It really is amazing to me that anyone thinks it's reasonable policy to ban end-to-end encryption. For the sake of national security, I would want to strengthen the security of digital data, not weaken it.
As far as I understood, the problem stems from the Crypto AG era. Governments are addicted to be able to listen to communications of everyone and don't want to lose their toys.
Also, EU is far more advanced in terms of invisible security so, they don't want to lose the tools which enable them to do it.
We need to re-think security and people are lazy about it because, it's hard.
Edit: My English gets a hit when I'm low on caffeine, hmm...
Disclaimer: This is my experience from many short travels to EU countries and having a lot of friends due to job network (my work promotes a lot of friendly work connections from many EU countries. As a whole, we work hard, we play hard).
Europe has a philosophy of "feeling peaceful". Police, intelligence, surveillance, etc. is not done openly, on your face. Instead it flows just beneath the surface.
There are a lot of civilian officers around and police officers are not very visible. Same for borders and higher security places like airports.
If there's something suspicious happening, the concentration is increased invisibly. If something really happens, the area is silently surrounded like a python death hugs its prey, and it's over.
This is possible with intelligence and surveillance, communications sniffing, etc. If you increase encryption, there's a risk of blinding security services. You may need more overt operations are much more manpower to keep tabs on everything.
I'm an encryption proponent. I support it with all my being. Also, I'm aware that being able to see everything can and is being abused.
However, I need to be a realist here: We're addressing the wrong problem here. Is encryption required? Undebatably yes. Do everyone has a right to privacy? Undebatably yes. Do we want to be secure and need security services? Possibly yes.
So, we need to solve the problem of security with the presence of encryption. I.E. Security in a past-encryption era. The no-encryption ship has sailed. Trying to bring it back with the force of law is a last ditch effort. We need another solution to allow security services to their job with the presence of encryption, and without weakening it.
I do not accept someone can just read my office messages or conversations with my family just because somebody may be trying to make a bomb or planning an uprising.
You claim that somebody thinks it is reasonable policy to ban e2ee. Who is that exactly?
Consider this section from the resolution:
Striking a right balance
The principle of security through encryption and security despite encryption must be upheld in its entirety. The European Union continues to support strong encryption. Encryption is an anchor of confidence in digitalisation and in protection of fundamental rights and should be promoted and developed.
Protecting the privacy and security of communications through encryption and at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes in fighting serious and/or organized crimes and terrorism, including in the digital world, and upholding the rule of law, are extremely important. Any actions taken have to balance these interests carefully against the principles of necessity, proportionality and subsidiarity.
Whoever wrote: "at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes in fighting serious and/or organized crimes and terrorism, including in the digital world, and upholding the rule of law, are extremely important".
Either said person doesn't understand end-to-end encryption, or they don't want end-to-end encryption but mere encryption, with keys shared here and there...
No the person you're responding to, but the OP article gives the impression.
Either way I don't understand how the text you pasted intends to "strike the balance" when e2ee is present. Either they're talking about backdoors or they're in fantasyland
They mention access to encrypted data severl times:
>Technical solutions for gaining access to encrypted data must comply with...
They do say:
>there should be no single prescribed technical solution to provide access to encrypted data.
But it's perfectly clear the assumption is that they intend law enforcement to have access to all encrypted data, given the various caveats about doing so legally.
They do mention privacy, but all that means is not making user data public. They make no mention of a right to maintain data private from the government or law enforcement.
Okay I understand the concern, but claiming that there is intent to hold keys to all e2ee is jumping to conclusions. Imagine if investigators could ask authorities for permission to retrieve screenshots from your mobile device if you are under investigation. There would be no need for access to keys.
I am not arguing that this is desirable, but I do acknowledge that investigators may need help to navigate modern technology.
From the same document. I do not see how this is technically possible.
> Technical solutions for gaining access to encrypted data must comply withthe principles of legality, transparency, necessity and proportionalityincluding protection of personal data by design and by default.
If focusing on e2ee I agree, but how about hardware and software supply chains? How much is your e2ee worth if you are up against Apple or Google? Perhaps nation states are simply looking for similar powers?
Exactly, and that only means that people behind anti-encryption regulations does not care about national security.
