Slashdot Mirror

← Back to Stories (view on slashdot.org)

European Parliament Committee Endorses End-To-End Encryption (tomshardware.com)

Posted by EditorDavid on from the unlike-Theresa-May dept.

The civil liberties committee of the European Parliament has released a draft proposal "in direct contrast to the increasingly loud voices around the world to introduce regulations or weaken encryption," according to an anonymous Slashdot reader. Tom's Hardware reports: The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens' fundamental privacy rights. The committee also recommended a ban on backdoors. Article 7 of the E.U.'s Charter of Fundamental Rights says that E.U. citizens have a right to personal privacy, as well as privacy in their family life and at home. According to the EP committee, the privacy of communications between individuals is also an important dimension of this right...

We've lately seen some EU member states push for increased surveillance and even backdoors in encrypted communications, so there seems to be some conflict here between what the European Parliament institutional bodies may want and what some member states do. However, if this proposal for the new Regulation on Privacy and Electronic Communications passes, it should significantly increase the privacy of E.U. citizens' communications, and it won't be so easy to roll back the changes to add backdoors in the future.
Security researcher Lukasz Olejnik says "the fact that policy is seriously considering these kind of aspects is unprecedented."

8 of 120 comments (clear)

  1. Re:What? by polar+red · · Score: 3, Interesting

    The fact that the UK is out of the EU now, is probably the reason this could happen.

    --
    Yes, I'm left. You have a problem with that?
  2. Re:The people by Anonymous Coward · · Score: 2, Interesting

    I don't think it has a chance of passing. Some major member states are actively requesting backdoors and encryption bans, they will never pass this.

  3. I'd be concerned by ooloorie · · Score: 3, Interesting

    This may sound good on the surface on it, but it may have unintended consequences.

    For example, can you still offer unencrypted web sites at all under this regulation? If you can't, doesn't that mean that every web site may have to register with a certificate authority?

    Conversely, in order to comply simultaneously with this regulation and hate speech and libel laws, wouldn't web sites have to require more identification and authentication?

    And what's the need for such a regulation anyway? All governments need to do is not to refrain from making cryptography illegal. Mandating cryptography seems as much of an unwise overreach as prohibiting it.

  4. Actual relevant draft by Anonymous Coward · · Score: 5, Interesting

    The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.

    I don't understand why the summary is saying that the parliament demands end-to-end encryption be "enforced" while the title says "endorsed". This draft bill basically says that when you are not already providing communication over a secure channel, you should protect the users by encryption at their ends, using a sufficiently up-to-date method. Of course this is very vague on the technical requirements (hence enforceability), and I expect a lot resistance from the businesses if this part is going into the final act as it is now.

    The real gem, though, is the provision against Member States deliberately weakening security. This is not legislative meddling in tech (which is problematic even if good-intentioned), but a direct legislative safeguard against the crazy state of political atmosphere that is on the verge of cyberauthoritarian dystopia, as it stands now.

    Hear hear, honourable members!

  5. Misleading Article by Notabadguy · · Score: 5, Interesting

    For US Citizens, the gravity of this situation would be translated thusly:

    The House subcommittee on Civil Liberties has accepted a proposal written by the ACLU and EFF advocating End-to-End Encryption.

    That's it.

    It hasn't been submitted to the house as a bill, it isn't making the rounds to garner legislative support, it simply exists as a proposal, and in doing so has made the news.

  6. Re:What? by fazig · · Score: 3, Interesting

    There is a current trend in some EU countries that want to violate the basic rights granted by their their respective constitutions or bill of rights. Rights that are supposed to apply to all humans or natural persons and not only to citizens. So I found the wording to be peculiar, because in fact the paper refers at one point not to "everyone" or "all individuals" but to "citizens" in the text proposed by the commission. In the amendment part however the citizens part is replaced with all individuals. You can look it up in this source on page 34.

  7. "Loud voices" come from the stupid by gweihir · · Score: 4, Interesting

    And from those lying though their teeth. Otherwise there would be no need for "loud voices", as convincing arguments would be available. For a ban on secure encryption, no convincing arguments exist, and such a ban would be excessively destructive to a modern economy.

    My guess is this committee asked some actual experts, unlike fundamentally stupid and power-hungry people like May, Trump, etc. like to do.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  8. Re:What? by TheRaven64 · · Score: 4, Interesting

    Everyone EXCEPT Remoaners realises that the UK can issues the same grants without the expensive middle-man taking his cut.

    Take a look at your tax statement this year (you do pay tax in the UK, right?). It will have a breakdown of the amount that you're paying into the EU. Notice how tiny a percentage of the total tax revenue that is. Notice how it's far less than you're paying in council tax (assuming that you're not a student or otherwise exempt from council tax). Now, compare the proportion of that money that is spent improving the quality of poorer regions in the UK and investing in UK infrastructure than the proportion of the remainder. Now tell me who you'd rather have spending your taxes.

    Or, if you don't want to do this on a purely financial basis, compare the EU data protection office with the actions of the UK's regulator ('oh, you just gave loads of medical records to Google / Deep Mind without consent of the patients? I'm sure that's fine') and tell me which you'd prefer having control over privacy. Or compare Theresa 'Encryption bad, must backdoor everything' May's attitude with TFA and tell me who you'd prefer.

    The problem with the leave arguments is that almost all of the negative things about the EU (concentrating power in the Commission rather than the Parliament, pushing pro-corporation trade treaties, and so on) were pushed hard by the UK government's representatives in the Council of Ministers and over the objection of other EU countries. You don't like these things, so you'd rather give more power to the people responsible for them.

    --
    I am TheRaven on Soylent News