EU: No Encryption Backdoors But, Let's Help Each Other Crack That Crypto

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. From a report: In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding decryption backdoors in the stuff we all use. Instead, the plans set out in its antiterrorism measures on Wednesday take a more collegiate approach -- by offering member states more support when they actually get their hands on an encrypted device. "The commission's position is very clear -- we are not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon," security commissioner Julian King told a press briefing. "We're trying to move beyond a sometimes sterile debate between backdoors or no backdoors, and address some of the concrete law enforcement challenges. For instance, when [a member state] gets a device, how do they get information that might be encrypted on the device." [...] Share the wealth. "Some member states are more equipped technically to do that [extract information from a seized device] than others," King said. "We want to make sure no member state is at a disadvantage, by sharing the tech expertise among the member states and reinforcing the support that Europol can offer."

Ok, that's something we can talk about

[Opportunist]

So we have a device of someone that we suspect to be a criminal, now aid us to access it.

That is something we can actually work with. Provided there is oversight and it's not "we probably have (population count) terrorists in our country, let's find out how to up the surveillance so we can track them all!"

I have no problems with this

[houghi]

The more encryption is challenged, the better it is. And with so many people involved, somebody with blabber if it has been hacked and better encryption can be found.

I think we should tell them that all Linux and other OSS software is involved. Having "free" peer review would be great.

Encryption = False sense of security

[Seven+Spirals]

Encryption weenies place a lot more faith in it's power than I do. So, are we supposed to trust SSL? I don't. Besides being eat-up with a laundry list of past vulnerabilities, I'm supposed to trust some megacorp that says some other megacorp or boiler-room-scam operation capable of issuing a certificate signing request is trustworthy? Why again? Just because they can pay folks to answer the phone or to supposedly check someone's business license? That doesn't mean *squat*. There are so many instances where that system has broken down due to technical and logistical reasons, it's not even funny.

You ever notice how everyone gets all concerned about algorithms being broken but it's usually the implementation that the hackers go after and break? What difference does it make if you have a steel vault door if it's mounted on a balsa wood frame? So, because of that fact, how is anyone supposed to trust anything that's "encrypted" ? You can't trust the OS to not be keylogging you, the feds or the author not to have backdoored the implementation, nor can you trust that someone won't simply beat the password out of user (ie.. rubber hose decryption method). If you ask me, the promise of encryption is a lie. It's marginally useful to obfuscate sensitive details in transit or for hashing. The idea that it can always be trusted and is some kind of panacea against hacking is laughable and been proven idiotic over and over, especially when pronounced upon high by evil megacorporations who have ZERO credibility anymore.