Or they are so painfully incompetent that they don't understand that it is much better if one cannot figure out that some military officer or energy sector/government employee has a lover since such person could be blackmailed by foreign intelligence.
Apparently they don't get that those pesky terrorists can encrypt message by themselves in thousands of ways. Internet is full of information how to do this.
Weakening the security of commercial communications and financial transactions would be a serious economic risk. National cyber security agencies should treat it as a primary responsibility to help businesses secure their communications in order to harden our economies from attack. They should be part of the solution, instead of intently beavering away at being part of the problem.
Yes, by giving the government access to one or both of the end devices. (Which is probably already a thing somewhere legally, and very likely is the factory state for some Android phones.)
Note that banning E2EE implies banning encrypted p2p communications entirely. E2EE is a concept that applies only to centralized comms providers where all messages go through a server.
Practically speaking, it's impossible to ban every encrypted protocol (TLS, SSH, ...). It's also (probably) impossible to ban IP communications that don't have an "approved server" participating.
However, comms providers / social networks to date at least manage, authenticate, and introduce users at the serverside. Fully distributed projects have problems with spam. So governments would have to ban comms providers from "allowing" their clients to talk to each other directly and not via the backend. That's a hefty technological restriction, which would block a wide range of protocols (webrtc/SIP, torrents, probably a bunch of other Very Important things I'm not thinking of right now).
I think you are underestimating the ability of organizations to keep important private keys private.
Some examples are the code signing keys of most major desktop and mobile operating system vendors, the package signing keys of major Linux distributions, the SSL private keys of most banks and major e-commerce sites, and the certificate signing keys of most SSL certificate issuers.
Yes, it is possible. You have to encrypt session key with government public key and include that encrypted data with your session. Government can decrypt that data with their private key. I think that's a pretty reasonable scheme as long as government private key managed by a competent organization (e.g. NSA). HSM makes it impossible to easily extract private key and military guard and other physical security measures makes it impossible to steal HSM.
You implement it by putting the key inside a box, and letting that box perform the decryption. No other services/ports allowed. (Except you have to have a way to get the public key out, and allow the box to generate a private key which means it needs entropy). You can pot the box in epoxy for additional security.
So now you have an ultra secure box. It’s like the unsinkable Titanic. Someone (somehow) copies the key, and proceeds to decrypt all your citizens’ communications, but you are 100% that hasn’t happened, because it is, after all, impossible.
Just like it was impossible for the Titanic to sink.
You could put a check on the government misusing their private key by having the government key distributed among several parties using a secret sharing system such as Shamir's that requires several parties to agree in order to use the government key.
Include privacy or civil rights civilian organizations among the shareholders, such as the ACLU, so that there is an outside check.
If you choose a sufficient and diverse enough set of shareholders, you can reduce the chances that someone could compromise or coerce enough of them to gain access to the government key to less than 1 in N, where N is arbitrarily large. Chose N so that this is less likely than simply brute forcing the key.
Even assuming purely good intentions, the government would want to use the key very often (hundreds or thousands of concurrent investigations) and in many large unrelated organizations (eg police + FBI + NSA + CIA + DOD + ...). It would be impractical to authorize each individual use, let alone authorize it by several parties each time.
Instead we'd see 'ongoing' authorizations on the level of an investigation, a person or team, or a whole sub-organization (modulo clearance / position in that organization). And so you'd have copies of the complete key going around.
The problem with E2E+G is not technical, it is political. It can be done in a way that it would only be practical for the government to use it rarely (E.g., [1]) and only for cases where there is a broad consensus that it is being used Constitutionally (or whatever is equivalent outside the US).
But getting Congress (or whatever is equivalent outside the US) to pass an E2E+G law that allows it to be done in such a way seems unlikely. They will go for a way that allows broad use.
[1] You could make it a per-device key, generated on the device itself. The device makes the Shamir secret sharing shares, encrypts them with the public keys of the shareholders, and periodically includes those includes those in the chat metadata.
To decrypt a chat, the government needs to record it, get the encrypted shares out of the chat metadata, get each shareholder to use that shareholder's private key to decrypt their share and then contribute that share for recovery of the actual chat key for that chat.
