EU_politics + encryption + privacy 

The EU Council has approved a resolution to undermine encrypted communications for EU citicens:
data.consilium.europa.eu/doc/d

A petition to declining this resolution and to keep citicens' privacy is online at the EU parliament:
europarl.europa.eu/petitions/e

As of today at 07:59 CET this petition has been signed by 13 supporters
----------------------------------------------------------

#EU_politics #privacy #encryption

EU_politics + encryption + privacy 

@fredl99 I read the doc and despite being a native English speaker, I'm confused. Where does it say "undermine encrypted communications"?

It does talk about transparency, balance, judicial oversight, establishing a dialogue with tech companies, ensuring authorities are able to access encrypted data, but how is this different from iOS & android current tech protections?

Maybe I'm missing something obvious in the 5 pages of woffly legalese.

EU_politics + encryption + privacy 

@dch
Of course it's not stated in clear wording. But what does it mean to demand access to the contents of encrypted data?
Regardless if someone has a good reason to protect his data or not, if someone who is not the intended recipient demands methods to see through the curtain then it's only possible by weakening the encryption. In other words, undermining it.
Encryption is EITHER secure OR not. Once it's breakable it's no more secure, but rather useless.

Follow

EU_politics + encryption + privacy 

@fredl99
The IETF made it clear back in 1996 that any attempt to weaken encryption means that the Internet is less secure. If governments can crack it, so can enemy countries and hackers. Encryption needs to be as strong as possible. Plus law enforcement doesn't always act on the information it already has. I see no reason to give them our private messages for a fishing trip. tools.ietf.org/html/rfc1984
@dch

EU_politics + encryption + privacy 

@onepict that is all true & I agree with it. But quoting the 1984 RFC and referring to the IETF as a voice of authority still doesn't explain if the OP doc actually say "lets weaken encryption", nor does it say "you can have all our messages". Or am I misreading the doc?

EU_politics + encryption + privacy 

@dch
I think it's more the vague wording. As well as trotting out the arguments that we need to be able to track terrorists and look at their encrypted communications, without detailing what that means. Folks on here are suspicious. Especially when we have past examples of EU proposals that become law to go on.

EU_politics + encryption + privacy 

@dch
We also have the examples of law enforcement outside the EU arguing for access to criminal and terrorists data. While the proposal can seem innocent enough, there's no transparency to detail what access LEO want. How far into private communications do they want to go. LEO can already access messages in the US if backed up to central storage. So do LEO want more access, how to they want to enable that? Do they want carte blanche ?

EU_politics + encryption + privacy 

@dch
If they want that do they get it through weakened encryption? This isn't something that politicians should be voting on without more information. Which is the point of the resolution. But it does mean that more of us need to front up, look at it and help to provide more information.

EU_politics + encryption + privacy 

@onepict I think that's my point - the resolution as it stands causes *fear* that the *implementation* might include weakened encryption.

This was very much the concern over similar legislation in Australia, and in practice I don't think that concern has been borne out.

If there is sufficient public oversight outside LEO, & encryption is not weakened, then I am not, per se, opposed to the EU collaborating on ways to catch the bad guys.

Am I naive?

EU_politics + encryption + privacy 

@dch
I think there's a level of trust in law enforcement and other public servants that does you credit but my experience and the experience of many others on here doesn't bear it out. Particularly some of the activitists on Mastodon from the 80s onwards. I'd be personally very uncomfortable with additional powers given unconditionally to LEO.

There are bad actors in the ranks of our public servants, as well as in the public.

EU_politics + encryption + privacy 

@dch
Plus we also have to consider where the data contracts for that data goes to. Palintir for example.

EU_politics + encryption + privacy 

@onepict we have arrived in the cyber dystopian future of the exciting novels of my youth. And the reality is grimmer than I had ever anticipated.

EU_politics + encryption + privacy 

@dch
We didn't even get the cool cyberdeks and plugin brain ports. 😜

re: EU_politics + encryption + privacy 

@icedquinn
Yeah but his taste kinda blows.
@dch

re: EU_politics + encryption + privacy 

@icedquinn
Propably not.
@dch

EU_politics + encryption + privacy 

@dch
Looking again at the resolution the wording of balance is what worries alot of us. It says we want to protect people's privacy, but Law enforcement needs to be able to do its job. The trouble with this wording is the balance part. Its as others say, you have encryption or you don't. It's not a matter of balance of access. Which is also why I quoted the RFC. The argument of balancing the needs of privacy v LEO was the same then.

EU_politics + encryption + privacy 

@dch
For example The police being able to exploit a weakness in encryption and not telling anyone else about it to be able to keep exploiting it, doesn't mean it's a secure communication mechanism. In fact it would be worse, as who knows who else knows. In reality there can be no balancing act of user privacy vs law enforcement in terms of encryption. To use that phrasing is a little dishonest, and ultimately undermines security for everyone.

EU_politics + encryption + privacy 

@onepict I think you conflate (perhaps reasonably!) balancing needs as weakening encryption.

If, on production of suitable warrant incl oversight approvals, LEO can obtain limited information to do their jobs, then that's fine. If we weaken encryption (for anybody) to achieve this so-called "balance", then that's not ok.

I'm pretty sure we agree on the latter.

For the former, our personal experience influences whether we believe that's achievable or not.

EU_politics + encryption + privacy 

@onepict
True. When they fail to effectively make use of already available meta-data and observation results then what's the point of gathering even more information to only be overhelmed by it?

@dch

EU_politics + encryption + privacy 

@fredl99
Ultimately the gathering of the information is evidence or a fishing trip against future suspects. The question also has to be asked are LEO the only authorities who can access communications? For example see local authorities and schools enforcing the hostile environment in the UK.
@dch

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community