Europol Chief Warns About Computer Encryption

An anonymous reader writes The law enforcement lobbying campaign against encryption continues. Today it's Europol director Rob Wainwright, who is trying to make a case against encryption. "It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he explained. "It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore." This is the same man who told the European Parliament that Europol is not going to investigate the alleged NSA hacking of the SWIFT (international bank transfer) system. The excuse he gave was not that Europol didn't know about it, because it did. Very much so. It was that there had been no formal complaint from any member state.

Oh For Crying Out Loud

Encryption isn't new so why are they crying about it now? It makes no sense unless they are trying to sneak another fast one by the rubes in the general public. Tell your elected officials to stop whining about encryption and embrace it. Also, tell them we're tired of all these invasions to our rights to privacy because of an existential threat.

No, encryption is NOT going away and you're not getting a back door. Eff off and get to work on something useful and stop playing games!

Re:Oh For Crying Out Loud

Encryption isn't new so why are they crying about it now?

Easy there ... watching your horse bolt away over the hill can be very upsetting you know!

Re:Oh For Crying Out Loud

[Hadlock]

PGP isn't exactly known for being user friendly. Gmail does not support it out of the box. The average person just can't be expected to understand that kind of cryptography.
 
That said, if you encrypt the device, encrypt the transport method, and the receiving device, that's pretty damn secure in about 98% of situations. WhatsApp just rolled out end to end encryption for their service as well, and they only charge a dollar a year (I think). That's encryption the average person can use. When an 18 year old mother of two in Sao Paulo can review her grocery list with her mother via secure encryption and neither of them know they're even doing it, that's a whole new level of secure. Compare that to the plain text emails I get from my boss about what I might consider vastly more important things at the office.
 
The golden era of unencrypted plaintext email is just about dead, I think, is the problem for intelligence agencies. At least for those people outside of gleaming glass corporate offices.

Re:Oh For Crying Out Loud

[SuricouRaven]

Encryption isn't new, but tansparent on-by-default encryption is. Remember just how tech-dumb the average person is - you'd be lucky if you could get them to realise a web browser and the internet are not the same thing. Most governments weren't too worried (US aside) when encryption was something available only to the moderately skilled, especially in communications where the lowest standard has to rule*. After the NSA scandal though, companies are starting to design encryption into their products at a lower level, such that the user benefits without even having to know what encryption is.

*Would you like to explain to your mother how to use gnupg to encrypt emails?

Re:Oh For Crying Out Loud

When an 18 year old mother of two in Sao Paulo can review her grocery list with her mother via secure encryption and neither of them know they're even doing it, that's a whole new level of secure.

Sounds like the kind of secure you wouldn't notice if it was disabled.

Re:Oh For Crying Out Loud

[GNious]

Europol talks about terrorists - I'm not sure they count as average, since they have a vested interest in secure/secret communication.

Simply, that random parent doesn't know, care about or understand encryption, does not mean random terror-group doesn't (and didn't already a decade+ ago).

Re:Oh For Crying Out Loud

[gl4ss]

besides the fuck it's going to do good for anyone if they snoop on everyone all the time anyways if they will not even do anything unless some 3rd party then tells them to do something about the crime.

like with the swift: did they tell the member states about the hack? how the fuck could they complain if they're not told about it.

Re:Oh For Crying Out Loud

[aaaaaaargh!]

They are crying now because some companies no longer want to cooperate with them by developing deliberately weak standards (e.g. cell phone encryption) and by providing illegal backdoors for wiretapping without warrant. So they want to be able to force them by law, which means that they need to convince politicians first.

In my pessimistic opinion, the most probable outcome of this debate is that companies will bow (again) to the authorities like they did before and provide the backdoors voluntarily, presumably in the form of vulnerabilities that are not published.

Re:Oh For Crying Out Loud

PGP isn't exactly known for being user friendly. Gmail does not support it out of the box. The average person just can't be expected to understand that kind of cryptography...

And since when does survival include the weakest members of the herd?

Those that figure it out will survive. Those that don't, wouldn't have bothered to learn anyway. Apathy thins the herd nicely.

Re:Oh For Crying Out Loud

[Z00L00K]

I agree - the damage caused by not having encryption will be severe. The criminals will still be able to find ways around it while the average person will be exposed to all kinds of evil.

Re:Oh For Crying Out Loud

[Pieroxy]

If you've got a keylogger (or any king of process) running locally, no amount of encryption is going to save you. That's how they got some of the ISIS members, by just running a TOR node and sending infected page to everyone that got out through their node. As a result they infected ISIS members using TOR along with everyone else on the TOR network vulnerable to their infection.

Knowing they're inside the firmware of your HDDs, I think they're aware of this.

