for eventualities as in any NATO country) required for the success of the coup d'etat by the Greek military junta in april 1967 printed by a computer operator stimulated by putting a gun to his head.

  17. Baldy50

    1984

    https://www.theregister.co.uk/2016/08/24/french_german_ministers_call_for_new_encryption_backdoor_law/

  18. naive

    Say hi to state supported monopolies

    The outcome of this is already known. The only way authorities can have transparent citizens if they all use a limited set of tools like windows, Android and Chrome. With a limited amount of technology suppliers covering around 98% of the people, introducing backdoors offering full access will be easy.

    So for years to come, the flock will be herded to a handful of "mainstream" solutions. The smart ones go the extra mile, and try to use open source solutions, hoping the encryption solution is not maintained by someone working for one of the three letter agencies.

  19. lukewarmdog
    Joke

    bear arms

    My bear arms will beat your puny human arms in any hand to hand combat situation.

  20. Apptifred

    "As has been pointed out many times, it isn't mathematically or technologically possible to build a backdoor into encryption that is completely exclusive to a select set of people, and can't be found and exploited by others."

    As a politician, you can wish for a lot of things, but if it is mathematically impossible, it is. You cannot put legal requirements on using time traveling to prevent crimes either. Sci-Fi is Sci-Fi. Math is math.

    1. Charles 9

      Wanna bet? Nothing's impossible in the mind of a politician except being able to speak against him or her.

  21. MrTuK
    Big Brother

    You always know when a politician is telling you a lie, his/her lips move !

    It is that simple folks !

    Just get a politician to make 1+1=3, they will find a way !

    1. Charles 9

      Gestalts. Greater than the sums of their parts.

  22. knudmand

    Why do governments think they can control software?

    Encryption is Software, which is written text. Neither Hitler nor Soviet Union could stop the printed word. Why does US and European governments think anybody cares what words or software they like or allow?

    There will always be a Russian, Bulgarian or other programming implementing state of the art encryption.

    Will they also bann mathematics research, or sensor certain papers or professors?

    How naive!

  23. Anonymous Coward
    Anonymous Coward

    NSA just had their big time hack the planet tools stolen by hackers, and there are now computer worms wandering the world wide internet looking for evil to do.

    And this lesson is apparently lost on people who now demand back doors into everything.

    I correct myself. This lesson is not lost. It is ignored. As in they have an ulterior motive. As in "False Flag Operation". Any excuse to push back doors is a good one for them, even if it has nothing to do with the event.

    The way to beat terrorists is to not let them in.

    Not open the doors wide, invite a million a year, let them hack the planet from the other side of the world, and then openly tell them "there are now back doors everywhere. On your mark ! Get Set ! Start Hunting for them !"

    They're not stupid. They're just not interested in the saftey of the public, that's all. They're interested in their own power, nothing more.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like