EU's 'Counter-Terrorism Co-ordinator' Finally Says It: Force Internet Companies To Hand Over Their Crypto Keys
from the just-a-fig-leaf dept
Although calls to ban or backdoor encryption have been made in the past, David Cameron’s rather vague threats against crypto clearly mark the start of a new, concerted campaign to weaken online privacy. Thanks to a leaked paper, written by the EU Counter-Terrorism Co-ordinator and obtained by Statewatch, we now have a clear statement of what the European authorities really want here (pdf):
Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys).
The set-phrase “in full compliance with fundamental rights” is just a fig leaf: there is no real intention of complying with basic rights here. That this is a just a cynical exploitation of people’s concerns in the wake of recent events is shown by the following paragraph from the beginning of the document:
Europe is facing an unprecedented, diverse and serious terrorist threat. The horrific attacks that took place in Paris between 7 and 9 January 2015 were followed by an unprecedented show of unity by millions of citizens in France and across Europe as well as a show of solidarity and political will by many EU and world leaders. In addition to action from the national governments, citizens are looking to the European Union to provide an ambitious response. Core European values have been attacked, in particular freedom of speech. The EU has to respond with meaningful action. Failure to do so could result in disillusionment of citizens with the EU.
Yes, the millions of European citizens who joined marches in support of liberty and freedom of speech would be bitterly disappointed if the EU didn’t react by undermining those self-same core values. Nor is the idea to weaken all encryption in Europe the only deeply troubling proposal in the document. Here’s another one:
Consideration should be given to a role for Europol in either flagging or facilitating the flagging of content which breaches the platforms? own terms and conditions. These often go further than national legislation and can therefore help to reduce the amount of radicalising material available online.? In this context, Europol’s Check the Web project could be beefed up to allow for monitoring and analysis of social media communication on the internet.
That’s a really great idea: get Europe’s main law enforcement agency, Europol, spending its valuable time checking out if Internet users are breaching Facebook’s terms and conditions, and generally spying on social networks. After all, that’s much more important than doing other things like, oh, I don’t know, actually trying to catch murderers and criminals….
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: backdoors, encryption, eu, mobile encryption, privacy
Comments on “EU's 'Counter-Terrorism Co-ordinator' Finally Says It: Force Internet Companies To Hand Over Their Crypto Keys”
A simple question for the European Counter-Terrorism Commission:
Is there any type of human communication that should be beyond the reach of the State, and if so, what would that be?
Re: A simple question for the European Counter-Terrorism Commission:
I think ALL of it.
Re: A simple question for the European Counter-Terrorism Commission:
Unions, charities and political organizations should be able to hold internal conversations without the government looking over their shoulders. Without that privacy, nobody can safely oppose governments. Also, you should be able to converse with your doctors, lawyers priest/ministers/rabbis/iman etc. without the state listening in.
Re: Re: A simple question for the European Counter-Terrorism Commission:
Also the eventual feeling of, somebody is watching, whether being watched or not(offcourse, its all being stored anyway)……thats a first……its not something somebody somewhere has tried before and it didnt work out, its something that was technilogically impossible to do until now……….and to so brazenly try to implement something to this extent without the consent of MANY natural law abiding citizens……well, its gonna RIGHTLY piss off alot of people, and were only SUPPOSEDLY …Talking about the possibility……….if it ACTUALLY gets implemented……oh boy
Individuals using the technology to create new inovations vs governments and certain individuals using technology to survey……….how can they pretend to be the good guys in this
Right now, i put this ABOVE terrorism, its been number one and if todays any indication of things to come it’ll likely STAY as my number one concern…….akin to a child demanding to play with a nuke who doesnt care about the consequences
If they keep demanding more and more authority, i think they’ll find less and less people to lord it over……or more honestly, i hope so
Re: Re: A simple question for the European Counter-Terrorism Commission:
“…nobody can safely oppose governments.”
You missed the point entirely then, because that, in a nutshell, is precisely what this is all about.
Government knows full well it is an obsolete and un-necessary institution and a total waste of public money and time, and is now fully occupied with self survival at any cost. Its primary goal is now to do everything in its power to insure that “nobody can safely oppose governments.”
The real job of a government could be easily and efficiently replaced with just a handful of good computers and a couple of 15 year old kids working part time.
Currently, government is nothing more than a rich man’s club, designed to insure that the public remains easily exploited so that the rich may continue to get richer.