Re:Oh For Crying Out Loud

[jonwil]

There are JavaScript (and other client-side-but-in-the-browser) implementations of all kinds of encryption algorithms out there. The mega.co.nz site does client-side encryption before uploading to the server (so they never get the plaintext)

I see no real reason why you couldn't have a client side/browser extention/JavaScript/whatever implementation of something like PGP/GPG where the private keys never get seen by the web mail provider (it would mean each device you want to send email from has to have its own copy of the private key stored somewhere though)

Google and Yahoo already have in-browser addons in development that are designed to do client-side end-to-end encryption in the browser for their email platforms.

Re:Oh For Crying Out Loud

[AmiMoJo]

I'm actually surprised he mentioned communications, although I suppose man chat apps do use encryption now which is probably more of a concern than email. The main issue law enforcement tends to have is with encrypted data on storage devices. In the past once they had your phone or computer they could datarape it effortlessly, nowadays it's often completely impenetrable, or at least as hard to crack as the user's password.

Re: Oh For Crying Out Loud

Here's a hint for the under-informed: If you don't know you're using encryption, someone else is managing your keys. If someone else is managing your keys, they can let cops, intelligence agencies, and other kinds of bad actors in without you knowing it.

Better than nothing? Sure. However, a little understanding of what it is and is not good for can go a long way, and that's exactly what must people don't have.

Re:Oh For Crying Out Loud

[Wootery]

Eff off

Correction: EFF off.

Bumper-sticker idea...

Re:Oh For Crying Out Loud

[MitchDev]

The government is our enemy, regardless of what country we live in. Even the so-called "bastions of freedom" have fallen to the police state mentality.
The government SHOULD fear the citizens, not vice versa.

Re:Oh For Crying Out Loud

[BrokenHalo]

Those that figure it out will survive.

Hmmm. From a terrorist's point of view, those who bypass encryption entirely will survive, at least for long enough to do what they intend. A one-to-one conversation on a beach or other exposed place is a good way of achieving this, and it would appear that they know it.

Those IS nutjobs seem to have learned that the best way to avoid being trapped in the mesh of surveillance programs is to fragment their operations to the extent that they all operate as lone wolves. It clearly works.

Most people who need to be concerned about excessive and intrusive government surveillance are everyday people who just like to have the bathroom door shut while they're having a dump.

Re:Oh For Crying Out Loud

[Hadlock]

If the target, the target's friends and target's friends friends are all using encryption for 98% of communications, while you can still crack it (presumably?) you have to know what you're looking for in advance, like you would when applying for a warrant. That sort of defeats this huge plaintext scanning system the NSA and English governments have been putting in to place for the last half decade or more. Without all the supplemental background information their job gets exponentially harder and there's more data to decrypt than they have computing resources for.

Re:Oh For Crying Out Loud

[jythie]

Encryption is not new, but it is becoming increasingly accessible to non-technical people, so the sheep buffer of people not using it is starting to dwindle.

Re:Oh For Crying Out Loud

[karmatic]

This is more a discussion about mobile devices, which (unless you jailbreak them) don't trust the user.

Barring a root exploit (which do exist for a bit, and are patched when found), a keylogger on android is much less of a possibility. With Apple, the crypto is handled in hardware, and a keylogger gets to be near impossible (though phishing is not).

Re:Oh For Crying Out Loud

[jythie]

I too am rather skeptical. While there is always the possibility of parallel construction, the narrative that they used old fashioned 'pretend to be a recruiter and talk with people' technique seems pretty plausible, which does not require any kind of keylogging or breaking Tor.

Re:Oh For Crying Out Loud

[Gr8Apes]

This is easily possible, but realize who you're talking about - this is Google (G), and G makes its money by scanning your plaintext email and building profiles about you to sell ads and marketing metrics. If gmail goes PGP, then G loses the ability to scan that plaintext email, unless it's doing so via a client side process to send the information its interested in prior to encryption, also possible, but kind of defeats the purpose of encryption in the first place. I wouldn't be surprised if GTalk goes away soon, because more people are starting to use OTR supported clients. G only sees encrypted messages, pretty useless for gathering data.

Re:Oh For Crying Out Loud

[Dunbal]

WhatsApp just rolled out end to end encryption for their service as well

Right. And exactly how is WhatsApp supposed to monetize you and data-mine you if your messages are encrypted? I'm of the opinion that this is a marketing gimmick with Whatsapp sitting as the man in the middle.

Re:Oh For Crying Out Loud

Oh, you would though. You'd notice the next time you go to the ATM and all your account balances are -$500, your stock portfolio has vanished, and your 401k wrote a check out to Florida. Everyone harps on about how encryption makes finding the terrorist harder, but no-one wants to offer a solution to make the average person safer from cybercrime. They're taking away our digital guns because bad guys have them. Well, no shit. Of course the bad guys have them. The bad guys have anything that would construct a 'defense'...against 'anything'. Bad guys defend themselves. Film at 11. What's more is that making the encryption illegal won't stop them using it either. Remember, they're criminals. Taking away the guns won't make us safer. Taking away the drugs won't make us safer. Take away anything that people want and you create a black-market and organized crime. That makes *everyone* less safe. This is nothing but a mandate to turn us all into even bigger targets.

