EU_politics + encryption + privacy 

The EU Council has approved a resolution to undermine encrypted communications for EU citicens:
data.consilium.europa.eu/doc/d

A petition to declining this resolution and to keep citicens' privacy is online at the EU parliament:
europarl.europa.eu/petitions/e

As of today at 07:59 CET this petition has been signed by 13 supporters
----------------------------------------------------------

#EU_politics #privacy #encryption

EU_politics + encryption + privacy 

@fredl99 I read the doc and despite being a native English speaker, I'm confused. Where does it say "undermine encrypted communications"?

It does talk about transparency, balance, judicial oversight, establishing a dialogue with tech companies, ensuring authorities are able to access encrypted data, but how is this different from iOS & android current tech protections?

Maybe I'm missing something obvious in the 5 pages of woffly legalese.

EU_politics + encryption + privacy 

@dch
Of course it's not stated in clear wording. But what does it mean to demand access to the contents of encrypted data?
Regardless if someone has a good reason to protect his data or not, if someone who is not the intended recipient demands methods to see through the curtain then it's only possible by weakening the encryption. In other words, undermining it.
Encryption is EITHER secure OR not. Once it's breakable it's no more secure, but rather useless.

EU_politics + encryption + privacy 

@fredl99
The IETF made it clear back in 1996 that any attempt to weaken encryption means that the Internet is less secure. If governments can crack it, so can enemy countries and hackers. Encryption needs to be as strong as possible. Plus law enforcement doesn't always act on the information it already has. I see no reason to give them our private messages for a fishing trip. tools.ietf.org/html/rfc1984
@dch

EU_politics + encryption + privacy 

@onepict that is all true & I agree with it. But quoting the 1984 RFC and referring to the IETF as a voice of authority still doesn't explain if the OP doc actually say "lets weaken encryption", nor does it say "you can have all our messages". Or am I misreading the doc?

EU_politics + encryption + privacy 

@dch
I think it's more the vague wording. As well as trotting out the arguments that we need to be able to track terrorists and look at their encrypted communications, without detailing what that means. Folks on here are suspicious. Especially when we have past examples of EU proposals that become law to go on.

EU_politics + encryption + privacy 

@dch
We also have the examples of law enforcement outside the EU arguing for access to criminal and terrorists data. While the proposal can seem innocent enough, there's no transparency to detail what access LEO want. How far into private communications do they want to go. LEO can already access messages in the US if backed up to central storage. So do LEO want more access, how to they want to enable that? Do they want carte blanche ?

EU_politics + encryption + privacy 

@dch
If they want that do they get it through weakened encryption? This isn't something that politicians should be voting on without more information. Which is the point of the resolution. But it does mean that more of us need to front up, look at it and help to provide more information.

EU_politics + encryption + privacy 

@onepict I think that's my point - the resolution as it stands causes *fear* that the *implementation* might include weakened encryption.

This was very much the concern over similar legislation in Australia, and in practice I don't think that concern has been borne out.

If there is sufficient public oversight outside LEO, & encryption is not weakened, then I am not, per se, opposed to the EU collaborating on ways to catch the bad guys.

Am I naive?

EU_politics + encryption + privacy 

@dch
I think there's a level of trust in law enforcement and other public servants that does you credit but my experience and the experience of many others on here doesn't bear it out. Particularly some of the activitists on Mastodon from the 80s onwards. I'd be personally very uncomfortable with additional powers given unconditionally to LEO.

There are bad actors in the ranks of our public servants, as well as in the public.

Follow

EU_politics + encryption + privacy 

@dch
Plus we also have to consider where the data contracts for that data goes to. Palintir for example.

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community