George Bush proved that America has absolutely no need for a federal government. For a decade, all that the US had was a gang of thieves and cut-throats sitting in the Oval Office, who were totally occupied with robbing as many countries as possible, as fast as they could, and the country carried on as if it had an actual government, no problem.
Abolish the federal mobsters and the world will follow suit and be a much better place for it.
Turn local governments into honest institutions by letting nobody with an income over $100,000 per annum, or more than $200,000 in assets, occupy any public office.
Citizen Candidates Only.
Establish a law against accepting gifts while in public office with a penalty of permanent removal from politics and the loss of all voting rights for twenty five years.
Eliminate lobbying (Bribery) as a legal part of politics and re-establish the separation between church and state.
This entire global surveillance operation is actually just government protecting government and its corporate friends from the public.
—
Re: A simple question for the European Counter-Terrorism Commission:
String and two cups?
Nah, strings probably got a backdoor in it
Re: A simple question for the European Counter-Terrorism Commission:
The Nazis lost. Fascism won. Deal with it.
Re: Re: A simple question for the European Counter-Terrorism Commission:
I hope I’m still alive when the war against Fascism finally takes off. That !@#$ has lived far too long already!
Re: Re: A simple question for the European Counter-Terrorism Commission:
Not gonna happen
Re: Re: Re: A simple question for the European Counter-Terrorism Commission:
I’m pretty sure ‘deal with it’ in this context doesn’t mean accept it, but rather accept that it happened. What you do after that point is up to you.
Re: Re: Re:2 A simple question for the European Counter-Terrorism Commission:
A rose by any other name is still a rose…
…unless you’ve fallen victim to partisan nitwit disease, in which case [deity of your choice] help us all.
Re: Re: A simple question for the European Counter-Terrorism Commission:
“The Nazis lost. Fascism won.”
Umm, you probably already know this, but your statement makes it look like you have differentiated between Nazi and Fascist.
NAZI is a short form, in German, of National Socialist.
As you probably can tell from history, the Nazis were not socialists. They were 100% businessmen – fascists.
Nazi was a political label mask, behind which the fascists could infiltrate the German political arena safely. Nazi is a facade of fascism. There are many.
Thus, your statement should read:
“The Nazis won. Fascism won.”
Because they did.
Fascism, or Naziism, is simply what happens when very rich men hang out together and discuss ways and means of expanding their profit potential via legal means.
Eventually, it always occurs to them that the easiest way to do this is to control the law itself and then rewrite the laws so that they can legally expand their profit potential eternally.
This is called fascism.
Naziism was simply the German version of the game.
The reason that the German Businessmen of the WW2 era decided to go with National Socialist as their political mask, is identical to the reason that today’s modern American Businessmen decided to run their facsist gambit under the Republican political mask – popularity and familiarity.
Mind you, the potential for profit under fascism is so outstanding for the already rich, that the wealthy Democrats did not take long to join the game.
Fascists cannot run under the political handle of fascist because the public never wants a fascist society – only businessmen and the very, very wealthy consider the Corporate Government structure as a desired social structure, because such a system is designed to let the wealthy profit unfettered, and the rich are by definition, above the laws they helped write and need not suffer any of the consequences the public faces under that sort of police state regime.
So Nazi = German Fascist.
… but you probably already knew all that anyways right. 🙂
—
If the keys are shared
If the keys are shared with anyone who isn’t a party to the data exchange, then the encryption is rendered useless as the security of it can no longer be trusted. In practice, when a government is saying “you have to share your keys,” what the government is effectively saying is “you may no longer use effective encryption”.
That puts users in a situation that is more dangerous than if they simply didn’t use encryption at all. Falsely believing that you are secure when you aren’t is worse than not being secured and knowing it. The EU proposal is agitating to dramatically reduce the security of its citizens.
That they have been. The attackers being European Union officials such as Francois Hollande, David Cameron, and Gilles de Kerchove.
Those extremists attacked people and places. They had no power to attack the concepts and rights of EU citizens. The government officials are the ones attacking the concept of free speech, and the rights of EU citizens.
“Ambitious response”
I.e.
Lets take the piss and take as big a right in its effectiveness as we can, before the majority of people come to their senses
At first i thought the eu was bad, but then i started to think they’ve got some good bits, now i now its potential to be just another tyrant
Its like i heard someone else say, im not opposed to a united nations kind of thing, were we are at peace with one another, help one another, i WANT to see the standards of living rise not only were i abode but where others do to……….but NOT, i stress, NOT, how things are being run at the moment……….this being an example of why i feel that way
Re: Re:
With this sentiment in mind, the more they go down this route, the more they try to hold their positions, is the more i start to feel were screwed
I wonder what that list of people exempt from surveilance would look like, hmmm
This cannot be.