Re:Oh For Crying Out Loud

[chuckugly]

Like mailvelope I guess?

Re:Oh For Crying Out Loud

[datavirtue]

That, and people (terrorists?) generally trusted that their SSL/TLS certs were protecting their communications. I have to assume the NSA got hold of those and forged a man-in-the-middle relationship. Even if they didn't I still have to assume they did and go through extra measures to protect my communications.

Re:Oh For Crying Out Loud

[hackwrench]

Yeah, exactly. I don't see why the surveillance community doesn't get that if you ban encryption then anyone, not just them can see your unencrypted things and won't keep encryption out of the hands of the bad guys. Maybe they think if encryption is only used by the bad guys it will be detectable and they can arrest the bad guys simply for using encryption.

Re:Oh For Crying Out Loud

[JimFive]

WhatsApp isn't the man in the middle, they are at both ends.

Re:Oh For Crying Out Loud

[Pieroxy]

Not quite exactly what I was talking about, but close: http://www.pcworld.com/article...

Europol is not investigative

Europol not investigating is not strange. That is not their job. Cross border investigations are handled by the police in the memberstates, but with coordination from europol.

Whatever people believe, europol is not an european fbi. Although, it would probably improve things if they did become one...

Re:Europol is not investigative

[Pi1grim]

If they uncover criminal activity isn't it their duty to inform the victim?

Citizens are not to be trusted.

[pspahn]

As Tom Waits wondered, what's he building in there?

Your Fault

[Bob9113]

"It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore."

You backed us into a corner by monitoring non-suspects.

It's your fault.

Dickhead.

Re:Your Fault

[Bob9113]

I'm gonna pretend you're actually interested in the answer, but let's face it, we're really talking past each other, to our fellow Slashdotters. Thank you for smoking.

The reason for the mass move to encryption -- like Wikipedia and Google moving to default HTTPS, and people like me working on making encryption more approachable by the masses -- was the revelation that non-suspects were being monitored. That is why there is now a haystack within which to hide the needles, and that is why the encryption is now too strong for the intelligence agencies to break when we really want them to be able to.

Moreover, while I'm here, and since I want terrorists to get caught, let me add this: The solution is not increasing the level of distrust between citizens and government. The solution is restoring the reasonable, moderated, level of trust that we used to have in the executive branch. That starts with the ones who created the rift, and that is not the people who were sending all their traffic in the clear; it is the assholes who recorded it all and denied they were doing it.

Re:Your Fault

[Dutch+Gun]

The solution is restoring the reasonable, moderated...

And so naturally he gets modded "Flamebait"

Re:Your Fault

[AmiMoJo]

He should just come out and say what he really means, to show that he is at least honest about what he wants us to submit to. He wants to violate our privacy. He wants to take away privacy in exchange for some small amount of security.

Say that, and at least some people will respect you.

Re:Your Fault

[Gr8Apes]

The surveillance state is leading to a situation where the entire country distrusts the government.

Umm, that boat sailed a couple of years ago. I don't believe anyone really trusts the gov at this point, and that's not a good state of affairs.

Because obviously..

[Altrag]

Of course, terrorists are well known as the most law abiding citizens on the planet.

Or maybe this guy thinks the universe will just make prime numbers and whatnot stop working because he doesn't like what they can do.

Both are equally likely to produce useful counter-terrorism results.

Re:Because obviously..

[davester666]

Hey, these guys didn't go into policework because they were experts at math...

Re:Because obviously..

[bill_mcgonigle]

Both are equally likely to produce useful counter-terrorism results.

The most effective thing to do for counter-terrorism is to keep blowing up families in the Middle East and occupying "holy lands". Keep bombing villages until democracy emerges.

To do so, we need ever-stronger Nation States, and giving them the ability to monitor all of their subjects' domestic communications is a good rung up on that ladder.

Also, Facebook is the real danger to world peace - so be very upset about their ad network and don't bother encrypting your traffic.

Re:Because obviously..

[RyoShin]

Of course, terrorists are well known as the most law abiding citizens on the planet.

To play devil's advocate: By outlawing encryption, the amount of "law-abiding citizens" that use it will drop precipitously. Then, when the NSA intercepts an encrypted signal, it becomes far more likely that both ends are $BOOGEYMAN, and their resources won't be spread as thin. Even if both ends are decidedly not $BOOGEYMAN, they are either foreigners, citizens with little regard for the law, or a combination of the two, and so need to go on one of the myriad of watchlists anyway.

So even though outlawing encryption won't end encryption, it will make the NSA/FBI/Europol/etc.'s job of getting leads much easier.

When every citizen is a potential terrorist...

[MindPrison]

...then we have a problem with government.

Re:When every citizen is a potential terrorist...