If they want to decrypt a chat from another device, they'd have to do that all over again for that device.
But I get it that law enforcement wants to be able to look into communications. Let's say they find a terrorist (I'm close to Brussels, so not a hypothetical scenario here). Best case you want to see which phones they have, and look into all their communication to get an idea about their contacts etc.
It's a very hard problem, and I'm not sure which one I would pick.
Look at the existing cases of terrorism. All of them used unencrypted forms of communication: shared Gmail account, phone calls, even good old SMS. The issue is not that police can't see what those people are doing, none of the perpretators are unknown; it's that they (and the judiciary branch) don't have enough resources to really tackle them.
I'm not exactly an expert on the issue, but I could imagine that they use sms because that's the only available form of communication on an anonymous $10 dumbphone, and any computer connected to the internet can connect to a webmail.
Listening to more communications is exactly a resource problem: it isn't exactly cheap to build and maintain the infrastructure to gather and analyze more. Moreover in the context of the link, while I'm not a fan of conversations being listened on by default, I certainly don't want resources be spent so that encryption can be reduced
Or perhaps you figure out why terrorism exists and work towards preventing it, instead of spying on your population and violating their rights “just in case”?
I think that todays terrorism is mainly state sponsored, terrorist organisation use different types of resentment when recruiting new members, however many of the terrorist organisations are funded by governments around the world, this is the modern form of covert warfare in the post cold war era.
What we have is that one government, lets call it the States of Merica, funds & trains freedom fighters in a country called Lyria. Sometime after this Lyria is thrown into huge & devastating civil war against the regime where the opposing terrorist forms a new entity, the Salami State.
The civil war results in massive refugee crisis. Refugees flees north into the big trade union called Äuropean Club, ÄC. ÄC happens to be allied with States of Merica. Terrorists from the Salami State infiltrates the refugees and travels to ÄC where they commit a horrific terrorist attack in the capital city of Sirap. President of the States of Merica is chocked by these horrible news and pledges to help it's friends in the ÄC.
This leads the ÄC to adopt surveillance measures to track any potential terrorist. To its help it uses the knowhow and infrastructure from their close friends States of Merica (obviously).
When the civil war in Lyria nears it end and the Salami State is almost defeated, suddenly the winning Lyrian regime commits a gas attack on innocent civilians in a Salami State stronghold. ÄC and States of Merica condemns the gas attack and bombs the Lyrian regime as punishment. The freedom fighters rejoice because they now can fight for freedom a few more years.
The Salami State still exists and continue to get help from somewhere, unknown by whom, and commits more terrorist attacks in ÄC, in cities like Ockholm and Womanchester, because ÄC still haven't fixed it's border problem, but coincidentally ÄC has instead developed an excellent surveillance program, which is if course needed when the border is wide opened to the Salami state, duh!
All this is of course highly speculative and shares no resemblance with the real world.
So yes, if we fix terrorism because of like uh poverty, it can probably be solved.
People are probably considering what you said an appeal to emotion, "Think of the terrorists!" being up there with "Think of the children!" in terms of excuses for misguided policies. Governments already have plenty of tools to track down and deal with terrorists if so they wished: a distressingly amount of planning and radicalization is done over clear text in social media, and even in E2EE there's a wealth of necessarily unencrypted metadata you can make use of.
> ...resolution on security through encryption and security despite encryption
People in government, be it in the EU or elsewhere, have a different idea of what privacy means and a citizen having privacy from state powers is antithetical to it. EU mopes believe their own marketing material regarding privacy, which is why the above phrase can be found in a Council publication, along with the always present "competent law enforcement". Nevermind that when it comes our privacy, a competent law enforcement officer is as much a mythical being as is an "ordinary citizen" who has nothing to fear or hide.
The Council is tasked with "setting" the agenda for the EU. The latest one is from last summer and the first item in it reads "protecting citizens and freedoms". That is exactly how I would imagine someone working at the Council to think of the act of stripping their "fellow" citizens of their privacy, while convinced that they're the good guy. There is no privacy without encryption today. As soon as you mandate that someone with special powers has to have the ability to force their way in and read the thoughts I exchange then you'll have killed privacy. It doesn't matter who that person is, it doesn't matter how you justified it and it doesn't matter what the consequences of privacy are.