Makes it hard to create fake terrorism plots to garnish support for anti freedom laws, If the tools to create said “terror” plots are no longer be given freely to those in charge.
Whack-a-Mole time
How hard would it be to make 365 different encryption keys, each year? Then, roll them out once per day, and when the Gov comes asking, give them yesterdays (or last weeks) key only. It would certainly piss them off but would follow the letter of the law, if it is enacted.
Ok, back to fantasyland.
Re: Whack-a-Mole time
They don’t envision YOU keeping the keys till they come hunting.
They will insist that anbody using encryption they don’t already have keys to is a criminal, convicted by your own actions, and failure to immediately surrender ALL keys will be grounds for immediate execution.
Freedom fighting?
I don’t need my government to fight for my freedom of speech, I need them to honor it.
“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible.”
So what about the unlawful mass collection of data, doesn’t stop it there much does it?
Re: Re:
And, may we please define “relevant national authorities”? Do I get any say in who is included in that phrase? Because, I don’t consider MY ELECTED GOVERNMENT OFFICIALS to have any right to intrude on my private communications. I don’t much care how terrified of terrorists they are, nor how terrified of terrorists they’d like me to be. My business is none of their business, by definition.
Re: Re: Re:
I don’t much care how terrified of terrorists they are, nor how terrified of terrorists they’d like me to be.
That would be ‘not at all’, and ‘as much as humanly possible’ respectively.
Encryption keys = house keys
Lockitron Announces The $99 Bolt, A Deadbolt You Can Unlock With Your Phone
http://techcrunch.com/2015/01/27/lockitron-announces-the-99-bolt-a-deadbolt-you-can-unlock-with-your-phone/
At least the SWAT team no longer has any excuse for kicking your door down.
If the keys are shared
If I am correct this proposal only addresses the scenario wherein the communications provider is also responsible for the technical implementation of the encryption.
So if Bob and Alice use Google’s encryption, the company must provide assistance for law enforcement access.
However, Google is only responsible if it actually has the key or is involved with the technical implementation of the encryption.
If Bob and Alice use a double layer, first Google’s encryption and as second layer their own end to end encryption, Google has no case to answer even if the plaintext is random data.
The really interesting question is if or when the private parties are required by law to disclose their keys.
Such a proposal would pose alls sorts of fair trial, presumption of innocence and self incrimination issues.
Je ne suis pas Charlie.
Broken encryption, because
What could POSSIBLY go wrong?! If governments can hack our stuff, so can criminals, and probably a lot easier! This idea is just so stupid that more words fail me!
Re: Broken encryption, because
If governments can hack our stuff, so can criminals, and probably a lot easier!
You said the same thing twice there, no need to repeat yourself to emphasize the point.
Re: Re: Broken encryption, because
So… Are you also trying to make a point by “repeating yourself” and “saying the same thing twice”??
This is because the central bankers are scared of the population
Therefore, the bankers have their “law enforcement” lackeys demand that there be no encrytion for the population.
Since the EU is failing, the last thing the central bank scoundrels want is the people privately communicating amongst themselves and forming hangmen parties for the central bankers.
T&C violations?
Newspeak for copyright violations. That’s a fight they just can’t seem to back down from.
Encription outlawed.. because.. terrorists?
Take a look back in time.
Possibly WW2, when encrypted messages were vital and broadcast over short wave radio.
These messages were encrypted by the the source.
They did not rely on the medium over which they were sent to perform the encryption, so why the hell do governments assume that “terrorist” messages on the internet are sent in plain text, relying purely on the encryption provided?
Re: Encription outlawed.. because.. terrorists?
The disconnect there is based upon the two different definitions of ‘terrorist’.
To most of the public, those that would be considered ‘terrrorists’ are in fact almost always smart enough not to use potentially compromised forms of communications to plan their attacks, so destroying encryption like this would be pretty useless at dealing with them.
To the government however, whether US or UK, we’re all terrorists or ‘potential’ terrorists, and so their efforts are in undermining the communications of those that are trusting in basic encryption, because we don’t(or didn’t) expect entire governments to be trying to gain access to our communications, making standard encryption safe enough in most cases.