[Zocalo]

I suspect that's actually the underlying problem for the security & intelligence services. It's not so much the fact that regular citizens are starting to use encryption that they have a problem with so much as through the use of encryption by default they're losing the ability to find the more interesting chatter by simply looking for people that are even using encryption in the first place. When your entire haystack is made out of needles, finding the few you are actually interested in becomes that many orders of magnitude harder.

Well, screw that. What they are basically saying is "make our jobs easier for us", but what they are failing to point out is that by doing so they are also leaving people exposed to everyone else that might want to eavesdrop on random communications, and in particular all those people/organizations/countries that they are meant to be securing each other against. If *you* have access to it, then so do your opponents - so the real question, and the one that really needs to be addressed, is which is the lesser of the two evils - having your nation secure from outsiders, or making the job of securing your nation against internal threats slightly easier? Given the complete failure of the security & intelligence services to demonstrate they can achieve the latter even before encryption become a big issue I'd say that's a complete no brainer.

Re:When every citizen is a potential terrorist...

[UnknownSoldier]

/Oblg. "Government: Terrorists who extorts its citizens to prevent another group of terrorists from taking over its job."

Re:When every citizen is a potential terrorist...

[Jason+Levine]

What they are basically saying is "make our jobs easier for us"

We've been seeing a lot of this recently. From the RIAA/MPAA who would like the ability to get the personal information on multiple people on the flimsiest of evidence of copyright infringement (because actually gathering evidence on each one and suing each person in the appropriate district is too hard) to the government law enforcement agencies who feel that asking a court for a warrant - even when said court never turns them down - is too much effort.

It's one thing to be power-hungry. It's quite another to be power-hungry AND lazy!

Re:When every citizen is a potential terrorist...

[cant_get_a_good_nick]

"make our jobs easier for us",

This is a fundamental sticking point that I haven't heard any cop talk about.

The US Constitution purposely makes it hard to go after someone. This is not a bug in the system, but a feature. When cops argue (in effect) "you're making it just too hard" realize that they're bashing the Constitution. Maybe they feel times have changed enough the Constitution should be changed, but while it's around, you follow it. Just like us normal folks have to follow laws we may not like.

Re: When every citizen is a potential terrorist...

[dcollins117]

Our own government doesn't obey the law, why should we? This is standard Pisoner's Dilemna. Once the other side defects, you must too. Continue to cooperate and you lose. Badly.

He thinks it is bad now?

[Karmashock]

Given the arrogance of the NSA and other national security agencies, they can expect encryption to increase radically. This is a natural consequence of their refusal to abide by due process as well as generally doing whatever the hell they want because they "can".

That attitude is a double edged sword. And they are just now feeling the bite of the other edge as the global community responds to their behavior.

Not only will the sophistication of encryption spread by it will go from being an option to being a default status quo. In the not too distant future, if they want access to data, they will need to get the cooperation of the owner of that data... or get nothing at all.

Re:He thinks it is bad now?

For most of its history, the Fourth Amendment has never been about protecting privacy, but rather protecting against using the state's power to disrupt innocent people's lives.

The SCOTUS decision of Katz v. United States counters that assertion, particularly in the realm of wiretapping.

Besides, how do you know that an ongoing unreasonable warrantless dragnet over the entire country isn't a disruption? It's insidious, even more so when the public wasn't aware of it.

To use the mandatory Slashdot car analogy, if a police officer asked you first, how often would you grant permission for him to pull you over, regardless of your speed?

To lawfully pull you over, the police officer must have probable cause to do so - to do otherwise is proscribed by the Fourth Amendment. It may be as trivial as a broken taillight, but probable cause nonetheless.

By conducting indiscriminate monitoring of the speed of vehicles, he's probing your vehicle's status, and that's invading your privacy.

With some exceptions (see United States v. Jones), you generally do not have a reasonable expectation of privacy on public roads.

Re:He thinks it is bad now?

[N1AK]

Rather, what actually happened is that the spy agencies watched everybody, and by and large didn't care about people who weren't throwing up red flags. If it weren't for Snowden and the Internet-fueled rage he spurred, you'd never know that you'd been investigated at all.

And if you never found the camera your neighbour installed in your bathroom you'd never know he'd been watching you and your family naked, but that probably wouldn't stop you being pretty pissed about it when you found out.

When your government begins using mass surveillance on the entire population, and does so in secret and against the protections your government tells you that you have, it should be a pretty obvious sign that you can't trust them.

Re:He thinks it is bad now?

And if you never found the camera your neighbour installed in your bathroom you'd never know he'd been watching you and your family naked, but that probably wouldn't stop you being pretty pissed about it when you found out.

Unless by "neighbor" you mean "Google", and they offered a drone to fly out some drain cleaner 30 seconds after you need it... then it'd be kinda cool.

Re:He thinks it is bad now?

[srmalloy]

Besides, how do you know that an ongoing unreasonable warrantless dragnet over the entire country isn't a disruption? It's insidious, even more so when the public wasn't aware of it.