We don't yet know what the "regulatory framework" (kill me please) will look like but whatever it is I don't think it's far fetched to expect things like running a Tor relay to get you in trouble, running an IRC server over TLS will be lots of fun too, and so on and so on. How long till you're required to have a license to run nc -l 1234? I'm sure it will be a decade or two but eventually that's where we'll be.
> But the proposals are the digital equivalent of giving law enforcement a key to every citizens’ home
To be fair, it’s more like giving law enforcement the key to everyones heavily fortified unobtanium bunker. There’s no way they can possibly get in if the owner doesn’t let them.
I think the intended image there is that they can come and go without announcing themselves, which is what's being proposed.
They can still access your E2E encrypted messages under existing laws by bringing a warrant to your door and asking you to hand over your phone, then:
A: finding it unlocked.
B: hacking it.
C: using normal police techniques to convince you to hand over the passphrase.
D: using a key disclosure law to compel you to hand over the passphrase.
What they want to do instead is take the warrant to Facebook/Signal/etc. and get them to hand the messages over without needing to interact with you at all.
Seriously though, we do need to acknowledge that there are some baddies who wont hand over their passphrases no matter what law enforcement does to compel them.
That said, I'm not sure it's really such a big deal. After all, terrorists will always have access to E2E encryption as long as they have access to general computing tech. Making E2E encryption illegal just hurts law-abiding citizens.
Centralized services are not going to provide 100% reliable end-to-end encryption,
they're vulnerable 'single-point-of-failure' that can be pressured/hacked/etc to disclose their users data.
Proton is "Zero Knowledge" so, they can't divulge anything but, with a weak enough password, high enough computational power or with a big enough wrench[0], you can get anything.
Kind of. But it is a really good point and I'll try to explain:
As long as both parties use a known safe version of e.g. Signal everything is kind-of good.
Messages may pass through NSAs and GRUs headquarters and they are none the wiser even if they have access to Signals servers.
However, if any of them somehow manage to strongarm a release of Signal through the release channels and you or whoever you talk to updates or auto-updates Signal and that new release somehow uploads data from the Signal client, then for most of us we would be none the wiser.
Most operating systems already have a "front door" keys in the form of automatic updates certificates. Android, windows, ios, even apt get, all base their security around certificates which, if stolen, can by design lead to running code.
All the objections to end to end encryption + government access fail to mention that we already have an implicit trust in corporate certificates in the security of nearly all devices, and yet that front door was never used by hackers like everyone suggests government backdoors would be used.
> yet that front door was never used by hackers like everyone suggests government backdoors would be used.
Would you hear about it if it had?
If the US military collaborated with Apple, Google, or Microsoft on a classified project to abuse the autoupdate mechanisms everyone leaves enabled to exec code using their certificates on some military target (leaving aside for the moment that a "military target" is whoever the military says it is and includes people like Snowden), why on Earth do you think that any of the involved parties would ever speak of it?
It's reputational poison; everyone would keep that as quiet as humanly possible.
We know Apple is willingly collaborating with the FBI to avoid encrypting people's device backups, and that's for domestic traffic as well. They work with the CCP and run special backdoored servers there to be permitted to offer iCloud/iMessage services in China.
The Apple software update system can target specific computers by MAC address - fact, today, not speculation.
Why do you think it would be known if they offered this sort of assistance?
It would likely even be illegal for them to divulge it, for various reasons, depending on how they were asked. FISA spying orders and FBI wiretaps already are.
I don't think it'll be known. I bet what you described already happens and yet it attracts far less attention than the end to end encryption shenanigans.
I also think WhatsApp messages backup is literally a backdoor to bypass the end to end encryption.
I think government RCE is far more serious concern than encryption, yet it gets no attention.
We hear about the encryption from all the second class governments that are blocked from the juicy NSA backdoors of auto updates. Ever noticed how the NSA stays quiet in all those encryption debates?
The automatic upgrades channel issue is close to the very heart of, for example, popular browser extensions becoming malicious.