Encryption is the ONLY solution and the public should adopt it at every possible opportunity. Your protect your “goods” from the casual AND targeted hack. Guaranteed government keys are not acceptable, in any way or form. The rule of law is not predicated on government or law enforcement access to communications and content. “Accessorizing” for enforcement purposes stands in direct opposition to the social contract that is law. Military espionage tools have gone too far and the burden on law, the real law, is fracturing the premise.
Hackers Everywhere...
Rubbing their hands like birdman
Robust encryption is mandatory...
…for too many businesses. And any nation that mandates backdoors is going to watch their own economy tank and get dominated by nations that don’t. Unless the independent nations of Europe plan on going back to pre-WWI isolationist policies.
These people must hate paper shredders as well. Especially those new-fangled crosscut ones.
If it's possible to make...
…a false-bottom encryption, where one key opens the file and the other opens a “safe” file, it would be possible to provide the government with the second key.
Hmmm… These MUST exist.
Re: If it's possible to make...
I’m sure they do. I’m equally sure if a company did that, they would be facing extremely harsh ‘penalties’ for ‘obstructing current and future investigations and intelligence gathering.’
The spy agencies/governments want it all, there is no chance they would take something like that lying down or without a vicious retaliation against any company that tried it.
Re: Re: Vicious maybe...
…but they’d first have to prove it was tried. And then appear like a shitty dictatorship in front of the public when they rip apart someone who was only protecting their own interests from an adversarial system.
As I said above, many enterprises depend on privacy in order to stay competitive. It’s not a luxury, especially when state agencies are willing to engage in surveillance practices for the benefit of their favored companies. Those states who mandate backdoors or weak encryption are sabotaging their own economies.
Incidentally, Google searches for false-bottom or false-partition encryption yielded very little. I haven’t yet investigated crisis-incinerating key management, yet, which is another feature we’ve discussed before on TD when the subject of privacy concerns has risen.
Re: Re: Re: Vicious maybe...
Not encryption, but if you create two partitions on a USB key, the first one FAT-32/vfat and the second one Linux ext[234], MS Win* won’t even see the second ptn when it’s plugged in. I wouldn’t expect TSA/FBI/DHS/ICE to be using Linux. I’m unaware if this’s also true of Apple’s OSX.
I’d try searching Schneier’s cryptogram archives for that false partition stuff.
Re: Re: Re:2 Vicious maybe...
I developed this habit a long time ago. The very first thing I do to any USB key I get is to repartition it as you suggest. I keep one FAT so that Windows machines can read it, and make the other an encrypted Linux partition. I even do this with my phone.
However, this isn’t very secretive. Any paritioning tool (even the one that Windows comes with) will quickly tell you that there is another partition there and what filesystem it has been formatted with.
There are trickier things you can do to keep the extra partition a secret (mostly, by carefully corrupting the partition table), but that sort of thing is beyond the scope of a comment.
Re: Re: Re:3 Vicious maybe...
Oh, and bitwise disk copiers will still copy the hidden partition even if nobody realizes it’s there, of course.
Re: Re: Re:2 Vicious maybe...
The key word that Schneier uses is deniability, specifically encryption schemes that make data appear to be garbage in the unused portion of a drive, that way the owner can deny the data even exists.
Essentially, it’s a steganographic element in your encryption scheme.
Re: Re: Re:3 Vicious maybe...
Right on the money. Which is also why it’s a great idea to write random bits all over the unused parts of your disks (even if they don’t contain any hidden encrypted files), so that any encrypted data doesn’t stand out.
So they can use their failure to find this plot before hand when they had mostly unfettered scooping, to demand even more scooping.
ZOMG Terrorists is wearing thin, as they push for more and more gathering and cutting back in the rights they love to claim the terrorists are undercutting.
Re: ZOMG Terrorists wore thin in 2004
After an attack from Saudi Arabia / Afghanistan / Pakistan / open desert was decided to be from Iraq and we tanked the US economy to fuel a regime change there.
I’m not sure who is motivated by ZOMG Terrorists (or for that matter ZOMG Children’s Interests) but I’d think even the laity are tired of it by now.
Of course...
Under UK’s RIPa, the police are perfectly entitled to connect to any website, then demand the https secret key from any individual in their jurisdiction who has (or can obtain) that key (they need to connect first as they need a data set that is encrypted with the key to justify the demand); that doesn’t need a new law or ruling, its an already existing non-judicial warrant route (and has a gag order attached in the NSL style)
I’m amazed how these morons can openly advocate Stasi/Nazi like schemes while touting the free speech slogan. Fascinating.
Murderers and criminals like heroin traffickers actually work for them so yeah…that’s why they won’t do that. They love their order through chaos BS.