Exactly. Where, from the outside, can you tell the difference between "We're collecting all this phone traffic, but we're only looking at it when it touches the specific individuals we already suspect of criminal activity and are investigating" and "We're collecting all this phone traffic; let's run the pattern-recognition software over all of it to see if we can turn up any criminal activity we can use to boost our arrest numbers"?

Re:He thinks it is bad now?

[Karmashock]

In regards to natural responses... do the windows of people that live in bad neighborhoods have bars on them?

Yes they do.

Why is that?

Natural response.

People respond to threats.

Action leads to reaction. Invade people's privacy, show that you unbound by due process, that you'll do whatever you can do, and that the limits of your power are literally whatever anyone allows you to do... then you have created a situation where everyone does what they can to limit your capabilities by locking down the encryption and otherwise increasing the security.

The NSA will continue to do whatever it "can" but what it can do will shrink over time because it simply won't be possible for them to gain access without consent.

That will continue until such time as the NSA starts abiding by some rules. Until that happens, the security is going to ramp up until everyone is pretty sure the NSA can't get in.

How many people called it here?

[Thanshin]

Someone should make a query that extracts the Slashdot commentaries that have predicted this exact situation for a decade.

The prediction goes like this : "If you keep doing stupid shit like that, people will start encrypting their computers and communications to protect themselves from your unimportant shit and this will help the very few people who encrypt their computers and communications to hide serious crimes."

The more you turn everyone into a criminal, the harder it will be to find the actual criminals.

It's time to decriminalize the population, so people become once again able to distinguish between the guilty and the innocent.

Re:How many people called it here?

[Pi1grim]

But the point is not to catch real criminals, the point is to dig up dirt on anyone and everyone, so when the time is right - you could use it to your advantage.

"Don't you see it's for your own protection, and for your children, protecting all of your from pedophiles, terrorists and the scary monster in your closet. And if you don't buy this argument, then obviously you are an enemy of the state, because if you don't have anything to hide - you have nothing to fear. Oh, and don't forget - arbeit macht frei."

Snooping agencies will fight tooth and nail to keep their snooping powers because they don't give a rat's behind about the read bad muthus out there - because that's entirely different playing field, you can't go after them directly, they are well protected and shifting balance includes a lot of political play, but the smaller fishes can be caught with a wider net, and to get leverage all you need is a right to snoop on anyone at any point in time. It's too convenient to give up.

Re:How many people called it here?

[Thanshin]

Snooping agencies will fight tooth and nail to keep their snooping powers

The problem with fighting tooth and nail is that it's strategically stupid to fight directly against a larger and stronger army.

The privacy arms race benefits the people, only a false feeling of safety and anonymity stops the people from making it practically impossible (or impossibly impractical) to spy on the general population.

A front attack, however strong it may be, will fail.

Some of us are accusing the agencies of being intrusive, but this is a different problem. This is about having been intrusive in a strategically unintelligent way.

Re:How many people called it here?

..The more you turn everyone into a criminal, the harder it will be to find the actual criminals.

So, what you're saying that you trust their judgement on the matter of who is a criminal so long as *you're* not being tagged as one?

Ignorance

[Futurepower(R)]

Most government leaders are profoundly ignorant about technology.

For those of us who work with technology, it is difficult to understand how ignorant the leaders are, and what we could do to fix the problems ignorant leaders cause.

Re:Ignorance

Most government leaders are profoundly ignorant about technology.

They are no different than the general population...

Re:Ignorance

[Pi1grim]

They are not so much ignorant, as they are pursuing their own agenda. Don't think for a second that they don't have an army of tech-savy advisors and specialists that are at their beck and call, should they need a detailed explanation about how it works. But they benefit from pretending they don't know and targeting the general public that doesn't know either in order to pursue their own goals.

Spies vs Comm Monitoring

[BoRegardless]

Sun Tzu almost 3000 years ago said he'd rather have 1 good spy than 10,000 good soldiers.

So what yields better results, spies you hire or machines who take no pay? Yeah, I know, spies are difficult, messy, and must be paid in cash.

My guess is what you catch with machines is bad guy wannabees. Real terrorists are probably already using unbreakable steganography. The chance of getting 500 bytes of info out of a 500 KB image, if you can figure out which image has hidden data in it, is next to none.

Re:Spies vs Comm Monitoring

[John+Allsup]

He will win who knows when to fight or not to fight. These law enforcement idiots are fighting a battle for control that they shouldn't and our friend Sun Tzu tells us they will lose the war. Pity those fellows.

Re:Spies vs Comm Monitoring

[SuricouRaven]

There is one thing that Sun Tzu stressed above all else in The Art of War: War is very, very expensive. Only start a war if you are confident not only of victory, but of a rapid victory - for if you win after ten years of fighting, you'll have emptied the treasury and destroyed your own economy. A lot of his instruction isn't about how to fight, but about when not to fight.

It's only going to get worse.