Another attack from the past was the system certificate store compromise by Lenovo on workstations and laptops sold to its own customers, allowing for decryption of any HTTPS traffic from the customer. [1]
Another high profile attack that everyone will know about is the SolarWinds compromise of its software updates. [2]
There have been cases of breaches at various root CAs, including Adobe products; the Zeus Trojan that had a forged Microsoft certificate; a Dutch government cert breach that impacted Facebook, Twitter, Skype, Google and also intelligence agencies like CIA, Mossad, and MI6; A breach at ANSSI, the French Cyber Security Agency.
Then of course there's the recent SolarWinds debacle that should kill this notion once and for all.
Imagine if a government had this much power! They could easily spy on their political opposition, dissidents, or simply work out where and how to most effectively target their political campaign for the next "election", so they can stay in power. Heck, even collecting just the metadata could have serious consequences.
Because, who checks the government and makes sure that the master key is not abused by those in power? The scariest part is that it all can be done silently, behind our backs, without us ever knowing what's really happening. You will never find out if your message was decrypted and read.
Remember, it all starts with the banner of "fighting organized crime and terrorists", but that is just an excuse to an even bigger treasure trove of information these people want. I'd say giving these people that much power is much more dangerous than anything else.
The headline is misleading. These are not rules, there is no legislation. It was a resolution by the national governments. Without the EU commission there will be no European law on this topic. That being said the letter by ProtonMail et al. is still appropriate, the reporting is just inaccurate.
These are email companies. But end to end encrypted email is a mess and hard to implement when everyone else doesn't follow a standard.
With or without EU's snooping what is more likely to happen is that people will migrate to messaging systems that the EU can't snoop: WhatsApp, Signal, Telegram, etc.
That will happen either because they're more private or because everyone else is there or because they offer a lot more features and less spam.
I bet that when the EU tries to mess with the messaging players the public outcry will be much louder. For email, very few will care.
> With or without EU's snooping what is more likely to happen is that people will migrate to messaging systems that the EU
historic legislation and these plans suggest that there will be 2 forms of encryption: 1) Legal 2) Illegal.
it doesn't matter if some niche technologies exist if people are unable to access them. even if they could they would not feel strongly enough to "break the law".
This push has been noticeable only to specialists in the field (and the push is also unevenly distributed) but been ongoing in all 9-eye countries.
France implemented snooping charter in 2015 by changing their constitution (using Charlie Hebdo[1] as excuse), the UK is on par with the US and needs no introduction, Australia has the AAbill[1] criminalizing employees if they do not act as moles in companies, Germany has its Bundestrojaner etc etc ... Australia is especially interesting as it is a tiny population and used as a test-bed for more salty US propaganda and to see what can be learned (in terms of messaging) before applied to a wider basis (e.g. one that is later always rolled out to the rest of the countries in the pact)
All of them are driven by US interests and pressure (anyone wanting to become a member of the many eyes is well advised to implement SIGINT technologies and laws to facilitate Western espionage on their citizens.
Public outcry won't matter, nobody cares because why would a sane person not working in Tech even think about topics like encryption - when this is all just to "catch the bad guys" and "only bad guys have something to hide anyway".
ProtonMail and Tutanota, yes. Threema does secure messaging, Tresorit encrypted file hosting.
> With or without EU's snooping what is more likely to happen is that people will migrate to messaging systems that the EU can't snoop: WhatsApp, Signal, Telegram, etc.
Well, at least here in Germany people are more likely to migrate away from WhatsApp to Threema, Signal or Telegram.
They cannot ban open source code being out there. They can always put any restrictions and we can always override them. What will they do? Sue us? They are welcome. There is no way a non technical person to assess technical matters. Laws that do not represent society's will, are bound to be broken, and politicians cannot do anything about that.
PGP, despite its flaws (flaws that are about ease of use, not really about security), seems to still be the only solution for proper end to end encrypted communication where nobody (corporations, govmts and even three letter organisations) will be able to decrypt your messages.
I guess that's one of the reasons why there are so many voices against PGP...
Mail is transferred using SMTP, which may or may not be encrypted via TLS or similar. What protonmail et al. are likely referring to is the zero-knowledge encrypted storage and retrieval of received mail on their servers by their customers.
https://news.ycombinator.com/item?id=25940566