[John+Allsup]

People haven't figured out the half of it. The Theoretical Computer Scientists are still trying to figure out if P equals NP, when there is both an easy solution (I've tried to submit one version of it, and have written another), and that when conditions of physical plausibility are introduced, it turns out to be the wrong problem anyway. Hard problems arise as soon as you need one more peek at a pile of data than you have. Then you have to guess, and you are at the mercy of the guess. If it is a genuine binary guess and nobody is in a position to force your random number source (and this is totally unrealistic) then you only have a 50% chance of being totally wrong. Things go downhill pretty fast from there.  Trust me, my sanity has survived by playing these games in my head for the last decade or so, and there is only one sensible strategy, and it is built fundamentally on sensibly chooing friends you trust. Things then either turn into a lovely blissful world of total cooperation (and I'm still dreaming here), or else devolve into a downward spiral of ever decreasing trust, ever increasing suspicion, and total failure to justify that distrust given that when one determined person want to screw things up, he or she happens to be the 1/1000 that you didn't decide to label a 'madman' and lock up. The law enforcement systems they are demanding don't work even in dreams. They face too many decision processes, can't improve matters by adding more decision processes (and this is the mess that using computers to aid they really gets them), and they are demanding that their task is made artificially simple. Doesn't bloody work that way in our universe. Sorry. We live according to the laws of mathematics and physics, and if you find yourself on the wrong side of them, complaining to lawmakers won't make the problems go away, but can screw up a large number of lives in the attempt.

Re:It's only going to get worse.

>We live according to the laws of mathematics and physics

Nope. Laws of nature/universe. Maths and physics only (try to) describe those.

boo hoo

You are more likely to die by crossing the street, falling down the stairs, heart attack, or cancer than by terrorism.

Re:boo hoo

[emj]

You are basically saying that to die of old age is more common that terrorism, war/terror kills people of all ages that's why it's so scary. There are 1000x more 70+ who die common types of heart failure like ischemia than 30 year olds

Re:boo hoo

[Godwin+O'Hitler]

Or, to put a different spin on what you said, is the money spent on counter-terrorism the most cost effective way of minimizing death of any kind? Could the spending be deployed in different endeavours that would outweigh the lives saved from terrorism? (Not that we have a lot of proof it saves any lives at all from terrorism).

He's right

[hcs_$reboot]

[encryption] has become perhaps the biggest problem for the police (...)

He is right. Eavesdropping everyone everywhere in all possible ways without any ethical limit made everyone aware of
- the privacy intrusion risks posed by non encrypted communication
- the privacy intrusion risks posed by weakly encrypted communication
- the privacy intrusion risks depending on the communication media being utilized.

Shut uuuuup

[wonkey_monkey]

Maybe if law enforcement types didn't keep banging on about how useful encryption is for terrorists, fewer terrorists would actually hear about it in the first place.

Re:Shut uuuuup

[Sarten-X]

I seem to recall discussion of encryption-using terrorists in the 80s and 90s. It's not a new concept.

What is a new concept is having nearly-unbreakable encryption available for $2 at an electronics shop in the nearest major village, ready to be deployed to an untrained operative, and available in a large enough quantity to be sure that every message the organization sends is secure.

That's what's spooked the spooks.

Re:Shut uuuuup

[gweihir]

Terrorists do not use encryption for communication. With encryption, you can still determine sources and destinations and that gets people drone-killed on the mere suspicion of being terrorists. Of course, those that survive have become smarter, as part of an ordinary evolutionary process under predator pressure.

Re:Shut uuuuup

[gweihir]

No, it is not. What spooks them is ordinary citizens being able to talk without them being able to listen in. These people are pathological paranoids and very, very afraid of the general population. Terrorists are not even using email or cellphones these days, the US drone-kill "strategy" made sure of that.

Re:Shut uuuuup

[currently_awake]

Terrorists have a simple way to figure out the safe way to do their business: try stuff and see who dies or gets caught. This is basically how disease becomes immune to anti-biotics.

mmm encryption is bad

[MrKaos]

'mkay!

So, let me get this right

[vikingpower]

If yours truly and another law-abiding citizen encrypt communication, how is that going to hamper counter-terrorist work ? I pay my tax, he pays his tax, and the worst we do is getting drunk in his or my home on saturday evening, or screwing the occasional whore. Could it that Europol has been touched by the arrogance that comes from wielding too much unchecked, or at least badly checked, power for too long ?

Re:So, let me get this right

[Jason+Levine]

If you didn't encrypt your conversation, they could listen in to it, determine you two weren't terrorists, and move on to the next unencrypted conversation or focus on the small number of encrypted ones.

If more people encrypt conversations, though, the government won't be able to rule out that you are a terrorist since they won't be able to listen in on you.

In short, you're guilty until proven innocent and you're making it hard for them to prove you innocent. [mock outrage] How DARE you do that! [/mock outrage]

Re:So, let me get this right

[gweihir]

While this sounds convincing on the surface, it is utterly false in reality. You cannot determine from the contents of communication whether some people communicating are terrorists if they have at least minimal OpSec. You can, to a degree, identify groups when you have one member, but that works regardless of encryption.

These days there are only two kinds of terrorists (disregarding the ones created by the FBI): The dead ones and those with good OpSec. Of course, there are not many of either, and the whole thing is completely blown out of proportion. By "Qui bono?" is also becomes clear why it is being blown out of all proportion: It means more money and power for various police, state security and other anti-freedom organizations. These people are habitually lying to us these days and milking the fear for all its worth.

Re:So, let me get this right

[Jason+Levine]

FYI, I wasn't being serious in my comment. (Probably should have used Sarcasm tags to make that clearer.)

Re:So, let me get this right

[gweihir]

I halfway though so, but a lot of people may not notice that what you propose is actually not going to work, hence my comment.

So?

[bytesex]

The cat is out of the bag. Crypto and its application is an academic subject now, with plenty of companies and open-source projects using the fruit of the work. That is to say, for another ten-fifteen years or so. Then, quantum will start taking it all apart. The amateurs will not have the resources to follow there.

Re:So?

[Thanshin]

The cat is out of the bag. Crypto and its application is an academic subject now, with plenty of companies and open-source projects using the fruit of the work. That is to say, for another ten-fifteen years or so. Then, quantum will start taking it all apart. The amateurs will not have the resources to follow there.

So, basically, the cat is either out of the bag, or dead, and we won't know for another ten-fifteen years, time at which the cat wave collapses.

Re:So?

[Jason+Levine]

The cat is out of the bag. Crypto and its application is an academic subject now, with plenty of companies and open-source projects using the fruit of the work. That is to say, for another ten-fifteen years or so. Then, quantum will start taking it all apart. The amateurs will not have the resources to follow there.

So, basically, the cat is either out of the bag, or dead, and we won't know for another ten-fifteen years, time at which the cat wave collapses.

Great. Now those terrorists are attacking Schrodinger's cat... or not attacking it. I can't tell since I haven't observed the system yet.

Reference:

[emj]

Ischemia deaths in Sweden by age you can compare that to the graph for traffic accidents with stationary objects

Crying about encryption just another symptom

[einar.petersen]

Watching the police state encroach deeper and deeper and the sheeple doing nothing but watching their reality shows and empty journalists blabbering the agenda on the evening news attempting to marginalize anyone with half a brain discussing the deeper implications regarding the slide towards totalitarian rule is a sad sad reality for someone who has seen the Berlin wall fall and who remembers the horror stories about STASI an organization that pales in comparison to the evils of intelligence services operating in todays so called free democracies. When will the people rise and object against the tyrannical powers laying their claws upon every soul walking this earth...

Re:Crying about encryption just another symptom

[currently_awake]

The real lesson is that investigative journalism is dead. The media is so deeply in the pockets of big business that they can't see the hole anymore.

Re:When every ?! is a potential terrorist...

I am Greek

You're also a moron.

Willing to kill but respect a ban on encryption?

[xenobyte]

How incredibly likely... You are a fanatic willing to kill scores of innocents but won't use encryption because it's illegal? This has to be the most stupid idea in a long time!

BANNING ENCRYPTION WILL NOT PREVENT TERRORISTS FROM USING IT !!!
Sorry for shouting but it's so bleeding obvious!

The only people that will respect such a ban would be normal law-abiding people and they are not likely to be interesting to Europol and similar.

unintended consequenses on extreme measures

[bitflusher]

Extreme measures have extreme disadvantages. After 9/11 pilots were given the ability to lock their cabin to prevent terrorists from taking a plane. The Germanwings incident show this locks out the good people as well. Preventing encryption will be celebrated by terrorists, they could gain much more knowledge from plain data in transmissions.

No encryption == full employment for police

[PeterM+from+Berkeley]

Because without good encryption, commerce will be WIDE OPEN to fraud as criminals acquire information required to steal money from people, like bank account numbers, passwords, locations of money, etc.

If we can't use encryption to protect our information from criminals itching to use it for fraud, then fraud will explode and we'll need LOTS of cops to track down all the criminals.

We should tell them to take a hike, because:
1) Cops will never catch fraud before it happens
2) Cops will never recover all the money stolen
3) Trust in banking will falter
4) Trust in using the internet for commerce will falter

Also, "key escrow" won't work.
I'm sorry, but if the US Government couldn't keep the HYDROGEN BOMB secret, how am I to trust ANY government to keep secrets WORTH TRILLIONS? (I.e., their escrowed keys secret from the criminal element?)

--PeterM

Re:No encryption == full employment for police

[Jason+Levine]

That was my first reaction also. The government likes to speak about terrorism, but ID theft, credit card fraud, and other types of financial crimes are a whole lot more prevalent. Now imagine if encryption were to disappear tomorrow. All those personal details whizzing about the Internet unencrypted? Financial crimes would skyrocket. Either that, or nobody would do business online and a huge sector of the economy would collapse overnight. Even *IF* banning encryption meant all terrorism was stopped the financial cost alone would make it a non-viable option.

Re:No encryption = advantage criminals

[Godwin+O'Hitler]

To be fair, the only reason I would use encryption on my own initiative is "keep your fucking noses out of my private life and my reasons for that are none of your concern."

Really?

[nospam007]

What happened? Did he order an expensive full attack on an encrypted container with dozens of people and they got a shopping list after 2 years?

The terrorists win

[GeekWithAKnife]

IF we cannot body scan you
IF we cannot read your emails
IF we cannot read your medical records
IF we cannot detect your location
IF we cannot determine your political beliefs
then one day that will become
The terrorists win IF we cannot read your mind


Because if you're innocent why would you want to hide anything right? because data collection agencies, corporations and the government have done such a stellar job making sure that information is handled ethically and protected privacy in an adequate manner, right?

How is that load of bullshit working so far? -when will draconian security measure applied without cause or reason be seen for what they are?

There is always be those that use violence to influence, no amount of snooping and big brother shit will ever change that.

I'm sorry what?

[koan]

If we use encryption your job is pointless?

Re:I'm sorry what?

[Jason+Levine]

No, if you use encryption, their job becomes hard. This is bad (as defined by them, not me) because:

A) They want the power to look at everyone anytime they want to make sure you're not a terrorist (or some other criminal). Encryption prevents this.

B) They don't want to have to actually work hard to do their job. Why do research and obtain warrants and deal with privacy-protection measures when you can just trample over everyone to get what you want? The quickest path between point a and point b is a straight line - even if it takes them through your house,

Poor you, your job is difficult.

[BVis]

"It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he explained.

Tough shit. Nobody said it would be easy.

There's an old saying....

[BravoZuluM]

When encryption is outlawed, only outlaws will have encryption. And the government, but then I'm being redundant.

This is his job

[dave420]

His job is to point out things which cause them problems. If those things are valued by constitutions and lawmakers, they will not be listened to, and Europol (in this case) has to change its game to deal with it. If he kept quiet about every headache they deal with, he should be removed from his position. Instead, he does his job, and the technically literate people who can't understand what his job actually entails start moaning about how infeasible it is or how it tramples basic human rights.

Every post here complaining about this guy pointing out how bad encryption is for them has missed the point entirely, and is engaging in a knee-jerk moanfest. The people to get angry with are any politicians who try to enact this guy's suggestions.

How did they ever catch criminals before phones?

[cant_get_a_good_nick]

I always hear that we can't catch anyone if phones are encrypted, or computers are encrypted. Evidently there were no police techniques available before 1995, and all criminals got off easy. All those police shows where people gathered non-cell-phone based evidence must have been something like science fiction, but for cops.

They abused the privilege, now they pay

[msobkow]

They abused the privilege, now they pay the price. I've no sympathy for any of the intel agencies out there who've claimed they're only interested in identifying endpoints and sessions, yet now are crying about the traffic content being encrypted. Encryption simply limits CSEC, GCHQ, NSA, et. al. to the endpoint identification they said they want.

It's too late to change your mind. I use RSA2048 exchange of AES256 keys, hard coded into all my applications. If you don't have the Java export-strength encryption enabled, I don't want to bother supporting your code. You're just begging to be intercepted without export-strength encryption.

I'm tired of being snooped on. I'll take my right to privacy seriously, thanks. I don't even trust pre-generated keys for the RSA2048 server encryption -- I generate them on the fly at server startup so that even the person running the server doesn't know what the keys are.

Too bad soo sad

Governments are funny, they think they can just lay back sipping their slurpees while slurping down worlds data from room 641A. Even funnier they believe they are entitled to the current status quo for all of time. When people wise up and they are denied capability they pout and whine like two year olds about "going dark" all the while intrusive private and public data collection regimes continue to proliferate unbounded.

If you don't like the proliferation of encryption technology maybe you should have thought about that BEFORE you collectively gave the world reason to care.

The problem goes beyond encryption

[TsuruchiBrian]

We need to ban, not only digital computers, but also math. One can multiply big prime numbers and keep them secret using pen and paper.

Lie. If caught, lie more.

[gweihir]

As far as we know, not a single terrorist attack would have ever been averted if encryption had been breakable. This person is either terminally stupid or exceptionally dishonest. In either case he is a serious threat to society and should be removed from his position immediately.

How could they know?

[Futurepower(R)]

"Don't think for a second that they don't have an army of tech-savy advisors and specialists..."

How would someone who isn't technically knowledgeable know if someone IS technically knowledgeable? In fact, a lot of incompetent people want high-paying jobs. Incompetent people may sound wonderful to a manager.

After years of postcards, the envelope is invented

[eric_harris_76]

After years of people communicating by postcards, someone invents the envelope, and the cops get all scared that they won't be able to fight crime any more. Or so they say.